diff --git a/.changelog/19682.txt b/.changelog/19682.txt new file mode 100644 index 000000000000..cfcee3e9b1c0 --- /dev/null +++ b/.changelog/19682.txt @@ -0,0 +1,3 @@ +```release-note:improvement +cloud: push additional server TLS metadata to HCP +``` diff --git a/agent/consul/server.go b/agent/consul/server.go index 0e722f99f91a..505430d634ca 100644 --- a/agent/consul/server.go +++ b/agent/consul/server.go @@ -41,6 +41,7 @@ import ( "github.com/hashicorp/consul/acl" "github.com/hashicorp/consul/acl/resolver" "github.com/hashicorp/consul/agent/blockingquery" + "github.com/hashicorp/consul/agent/connect" "github.com/hashicorp/consul/agent/consul/authmethod" "github.com/hashicorp/consul/agent/consul/authmethod/ssoauth" "github.com/hashicorp/consul/agent/consul/fsm" @@ -2235,24 +2236,9 @@ func (s *Server) hcpServerStatus(deps Deps) hcp.StatusCallback { status.RPCPort = s.config.RPCAddr.Port status.Datacenter = s.config.Datacenter - tlsCert := s.tlsConfigurator.Cert() - if tlsCert != nil { - status.TLS.Enabled = true - leaf := tlsCert.Leaf - if leaf == nil { - // Parse the leaf cert - leaf, err = x509.ParseCertificate(tlsCert.Certificate[0]) - if err != nil { - // Shouldn't be possible - return - } - } - status.TLS.CertName = leaf.Subject.CommonName - status.TLS.CertSerial = leaf.SerialNumber.String() - status.TLS.CertExpiry = leaf.NotAfter - status.TLS.VerifyIncoming = s.tlsConfigurator.VerifyIncomingRPC() - status.TLS.VerifyOutgoing = s.tlsConfigurator.Base().InternalRPC.VerifyOutgoing - status.TLS.VerifyServerHostname = s.tlsConfigurator.VerifyServerHostname() + err = addServerTLSInfo(&status, s.tlsConfigurator) + if err != nil { + return status, fmt.Errorf("error adding server tls info: %w", err) } status.Raft.IsLeader = s.raft.State() == raft.Leader @@ -2341,6 +2327,83 @@ func convertConsulConfigToRateLimitHandlerConfig(limitsConfig RequestLimits, mul return hc } +// addServerTLSInfo adds the server's TLS information if available to the status +func addServerTLSInfo(status *hcpclient.ServerStatus, tlsConfigurator tlsutil.ConfiguratorIface) error { + tlsCert := tlsConfigurator.Cert() + if tlsCert == nil { + return nil + } + + leaf := tlsCert.Leaf + var err error + if leaf == nil { + // Parse the leaf cert + if len(tlsCert.Certificate) == 0 { + return fmt.Errorf("expected a leaf certificate but there was none") + } + leaf, err = x509.ParseCertificate(tlsCert.Certificate[0]) + if err != nil { + // Shouldn't be possible + return fmt.Errorf("error parsing leaf cert: %w", err) + } + } + + tlsInfo := hcpclient.ServerTLSInfo{ + Enabled: true, + CertIssuer: leaf.Issuer.CommonName, + CertName: leaf.Subject.CommonName, + CertSerial: leaf.SerialNumber.String(), + CertExpiry: leaf.NotAfter, + VerifyIncoming: tlsConfigurator.VerifyIncomingRPC(), + VerifyOutgoing: tlsConfigurator.Base().InternalRPC.VerifyOutgoing, + VerifyServerHostname: tlsConfigurator.VerifyServerHostname(), + } + + // Collect metadata for all CA certs used for internal RPC + metadata := make([]hcpclient.CertificateMetadata, 0) + for _, pemStr := range tlsConfigurator.ManualCAPems() { + cert, err := connect.ParseCert(pemStr) + if err != nil { + return fmt.Errorf("error parsing manual ca pem: %w", err) + } + + metadatum := hcpclient.CertificateMetadata{ + CertExpiry: cert.NotAfter, + CertName: cert.Subject.CommonName, + CertSerial: cert.SerialNumber.String(), + } + metadata = append(metadata, metadatum) + } + for ix, certBytes := range tlsCert.Certificate { + if ix == 0 { + // Skip the leaf cert at index 0. Only collect intermediates + continue + } + + cert, err := x509.ParseCertificate(certBytes) + if err != nil { + return fmt.Errorf("error parsing tls cert index %d: %w", ix, err) + } + + metadatum := hcpclient.CertificateMetadata{ + CertExpiry: cert.NotAfter, + CertName: cert.Subject.CommonName, + CertSerial: cert.SerialNumber.String(), + } + metadata = append(metadata, metadatum) + } + tlsInfo.CertificateAuthorities = metadata + + status.ServerTLSMetadata.InternalRPC = tlsInfo + + // TODO: remove status.TLS in preference for server.ServerTLSMetadata.InternalRPC + // when deprecation path is ready + // https://hashicorp.atlassian.net/browse/CC-7015 + status.TLS = tlsInfo + + return nil +} + // peersInfoContent is used to help operators understand what happened to the // peers.json file. This is written to a file called peers.info in the same // location. diff --git a/agent/consul/server_test.go b/agent/consul/server_test.go index 95fa102d4a46..cc53d904e25e 100644 --- a/agent/consul/server_test.go +++ b/agent/consul/server_test.go @@ -5,6 +5,7 @@ package consul import ( "context" + "crypto/tls" "crypto/x509" "flag" "fmt" @@ -2107,6 +2108,150 @@ func TestServer_hcpManager(t *testing.T) { } +func TestServer_addServerTLSInfo(t *testing.T) { + testCases := map[string]struct { + errMsg string + setupConfigurator func(*testing.T) tlsutil.ConfiguratorIface + checkStatus func(*testing.T, hcpclient.ServerStatus) + }{ + "Success": { + setupConfigurator: func(t *testing.T) tlsutil.ConfiguratorIface { + tlsConfig := tlsutil.Config{ + InternalRPC: tlsutil.ProtocolConfig{ + CAFile: "../../test/ca/root.cer", + CertFile: "../../test/key/ourdomain_with_intermediate.cer", + KeyFile: "../../test/key/ourdomain.key", + VerifyIncoming: true, + VerifyOutgoing: true, + VerifyServerHostname: true, + }, + } + + tlsConfigurator, err := tlsutil.NewConfigurator(tlsConfig, hclog.NewNullLogger()) + require.NoError(t, err) + return tlsConfigurator + }, + checkStatus: func(t *testing.T, s hcpclient.ServerStatus) { + expected := hcpclient.ServerTLSInfo{ + Enabled: true, + CertIssuer: "test.internal", + CertName: "testco.internal", + CertSerial: "40", + CertExpiry: time.Date(2123, time.October, 9, 17, 20, 16, 0, time.UTC), + VerifyIncoming: true, + VerifyOutgoing: true, + VerifyServerHostname: true, + CertificateAuthorities: []hcpclient.CertificateMetadata{ + { // manual ca pem + CertExpiry: time.Date(2033, time.October, 30, 15, 50, 29, 0, time.UTC), + CertName: "test.internal", + CertSerial: "191297809789001034260919865367524695178070761520", + }, + { // certificate intermediate + CertExpiry: time.Date(2033, time.October, 30, 15, 50, 29, 0, time.UTC), + CertName: "test.internal", + CertSerial: "191297809789001034260919865367524695178070761520", + }, + }, + } + + require.Equal(t, expected, s.ServerTLSMetadata.InternalRPC) + + // TODO: remove check for status.TLS once deprecation is ready + // https://hashicorp.atlassian.net/browse/CC-7015 + require.Equal(t, expected, s.TLS) + }, + }, + "Nil Cert": { + setupConfigurator: func(t *testing.T) tlsutil.ConfiguratorIface { + tlsConfigurator, err := tlsutil.NewConfigurator(tlsutil.Config{}, + hclog.NewNullLogger()) + require.NoError(t, err) + return tlsConfigurator + }, + checkStatus: func(t *testing.T, s hcpclient.ServerStatus) { + require.Empty(t, s.TLS) + require.Empty(t, s.ServerTLSMetadata.InternalRPC) + }, + }, + "Fail: No leaf": { + errMsg: "expected a leaf certificate", + setupConfigurator: func(t *testing.T) tlsutil.ConfiguratorIface { + return tlsutil.MockConfigurator{ + TlsCert: &tls.Certificate{}, + } + }, + }, + "Fail: Parse leaf cert": { + errMsg: "error parsing leaf cert", + setupConfigurator: func(t *testing.T) tlsutil.ConfiguratorIface { + return tlsutil.MockConfigurator{ + TlsCert: &tls.Certificate{ + Certificate: [][]byte{{}}, + }, + } + }, + }, + "Fail: Parse manual ca pems": { + errMsg: "error parsing manual ca pem", + setupConfigurator: func(t *testing.T) tlsutil.ConfiguratorIface { + tlsConfig := tlsutil.Config{ + InternalRPC: tlsutil.ProtocolConfig{ + CertFile: "../../test/key/ourdomain.cer", + KeyFile: "../../test/key/ourdomain.key", + }, + } + tlsConfigurator, err := tlsutil.NewConfigurator(tlsConfig, hclog.NewNullLogger()) + require.NoError(t, err) + + return tlsutil.MockConfigurator{ + TlsCert: tlsConfigurator.Cert(), + ManualCAPemsArr: []string{"invalid-format"}, + } + }, + }, + "Fail: Parse tls cert intermediate": { + errMsg: "error parsing tls cert", + setupConfigurator: func(t *testing.T) tlsutil.ConfiguratorIface { + tlsConfig := tlsutil.Config{ + InternalRPC: tlsutil.ProtocolConfig{ + CertFile: "../../test/key/ourdomain.cer", + KeyFile: "../../test/key/ourdomain.key", + }, + } + tlsConfigurator, err := tlsutil.NewConfigurator(tlsConfig, hclog.NewNullLogger()) + require.NoError(t, err) + cert := tlsConfigurator.Cert().Certificate + cert = append(cert, []byte{}) + return tlsutil.MockConfigurator{ + TlsCert: &tls.Certificate{ + Certificate: cert, + }, + } + }, + }, + } + for name, tc := range testCases { + t.Run(name, func(t *testing.T) { + require.NotNil(t, tc.setupConfigurator) + tlsConfigurator := tc.setupConfigurator(t) + + status := hcpclient.ServerStatus{} + err := addServerTLSInfo(&status, tlsConfigurator) + + if len(tc.errMsg) > 0 { + require.Error(t, err) + require.Contains(t, err.Error(), tc.errMsg) + require.Empty(t, status) + } else { + require.NoError(t, err) + require.NotNil(t, tc.checkStatus) + tc.checkStatus(t, status) + } + }) + } +} + // goldenMarkdown reads and optionally writes the expected data to the goldenMarkdown file, // returning the contents as a string. func goldenMarkdown(t *testing.T, name, got string) string { diff --git a/agent/consul/testdata/v2-resource-dependencies.md b/agent/consul/testdata/v2-resource-dependencies.md index 822b01c8f9b4..0d0d81123611 100644 --- a/agent/consul/testdata/v2-resource-dependencies.md +++ b/agent/consul/testdata/v2-resource-dependencies.md @@ -4,7 +4,8 @@ flowchart TD auth/v2beta1/computedtrafficpermissions --> auth/v2beta1/workloadidentity catalog/v2beta1/failoverpolicy --> catalog/v2beta1/service catalog/v2beta1/healthstatus - catalog/v2beta1/node --> catalog/v2beta1/healthstatus + catalog/v2beta1/node --> catalog/v2beta1/nodehealthstatus + catalog/v2beta1/nodehealthstatus catalog/v2beta1/service catalog/v2beta1/serviceendpoints --> catalog/v2beta1/service catalog/v2beta1/serviceendpoints --> catalog/v2beta1/workload diff --git a/agent/grpc-middleware/testutil/testservice/simple.pb.go b/agent/grpc-middleware/testutil/testservice/simple.pb.go index b4f664bf1ca7..fcd9fb2fe4a4 100644 --- a/agent/grpc-middleware/testutil/testservice/simple.pb.go +++ b/agent/grpc-middleware/testutil/testservice/simple.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: simple.proto diff --git a/agent/hcp/client/client.go b/agent/hcp/client/client.go index c0526c0e4acf..597287ca9a69 100644 --- a/agent/hcp/client/client.go +++ b/agent/hcp/client/client.go @@ -155,6 +155,8 @@ func (c *hcpClient) PushServerStatus(ctx context.Context, s *ServerStatus) error return err } +// ServerStatus is used to collect server status information in order to push +// to HCP. Fields should mirror HashicorpCloudGlobalNetworkManager20220215ServerState type ServerStatus struct { ID string Name string @@ -164,10 +166,15 @@ type ServerStatus struct { RPCPort int Datacenter string - Autopilot ServerAutopilot - Raft ServerRaft - TLS ServerTLSInfo - ACL ServerACLInfo + Autopilot ServerAutopilot + Raft ServerRaft + ACL ServerACLInfo + ServerTLSMetadata ServerTLSMetadata + + // TODO: TLS will be deprecated in favor of ServerTLSInfo in GNM. Handle + // removal in a subsequent PR + // https://hashicorp.atlassian.net/browse/CC-7015 + TLS ServerTLSInfo ScadaStatus string } @@ -191,20 +198,47 @@ type ServerACLInfo struct { Enabled bool } +// ServerTLSInfo mirrors HashicorpCloudGlobalNetworkManager20220215TLSInfo type ServerTLSInfo struct { - Enabled bool - CertExpiry time.Time - CertName string - CertSerial string - VerifyIncoming bool - VerifyOutgoing bool - VerifyServerHostname bool + Enabled bool + CertExpiry time.Time + CertIssuer string + CertName string + CertSerial string + CertificateAuthorities []CertificateMetadata + VerifyIncoming bool + VerifyOutgoing bool + VerifyServerHostname bool +} + +// ServerTLSMetadata mirrors HashicorpCloudGlobalNetworkManager20220215ServerTLSMetadata +type ServerTLSMetadata struct { + InternalRPC ServerTLSInfo +} + +// CertificateMetadata mirrors HashicorpCloudGlobalNetworkManager20220215CertificateMetadata +type CertificateMetadata struct { + CertExpiry time.Time + CertName string + CertSerial string } func serverStatusToHCP(s *ServerStatus) *gnmmod.HashicorpCloudGlobalNetworkManager20220215ServerState { if s == nil { return nil } + + // Convert CA metadata + caCerts := make([]*gnmmod.HashicorpCloudGlobalNetworkManager20220215CertificateMetadata, + len(s.ServerTLSMetadata.InternalRPC.CertificateAuthorities)) + for ix, ca := range s.ServerTLSMetadata.InternalRPC.CertificateAuthorities { + caCerts[ix] = &gnmmod.HashicorpCloudGlobalNetworkManager20220215CertificateMetadata{ + CertExpiry: strfmt.DateTime(ca.CertExpiry), + CertName: ca.CertName, + CertSerial: ca.CertSerial, + } + } + return &gnmmod.HashicorpCloudGlobalNetworkManager20220215ServerState{ Autopilot: &gnmmod.HashicorpCloudGlobalNetworkManager20220215AutoPilotInfo{ FailureTolerance: int32(s.Autopilot.FailureTolerance), @@ -225,6 +259,9 @@ func serverStatusToHCP(s *ServerStatus) *gnmmod.HashicorpCloudGlobalNetworkManag }, RPCPort: int32(s.RPCPort), TLS: &gnmmod.HashicorpCloudGlobalNetworkManager20220215TLSInfo{ + // TODO: remove TLS in preference for ServerTLSMetadata.InternalRPC + // when deprecation path is ready + // https://hashicorp.atlassian.net/browse/CC-7015 CertExpiry: strfmt.DateTime(s.TLS.CertExpiry), CertName: s.TLS.CertName, CertSerial: s.TLS.CertSerial, @@ -233,6 +270,19 @@ func serverStatusToHCP(s *ServerStatus) *gnmmod.HashicorpCloudGlobalNetworkManag VerifyOutgoing: s.TLS.VerifyOutgoing, VerifyServerHostname: s.TLS.VerifyServerHostname, }, + ServerTLS: &gnmmod.HashicorpCloudGlobalNetworkManager20220215ServerTLSMetadata{ + InternalRPC: &gnmmod.HashicorpCloudGlobalNetworkManager20220215TLSInfo{ + CertExpiry: strfmt.DateTime(s.ServerTLSMetadata.InternalRPC.CertExpiry), + CertIssuer: s.ServerTLSMetadata.InternalRPC.CertIssuer, + CertName: s.ServerTLSMetadata.InternalRPC.CertName, + CertSerial: s.ServerTLSMetadata.InternalRPC.CertSerial, + Enabled: s.ServerTLSMetadata.InternalRPC.Enabled, + VerifyIncoming: s.ServerTLSMetadata.InternalRPC.VerifyIncoming, + VerifyOutgoing: s.ServerTLSMetadata.InternalRPC.VerifyOutgoing, + VerifyServerHostname: s.ServerTLSMetadata.InternalRPC.VerifyServerHostname, + CertificateAuthorities: caCerts, + }, + }, Version: s.Version, ScadaStatus: s.ScadaStatus, ACL: &gnmmod.HashicorpCloudGlobalNetworkManager20220215ACLInfo{ diff --git a/agent/hcp/client/mock_CloudConfig.go b/agent/hcp/client/mock_CloudConfig.go index 574f83e55fd5..2dc523f487af 100644 --- a/agent/hcp/client/mock_CloudConfig.go +++ b/agent/hcp/client/mock_CloudConfig.go @@ -29,6 +29,7 @@ func (m *mockHCPCfg) SCADATLSConfig() *tls.Config { return &tls.Config{} } func (m *mockHCPCfg) APIAddress() string { return "" } func (m *mockHCPCfg) PortalURL() *url.URL { return &url.URL{} } func (m *mockHCPCfg) Profile() *profile.UserProfile { return nil } +func (m *mockHCPCfg) Logout() error { return nil } type MockCloudCfg struct { ConfigErr error diff --git a/agent/hcp/testing.go b/agent/hcp/testing.go index 30f7ba7bcdeb..1c0f364b0dd3 100644 --- a/agent/hcp/testing.go +++ b/agent/hcp/testing.go @@ -154,7 +154,7 @@ func (s *MockHCPServer) handleStatus(r *http.Request, cluster resource.Resource) req.ServerState.Raft.IsLeader, req.ServerState.Raft.KnownLeader, req.ServerState.Autopilot.Healthy, - time.Until(time.Time(req.ServerState.TLS.CertExpiry)).Hours()/24, + time.Until(time.Time(req.ServerState.ServerTLS.InternalRPC.CertExpiry)).Hours()/24, ) s.servers[req.ServerState.Name] = &gnmmod.HashicorpCloudGlobalNetworkManager20220215Server{ GossipPort: req.ServerState.GossipPort, diff --git a/go.mod b/go.mod index 3ec2880b149c..f5044715eda1 100644 --- a/go.mod +++ b/go.mod @@ -30,8 +30,8 @@ require ( github.com/envoyproxy/go-control-plane/xdsmatcher v0.0.0-20230524161521-aaaacbfbe53e github.com/fatih/color v1.14.1 github.com/fsnotify/fsnotify v1.6.0 - github.com/go-openapi/runtime v0.25.0 - github.com/go-openapi/strfmt v0.21.3 + github.com/go-openapi/runtime v0.26.0 + github.com/go-openapi/strfmt v0.21.7 github.com/google/go-cmp v0.5.9 github.com/google/gofuzz v1.2.0 github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 @@ -66,7 +66,7 @@ require ( github.com/hashicorp/hcl v1.0.0 github.com/hashicorp/hcl/v2 v2.14.1 github.com/hashicorp/hcp-scada-provider v0.2.3 - github.com/hashicorp/hcp-sdk-go v0.61.0 + github.com/hashicorp/hcp-sdk-go v0.73.0 github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 github.com/hashicorp/memberlist v0.5.0 github.com/hashicorp/raft v1.5.0 @@ -100,7 +100,7 @@ require ( github.com/rboyer/safeio v0.2.3 github.com/ryanuber/columnize v2.1.2+incompatible github.com/shirou/gopsutil/v3 v3.22.9 - github.com/stretchr/testify v1.8.3 + github.com/stretchr/testify v1.8.4 github.com/xeipuuv/gojsonschema v1.2.0 github.com/zclconf/go-cty v1.11.1 go.etcd.io/bbolt v1.3.7 @@ -113,13 +113,13 @@ require ( golang.org/x/crypto v0.14.0 golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63 golang.org/x/net v0.17.0 - golang.org/x/oauth2 v0.7.0 + golang.org/x/oauth2 v0.13.0 golang.org/x/sync v0.3.0 golang.org/x/sys v0.13.0 golang.org/x/time v0.3.0 - google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e + google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc google.golang.org/grpc v1.56.3 - google.golang.org/protobuf v1.30.0 + google.golang.org/protobuf v1.31.0 gopkg.in/square/go-jose.v2 v2.5.1 gotest.tools/v3 v3.4.0 k8s.io/api v0.26.2 @@ -128,7 +128,7 @@ require ( ) require ( - cloud.google.com/go/compute v1.19.1 // indirect + cloud.google.com/go/compute v1.20.1 // indirect cloud.google.com/go/compute/metadata v0.2.3 // indirect cloud.google.com/go/iam v0.13.0 // indirect github.com/Azure/azure-sdk-for-go v68.0.0+incompatible // indirect @@ -149,7 +149,7 @@ require ( github.com/Microsoft/go-winio v0.6.1 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v13 v13.0.0 // indirect - github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d // indirect + github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect github.com/benbjohnson/immutable v0.4.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/bgentry/speakeasy v0.1.0 // indirect @@ -174,12 +174,12 @@ require ( github.com/go-logr/stdr v1.2.2 // indirect github.com/go-ole/go-ole v1.2.6 // indirect github.com/go-openapi/analysis v0.21.4 // indirect - github.com/go-openapi/errors v0.20.3 // indirect + github.com/go-openapi/errors v0.20.4 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/loads v0.21.2 // indirect github.com/go-openapi/spec v0.20.8 // indirect - github.com/go-openapi/swag v0.22.3 // indirect + github.com/go-openapi/swag v0.22.4 // indirect github.com/go-openapi/validate v0.22.1 // indirect github.com/go-ozzo/ozzo-validation v3.6.0+incompatible // indirect github.com/gogo/protobuf v1.3.2 // indirect @@ -190,9 +190,10 @@ require ( github.com/google/btree v1.0.1 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-querystring v1.0.0 // indirect + github.com/google/s2a-go v0.1.4 // indirect github.com/google/uuid v1.3.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.2.3 // indirect - github.com/googleapis/gax-go/v2 v2.7.1 // indirect + github.com/googleapis/gax-go/v2 v2.11.0 // indirect github.com/gophercloud/gophercloud v0.3.0 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.11.3 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect @@ -256,7 +257,7 @@ require ( github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb // indirect github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/yusufpapurcu/wmi v1.2.2 // indirect - go.mongodb.org/mongo-driver v1.11.0 // indirect + go.mongodb.org/mongo-driver v1.11.3 // indirect go.opencensus.io v0.24.0 // indirect go.opentelemetry.io/otel/trace v1.16.0 // indirect go.uber.org/atomic v1.9.0 // indirect @@ -265,10 +266,10 @@ require ( golang.org/x/term v0.13.0 // indirect golang.org/x/text v0.13.0 // indirect golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect - google.golang.org/api v0.114.0 // indirect + google.golang.org/api v0.126.0 // indirect google.golang.org/appengine v1.6.7 // indirect - google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e // indirect + google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.66.2 // indirect gopkg.in/natefinch/npipe.v2 v2.0.0-20160621034901-c1b8fa8bdcce // indirect diff --git a/go.sum b/go.sum index 9932bd256d1b..4f226d0d74c6 100644 --- a/go.sum +++ b/go.sum @@ -25,22 +25,20 @@ cloud.google.com/go v0.90.0/go.mod h1:kRX0mNRHe0e2rC6oNakvwQqzyDmg57xJ+SZU1eT2aD cloud.google.com/go v0.93.3/go.mod h1:8utlLll2EF5XMAV15woO4lSbWQlk8rer9aLOfLh7+YI= cloud.google.com/go v0.94.1/go.mod h1:qAlAugsXlC+JWO+Bke5vCtc9ONxjQT3drlTTnAplMW4= cloud.google.com/go v0.97.0/go.mod h1:GF7l59pYBVlXQIBLx3a761cZ41F9bBH3JUlihCt2Udc= -cloud.google.com/go v0.110.0 h1:Zc8gqp3+a9/Eyph2KDmcGaPtbKRIoqq4YTlL4NMD0Ys= cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o= cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE= cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc= cloud.google.com/go/bigquery v1.5.0/go.mod h1:snEHRnqQbz117VIFhE8bmtwIDY80NLUZUMb4Nv6dBIg= cloud.google.com/go/bigquery v1.7.0/go.mod h1://okPTzCYNXSlb24MZs83e2Do+h+VXtc4gLoIoXIAPc= cloud.google.com/go/bigquery v1.8.0/go.mod h1:J5hqkt3O0uAFnINi6JXValWIb1v0goeZM77hZzJN/fQ= -cloud.google.com/go/compute v1.19.1 h1:am86mquDUgjGNWxiGn+5PGLbmgiWXlE/yNWpIpNvuXY= -cloud.google.com/go/compute v1.19.1/go.mod h1:6ylj3a05WF8leseCdIf77NK0g1ey+nj5IKd5/kvShxE= +cloud.google.com/go/compute v1.20.1 h1:6aKEtlUiwEpJzM001l0yFkpXmUVXaN8W+fbkb2AZNbg= +cloud.google.com/go/compute v1.20.1/go.mod h1:4tCnrn48xsqlwSAiLf1HXMQk8CONslYbdiEZc9FEIbM= cloud.google.com/go/compute/metadata v0.2.3 h1:mg4jlk7mCAj6xXp9UJ4fjI9VUI5rubuGBW5aJ7UnBMY= cloud.google.com/go/compute/metadata v0.2.3/go.mod h1:VAV5nSsACxMJvgaAuX6Pk2AawlZn8kiOGuCv6gTkwuA= cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE= cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk= cloud.google.com/go/iam v0.13.0 h1:+CmB+K0J/33d0zSQ9SlFWUeCCEn5XJA0ZMZ3pHE9u8k= cloud.google.com/go/iam v0.13.0/go.mod h1:ljOg+rcNfzZ5d6f1nAUJ8ZIxOaZUVoS14bKCtaLZ/D0= -cloud.google.com/go/longrunning v0.4.1 h1:v+yFJOfKC3yZdY6ZUI933pIYdhyhV8S3NpWrXWmg7jM= cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I= cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw= cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA= @@ -142,8 +140,8 @@ github.com/armon/go-radix v0.0.0-20180808171621-7fddfc383310/go.mod h1:ufUuZ+zHj github.com/armon/go-radix v1.0.0 h1:F4z6KzEeeQIMeLFa97iZU6vupzoecKdU5TX24SNppXI= github.com/armon/go-radix v1.0.0/go.mod h1:ufUuZ+zHj4x4TnLV4JWEpy2hxWSpsRywHrMgIH9cCH8= github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d h1:Byv0BzEl3/e6D5CLfI0j/7hiIEtvGVFPCZ7Ei2oq8iQ= -github.com/asaskevich/govalidator v0.0.0-20210307081110-f21760c49a8d/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 h1:DklsrG3dyBCFEj5IhUbnKptjxatkF07cF2ak3yi77so= +github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2/go.mod h1:WaHUgvxTVq04UNunO+XhnAqY/wQc+bxr74GqbsZ/Jqw= github.com/aws/aws-sdk-go v1.25.41/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo= github.com/aws/aws-sdk-go v1.30.27/go.mod h1:5zCpMtNQVjRREroY7sYe8lOMRSxkhG6MZveU8YkpAk0= github.com/aws/aws-sdk-go v1.44.289 h1:5CVEjiHFvdiVlKPBzv0rjG4zH/21W/onT18R5AH/qx0= @@ -291,8 +289,8 @@ github.com/go-openapi/analysis v0.21.4/go.mod h1:4zQ35W4neeZTqh3ol0rv/O8JBbka9Qy github.com/go-openapi/errors v0.19.8/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.19.9/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= github.com/go-openapi/errors v0.20.2/go.mod h1:cM//ZKUKyO06HSwqAelJ5NsEMMcpa6VpXe8DOa1Mi1M= -github.com/go-openapi/errors v0.20.3 h1:rz6kiC84sqNQoqrtulzaL/VERgkoCyB6WdEkc2ujzUc= -github.com/go-openapi/errors v0.20.3/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= +github.com/go-openapi/errors v0.20.4 h1:unTcVm6PispJsMECE3zWgvG4xTiKda1LIR5rCRWLG6M= +github.com/go-openapi/errors v0.20.4/go.mod h1:Z3FlZ4I8jEGxjUK+bugx3on2mIAk4txuAOhlsB1FSgk= github.com/go-openapi/jsonpointer v0.0.0-20160704185906-46af16f9f7b1/go.mod h1:+35s3my2LFTysnkMfxsJBAMHj/DoqoB9knIWoYG/Vk0= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= @@ -304,8 +302,8 @@ github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXym github.com/go-openapi/loads v0.21.1/go.mod h1:/DtAMXXneXFjbQMGEtbamCZb+4x7eGwkvZCvBmwUG+g= github.com/go-openapi/loads v0.21.2 h1:r2a/xFIYeZ4Qd2TnGpWDIQNcP80dIaZgf704za8enro= github.com/go-openapi/loads v0.21.2/go.mod h1:Jq58Os6SSGz0rzh62ptiu8Z31I+OTHqmULx5e/gJbNw= -github.com/go-openapi/runtime v0.25.0 h1:7yQTCdRbWhX8vnIjdzU8S00tBYf7Sg71EBeorlPHvhc= -github.com/go-openapi/runtime v0.25.0/go.mod h1:Ux6fikcHXyyob6LNWxtE96hWwjBPYF0DXgVFuMTneOs= +github.com/go-openapi/runtime v0.26.0 h1:HYOFtG00FM1UvqrcxbEJg/SwvDRvYLQKGhw2zaQjTcc= +github.com/go-openapi/runtime v0.26.0/go.mod h1:QgRGeZwrUcSHdeh4Ka9Glvo0ug1LC5WyE+EV88plZrQ= github.com/go-openapi/spec v0.0.0-20160808142527-6aced65f8501/go.mod h1:J8+jY1nAiCcj+friV/PDoE1/3eeccG9LYBs0tYvLOWc= github.com/go-openapi/spec v0.20.4/go.mod h1:faYFR1CvsJZ0mNsmsphTMSoRrNV3TEDoAM7FOEWeq8I= github.com/go-openapi/spec v0.20.6/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= @@ -313,14 +311,15 @@ github.com/go-openapi/spec v0.20.8 h1:ubHmXNY3FCIOinT8RNrrPfGc9t7I1qhPtdOGoG2AxR github.com/go-openapi/spec v0.20.8/go.mod h1:2OpW+JddWPrpXSCIX8eOx7lZ5iyuWj3RYR6VaaBKcWA= github.com/go-openapi/strfmt v0.21.0/go.mod h1:ZRQ409bWMj+SOgXofQAGTIo2Ebu72Gs+WaRADcS5iNg= github.com/go-openapi/strfmt v0.21.1/go.mod h1:I/XVKeLc5+MM5oPNN7P6urMOpuLXEcNrCX/rPGuWb0k= -github.com/go-openapi/strfmt v0.21.3 h1:xwhj5X6CjXEZZHMWy1zKJxvW9AfHC9pkyUjLvHtKG7o= github.com/go-openapi/strfmt v0.21.3/go.mod h1:k+RzNO0Da+k3FrrynSNN8F7n/peCmQQqbbXjtDfvmGg= +github.com/go-openapi/strfmt v0.21.7 h1:rspiXgNWgeUzhjo1YU01do6qsahtJNByjLVbPLNHb8k= +github.com/go-openapi/strfmt v0.21.7/go.mod h1:adeGTkxE44sPyLk0JV235VQAO/ZXUr8KAzYjclFs3ew= github.com/go-openapi/swag v0.0.0-20160704191624-1d0bd113de87/go.mod h1:DXUve3Dpr1UfpPtxFw+EFuQ41HhCWZfha5jSVRG7C7I= github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.15/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= github.com/go-openapi/swag v0.21.1/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-openapi/swag v0.22.3 h1:yMBqmnQ0gyZvEb/+KzuWZOXgllrXT4SADYbvDaXHv/g= -github.com/go-openapi/swag v0.22.3/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= +github.com/go-openapi/swag v0.22.4 h1:QLMzNJnMGPRNDCbySlcj1x01tzU8/9LTTL9hZZZogBU= +github.com/go-openapi/swag v0.22.4/go.mod h1:UzaqsxGiab7freDnrUUra0MwWfN/q7tE4j+VcZ0yl14= github.com/go-openapi/validate v0.22.1 h1:G+c2ub6q47kfX1sOBLwIQwzBVt8qmOAARyo/9Fqs9NU= github.com/go-openapi/validate v0.22.1/go.mod h1:rjnrwK57VJ7A8xqfpAOEKRH8yQSGUriMu5/zuPSQ1hg= github.com/go-ozzo/ozzo-validation v3.6.0+incompatible h1:msy24VGS42fKO9K1vLz82/GeYW1cILu7Nuuj1N3BBkE= @@ -454,6 +453,8 @@ github.com/google/pprof v0.0.0-20210609004039-a478d1d731e9/go.mod h1:kpwsk12EmLe github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1 h1:K6RDEckDVWvDI9JAJYCmNdQXq6neHJOYx3V6jnqNEec= github.com/google/pprof v0.0.0-20210720184732-4bb14d4b1be1/go.mod h1:kpwsk12EmLew5upagYY7GY0pfYCcupk39gWOCRROcvE= github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI= +github.com/google/s2a-go v0.1.4 h1:1kZ/sQM3srePvKs3tXAvQzo66XfcReoqFpIpIccE7Oc= +github.com/google/s2a-go v0.1.4/go.mod h1:Ej+mSEMGRnqRzjc7VtF+jdBwYG5fuJfiZ8ELkjEwM0A= github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2 h1:AtvtonGEH/fZK0XPNNBdB6swgy7Iudfx88wzyIpwqJ8= github.com/google/tcpproxy v0.0.0-20180808230851-dfa16c61dad2/go.mod h1:DavVbd41y+b7ukKDmlnPR4nGYmkWXR6vHUkjQNiHPBs= github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= @@ -465,8 +466,8 @@ github.com/googleapis/enterprise-certificate-proxy v0.2.3/go.mod h1:AwSRAtLfXpU5 github.com/googleapis/gax-go/v2 v2.0.4/go.mod h1:0Wqv26UfaUD9n4G6kQubkQ+KchISgw+vpHVxEJEs9eg= github.com/googleapis/gax-go/v2 v2.0.5/go.mod h1:DWXyrwAJ9X0FpwwEdw+IPEYBICEFu5mhpdKc/us6bOk= github.com/googleapis/gax-go/v2 v2.1.0/go.mod h1:Q3nei7sK6ybPYH7twZdmQpAd1MKb7pfu6SK+H1/DsU0= -github.com/googleapis/gax-go/v2 v2.7.1 h1:gF4c0zjUP2H/s/hEGyLA3I0fA2ZWjzYiONAD6cvPr8A= -github.com/googleapis/gax-go/v2 v2.7.1/go.mod h1:4orTrqY6hXxxaUL4LHIPl6lGo8vAE38/qKbhSAKP6QI= +github.com/googleapis/gax-go/v2 v2.11.0 h1:9V9PWXEsWnPpQhu/PeQIkS4eGzMlTLGgt80cUUI8Ki4= +github.com/googleapis/gax-go/v2 v2.11.0/go.mod h1:DxmR61SGKkGLa2xigwuZIQpkCI2S5iydzRfb3peWZJI= github.com/googleapis/gnostic v0.0.0-20170729233727-0c5108395e2d/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.1.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= github.com/googleapis/gnostic v0.2.0/go.mod h1:sJBsCZ4ayReDTBIg8b9dl28c5xFWyhBTVRp3pOg5EKY= @@ -574,8 +575,8 @@ github.com/hashicorp/hcl/v2 v2.14.1 h1:x0BpjfZ+CYdbiz+8yZTQ+gdLO7IXvOut7Da+XJayx github.com/hashicorp/hcl/v2 v2.14.1/go.mod h1:e4z5nxYlWNPdDSNYX+ph14EvWYMFm3eP0zIUqPc2jr0= github.com/hashicorp/hcp-scada-provider v0.2.3 h1:AarYR+/Pcv+cMvPdAlb92uOBmZfEH6ny4+DT+4NY2VQ= github.com/hashicorp/hcp-scada-provider v0.2.3/go.mod h1:ZFTgGwkzNv99PLQjTsulzaCplCzOTBh0IUQsPKzrQFo= -github.com/hashicorp/hcp-sdk-go v0.61.0 h1:x4hJ8SlLI5WCE8Uzcu4q5jfdOEz/hFxfUkhAdoFdzSg= -github.com/hashicorp/hcp-sdk-go v0.61.0/go.mod h1:xP7wmWAmdMxs/7+ovH3jZn+MCDhHRj50Rn+m7JIY3Ck= +github.com/hashicorp/hcp-sdk-go v0.73.0 h1:KjizNN/53nu4YkrDZ24xKjy4EgFt9b3nk1vgfAmgwUk= +github.com/hashicorp/hcp-sdk-go v0.73.0/go.mod h1:k/wgUsKSa2OzWBM5/Pj5ST0YwFGpgC4O5EtCq882jSw= github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038 h1:n9J0rwVWXDpNd5iZnwY7w4WZyq53/rROeI7OVvLW8Ok= github.com/hashicorp/hil v0.0.0-20200423225030-a18a1cd20038/go.mod h1:n2TSygSNwsLJ76m8qFXTSc7beTb+auJxYdqrnoqwZWE= github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64= @@ -933,8 +934,8 @@ github.com/stretchr/testify v1.7.2/go.mod h1:R6va5+xMeoiuVRoj+gSkQ7d3FALtqAAGI1F github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/stretchr/testify v1.8.3 h1:RP3t2pwF7cMEbC1dqtB6poj3niw/9gnV4Cjg5oW5gtY= -github.com/stretchr/testify v1.8.3/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= +github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= +github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= github.com/tencentcloud/tencentcloud-sdk-go v1.0.162 h1:8fDzz4GuVg4skjY2B0nMN7h6uN61EDVkuLyI2+qGHhI= github.com/tencentcloud/tencentcloud-sdk-go v1.0.162/go.mod h1:asUz5BPXxgoPGaRgZaVm1iGcUAuHyYUo1nXqKa83cvI= github.com/tidwall/pretty v1.0.0 h1:HsD+QiTn7sK6flMKIvNmpqz1qrpP3Ps6jOKIKMooyg4= @@ -987,8 +988,8 @@ go.etcd.io/bbolt v1.3.7/go.mod h1:N9Mkw9X8x5fupy0IKsmuqVtoGDyxsaDlbk4Rd05IAQw= go.mongodb.org/mongo-driver v1.7.3/go.mod h1:NqaYOwnXWr5Pm7AOpO5QFxKJ503nbMse/R79oO62zWg= go.mongodb.org/mongo-driver v1.7.5/go.mod h1:VXEWRZ6URJIkUq2SCAyapmhH0ZLRBP+FT4xhp5Zvxng= go.mongodb.org/mongo-driver v1.10.0/go.mod h1:wsihk0Kdgv8Kqu1Anit4sfK+22vSFbUrAVEYRhCXrA8= -go.mongodb.org/mongo-driver v1.11.0 h1:FZKhBSTydeuffHj9CBjXlR8vQLee1cQyTWYPA6/tqiE= -go.mongodb.org/mongo-driver v1.11.0/go.mod h1:s7p5vEtfbeR1gYi6pnj3c3/urpbLv2T5Sfd6Rp2HBB8= +go.mongodb.org/mongo-driver v1.11.3 h1:Ql6K6qYHEzB6xvu4+AU0BoRoqf9vFPcc4o7MUIdPW8Y= +go.mongodb.org/mongo-driver v1.11.3/go.mod h1:PTSz5yu21bkT/wXpkS7WR5f0ddqw5quethTUn9WM+2g= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -1038,6 +1039,7 @@ golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.0.0-20211215153901-e495a2d5b3d3/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= +golang.org/x/crypto v0.0.0-20220314234659-1baeb1ce4c0b/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220622213112-05595931fe9d/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.0.0-20220722155217-630584e8d5aa/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4= golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= @@ -1154,8 +1156,8 @@ golang.org/x/oauth2 v0.0.0-20210628180205-a41e5a781914/go.mod h1:KelEdhl1UZF7XfJ golang.org/x/oauth2 v0.0.0-20210805134026-6f1e6394065a/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20210819190943-2bc19b11175f/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= golang.org/x/oauth2 v0.0.0-20211104180415-d3ed0bb246c8/go.mod h1:KelEdhl1UZF7XfJ4dDtk6s++YSgaE7mD/BuKKDLBl4A= -golang.org/x/oauth2 v0.7.0 h1:qe6s0zUXlPX80/dITx3440hWZ7GwMwgDDyrSGTPJG/g= -golang.org/x/oauth2 v0.7.0/go.mod h1:hPLQkd9LyjfXTiRohC/41GhcFqxisoUQ99sCUOHO9x4= +golang.org/x/oauth2 v0.13.0 h1:jDDenyj+WgFtmV3zYVoi8aE2BwtXFLWOA67ZfNWftiY= +golang.org/x/oauth2 v0.13.0/go.mod h1:/JMhi4ZRXAf4HG9LiNmxvk+45+96RUlVThiH8FzNBn0= golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -1271,6 +1273,7 @@ golang.org/x/text v0.3.4/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= +golang.org/x/text v0.3.8/go.mod h1:E6s5w1FMmriuDzIBO73fBruAKo1PCIq6d2Q6DHfQ8WQ= golang.org/x/text v0.4.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= @@ -1379,8 +1382,8 @@ google.golang.org/api v0.51.0/go.mod h1:t4HdrdoNgyN5cbEfm7Lum0lcLDLiise1F8qDKX00 google.golang.org/api v0.54.0/go.mod h1:7C4bFFOvVDGXjfDTAsgGwDgAxRDeQ4X8NvUedIt6z3k= google.golang.org/api v0.55.0/go.mod h1:38yMfeP1kfjsl8isn0tliTjIb1rJXcQi4UXlbqivdVE= google.golang.org/api v0.57.0/go.mod h1:dVPlbZyBo2/OjBpmvNdpn2GRm6rPy75jyU7bmhdrMgI= -google.golang.org/api v0.114.0 h1:1xQPji6cO2E2vLiI+C/XiFAnsn1WV3mjaEwGLhi3grE= -google.golang.org/api v0.114.0/go.mod h1:ifYI2ZsFK6/uGddGfAD5BMxlnkBqCmqHSDUVi45N5Yg= +google.golang.org/api v0.126.0 h1:q4GJq+cAdMAC7XP7njvQ4tvohGLiSlytuL4BQxbIZ+o= +google.golang.org/api v0.126.0/go.mod h1:mBwVAtz+87bEN6CbA1GtZPDOqY2R5ONPqJeIlvyo4Aw= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -1448,12 +1451,12 @@ google.golang.org/genproto v0.0.0-20210831024726-fe130286e0e2/go.mod h1:eFjDcFEc google.golang.org/genproto v0.0.0-20210903162649-d08c68adba83/go.mod h1:eFjDcFEctNawg4eG61bRv87N7iHBWyVhJu7u1kqDUXY= google.golang.org/genproto v0.0.0-20210924002016-3dee208752a0/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= google.golang.org/genproto v0.0.0-20211118181313-81c1377c94b1/go.mod h1:5CzLGKJ67TSI2B9POpiiyGha0AjJvZIUgRMt1dSmuhc= -google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e h1:Ao9GzfUMPH3zjVfzXG5rlWlk+Q8MXWKwWpwVQE1MXfw= -google.golang.org/genproto v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:zqTuNwFlFRsw5zIts5VnzLQxSRqh+CGOTVMlYbY0Eyk= -google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e h1:AZX1ra8YbFMSb7+1pI8S9v4rrgRR7jU1FmuFSSjTVcQ= -google.golang.org/genproto/googleapis/api v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e h1:NumxXLPfHSndr3wBBdeKiVHjGVFzi9RX2HwwQke94iY= -google.golang.org/genproto/googleapis/rpc v0.0.0-20230526203410-71b5a4ffd15e/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc h1:8DyZCyvI8mE1IdLy/60bS+52xfymkE72wv1asokgtao= +google.golang.org/genproto v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:xZnkP7mREFX5MORlOPEzLMr+90PPZQ2QWzrVTWfAq64= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc h1:kVKPf/IiYSBWEWtkIn6wZXwWGCnLKcC8oWfZvXjsGnM= +google.golang.org/genproto/googleapis/api v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:vHYtlOoi6TsQ3Uk2yxR7NI5z8uoV+3pZtR4jmHIkRig= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc h1:XSJ8Vk1SWuNr8S18z1NZSziL0CPIXLCCMDOEFtHBOFc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20230530153820-e85fd2cbaebc/go.mod h1:66JfowdXAEgad5O9NnYcsNPLCPZJD++2L9X0PCMODrA= google.golang.org/grpc v1.8.0/go.mod h1:yo6s7OP7yaDglbqo1J04qKzAhqBH6lvTonzMVmEdcZw= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= @@ -1483,6 +1486,7 @@ google.golang.org/grpc v1.39.1/go.mod h1:PImNr+rS9TWYb2O4/emRugxiyHZ5JyHW5F+RPnD google.golang.org/grpc v1.40.0/go.mod h1:ogyxbiOoUXAkP+4+xa6PZSE9DZgIHtSpzjDTB9KAK34= google.golang.org/grpc v1.41.0/go.mod h1:U3l9uK9J0sini8mHphKoXyaqDA/8VyGnDee1zzIUK6k= google.golang.org/grpc v1.42.0/go.mod h1:k+4IHHFw41K8+bbowsex27ge2rCb65oeWqe4jJ590SU= +google.golang.org/grpc v1.45.0/go.mod h1:lN7owxKUQEqMfSyQikvvk5tf/6zMPsrK+ONuO11+0rQ= google.golang.org/grpc v1.56.3 h1:8I4C0Yq1EjstUzUJzpcRVbuYA2mODtEmpWiQoN/b2nc= google.golang.org/grpc v1.56.3/go.mod h1:I9bI3vqKfayGqPUAwGdOSu7kt6oIJLixfffKrpXqQ9s= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= @@ -1500,8 +1504,8 @@ google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp0 google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.27.1/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= -google.golang.org/protobuf v1.30.0 h1:kPPoIgf3TsEvrm0PFe15JQ+570QVxYzEvvHqChK+cng= -google.golang.org/protobuf v1.30.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= +google.golang.org/protobuf v1.31.0 h1:g0LDEJHgrBl9N9r17Ru3sqWhkIx2NB67okBHPwC7hs8= +google.golang.org/protobuf v1.31.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/airbrake/gobrake.v2 v2.0.9/go.mod h1:/h5ZAUhDkGaJfjzjKLSjv6zCL6O0LLBxU4K+aSYdM/U= gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1-health.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1-health.json index 729beecf3daf..45cf1503012c 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1-health.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-1-health.json @@ -3,11 +3,10 @@ "type": { "group": "catalog", "group_version": "v2beta1", - "kind": "HealthStatus" + "kind": "NodeHealthStatus" }, "tenancy": { "partition": "default", - "namespace": "default", "peer_name": "local" }, "name": "node-1-health" @@ -25,7 +24,7 @@ "name": "node-1" }, "data": { - "@type": "hashicorp.consul.catalog.v2beta1.HealthStatus", + "@type": "hashicorp.consul.catalog.v2beta1.NodeHealthStatus", "type": "synthetic", "status": "HEALTH_PASSING" } diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2-health.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2-health.json index e5be3bb6374b..ed1958e644a2 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2-health.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-2-health.json @@ -3,11 +3,10 @@ "type": { "group": "catalog", "group_version": "v2beta1", - "kind": "HealthStatus" + "kind": "NodeHealthStatus" }, "tenancy": { "partition": "default", - "namespace": "default", "peer_name": "local" }, "name": "node-2-health" @@ -25,7 +24,7 @@ "name": "node-2" }, "data": { - "@type": "hashicorp.consul.catalog.v2beta1.HealthStatus", + "@type": "hashicorp.consul.catalog.v2beta1.NodeHealthStatus", "type": "synthetic", "status": "HEALTH_WARNING" } diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3-health.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3-health.json index 6bdc3d6bf615..0257dc2f0c37 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3-health.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-3-health.json @@ -3,11 +3,10 @@ "type": { "group": "catalog", "group_version": "v2beta1", - "kind": "HealthStatus" + "kind": "NodeHealthStatus" }, "tenancy": { "partition": "default", - "namespace": "default", "peer_name": "local" }, "name": "node-3-health" @@ -25,7 +24,7 @@ "name": "node-3" }, "data": { - "@type": "hashicorp.consul.catalog.v2beta1.HealthStatus", + "@type": "hashicorp.consul.catalog.v2beta1.NodeHealthStatus", "type": "synthetic", "status": "HEALTH_CRITICAL" } diff --git a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4-health.json b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4-health.json index 1026815f0bac..2da46f58cb35 100644 --- a/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4-health.json +++ b/internal/catalog/catalogtest/integration_test_data/v2beta1/node-4-health.json @@ -3,11 +3,10 @@ "type": { "group": "catalog", "group_version": "v2beta1", - "kind": "HealthStatus" + "kind": "NodeHealthStatus" }, "tenancy": { "partition": "default", - "namespace": "default", "peer_name": "local" }, "name": "node-4-health" @@ -25,7 +24,7 @@ "name": "node-4" }, "data": { - "@type": "hashicorp.consul.catalog.v2beta1.HealthStatus", + "@type": "hashicorp.consul.catalog.v2beta1.NodeHealthStatus", "type": "synthetic", "status": "HEALTH_MAINTENANCE" } diff --git a/internal/catalog/catalogtest/test_integration_v2beta1.go b/internal/catalog/catalogtest/test_integration_v2beta1.go index 59a6a14368b4..d88692e910a8 100644 --- a/internal/catalog/catalogtest/test_integration_v2beta1.go +++ b/internal/catalog/catalogtest/test_integration_v2beta1.go @@ -71,7 +71,7 @@ func VerifyCatalogV2Beta1IntegrationTestResults(t *testing.T, client pbresource. nodeId := rtest.Resource(pbcatalog.NodeType, fmt.Sprintf("node-%d", i)).WithTenancy(resource.DefaultPartitionedTenancy()).ID() c.RequireResourceExists(t, nodeId) - res := c.RequireResourceExists(t, rtest.Resource(pbcatalog.HealthStatusType, fmt.Sprintf("node-%d-health", i)).ID()) + res := c.RequireResourceExists(t, rtest.Resource(pbcatalog.NodeHealthStatusType, fmt.Sprintf("node-%d-health", i)).ID()) rtest.RequireOwner(t, res, nodeId, true) } diff --git a/internal/catalog/catalogtest/test_lifecycle_v2beta1.go b/internal/catalog/catalogtest/test_lifecycle_v2beta1.go index 2fa57fc24b7c..0c7fd1343546 100644 --- a/internal/catalog/catalogtest/test_lifecycle_v2beta1.go +++ b/internal/catalog/catalogtest/test_lifecycle_v2beta1.go @@ -88,7 +88,7 @@ func RunCatalogV2Beta1NodeLifecycleIntegrationTest(t *testing.T, client pbresour // reconciliation at each point for _, health := range healthChanges { // update the health check - nodeHealth = setHealthStatus(t, c, node.Id, nodeHealthName, health) + nodeHealth = setNodeHealthStatus(t, c, node.Id, nodeHealthName, health) // wait for reconciliation to kick in and put the node into the right // health status. @@ -108,7 +108,7 @@ func RunCatalogV2Beta1NodeLifecycleIntegrationTest(t *testing.T, client pbresour // Add the health status back once more, the actual status doesn't matter. // It just must be owned by the node so that we can show cascading // deletions of owned health statuses working. - healthStatus := setHealthStatus(t, c, node.Id, nodeHealthName, pbcatalog.Health_HEALTH_CRITICAL) + healthStatus := setNodeHealthStatus(t, c, node.Id, nodeHealthName, pbcatalog.Health_HEALTH_CRITICAL) // Delete the node and wait for the health status to be deleted. c.MustDelete(t, node.Id) @@ -263,8 +263,8 @@ func runV2Beta1NodeAssociatedWorkloadLifecycleIntegrationTest(t *testing.T, c *r // Set some non-passing health statuses for those nodes. Using non-passing will make // it easy to see that changing a passing workloads node association appropriately // impacts the overall workload health. - setHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_CRITICAL) - setHealthStatus(t, c, node2.Id, nodeHealthName2, pbcatalog.Health_HEALTH_WARNING) + setNodeHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_CRITICAL) + setNodeHealthStatus(t, c, node2.Id, nodeHealthName2, pbcatalog.Health_HEALTH_WARNING) // Add the workload but don't immediately associate with any node. workload := rtest.Resource(pbcatalog.WorkloadType, workloadName). @@ -337,7 +337,7 @@ func runV2Beta1NodeAssociatedWorkloadLifecycleIntegrationTest(t *testing.T, c *r Write(t, c) // Also set node 1 health down to WARNING - setHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_WARNING) + setNodeHealthStatus(t, c, node1.Id, nodeHealthName1, pbcatalog.Health_HEALTH_WARNING) // Wait for the workload health controller to mark the workload as warning (due to node 1 having warning health now) c.WaitForStatusCondition(t, workload.Id, @@ -718,3 +718,13 @@ func setHealthStatus(t *testing.T, client *rtest.Client, owner *pbresource.ID, n WithOwner(owner). Write(t, client) } + +func setNodeHealthStatus(t *testing.T, client *rtest.Client, owner *pbresource.ID, name string, health pbcatalog.Health) *pbresource.Resource { + return rtest.Resource(pbcatalog.NodeHealthStatusType, name). + WithData(t, &pbcatalog.NodeHealthStatus{ + Type: "synthetic", + Status: health, + }). + WithOwner(owner). + Write(t, client) +} diff --git a/internal/catalog/internal/controllers/nodehealth/controller.go b/internal/catalog/internal/controllers/nodehealth/controller.go index 9ef656b6a8bb..f28bb7a134a1 100644 --- a/internal/catalog/internal/controllers/nodehealth/controller.go +++ b/internal/catalog/internal/controllers/nodehealth/controller.go @@ -18,7 +18,7 @@ import ( func NodeHealthController() controller.Controller { return controller.ForType(pbcatalog.NodeType). - WithWatch(pbcatalog.HealthStatusType, controller.MapOwnerFiltered(pbcatalog.NodeType)). + WithWatch(pbcatalog.NodeHealthStatusType, controller.MapOwnerFiltered(pbcatalog.NodeType)). WithReconciler(&nodeHealthReconciler{}) } @@ -89,8 +89,8 @@ func getNodeHealth(ctx context.Context, rt controller.Runtime, nodeRef *pbresour health := pbcatalog.Health_HEALTH_PASSING for _, res := range rsp.Resources { - if resource.EqualType(res.Id.Type, pbcatalog.HealthStatusType) { - var hs pbcatalog.HealthStatus + if resource.EqualType(res.Id.Type, pbcatalog.NodeHealthStatusType) { + var hs pbcatalog.NodeHealthStatus if err := res.Data.UnmarshalTo(&hs); err != nil { // This should be impossible as the resource service + type validations the // catalog is performing will ensure that no data gets written where unmarshalling diff --git a/internal/catalog/internal/controllers/nodehealth/controller_test.go b/internal/catalog/internal/controllers/nodehealth/controller_test.go index 7590b1737516..e228a2d6e30b 100644 --- a/internal/catalog/internal/controllers/nodehealth/controller_test.go +++ b/internal/catalog/internal/controllers/nodehealth/controller_test.go @@ -363,10 +363,12 @@ func (suite *nodeHealthControllerTestSuite) TestController() { // wait for rereconciliation to happen suite.waitForReconciliation(suite.nodePassing, "HEALTH_PASSING") - resourcetest.Resource(pbcatalog.HealthStatusType, "failure"). - WithData(suite.T(), &pbcatalog.HealthStatus{Type: "fake", Status: pbcatalog.Health_HEALTH_CRITICAL}). + resourcetest.Resource(pbcatalog.NodeHealthStatusType, "failure"). + WithData(suite.T(), &pbcatalog.NodeHealthStatus{Type: "fake", Status: pbcatalog.Health_HEALTH_CRITICAL}). WithOwner(suite.nodePassing). - WithTenancy(tenancy). + WithTenancy(&pbresource.Tenancy{ + Partition: tenancy.Partition, + }). Write(suite.T(), suite.resourceClient) suite.waitForReconciliation(suite.nodePassing, "HEALTH_CRITICAL") @@ -415,8 +417,8 @@ func (suite *nodeHealthControllerTestSuite) setupNodesWithTenancy(tenancy *pbres for _, node := range []*pbresource.ID{suite.nodePassing, suite.nodeWarning, suite.nodeCritical, suite.nodeMaintenance} { for idx, health := range precedenceHealth { if nodeHealthDesiredStatus[node.Name] >= health { - resourcetest.Resource(pbcatalog.HealthStatusType, fmt.Sprintf("test-check-%s-%d-%s-%s", node.Name, idx, tenancy.Partition, tenancy.Namespace)). - WithData(suite.T(), &pbcatalog.HealthStatus{Type: "tcp", Status: health}). + resourcetest.Resource(pbcatalog.NodeHealthStatusType, fmt.Sprintf("test-check-%s-%d-%s", node.Name, idx, tenancy.Partition)). + WithData(suite.T(), &pbcatalog.NodeHealthStatus{Type: "tcp", Status: health}). WithOwner(node). Write(suite.T(), suite.resourceClient) } @@ -425,7 +427,7 @@ func (suite *nodeHealthControllerTestSuite) setupNodesWithTenancy(tenancy *pbres // create a DNSPolicy to be owned by the node. The type doesn't really matter it just needs // to be something that doesn't care about its owner. All we want to prove is that we are - // filtering out non-HealthStatus types appropriately. + // filtering out non-NodeHealthStatus types appropriately. resourcetest.Resource(pbcatalog.DNSPolicyType, "test-policy-"+tenancy.Partition+"-"+tenancy.Namespace). WithData(suite.T(), dnsPolicyData). WithOwner(suite.nodeNoHealth). diff --git a/internal/catalog/internal/types/health_status.go b/internal/catalog/internal/types/health_status.go index c5ea7e106fa3..9acb4a3fb9ce 100644 --- a/internal/catalog/internal/types/health_status.go +++ b/internal/catalog/internal/types/health_status.go @@ -64,7 +64,7 @@ func validateHealthStatus(res *DecodedHealthStatus) error { Name: "owner", Wrapped: resource.ErrMissing, }) - } else if !resource.EqualType(res.Owner.Type, pbcatalog.WorkloadType) && !resource.EqualType(res.Owner.Type, pbcatalog.NodeType) { + } else if !resource.EqualType(res.Owner.Type, pbcatalog.WorkloadType) { err = multierror.Append(err, resource.ErrOwnerTypeInvalid{ResourceType: res.Id.Type, OwnerType: res.Owner.Type}) } @@ -77,11 +77,6 @@ func aclReadHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.Author return authorizer.ToAllowAuthorizer().ServiceReadAllowed(res.GetOwner().GetName(), authzContext) } - // For a health status of a node we need to check node:read perms. - if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { - return authorizer.ToAllowAuthorizer().NodeReadAllowed(res.GetOwner().GetName(), authzContext) - } - return acl.PermissionDenied("cannot read catalog.HealthStatus because there is no owner") } @@ -91,10 +86,5 @@ func aclWriteHookHealthStatus(authorizer acl.Authorizer, authzContext *acl.Autho return authorizer.ToAllowAuthorizer().ServiceWriteAllowed(res.GetOwner().GetName(), authzContext) } - // For a health status of a node we need to check node:write perms. - if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { - return authorizer.ToAllowAuthorizer().NodeWriteAllowed(res.GetOwner().GetName(), authzContext) - } - return acl.PermissionDenied("cannot write catalog.HealthStatus because there is no owner") } diff --git a/internal/catalog/internal/types/health_status_test.go b/internal/catalog/internal/types/health_status_test.go index f61b00ad4306..58c22fd720f3 100644 --- a/internal/catalog/internal/types/health_status_test.go +++ b/internal/catalog/internal/types/health_status_test.go @@ -70,15 +70,6 @@ func TestValidateHealthStatus_Ok(t *testing.T) { Name: "foo-workload", }, }, - "node-owned": { - owner: &pbresource.ID{ - Type: pbcatalog.NodeType, - Tenancy: &pbresource.Tenancy{ - Partition: defaultHealthStatusOwnerTenancy.Partition, - }, - Name: "bar-node", - }, - }, } for name, tcase := range cases { @@ -223,7 +214,6 @@ func TestHealthStatusACLs(t *testing.T) { Register(registry) workload := resourcetest.Resource(pbcatalog.WorkloadType, "test").ID() - node := resourcetest.Resource(pbcatalog.NodeType, "test").ID() healthStatusData := &pbcatalog.HealthStatus{ Type: "tcp", @@ -258,42 +248,6 @@ func TestHealthStatusACLs(t *testing.T) { WriteOK: resourcetest.ALLOW, ListOK: resourcetest.DEFAULT, }, - "service test read with node owner": { - Rules: `service "test" { policy = "read" }`, - Data: healthStatusData, - Owner: node, - Typ: pbcatalog.HealthStatusType, - ReadOK: resourcetest.DENY, - WriteOK: resourcetest.DENY, - ListOK: resourcetest.DEFAULT, - }, - "service test write with node owner": { - Rules: `service "test" { policy = "write" }`, - Data: healthStatusData, - Owner: node, - Typ: pbcatalog.HealthStatusType, - ReadOK: resourcetest.DENY, - WriteOK: resourcetest.DENY, - ListOK: resourcetest.DEFAULT, - }, - "node test read with node owner": { - Rules: `node "test" { policy = "read" }`, - Data: healthStatusData, - Owner: node, - Typ: pbcatalog.HealthStatusType, - ReadOK: resourcetest.ALLOW, - WriteOK: resourcetest.DENY, - ListOK: resourcetest.DEFAULT, - }, - "node test write with node owner": { - Rules: `node "test" { policy = "write" }`, - Data: healthStatusData, - Owner: node, - Typ: pbcatalog.HealthStatusType, - ReadOK: resourcetest.ALLOW, - WriteOK: resourcetest.ALLOW, - ListOK: resourcetest.DEFAULT, - }, "node test read with workload owner": { Rules: `node "test" { policy = "read" }`, Data: healthStatusData, diff --git a/internal/catalog/internal/types/node_health_status.go b/internal/catalog/internal/types/node_health_status.go new file mode 100644 index 000000000000..89d334402927 --- /dev/null +++ b/internal/catalog/internal/types/node_health_status.go @@ -0,0 +1,90 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "github.com/hashicorp/go-multierror" + + "github.com/hashicorp/consul/acl" + "github.com/hashicorp/consul/internal/resource" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" +) + +type DecodedNodeHealthStatus = resource.DecodedResource[*pbcatalog.NodeHealthStatus] + +func RegisterNodeHealthStatus(r resource.Registry) { + r.Register(resource.Registration{ + Type: pbcatalog.NodeHealthStatusType, + Proto: &pbcatalog.NodeHealthStatus{}, + Scope: resource.ScopePartition, + Validate: ValidateNodeHealthStatus, + ACLs: &resource.ACLHooks{ + Read: resource.AuthorizeReadWithResource(aclReadHookNodeHealthStatus), + Write: aclWriteHookNodeHealthStatus, + List: resource.NoOpACLListHook, + }, + }) +} + +var ValidateNodeHealthStatus = resource.DecodeAndValidate(validateNodeHealthStatus) + +func validateNodeHealthStatus(res *DecodedNodeHealthStatus) error { + var err error + + // Should we allow empty types? I think for now it will be safest to require + // the type field is set and we can relax this restriction in the future + // if we deem it desirable. + if res.Data.Type == "" { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "type", + Wrapped: resource.ErrMissing, + }) + } + + switch res.Data.Status { + case pbcatalog.Health_HEALTH_PASSING, + pbcatalog.Health_HEALTH_WARNING, + pbcatalog.Health_HEALTH_CRITICAL, + pbcatalog.Health_HEALTH_MAINTENANCE: + default: + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "status", + Wrapped: errInvalidHealth, + }) + } + + // Ensure that the NodeHealthStatus' owner is a type that we want to allow. The + // owner is currently the resource that this NodeHealthStatus applies to. If we + // change this to be a parent reference within the NodeHealthStatus.Data then + // we could allow for other owners. + if res.Resource.Owner == nil { + err = multierror.Append(err, resource.ErrInvalidField{ + Name: "owner", + Wrapped: resource.ErrMissing, + }) + } else if !resource.EqualType(res.Owner.Type, pbcatalog.NodeType) { + err = multierror.Append(err, resource.ErrOwnerTypeInvalid{ResourceType: res.Id.Type, OwnerType: res.Owner.Type}) + } + + return err +} + +func aclReadHookNodeHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + // For a health status of a node we need to check node:read perms. + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { + return authorizer.ToAllowAuthorizer().NodeReadAllowed(res.GetOwner().GetName(), authzContext) + } + + return acl.PermissionDenied("cannot read catalog.NodeHealthStatus because there is no owner") +} + +func aclWriteHookNodeHealthStatus(authorizer acl.Authorizer, authzContext *acl.AuthorizerContext, res *pbresource.Resource) error { + // For a health status of a node we need to check node:write perms. + if res.GetOwner() != nil && resource.EqualType(res.GetOwner().GetType(), pbcatalog.NodeType) { + return authorizer.ToAllowAuthorizer().NodeWriteAllowed(res.GetOwner().GetName(), authzContext) + } + + return acl.PermissionDenied("cannot write catalog.NodeHealthStatus because there is no owner") +} diff --git a/internal/catalog/internal/types/node_health_status_test.go b/internal/catalog/internal/types/node_health_status_test.go new file mode 100644 index 000000000000..a61211476512 --- /dev/null +++ b/internal/catalog/internal/types/node_health_status_test.go @@ -0,0 +1,273 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package types + +import ( + "testing" + + "github.com/hashicorp/consul/internal/resource" + "github.com/hashicorp/consul/internal/resource/resourcetest" + pbcatalog "github.com/hashicorp/consul/proto-public/pbcatalog/v2beta1" + "github.com/hashicorp/consul/proto-public/pbresource" + "github.com/stretchr/testify/require" + "google.golang.org/protobuf/reflect/protoreflect" + "google.golang.org/protobuf/types/known/anypb" +) + +var ( + defaultNodeHealthStatusOwnerTenancy = &pbresource.Tenancy{ + Partition: "default", + PeerName: "local", + } + + defaultNodeHealthStatusOwner = &pbresource.ID{ + Type: pbcatalog.NodeType, + Tenancy: defaultNodeHealthStatusOwnerTenancy, + Name: "foo", + } +) + +func createNodeHealthStatusResource(t *testing.T, data protoreflect.ProtoMessage, owner *pbresource.ID) *pbresource.Resource { + res := &pbresource.Resource{ + Id: &pbresource.ID{ + Type: pbcatalog.NodeHealthStatusType, + Tenancy: &pbresource.Tenancy{ + Partition: "default", + PeerName: "local", + }, + Name: "test-status", + }, + Owner: owner, + } + + var err error + res.Data, err = anypb.New(data) + require.NoError(t, err) + return res +} + +func TestValidateNodeHealthStatus_Ok(t *testing.T) { + data := &pbcatalog.NodeHealthStatus{ + Type: "tcp", + Status: pbcatalog.Health_HEALTH_PASSING, + Description: "Doesn't matter as this is user settable", + Output: "Health check executors are free to use this field", + } + + type testCase struct { + owner *pbresource.ID + } + + cases := map[string]testCase{ + "node-owned": { + owner: &pbresource.ID{ + Type: pbcatalog.NodeType, + Tenancy: defaultNodeHealthStatusOwnerTenancy, + Name: "bar-node", + }, + }, + } + + for name, tcase := range cases { + t.Run(name, func(t *testing.T) { + res := createNodeHealthStatusResource(t, data, tcase.owner) + err := ValidateNodeHealthStatus(res) + require.NoError(t, err) + }) + } +} + +func TestValidateNodeHealthStatus_ParseError(t *testing.T) { + // Any type other than the NodeHealthStatus type would work + // to cause the error we are expecting + data := &pbcatalog.IP{Address: "198.18.0.1"} + + res := createNodeHealthStatusResource(t, data, defaultNodeHealthStatusOwner) + + err := ValidateNodeHealthStatus(res) + require.Error(t, err) + require.ErrorAs(t, err, &resource.ErrDataParse{}) +} + +func TestValidateNodeHealthStatus_InvalidHealth(t *testing.T) { + // while this is a valid enum value it is not allowed to be used + // as the Status field. + data := &pbcatalog.NodeHealthStatus{ + Type: "tcp", + Status: pbcatalog.Health_HEALTH_ANY, + } + + res := createNodeHealthStatusResource(t, data, defaultNodeHealthStatusOwner) + + err := ValidateNodeHealthStatus(res) + require.Error(t, err) + expected := resource.ErrInvalidField{ + Name: "status", + Wrapped: errInvalidHealth, + } + var actual resource.ErrInvalidField + require.ErrorAs(t, err, &actual) + require.Equal(t, expected, actual) +} + +func TestValidateNodeHealthStatus_MissingType(t *testing.T) { + data := &pbcatalog.NodeHealthStatus{ + Status: pbcatalog.Health_HEALTH_PASSING, + } + + res := createNodeHealthStatusResource(t, data, defaultNodeHealthStatusOwner) + + err := ValidateNodeHealthStatus(res) + require.Error(t, err) + expected := resource.ErrInvalidField{ + Name: "type", + Wrapped: resource.ErrMissing, + } + var actual resource.ErrInvalidField + require.ErrorAs(t, err, &actual) + require.Equal(t, expected, actual) +} + +func TestValidateNodeHealthStatus_MissingOwner(t *testing.T) { + data := &pbcatalog.NodeHealthStatus{ + Type: "tcp", + Status: pbcatalog.Health_HEALTH_PASSING, + } + + res := createNodeHealthStatusResource(t, data, nil) + + err := ValidateNodeHealthStatus(res) + require.Error(t, err) + expected := resource.ErrInvalidField{ + Name: "owner", + Wrapped: resource.ErrMissing, + } + var actual resource.ErrInvalidField + require.ErrorAs(t, err, &actual) + require.Equal(t, expected, actual) +} + +func TestValidateNodeHealthStatus_InvalidOwner(t *testing.T) { + data := &pbcatalog.NodeHealthStatus{ + Type: "tcp", + Status: pbcatalog.Health_HEALTH_PASSING, + } + + type testCase struct { + owner *pbresource.ID + } + + cases := map[string]testCase{ + "group-mismatch": { + owner: &pbresource.ID{ + Type: &pbresource.Type{ + Group: "fake", + GroupVersion: pbcatalog.Version, + Kind: pbcatalog.NodeKind, + }, + Tenancy: defaultNodeHealthStatusOwnerTenancy, + Name: "baz", + }, + }, + "group-version-mismatch": { + owner: &pbresource.ID{ + Type: &pbresource.Type{ + Group: pbcatalog.GroupName, + GroupVersion: "v99", + Kind: pbcatalog.NodeKind, + }, + Tenancy: defaultNodeHealthStatusOwnerTenancy, + Name: "baz", + }, + }, + "kind-mismatch": { + owner: &pbresource.ID{ + Type: pbcatalog.ServiceType, + Tenancy: defaultNodeHealthStatusOwnerTenancy, + Name: "baz", + }, + }, + } + + for name, tcase := range cases { + t.Run(name, func(t *testing.T) { + res := createNodeHealthStatusResource(t, data, tcase.owner) + err := ValidateNodeHealthStatus(res) + require.Error(t, err) + expected := resource.ErrOwnerTypeInvalid{ + ResourceType: pbcatalog.NodeHealthStatusType, + OwnerType: tcase.owner.Type, + } + var actual resource.ErrOwnerTypeInvalid + require.ErrorAs(t, err, &actual) + require.Equal(t, expected, actual) + }) + } +} + +func TestNodeHealthStatusACLs(t *testing.T) { + registry := resource.NewRegistry() + Register(registry) + + node := resourcetest.Resource(pbcatalog.NodeType, "test").ID() + + nodehealthStatusData := &pbcatalog.NodeHealthStatus{ + Type: "tcp", + Status: pbcatalog.Health_HEALTH_PASSING, + } + + cases := map[string]resourcetest.ACLTestCase{ + "no rules": { + Rules: ``, + Data: nodehealthStatusData, + Owner: node, + Typ: pbcatalog.NodeHealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test read with node owner": { + Rules: `service "test" { policy = "read" }`, + Data: nodehealthStatusData, + Owner: node, + Typ: pbcatalog.NodeHealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "service test write with node owner": { + Rules: `service "test" { policy = "write" }`, + Data: nodehealthStatusData, + Owner: node, + Typ: pbcatalog.NodeHealthStatusType, + ReadOK: resourcetest.DENY, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test read with node owner": { + Rules: `node "test" { policy = "read" }`, + Data: nodehealthStatusData, + Owner: node, + Typ: pbcatalog.NodeHealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.DENY, + ListOK: resourcetest.DEFAULT, + }, + "node test write with node owner": { + Rules: `node "test" { policy = "write" }`, + Data: nodehealthStatusData, + Owner: node, + Typ: pbcatalog.NodeHealthStatusType, + ReadOK: resourcetest.ALLOW, + WriteOK: resourcetest.ALLOW, + ListOK: resourcetest.DEFAULT, + }, + } + + for name, tc := range cases { + t.Run(name, func(t *testing.T) { + resourcetest.RunACLTestCase(t, tc, registry) + }) + } +} diff --git a/internal/catalog/internal/types/types.go b/internal/catalog/internal/types/types.go index 15ed6b148de7..936f2d63ce6b 100644 --- a/internal/catalog/internal/types/types.go +++ b/internal/catalog/internal/types/types.go @@ -14,7 +14,7 @@ func Register(r resource.Registry) { RegisterNode(r) RegisterHealthStatus(r) RegisterFailoverPolicy(r) - + RegisterNodeHealthStatus(r) // todo (v2): re-register once these resources are implemented. //RegisterHealthChecks(r) //RegisterDNSPolicy(r) diff --git a/internal/go-sso/oidcauth/oidc_test.go b/internal/go-sso/oidcauth/oidc_test.go index 48de99b64181..b2ed31ff5cd3 100644 --- a/internal/go-sso/oidcauth/oidc_test.go +++ b/internal/go-sso/oidcauth/oidc_test.go @@ -390,7 +390,7 @@ func TestOIDC_ClaimsFromAuthCode(t *testing.T) { context.Background(), state, "wrong_code", ) - requireErrorContains(t, err, "cannot fetch token") + requireErrorContains(t, err, "Error exchanging oidc code") requireProviderError(t, err) }) diff --git a/internal/mesh/internal/controllers/sidecarproxy/controller_test.go b/internal/mesh/internal/controllers/sidecarproxy/controller_test.go index 707aa3f66726..5262c61fe84a 100644 --- a/internal/mesh/internal/controllers/sidecarproxy/controller_test.go +++ b/internal/mesh/internal/controllers/sidecarproxy/controller_test.go @@ -44,15 +44,9 @@ type controllerTestSuite struct { ctl *reconciler ctx context.Context - apiWorkloadID *pbresource.ID - apiWorkload *pbcatalog.Workload - apiComputedTrafficPermissions *pbresource.Resource - apiComputedTrafficPermissionsData *pbauth.ComputedTrafficPermissions - apiService *pbresource.Resource - apiServiceData *pbcatalog.Service - apiEndpoints *pbresource.Resource - apiEndpointsData *pbcatalog.ServiceEndpoints - webWorkload *pbresource.Resource + webWorkload *pbresource.Resource + + api map[tenancyKey]apiData dbWorkloadID *pbresource.ID dbWorkload *pbcatalog.Workload @@ -60,8 +54,33 @@ type controllerTestSuite struct { dbEndpoints *pbresource.Resource dbEndpointsData *pbcatalog.ServiceEndpoints - proxyStateTemplate *pbmesh.ProxyStateTemplate - tenancies []*pbresource.Tenancy + tenancies []*pbresource.Tenancy +} + +type tenancyKey struct { + Namespace string + Partition string +} + +func toTenancyKey(t *pbresource.Tenancy) tenancyKey { + return tenancyKey{ + Namespace: t.Namespace, + Partition: t.Partition, + } +} + +type apiData struct { + workloadID *pbresource.ID + workload *pbcatalog.Workload + computedTrafficPermissions *pbresource.Resource + computedTrafficPermissionsData *pbauth.ComputedTrafficPermissions + service *pbresource.Resource + destinationListenerName string + destinationClusterName string + serviceData *pbcatalog.Service + endpoints *pbresource.Resource + endpointsData *pbcatalog.ServiceEndpoints + proxyStateTemplate *pbmesh.ProxyStateTemplate } func (suite *controllerTestSuite) SetupTest() { @@ -98,48 +117,9 @@ func (suite *controllerTestSuite) SetupTest() { "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, }, } - - suite.apiServiceData = &pbcatalog.Service{ - Workloads: &pbcatalog.WorkloadSelector{Names: []string{"api-abc"}}, - VirtualIps: []string{"1.1.1.1"}, - Ports: []*pbcatalog.ServicePort{ - {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - } - - suite.apiComputedTrafficPermissionsData = &pbauth.ComputedTrafficPermissions{ - IsDefault: false, - AllowPermissions: []*pbauth.Permission{ - { - Sources: []*pbauth.Source{ - { - IdentityName: "foo", - Namespace: "default", - Partition: "default", - Peer: "local", - }, - }, - }, - }, - } } func (suite *controllerTestSuite) setupSuiteWithTenancy(tenancy *pbresource.Tenancy) { - - suite.apiWorkload = &pbcatalog.Workload{ - Identity: "api-identity", - Addresses: []*pbcatalog.WorkloadAddress{ - { - Host: "10.0.0.1", - }, - }, - Ports: map[string]*pbcatalog.WorkloadPort{ - "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, - "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, - }, - } - webWorkloadData := &pbcatalog.Workload{ Identity: "web-identity", Addresses: []*pbcatalog.WorkloadAddress{ @@ -181,42 +161,101 @@ func (suite *controllerTestSuite) setupSuiteWithTenancy(tenancy *pbresource.Tena }, }, } - suite.dbEndpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "db-service"). WithData(suite.T(), suite.dbEndpointsData). WithTenancy(tenancy). Write(suite.T(), suite.client) - suite.apiWorkloadID = resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). - WithTenancy(tenancy). - WithData(suite.T(), suite.apiWorkload). - Write(suite.T(), suite.client.ResourceServiceClient).Id + suite.api = make(map[tenancyKey]apiData) - suite.apiComputedTrafficPermissions = resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, suite.apiWorkload.Identity). - WithData(suite.T(), suite.apiComputedTrafficPermissionsData). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient) + for i, t := range suite.tenancies { + var a apiData - suite.apiService = resourcetest.Resource(pbcatalog.ServiceType, "api-service"). - WithData(suite.T(), suite.apiServiceData). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient) + a.computedTrafficPermissionsData = &pbauth.ComputedTrafficPermissions{ + IsDefault: false, + AllowPermissions: []*pbauth.Permission{ + { + Sources: []*pbauth.Source{ + { + IdentityName: "foo", + Namespace: "default", + Partition: "default", + Peer: "local", + }, + }, + }, + }, + } - suite.apiEndpointsData = &pbcatalog.ServiceEndpoints{ - Endpoints: []*pbcatalog.Endpoint{ - { - TargetRef: suite.apiWorkloadID, - Addresses: suite.apiWorkload.Addresses, - Ports: suite.apiWorkload.Ports, - Identity: "api-identity", + a.workload = &pbcatalog.Workload{ + Identity: "api-identity", + Addresses: []*pbcatalog.WorkloadAddress{ + { + Host: "10.0.0.1", + }, }, - }, - } + Ports: map[string]*pbcatalog.WorkloadPort{ + "tcp": {Port: 8080, Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + "mesh": {Port: 20000, Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + } - suite.apiEndpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). - WithData(suite.T(), suite.apiEndpointsData). - WithTenancy(tenancy). - Write(suite.T(), suite.client.ResourceServiceClient) + a.serviceData = &pbcatalog.Service{ + Workloads: &pbcatalog.WorkloadSelector{Names: []string{"api-abc"}}, + VirtualIps: []string{"1.1.1.1"}, + Ports: []*pbcatalog.ServicePort{ + {TargetPort: "tcp", Protocol: pbcatalog.Protocol_PROTOCOL_TCP}, + {TargetPort: "mesh", Protocol: pbcatalog.Protocol_PROTOCOL_MESH}, + }, + } + + a.workloadID = resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). + WithTenancy(t). + WithData(suite.T(), a.workload). + Write(suite.T(), suite.client.ResourceServiceClient).Id + + a.endpointsData = &pbcatalog.ServiceEndpoints{ + Endpoints: []*pbcatalog.Endpoint{ + { + TargetRef: a.workloadID, + Addresses: a.workload.Addresses, + Ports: a.workload.Ports, + Identity: "api-identity", + }, + }, + } + + a.computedTrafficPermissions = resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, a.workload.Identity). + WithData(suite.T(), a.computedTrafficPermissionsData). + WithTenancy(t). + Write(suite.T(), suite.client.ResourceServiceClient) + + a.service = resourcetest.Resource(pbcatalog.ServiceType, "api-service"). + WithData(suite.T(), a.serviceData). + WithTenancy(t). + Write(suite.T(), suite.client.ResourceServiceClient) + + a.endpoints = resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). + WithData(suite.T(), a.endpointsData). + WithTenancy(t). + Write(suite.T(), suite.client.ResourceServiceClient) + + identityRef := &pbresource.Reference{ + Name: a.workload.Identity, + Tenancy: a.workloadID.Tenancy, + Type: pbauth.WorkloadIdentityType, + } + + a.destinationListenerName = builder.DestinationListenerName(resource.Reference(a.service.Id, ""), "tcp", "127.0.0.1", uint32(1234+i)) + a.destinationClusterName = builder.DestinationSNI(resource.Reference(a.service.Id, ""), "dc1", "test.consul") + + a.proxyStateTemplate = builder.New(resource.ReplaceType(pbmesh.ProxyStateTemplateType, a.workloadID), + identityRef, "test.consul", "dc1", false, nil). + BuildLocalApp(a.workload, a.computedTrafficPermissionsData). + Build() + + suite.api[toTenancyKey(t)] = a + } suite.webWorkload = resourcetest.Resource(pbcatalog.WorkloadType, "web-def"). WithData(suite.T(), webWorkloadData). @@ -250,17 +289,6 @@ func (suite *controllerTestSuite) setupSuiteWithTenancy(tenancy *pbresource.Tena }, }, }).Write(suite.T(), suite.client) - - identityRef := &pbresource.Reference{ - Name: suite.apiWorkload.Identity, - Tenancy: suite.apiWorkloadID.Tenancy, - Type: pbauth.WorkloadIdentityType, - } - - suite.proxyStateTemplate = builder.New(resource.ReplaceType(pbmesh.ProxyStateTemplateType, suite.apiWorkloadID), - identityRef, "test.consul", "dc1", false, nil). - BuildLocalApp(suite.apiWorkload, suite.apiComputedTrafficPermissionsData). - Build() } func (suite *controllerTestSuite) TestWorkloadPortProtocolsFromService_NoServicesInCache() { @@ -465,35 +493,38 @@ func (suite *controllerTestSuite) TestReconcile_NonMeshWorkload() { func (suite *controllerTestSuite) TestReconcile_NoExistingProxyStateTemplate() { suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { + api := suite.api[toTenancyKey(tenancy)] + err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ - ID: resourceID(pbmesh.ProxyStateTemplateType, suite.apiWorkloadID.Name, tenancy), + ID: resourceID(pbmesh.ProxyStateTemplateType, api.workloadID.Name, tenancy), }) require.NoError(suite.T(), err) - res := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, suite.apiWorkloadID.Name, tenancy)) + res := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, api.workloadID.Name, tenancy)) require.NoError(suite.T(), err) require.NotNil(suite.T(), res.Data) - prototest.AssertDeepEqual(suite.T(), suite.apiWorkloadID, res.Owner) + prototest.AssertDeepEqual(suite.T(), api.workloadID, res.Owner) }) } func (suite *controllerTestSuite) TestReconcile_ExistingProxyStateTemplate_WithUpdates() { suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { // This test ensures that we write a new proxy state template when there are changes. + api := suite.api[toTenancyKey(tenancy)] // Write the original. resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc"). - WithData(suite.T(), suite.proxyStateTemplate). - WithOwner(suite.apiWorkloadID). + WithData(suite.T(), api.proxyStateTemplate). + WithOwner(api.workloadID). WithTenancy(tenancy). Write(suite.T(), suite.client.ResourceServiceClient) // Update the apiWorkload and check that we default the port to tcp if it's unspecified. - suite.apiWorkload.Ports["tcp"].Protocol = pbcatalog.Protocol_PROTOCOL_UNSPECIFIED + api.workload.Ports["tcp"].Protocol = pbcatalog.Protocol_PROTOCOL_UNSPECIFIED updatedWorkloadID := resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). WithTenancy(tenancy). - WithData(suite.T(), suite.apiWorkload). + WithData(suite.T(), api.workload). Write(suite.T(), suite.client.ResourceServiceClient).Id err := suite.ctl.Reconcile(context.Background(), suite.runtime, controller.Request{ @@ -523,17 +554,18 @@ func (suite *controllerTestSuite) TestReconcile_ExistingProxyStateTemplate_WithU func (suite *controllerTestSuite) TestReconcile_ExistingProxyStateTemplate_NoUpdates() { suite.runTestCaseWithTenancies(func(tenancy *pbresource.Tenancy) { // This test ensures that we skip writing of the proxy state template when there are no changes to it. + api := suite.api[toTenancyKey(tenancy)] // Write the original. originalProxyState := resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc"). - WithData(suite.T(), suite.proxyStateTemplate). - WithOwner(suite.apiWorkloadID). + WithData(suite.T(), api.proxyStateTemplate). + WithOwner(api.workloadID). WithTenancy(tenancy). Write(suite.T(), suite.client.ResourceServiceClient) // Update the metadata on the apiWorkload which should result in no changes. updatedWorkloadID := resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). - WithData(suite.T(), suite.apiWorkload). + WithData(suite.T(), api.workload). WithMeta("some", "meta"). Write(suite.T(), suite.client.ResourceServiceClient).Id @@ -542,7 +574,7 @@ func (suite *controllerTestSuite) TestReconcile_ExistingProxyStateTemplate_NoUpd }) require.NoError(suite.T(), err) - updatedProxyState := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, suite.apiWorkloadID.Name, tenancy)) + updatedProxyState := suite.client.RequireResourceExists(suite.T(), resourceID(pbmesh.ProxyStateTemplateType, api.workloadID.Name, tenancy)) resourcetest.RequireVersionUnchanged(suite.T(), updatedProxyState, originalProxyState.Version) }) } @@ -563,13 +595,15 @@ func (suite *controllerTestSuite) TestController() { // This should test interactions between the reconciler, the mappers, and the destinationsCache to ensure they work // together and produce expected result. + api := suite.api[toTenancyKey(tenancy)] + // Run the controller manager var ( // Create proxy state template IDs to check against in this test. apiProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "api-abc").WithTenancy(tenancy).ID() webProxyStateTemplateID = resourcetest.Resource(pbmesh.ProxyStateTemplateType, "web-def").WithTenancy(tenancy).ID() - apiComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.apiService.Id) + apiComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, api.service.Id) dbComputedRoutesID = resource.ReplaceType(pbmesh.ComputedRoutesType, suite.dbService.Id) apiProxyStateTemplate *pbresource.Resource @@ -585,33 +619,43 @@ func (suite *controllerTestSuite) TestController() { }) // Write a default ComputedRoutes for api. - routestest.ReconcileComputedRoutes(suite.T(), suite.client, apiComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](suite.T(), suite.apiService), - ) + for _, api := range suite.api { + crID := resource.ReplaceType(pbmesh.ComputedRoutesType, api.service.Id) + routestest.ReconcileComputedRoutes(suite.T(), suite.client, crID, + resourcetest.MustDecode[*pbcatalog.Service](suite.T(), api.service), + ) + } + + var destinations []*pbmesh.Destination + var i uint32 + for _, t := range suite.tenancies { + destinations = append(destinations, &pbmesh.Destination{ + DestinationRef: resource.Reference(suite.api[toTenancyKey(t)].service.Id, ""), + DestinationPort: "tcp", + ListenAddr: &pbmesh.Destination_IpPort{ + IpPort: &pbmesh.IPPortAddress{ + Ip: "127.0.0.1", + Port: 1234 + i, + }, + }, + }) + i++ + } // Add a source service and check that a new proxy state is generated. webComputedDestinations = resourcetest.Resource(pbmesh.ComputedExplicitDestinationsType, suite.webWorkload.Id.Name). WithTenancy(tenancy). WithData(suite.T(), &pbmesh.ComputedExplicitDestinations{ - Destinations: []*pbmesh.Destination{ - { - DestinationRef: resource.Reference(suite.apiService.Id, ""), - DestinationPort: "tcp", - ListenAddr: &pbmesh.Destination_IpPort{ - IpPort: &pbmesh.IPPortAddress{ - Ip: "127.0.0.1", - Port: 1234, - }, - }, - }, - }, + Destinations: destinations, }).Write(suite.T(), suite.client) testutil.RunStep(suite.T(), "add explicit destinations and check that new proxy state is generated", func(t *testing.T) { webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinationsFound(rt, "api", tmpl) + for _, data := range suite.api { + requireExplicitDestinationsFound(t, data.destinationListenerName, data.destinationClusterName, tmpl) + } }) }) @@ -632,11 +676,11 @@ func (suite *controllerTestSuite) TestController() { WithTenancy(tenancy). WithData(suite.T(), &pbcatalog.Workload{ Identity: "api-identity", - Addresses: suite.apiWorkload.Addresses, + Addresses: api.workload.Addresses, Ports: nonMeshPorts}). Write(suite.T(), suite.client) - suite.apiService = resourcetest.ResourceID(suite.apiService.Id). + api.service = resourcetest.ResourceID(api.service.Id). WithTenancy(tenancy). WithData(t, &pbcatalog.Service{ Workloads: &pbcatalog.WorkloadSelector{Names: []string{"api-abc"}}, @@ -653,8 +697,8 @@ func (suite *controllerTestSuite) TestController() { WithData(suite.T(), &pbcatalog.ServiceEndpoints{ Endpoints: []*pbcatalog.Endpoint{ { - TargetRef: suite.apiWorkloadID, - Addresses: suite.apiWorkload.Addresses, + TargetRef: api.workloadID, + Addresses: api.workload.Addresses, Ports: nonMeshPorts, Identity: "api-identity", }, @@ -664,7 +708,7 @@ func (suite *controllerTestSuite) TestController() { // Refresh the computed routes in light of api losing a mesh port. routestest.ReconcileComputedRoutes(suite.T(), suite.client, apiComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, suite.apiService), + resourcetest.MustDecode[*pbcatalog.Service](t, api.service), ) // Check that api proxy template is gone. @@ -676,7 +720,7 @@ func (suite *controllerTestSuite) TestController() { webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinationsNotFound(rt, "api", tmpl) + requireExplicitDestinationsNotFound(t, api.destinationListenerName, api.destinationClusterName, tmpl) }) }) @@ -687,29 +731,31 @@ func (suite *controllerTestSuite) TestController() { resourcetest.Resource(pbcatalog.WorkloadType, "api-abc"). WithTenancy(tenancy). - WithData(suite.T(), suite.apiWorkload). + WithData(suite.T(), api.workload). Write(suite.T(), suite.client) - suite.apiService = resourcetest.Resource(pbcatalog.ServiceType, "api-service"). - WithData(suite.T(), suite.apiServiceData). + api.service = resourcetest.Resource(pbcatalog.ServiceType, "api-service"). + WithData(suite.T(), api.serviceData). WithTenancy(tenancy). Write(suite.T(), suite.client.ResourceServiceClient) resourcetest.Resource(pbcatalog.ServiceEndpointsType, "api-service"). WithTenancy(tenancy). - WithData(suite.T(), suite.apiEndpointsData). + WithData(suite.T(), api.endpointsData). Write(suite.T(), suite.client.ResourceServiceClient) // Refresh the computed routes in light of api losing a mesh port. routestest.ReconcileComputedRoutes(suite.T(), suite.client, apiComputedRoutesID, - resourcetest.MustDecode[*pbcatalog.Service](t, suite.apiService), + resourcetest.MustDecode[*pbcatalog.Service](t, api.service), ) // We should also get a new web proxy template resource as this destination should be added again. webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinationsFound(rt, "api", tmpl) + for _, data := range suite.api { + requireExplicitDestinationsFound(t, data.destinationListenerName, data.destinationClusterName, tmpl) + } }) }) @@ -722,7 +768,9 @@ func (suite *controllerTestSuite) TestController() { webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinationsFound(rt, "api", tmpl) + for _, data := range suite.api { + requireExplicitDestinationsFound(t, data.destinationListenerName, data.destinationClusterName, tmpl) + } }) }) @@ -756,8 +804,13 @@ func (suite *controllerTestSuite) TestController() { apiProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), apiProxyStateTemplateID, apiProxyStateTemplate.Version) suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - requireImplicitDestinationsFound(rt, "api", tmpl) - requireImplicitDestinationsFound(rt, "db", tmpl) + listenerNameDb := fmt.Sprintf("%s/local/%s/db-service", tenancy.Partition, tenancy.Namespace) + clusterNameDb := fmt.Sprintf("db-service.%s.%s", tenancy.Namespace, tenancy.Partition) + if tenancy.Partition == "default" { + clusterNameDb = fmt.Sprintf("db-service.%s", tenancy.Namespace) + } + requireImplicitDestinationsFound(t, api.destinationListenerName, api.destinationClusterName, tmpl) + requireImplicitDestinationsFound(t, listenerNameDb, clusterNameDb, tmpl) }) }) @@ -767,16 +820,16 @@ func (suite *controllerTestSuite) TestController() { assertTrafficPermissionDefaultPolicy(t, false, webProxyStateTemplate) suite.runtime.Logger.Trace("deleting computed traffic permissions") - _, err := suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: suite.apiComputedTrafficPermissions.Id}) + _, err := suite.client.Delete(suite.ctx, &pbresource.DeleteRequest{Id: api.computedTrafficPermissions.Id}) require.NoError(t, err) - suite.client.WaitForDeletion(t, suite.apiComputedTrafficPermissions.Id) + suite.client.WaitForDeletion(t, api.computedTrafficPermissions.Id) apiProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), apiProxyStateTemplateID, apiProxyStateTemplate.Version) suite.runtime.Logger.Trace("creating computed traffic permissions") - resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, suite.apiWorkload.Identity). + resourcetest.Resource(pbauth.ComputedTrafficPermissionsType, api.workload.Identity). WithTenancy(tenancy). - WithData(t, suite.apiComputedTrafficPermissionsData). + WithData(t, api.computedTrafficPermissionsData). Write(t, suite.client) suite.client.WaitForNewVersion(t, apiProxyStateTemplateID, apiProxyStateTemplate.Version) @@ -797,7 +850,7 @@ func (suite *controllerTestSuite) TestController() { BackendRefs: []*pbmesh.HTTPBackendRef{ { BackendRef: &pbmesh.BackendReference{ - Ref: resource.Reference(suite.apiService.Id, ""), + Ref: resource.Reference(api.service.Id, ""), Port: "tcp", }, Weight: 60, @@ -824,15 +877,20 @@ func (suite *controllerTestSuite) TestController() { dbCR := routestest.ReconcileComputedRoutes(suite.T(), suite.client, dbCRID, resourcetest.MustDecode[*pbmesh.HTTPRoute](t, route), resourcetest.MustDecode[*pbcatalog.Service](t, suite.dbService), - resourcetest.MustDecode[*pbcatalog.Service](t, suite.apiService), + resourcetest.MustDecode[*pbcatalog.Service](t, api.service), ) require.NotNil(t, dbCR, "computed routes for db was deleted instead of created") webProxyStateTemplate = suite.client.WaitForNewVersion(suite.T(), webProxyStateTemplateID, webProxyStateTemplate.Version) suite.waitForProxyStateTemplateState(t, webProxyStateTemplateID, func(rt resourcetest.T, tmpl *pbmesh.ProxyStateTemplate) { - requireImplicitDestinationsFound(rt, "api", tmpl) - requireImplicitDestinationsFound(rt, "db", tmpl) + listenerNameDb := fmt.Sprintf("%s/local/%s/db-service", tenancy.Partition, tenancy.Namespace) + clusterNameDb := fmt.Sprintf("db-service.%s.%s", tenancy.Namespace, tenancy.Partition) + if tenancy.Partition == "default" { + clusterNameDb = fmt.Sprintf("db-service.%s", tenancy.Namespace) + } + requireImplicitDestinationsFound(t, api.destinationListenerName, api.destinationClusterName, tmpl) + requireImplicitDestinationsFound(t, listenerNameDb, clusterNameDb, tmpl) }) }) }) @@ -872,21 +930,21 @@ func TestMeshController(t *testing.T) { suite.Run(t, new(controllerTestSuite)) } -func requireExplicitDestinationsFound(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinations(t, name, tmpl, true) +func requireExplicitDestinationsFound(t *testing.T, listenerName, clusterName string, tmpl *pbmesh.ProxyStateTemplate) { + requireExplicitDestinations(t, listenerName, clusterName, tmpl, true) } -func requireExplicitDestinationsNotFound(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate) { - requireExplicitDestinations(t, name, tmpl, false) +func requireExplicitDestinationsNotFound(t *testing.T, listenerName, clusterName string, tmpl *pbmesh.ProxyStateTemplate) { + requireExplicitDestinations(t, listenerName, clusterName, tmpl, false) } -func requireExplicitDestinations(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate, found bool) { +func requireExplicitDestinations(t resourcetest.T, listenerName string, clusterName string, tmpl *pbmesh.ProxyStateTemplate, found bool) { t.Helper() // Check outbound listener. var foundListener bool for _, l := range tmpl.ProxyState.Listeners { - if strings.Contains(l.Name, name) && l.Direction == pbproxystate.Direction_DIRECTION_OUTBOUND { + if l.Name == listenerName && l.Direction == pbproxystate.Direction_DIRECTION_OUTBOUND { foundListener = true break } @@ -894,10 +952,10 @@ func requireExplicitDestinations(t resourcetest.T, name string, tmpl *pbmesh.Pro require.Equal(t, found, foundListener) - requireClustersAndEndpoints(t, name, tmpl, found) + requireClustersAndEndpoints(t, clusterName, tmpl, found) } -func requireImplicitDestinationsFound(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate) { +func requireImplicitDestinationsFound(t resourcetest.T, listenerName string, clusterName string, tmpl *pbmesh.ProxyStateTemplate) { t.Helper() // Check outbound listener. @@ -920,7 +978,7 @@ func requireImplicitDestinationsFound(t resourcetest.T, name string, tmpl *pbmes case *pbproxystate.Router_L7: require.NotNil(t, x.L7.Route) routerName := x.L7.Route.Name - foundByName = strings.Contains(routerName, name) + foundByName = strings.Contains(routerName, listenerName) default: t.Fatalf("unexpected type of destination: %T", r.Destination) } @@ -937,15 +995,15 @@ func requireImplicitDestinationsFound(t resourcetest.T, name string, tmpl *pbmes } require.True(t, foundListener) - requireClustersAndEndpoints(t, name, tmpl, true) + requireClustersAndEndpoints(t, clusterName, tmpl, true) } -func requireClustersAndEndpoints(t resourcetest.T, name string, tmpl *pbmesh.ProxyStateTemplate, found bool) { +func requireClustersAndEndpoints(t resourcetest.T, clusterName string, tmpl *pbmesh.ProxyStateTemplate, found bool) { t.Helper() var foundCluster bool for c := range tmpl.ProxyState.Clusters { - if strings.Contains(c, name) { + if strings.Contains(c, clusterName) { foundCluster = true break } @@ -955,7 +1013,7 @@ func requireClustersAndEndpoints(t resourcetest.T, name string, tmpl *pbmesh.Pro var foundEndpoints bool for c := range tmpl.RequiredEndpoints { - if strings.Contains(c, name) { + if strings.Contains(c, clusterName) { foundEndpoints = true break } @@ -1003,10 +1061,12 @@ func (suite *controllerTestSuite) appendTenancyInfo(tenancy *pbresource.Tenancy) func (suite *controllerTestSuite) cleanupResources() { - suite.client.MustDelete(suite.T(), suite.apiWorkloadID) - suite.client.MustDelete(suite.T(), suite.apiComputedTrafficPermissions.Id) - suite.client.MustDelete(suite.T(), suite.apiService.Id) - suite.client.MustDelete(suite.T(), suite.apiEndpoints.Id) + for _, api := range suite.api { + suite.client.MustDelete(suite.T(), api.workloadID) + suite.client.MustDelete(suite.T(), api.computedTrafficPermissions.Id) + suite.client.MustDelete(suite.T(), api.service.Id) + suite.client.MustDelete(suite.T(), api.endpoints.Id) + } suite.client.MustDelete(suite.T(), suite.webWorkload.Id) suite.client.MustDelete(suite.T(), suite.dbWorkloadID) suite.client.MustDelete(suite.T(), suite.dbService.Id) diff --git a/internal/protohcl/testproto/example.pb.go b/internal/protohcl/testproto/example.pb.go index 304eac53d6d9..99e6fe980762 100644 --- a/internal/protohcl/testproto/example.pb.go +++ b/internal/protohcl/testproto/example.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: example.proto diff --git a/proto-public/annotations/ratelimit/ratelimit.pb.go b/proto-public/annotations/ratelimit/ratelimit.pb.go index 3514d47ceb29..624b55e25ad5 100644 --- a/proto-public/annotations/ratelimit/ratelimit.pb.go +++ b/proto-public/annotations/ratelimit/ratelimit.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: annotations/ratelimit/ratelimit.proto diff --git a/proto-public/pbacl/acl.pb.go b/proto-public/pbacl/acl.pb.go index f85a9e0b48e8..dd1ea0c58f2f 100644 --- a/proto-public/pbacl/acl.pb.go +++ b/proto-public/pbacl/acl.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbacl/acl.proto diff --git a/proto-public/pbauth/v2beta1/computed_traffic_permissions.pb.go b/proto-public/pbauth/v2beta1/computed_traffic_permissions.pb.go index b88c2e86bd03..ad1c4f4004d8 100644 --- a/proto-public/pbauth/v2beta1/computed_traffic_permissions.pb.go +++ b/proto-public/pbauth/v2beta1/computed_traffic_permissions.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbauth/v2beta1/computed_traffic_permissions.proto diff --git a/proto-public/pbauth/v2beta1/traffic_permissions.pb.go b/proto-public/pbauth/v2beta1/traffic_permissions.pb.go index 4226925386ac..13d785dc2c89 100644 --- a/proto-public/pbauth/v2beta1/traffic_permissions.pb.go +++ b/proto-public/pbauth/v2beta1/traffic_permissions.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbauth/v2beta1/traffic_permissions.proto diff --git a/proto-public/pbauth/v2beta1/workload_identity.pb.go b/proto-public/pbauth/v2beta1/workload_identity.pb.go index c24f45c776ea..679008f3e3b2 100644 --- a/proto-public/pbauth/v2beta1/workload_identity.pb.go +++ b/proto-public/pbauth/v2beta1/workload_identity.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbauth/v2beta1/workload_identity.proto diff --git a/proto-public/pbcatalog/v2beta1/dns.pb.go b/proto-public/pbcatalog/v2beta1/dns.pb.go index 446e788d3e95..9345fc4a78dc 100644 --- a/proto-public/pbcatalog/v2beta1/dns.pb.go +++ b/proto-public/pbcatalog/v2beta1/dns.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/dns.proto diff --git a/proto-public/pbcatalog/v2beta1/failover_policy.pb.go b/proto-public/pbcatalog/v2beta1/failover_policy.pb.go index 844e9e7a0af7..b97535df0ff1 100644 --- a/proto-public/pbcatalog/v2beta1/failover_policy.pb.go +++ b/proto-public/pbcatalog/v2beta1/failover_policy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/failover_policy.proto diff --git a/proto-public/pbcatalog/v2beta1/health.pb.binary.go b/proto-public/pbcatalog/v2beta1/health.pb.binary.go index b5592db6c464..1bb5bc00b4ad 100644 --- a/proto-public/pbcatalog/v2beta1/health.pb.binary.go +++ b/proto-public/pbcatalog/v2beta1/health.pb.binary.go @@ -96,3 +96,13 @@ func (msg *CheckTLSConfig) MarshalBinary() ([]byte, error) { func (msg *CheckTLSConfig) UnmarshalBinary(b []byte) error { return proto.Unmarshal(b, msg) } + +// MarshalBinary implements encoding.BinaryMarshaler +func (msg *NodeHealthStatus) MarshalBinary() ([]byte, error) { + return proto.Marshal(msg) +} + +// UnmarshalBinary implements encoding.BinaryUnmarshaler +func (msg *NodeHealthStatus) UnmarshalBinary(b []byte) error { + return proto.Unmarshal(b, msg) +} diff --git a/proto-public/pbcatalog/v2beta1/health.pb.go b/proto-public/pbcatalog/v2beta1/health.pb.go index 154a183831b2..716025369460 100644 --- a/proto-public/pbcatalog/v2beta1/health.pb.go +++ b/proto-public/pbcatalog/v2beta1/health.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/health.proto @@ -83,7 +83,7 @@ func (Health) EnumDescriptor() ([]byte, []int) { return file_pbcatalog_v2beta1_health_proto_rawDescGZIP(), []int{0} } -// This resource will belong to a workload or a node and will have an ownership relationship. +// This resource will belong to a workload and will have an ownership relationship. type HealthStatus struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -718,6 +718,82 @@ func (x *CheckTLSConfig) GetUseTls() bool { return false } +// This resource will belong to a node and will have an ownership relationship. +type NodeHealthStatus struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Type is the type of this health check, such as http, tcp, or kubernetes-readiness + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + // Health is the status. This maps to existing health check statuses. + Status Health `protobuf:"varint,2,opt,name=status,proto3,enum=hashicorp.consul.catalog.v2beta1.Health" json:"status,omitempty"` + // Description is the description for this status. + Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"` + // Output is the output from running the check that resulted in this status + Output string `protobuf:"bytes,4,opt,name=output,proto3" json:"output,omitempty"` +} + +func (x *NodeHealthStatus) Reset() { + *x = NodeHealthStatus{} + if protoimpl.UnsafeEnabled { + mi := &file_pbcatalog_v2beta1_health_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *NodeHealthStatus) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*NodeHealthStatus) ProtoMessage() {} + +func (x *NodeHealthStatus) ProtoReflect() protoreflect.Message { + mi := &file_pbcatalog_v2beta1_health_proto_msgTypes[9] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use NodeHealthStatus.ProtoReflect.Descriptor instead. +func (*NodeHealthStatus) Descriptor() ([]byte, []int) { + return file_pbcatalog_v2beta1_health_proto_rawDescGZIP(), []int{9} +} + +func (x *NodeHealthStatus) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *NodeHealthStatus) GetStatus() Health { + if x != nil { + return x.Status + } + return Health_HEALTH_ANY +} + +func (x *NodeHealthStatus) GetDescription() string { + if x != nil { + return x.Description + } + return "" +} + +func (x *NodeHealthStatus) GetOutput() string { + if x != nil { + return x.Output + } + return "" +} + var File_pbcatalog_v2beta1_health_proto protoreflect.FileDescriptor var file_pbcatalog_v2beta1_health_proto_rawDesc = []byte{ @@ -832,33 +908,44 @@ var file_pbcatalog_v2beta1_health_proto_rawDesc = []byte{ 0x0a, 0x0f, 0x74, 0x6c, 0x73, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x74, 0x6c, 0x73, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, 0x17, 0x0a, 0x07, 0x75, 0x73, 0x65, 0x5f, 0x74, 0x6c, - 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x75, 0x73, 0x65, 0x54, 0x6c, 0x73, 0x2a, - 0x6d, 0x0a, 0x06, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x12, 0x0e, 0x0a, 0x0a, 0x48, 0x45, 0x41, - 0x4c, 0x54, 0x48, 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x48, 0x45, 0x41, - 0x4c, 0x54, 0x48, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x12, 0x0a, - 0x0e, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x57, 0x41, 0x52, 0x4e, 0x49, 0x4e, 0x47, 0x10, - 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x43, 0x52, 0x49, 0x54, - 0x49, 0x43, 0x41, 0x4c, 0x10, 0x03, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, - 0x5f, 0x4d, 0x41, 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43, 0x45, 0x10, 0x04, 0x42, 0xa1, - 0x02, 0x0a, 0x24, 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, - 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, - 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x42, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x49, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, - 0x73, 0x75, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, - 0x2f, 0x70, 0x62, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x3b, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, - 0x31, 0xa2, 0x02, 0x03, 0x48, 0x43, 0x43, 0xaa, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, - 0x6f, 0x72, 0x70, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, - 0x6f, 0x67, 0x2e, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x20, 0x48, 0x61, 0x73, + 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x52, 0x06, 0x75, 0x73, 0x65, 0x54, 0x6c, 0x73, 0x22, + 0xaa, 0x01, 0x0a, 0x10, 0x4e, 0x6f, 0x64, 0x65, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x53, 0x74, + 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x40, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, + 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, + 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x48, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, + 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, + 0x6f, 0x75, 0x74, 0x70, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x6f, 0x75, + 0x74, 0x70, 0x75, 0x74, 0x3a, 0x06, 0xa2, 0x93, 0x04, 0x02, 0x08, 0x02, 0x2a, 0x6d, 0x0a, 0x06, + 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x12, 0x0e, 0x0a, 0x0a, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, + 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, + 0x5f, 0x50, 0x41, 0x53, 0x53, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x48, 0x45, + 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x57, 0x41, 0x52, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x02, 0x12, 0x13, + 0x0a, 0x0f, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x43, 0x52, 0x49, 0x54, 0x49, 0x43, 0x41, + 0x4c, 0x10, 0x03, 0x12, 0x16, 0x0a, 0x12, 0x48, 0x45, 0x41, 0x4c, 0x54, 0x48, 0x5f, 0x4d, 0x41, + 0x49, 0x4e, 0x54, 0x45, 0x4e, 0x41, 0x4e, 0x43, 0x45, 0x10, 0x04, 0x42, 0xa1, 0x02, 0x0a, 0x24, + 0x63, 0x6f, 0x6d, 0x2e, 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2e, 0x63, 0x6f, + 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x32, 0x62, + 0x65, 0x74, 0x61, 0x31, 0x42, 0x0b, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x50, 0x01, 0x5a, 0x49, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, + 0x68, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x2f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6c, + 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2d, 0x70, 0x75, 0x62, 0x6c, 0x69, 0x63, 0x2f, 0x70, 0x62, + 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x3b, + 0x63, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x76, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xa2, 0x02, + 0x03, 0x48, 0x43, 0x43, 0xaa, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, + 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x2e, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x2e, + 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xca, 0x02, 0x20, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, + 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, + 0x6f, 0x67, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x2c, 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x5c, 0x43, 0x61, - 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0xe2, 0x02, 0x2c, - 0x48, 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x5c, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x5c, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, - 0x5c, 0x47, 0x50, 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x23, 0x48, - 0x61, 0x73, 0x68, 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, - 0x3a, 0x3a, 0x43, 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, - 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x5c, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x5c, 0x47, 0x50, + 0x42, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0xea, 0x02, 0x23, 0x48, 0x61, 0x73, 0x68, + 0x69, 0x63, 0x6f, 0x72, 0x70, 0x3a, 0x3a, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6c, 0x3a, 0x3a, 0x43, + 0x61, 0x74, 0x61, 0x6c, 0x6f, 0x67, 0x3a, 0x3a, 0x56, 0x32, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -874,7 +961,7 @@ func file_pbcatalog_v2beta1_health_proto_rawDescGZIP() []byte { } var file_pbcatalog_v2beta1_health_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_pbcatalog_v2beta1_health_proto_msgTypes = make([]protoimpl.MessageInfo, 10) +var file_pbcatalog_v2beta1_health_proto_msgTypes = make([]protoimpl.MessageInfo, 11) var file_pbcatalog_v2beta1_health_proto_goTypes = []interface{}{ (Health)(0), // 0: hashicorp.consul.catalog.v2beta1.Health (*HealthStatus)(nil), // 1: hashicorp.consul.catalog.v2beta1.HealthStatus @@ -886,30 +973,32 @@ var file_pbcatalog_v2beta1_health_proto_goTypes = []interface{}{ (*GRPCCheck)(nil), // 7: hashicorp.consul.catalog.v2beta1.GRPCCheck (*OSServiceCheck)(nil), // 8: hashicorp.consul.catalog.v2beta1.OSServiceCheck (*CheckTLSConfig)(nil), // 9: hashicorp.consul.catalog.v2beta1.CheckTLSConfig - nil, // 10: hashicorp.consul.catalog.v2beta1.HTTPCheck.HeaderEntry - (*WorkloadSelector)(nil), // 11: hashicorp.consul.catalog.v2beta1.WorkloadSelector - (*durationpb.Duration)(nil), // 12: google.protobuf.Duration + (*NodeHealthStatus)(nil), // 10: hashicorp.consul.catalog.v2beta1.NodeHealthStatus + nil, // 11: hashicorp.consul.catalog.v2beta1.HTTPCheck.HeaderEntry + (*WorkloadSelector)(nil), // 12: hashicorp.consul.catalog.v2beta1.WorkloadSelector + (*durationpb.Duration)(nil), // 13: google.protobuf.Duration } var file_pbcatalog_v2beta1_health_proto_depIdxs = []int32{ 0, // 0: hashicorp.consul.catalog.v2beta1.HealthStatus.status:type_name -> hashicorp.consul.catalog.v2beta1.Health - 11, // 1: hashicorp.consul.catalog.v2beta1.HealthChecks.workloads:type_name -> hashicorp.consul.catalog.v2beta1.WorkloadSelector + 12, // 1: hashicorp.consul.catalog.v2beta1.HealthChecks.workloads:type_name -> hashicorp.consul.catalog.v2beta1.WorkloadSelector 3, // 2: hashicorp.consul.catalog.v2beta1.HealthChecks.health_checks:type_name -> hashicorp.consul.catalog.v2beta1.HealthCheck 4, // 3: hashicorp.consul.catalog.v2beta1.HealthCheck.http:type_name -> hashicorp.consul.catalog.v2beta1.HTTPCheck 5, // 4: hashicorp.consul.catalog.v2beta1.HealthCheck.tcp:type_name -> hashicorp.consul.catalog.v2beta1.TCPCheck 6, // 5: hashicorp.consul.catalog.v2beta1.HealthCheck.udp:type_name -> hashicorp.consul.catalog.v2beta1.UDPCheck 7, // 6: hashicorp.consul.catalog.v2beta1.HealthCheck.grpc:type_name -> hashicorp.consul.catalog.v2beta1.GRPCCheck 8, // 7: hashicorp.consul.catalog.v2beta1.HealthCheck.os_service:type_name -> hashicorp.consul.catalog.v2beta1.OSServiceCheck - 12, // 8: hashicorp.consul.catalog.v2beta1.HealthCheck.interval:type_name -> google.protobuf.Duration - 12, // 9: hashicorp.consul.catalog.v2beta1.HealthCheck.timeout:type_name -> google.protobuf.Duration - 12, // 10: hashicorp.consul.catalog.v2beta1.HealthCheck.deregister_critical_after:type_name -> google.protobuf.Duration - 10, // 11: hashicorp.consul.catalog.v2beta1.HTTPCheck.header:type_name -> hashicorp.consul.catalog.v2beta1.HTTPCheck.HeaderEntry + 13, // 8: hashicorp.consul.catalog.v2beta1.HealthCheck.interval:type_name -> google.protobuf.Duration + 13, // 9: hashicorp.consul.catalog.v2beta1.HealthCheck.timeout:type_name -> google.protobuf.Duration + 13, // 10: hashicorp.consul.catalog.v2beta1.HealthCheck.deregister_critical_after:type_name -> google.protobuf.Duration + 11, // 11: hashicorp.consul.catalog.v2beta1.HTTPCheck.header:type_name -> hashicorp.consul.catalog.v2beta1.HTTPCheck.HeaderEntry 9, // 12: hashicorp.consul.catalog.v2beta1.HTTPCheck.tls:type_name -> hashicorp.consul.catalog.v2beta1.CheckTLSConfig 9, // 13: hashicorp.consul.catalog.v2beta1.GRPCCheck.tls:type_name -> hashicorp.consul.catalog.v2beta1.CheckTLSConfig - 14, // [14:14] is the sub-list for method output_type - 14, // [14:14] is the sub-list for method input_type - 14, // [14:14] is the sub-list for extension type_name - 14, // [14:14] is the sub-list for extension extendee - 0, // [0:14] is the sub-list for field type_name + 0, // 14: hashicorp.consul.catalog.v2beta1.NodeHealthStatus.status:type_name -> hashicorp.consul.catalog.v2beta1.Health + 15, // [15:15] is the sub-list for method output_type + 15, // [15:15] is the sub-list for method input_type + 15, // [15:15] is the sub-list for extension type_name + 15, // [15:15] is the sub-list for extension extendee + 0, // [0:15] is the sub-list for field type_name } func init() { file_pbcatalog_v2beta1_health_proto_init() } @@ -1027,6 +1116,18 @@ func file_pbcatalog_v2beta1_health_proto_init() { return nil } } + file_pbcatalog_v2beta1_health_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*NodeHealthStatus); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } } file_pbcatalog_v2beta1_health_proto_msgTypes[2].OneofWrappers = []interface{}{ (*HealthCheck_Http)(nil), @@ -1041,7 +1142,7 @@ func file_pbcatalog_v2beta1_health_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_pbcatalog_v2beta1_health_proto_rawDesc, NumEnums: 1, - NumMessages: 10, + NumMessages: 11, NumExtensions: 0, NumServices: 0, }, diff --git a/proto-public/pbcatalog/v2beta1/health.proto b/proto-public/pbcatalog/v2beta1/health.proto index 29b4f5bf4cdd..9d3faf9c986d 100644 --- a/proto-public/pbcatalog/v2beta1/health.proto +++ b/proto-public/pbcatalog/v2beta1/health.proto @@ -9,7 +9,7 @@ import "google/protobuf/duration.proto"; import "pbcatalog/v2beta1/selector.proto"; import "pbresource/annotations.proto"; -// This resource will belong to a workload or a node and will have an ownership relationship. +// This resource will belong to a workload and will have an ownership relationship. message HealthStatus { option (hashicorp.consul.resource.spec) = {scope: SCOPE_NAMESPACE}; @@ -89,3 +89,17 @@ message CheckTLSConfig { bool tls_skip_verify = 2; bool use_tls = 3; } + +// This resource will belong to a node and will have an ownership relationship. +message NodeHealthStatus { + option (hashicorp.consul.resource.spec) = {scope: SCOPE_PARTITION}; + + // Type is the type of this health check, such as http, tcp, or kubernetes-readiness + string type = 1; + // Health is the status. This maps to existing health check statuses. + Health status = 2; + // Description is the description for this status. + string description = 3; + // Output is the output from running the check that resulted in this status + string output = 4; +} diff --git a/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go b/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go index 677a1af1056d..50225676f9f1 100644 --- a/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go +++ b/proto-public/pbcatalog/v2beta1/health_deepcopy.gen.go @@ -193,3 +193,24 @@ func (in *CheckTLSConfig) DeepCopy() *CheckTLSConfig { func (in *CheckTLSConfig) DeepCopyInterface() interface{} { return in.DeepCopy() } + +// DeepCopyInto supports using NodeHealthStatus within kubernetes types, where deepcopy-gen is used. +func (in *NodeHealthStatus) DeepCopyInto(out *NodeHealthStatus) { + proto.Reset(out) + proto.Merge(out, proto.Clone(in)) +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new NodeHealthStatus. Required by controller-gen. +func (in *NodeHealthStatus) DeepCopy() *NodeHealthStatus { + if in == nil { + return nil + } + out := new(NodeHealthStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new NodeHealthStatus. Required by controller-gen. +func (in *NodeHealthStatus) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/proto-public/pbcatalog/v2beta1/health_json.gen.go b/proto-public/pbcatalog/v2beta1/health_json.gen.go index 7c0065d922b4..0952df822e50 100644 --- a/proto-public/pbcatalog/v2beta1/health_json.gen.go +++ b/proto-public/pbcatalog/v2beta1/health_json.gen.go @@ -104,6 +104,17 @@ func (this *CheckTLSConfig) UnmarshalJSON(b []byte) error { return HealthUnmarshaler.Unmarshal(b, this) } +// MarshalJSON is a custom marshaler for NodeHealthStatus +func (this *NodeHealthStatus) MarshalJSON() ([]byte, error) { + str, err := HealthMarshaler.Marshal(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for NodeHealthStatus +func (this *NodeHealthStatus) UnmarshalJSON(b []byte) error { + return HealthUnmarshaler.Unmarshal(b, this) +} + var ( HealthMarshaler = &protojson.MarshalOptions{} HealthUnmarshaler = &protojson.UnmarshalOptions{DiscardUnknown: false} diff --git a/proto-public/pbcatalog/v2beta1/node.pb.go b/proto-public/pbcatalog/v2beta1/node.pb.go index 3b3fd3df1383..191debe0759d 100644 --- a/proto-public/pbcatalog/v2beta1/node.pb.go +++ b/proto-public/pbcatalog/v2beta1/node.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/node.proto diff --git a/proto-public/pbcatalog/v2beta1/protocol.pb.go b/proto-public/pbcatalog/v2beta1/protocol.pb.go index a1bdc899d92c..bb770e8ae96a 100644 --- a/proto-public/pbcatalog/v2beta1/protocol.pb.go +++ b/proto-public/pbcatalog/v2beta1/protocol.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/protocol.proto diff --git a/proto-public/pbcatalog/v2beta1/resource_types.gen.go b/proto-public/pbcatalog/v2beta1/resource_types.gen.go index c71a38ac70cd..aed62dc6bf73 100644 --- a/proto-public/pbcatalog/v2beta1/resource_types.gen.go +++ b/proto-public/pbcatalog/v2beta1/resource_types.gen.go @@ -15,6 +15,7 @@ const ( HealthChecksKind = "HealthChecks" HealthStatusKind = "HealthStatus" NodeKind = "Node" + NodeHealthStatusKind = "NodeHealthStatus" ServiceKind = "Service" ServiceEndpointsKind = "ServiceEndpoints" VirtualIPsKind = "VirtualIPs" @@ -52,6 +53,12 @@ var ( Kind: NodeKind, } + NodeHealthStatusType = &pbresource.Type{ + Group: GroupName, + GroupVersion: Version, + Kind: NodeHealthStatusKind, + } + ServiceType = &pbresource.Type{ Group: GroupName, GroupVersion: Version, diff --git a/proto-public/pbcatalog/v2beta1/selector.pb.go b/proto-public/pbcatalog/v2beta1/selector.pb.go index be51858d72c6..78de8adadf01 100644 --- a/proto-public/pbcatalog/v2beta1/selector.pb.go +++ b/proto-public/pbcatalog/v2beta1/selector.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/selector.proto diff --git a/proto-public/pbcatalog/v2beta1/service.pb.go b/proto-public/pbcatalog/v2beta1/service.pb.go index 99d51a9783b5..e019f7b60a0b 100644 --- a/proto-public/pbcatalog/v2beta1/service.pb.go +++ b/proto-public/pbcatalog/v2beta1/service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/service.proto diff --git a/proto-public/pbcatalog/v2beta1/service_endpoints.pb.go b/proto-public/pbcatalog/v2beta1/service_endpoints.pb.go index fe98e95b2f27..d1c02ef552bd 100644 --- a/proto-public/pbcatalog/v2beta1/service_endpoints.pb.go +++ b/proto-public/pbcatalog/v2beta1/service_endpoints.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/service_endpoints.proto diff --git a/proto-public/pbcatalog/v2beta1/vip.pb.go b/proto-public/pbcatalog/v2beta1/vip.pb.go index f0774f08b333..e70b92432c4b 100644 --- a/proto-public/pbcatalog/v2beta1/vip.pb.go +++ b/proto-public/pbcatalog/v2beta1/vip.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/vip.proto diff --git a/proto-public/pbcatalog/v2beta1/workload.pb.go b/proto-public/pbcatalog/v2beta1/workload.pb.go index fb2ffa773e46..b8505dc767ba 100644 --- a/proto-public/pbcatalog/v2beta1/workload.pb.go +++ b/proto-public/pbcatalog/v2beta1/workload.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbcatalog/v2beta1/workload.proto diff --git a/proto-public/pbconnectca/ca.pb.go b/proto-public/pbconnectca/ca.pb.go index b4312816f310..544554e4e699 100644 --- a/proto-public/pbconnectca/ca.pb.go +++ b/proto-public/pbconnectca/ca.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbconnectca/ca.proto diff --git a/proto-public/pbdataplane/dataplane.pb.go b/proto-public/pbdataplane/dataplane.pb.go index faa826994768..872a1f785ab6 100644 --- a/proto-public/pbdataplane/dataplane.pb.go +++ b/proto-public/pbdataplane/dataplane.pb.go @@ -5,7 +5,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbdataplane/dataplane.proto diff --git a/proto-public/pbdns/dns.pb.go b/proto-public/pbdns/dns.pb.go index c3825d68e9e4..0ca671422675 100644 --- a/proto-public/pbdns/dns.pb.go +++ b/proto-public/pbdns/dns.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbdns/dns.proto diff --git a/proto-public/pbmesh/v2beta1/common.pb.go b/proto-public/pbmesh/v2beta1/common.pb.go index c960d7c92388..18df155c05ef 100644 --- a/proto-public/pbmesh/v2beta1/common.pb.go +++ b/proto-public/pbmesh/v2beta1/common.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/common.proto diff --git a/proto-public/pbmesh/v2beta1/computed_explicit_destinations.pb.go b/proto-public/pbmesh/v2beta1/computed_explicit_destinations.pb.go index 407fd7d31d41..d2373032143d 100644 --- a/proto-public/pbmesh/v2beta1/computed_explicit_destinations.pb.go +++ b/proto-public/pbmesh/v2beta1/computed_explicit_destinations.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/computed_explicit_destinations.proto diff --git a/proto-public/pbmesh/v2beta1/computed_proxy_configuration.pb.go b/proto-public/pbmesh/v2beta1/computed_proxy_configuration.pb.go index a35764664e3c..626b34499b79 100644 --- a/proto-public/pbmesh/v2beta1/computed_proxy_configuration.pb.go +++ b/proto-public/pbmesh/v2beta1/computed_proxy_configuration.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/computed_proxy_configuration.proto diff --git a/proto-public/pbmesh/v2beta1/computed_routes.pb.go b/proto-public/pbmesh/v2beta1/computed_routes.pb.go index 612da01c249b..c1af9f011c54 100644 --- a/proto-public/pbmesh/v2beta1/computed_routes.pb.go +++ b/proto-public/pbmesh/v2beta1/computed_routes.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/computed_routes.proto diff --git a/proto-public/pbmesh/v2beta1/connection.pb.go b/proto-public/pbmesh/v2beta1/connection.pb.go index 591df222fc93..4822bdff8b58 100644 --- a/proto-public/pbmesh/v2beta1/connection.pb.go +++ b/proto-public/pbmesh/v2beta1/connection.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/connection.proto diff --git a/proto-public/pbmesh/v2beta1/destination_policy.pb.go b/proto-public/pbmesh/v2beta1/destination_policy.pb.go index 99d7c7eaeaee..7853384e19c5 100644 --- a/proto-public/pbmesh/v2beta1/destination_policy.pb.go +++ b/proto-public/pbmesh/v2beta1/destination_policy.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/destination_policy.proto diff --git a/proto-public/pbmesh/v2beta1/destinations.pb.go b/proto-public/pbmesh/v2beta1/destinations.pb.go index 623920c5145e..0e6f8c545eed 100644 --- a/proto-public/pbmesh/v2beta1/destinations.pb.go +++ b/proto-public/pbmesh/v2beta1/destinations.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/destinations.proto diff --git a/proto-public/pbmesh/v2beta1/destinations_configuration.pb.go b/proto-public/pbmesh/v2beta1/destinations_configuration.pb.go index 2e6a8f5e969d..5e85fbfb927b 100644 --- a/proto-public/pbmesh/v2beta1/destinations_configuration.pb.go +++ b/proto-public/pbmesh/v2beta1/destinations_configuration.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/destinations_configuration.proto diff --git a/proto-public/pbmesh/v2beta1/expose.pb.go b/proto-public/pbmesh/v2beta1/expose.pb.go index 63958a4b4f21..771dd028d2f3 100644 --- a/proto-public/pbmesh/v2beta1/expose.pb.go +++ b/proto-public/pbmesh/v2beta1/expose.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/expose.proto diff --git a/proto-public/pbmesh/v2beta1/gateway_class.pb.go b/proto-public/pbmesh/v2beta1/gateway_class.pb.go index 5e6d442fdd04..f8b076d0699f 100644 --- a/proto-public/pbmesh/v2beta1/gateway_class.pb.go +++ b/proto-public/pbmesh/v2beta1/gateway_class.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/gateway_class.proto diff --git a/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.go b/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.go index 3aa97f4f9ad6..7ab34e03e445 100644 --- a/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.go +++ b/proto-public/pbmesh/v2beta1/gatewayclassconfig.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/gatewayclassconfig.proto diff --git a/proto-public/pbmesh/v2beta1/grpc_route.pb.go b/proto-public/pbmesh/v2beta1/grpc_route.pb.go index e0b4f364810a..cd3650962727 100644 --- a/proto-public/pbmesh/v2beta1/grpc_route.pb.go +++ b/proto-public/pbmesh/v2beta1/grpc_route.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/grpc_route.proto diff --git a/proto-public/pbmesh/v2beta1/http_route.pb.go b/proto-public/pbmesh/v2beta1/http_route.pb.go index 383308f1ad00..3999fdff9240 100644 --- a/proto-public/pbmesh/v2beta1/http_route.pb.go +++ b/proto-public/pbmesh/v2beta1/http_route.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/http_route.proto diff --git a/proto-public/pbmesh/v2beta1/http_route_retries.pb.go b/proto-public/pbmesh/v2beta1/http_route_retries.pb.go index 49f1501fc78e..0334d1e035a6 100644 --- a/proto-public/pbmesh/v2beta1/http_route_retries.pb.go +++ b/proto-public/pbmesh/v2beta1/http_route_retries.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/http_route_retries.proto diff --git a/proto-public/pbmesh/v2beta1/http_route_timeouts.pb.go b/proto-public/pbmesh/v2beta1/http_route_timeouts.pb.go index 87e5ec3f578a..63b79dbe1485 100644 --- a/proto-public/pbmesh/v2beta1/http_route_timeouts.pb.go +++ b/proto-public/pbmesh/v2beta1/http_route_timeouts.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/http_route_timeouts.proto diff --git a/proto-public/pbmesh/v2beta1/mesh_configuration.pb.go b/proto-public/pbmesh/v2beta1/mesh_configuration.pb.go index 6b8dc035b4cf..40c2bca5c4eb 100644 --- a/proto-public/pbmesh/v2beta1/mesh_configuration.pb.go +++ b/proto-public/pbmesh/v2beta1/mesh_configuration.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/mesh_configuration.proto diff --git a/proto-public/pbmesh/v2beta1/mesh_gateway.pb.go b/proto-public/pbmesh/v2beta1/mesh_gateway.pb.go index 017796dfe62c..e61af2d2deaa 100644 --- a/proto-public/pbmesh/v2beta1/mesh_gateway.pb.go +++ b/proto-public/pbmesh/v2beta1/mesh_gateway.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/mesh_gateway.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/access_logs.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/access_logs.pb.go index c1c30af893c6..2bb741c5fff0 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/access_logs.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/access_logs.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/access_logs.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/address.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/address.pb.go index 6c814f3c8f2d..3df9ce857d88 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/address.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/address.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/address.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/cluster.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/cluster.pb.go index ba7386f527e0..4336ede8f2a0 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/cluster.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/cluster.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/cluster.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/endpoints.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/endpoints.pb.go index 5986ad83a12e..6d1731be4a4c 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/endpoints.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/endpoints.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/endpoints.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches.pb.go index 91e549564ced..0acc09f04430 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/escape_hatches.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/escape_hatches.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations.pb.go index 54bc797892fd..c915a9f865e6 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/header_mutations.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/header_mutations.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/listener.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/listener.pb.go index a7d7273163da..fcc61d6dca0c 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/listener.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/listener.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/listener.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/protocol.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/protocol.pb.go index a14cdf986de6..3b2207bd184d 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/protocol.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/protocol.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/protocol.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/references.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/references.pb.go index c544d2803095..ecbba11af74a 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/references.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/references.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/references.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/route.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/route.pb.go index 0d88a016eb6f..ce0433a63a81 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/route.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/route.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/route.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions.pb.go index def42e933f97..95d12c4e5c14 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/traffic_permissions.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/traffic_permissions.proto diff --git a/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket.pb.go b/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket.pb.go index d3acedebd182..ab62a847c5c1 100644 --- a/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket.pb.go +++ b/proto-public/pbmesh/v2beta1/pbproxystate/transport_socket.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/pbproxystate/transport_socket.proto diff --git a/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go b/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go index a374848fd20e..4291d34fe974 100644 --- a/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go +++ b/proto-public/pbmesh/v2beta1/proxy_configuration.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/proxy_configuration.proto diff --git a/proto-public/pbmesh/v2beta1/proxy_state.pb.go b/proto-public/pbmesh/v2beta1/proxy_state.pb.go index 5f26294a5d1c..b28c799116a4 100644 --- a/proto-public/pbmesh/v2beta1/proxy_state.pb.go +++ b/proto-public/pbmesh/v2beta1/proxy_state.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/proxy_state.proto diff --git a/proto-public/pbmesh/v2beta1/routing.pb.go b/proto-public/pbmesh/v2beta1/routing.pb.go index 4b1f64877431..2772194f767e 100644 --- a/proto-public/pbmesh/v2beta1/routing.pb.go +++ b/proto-public/pbmesh/v2beta1/routing.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/routing.proto diff --git a/proto-public/pbmesh/v2beta1/tcp_route.pb.go b/proto-public/pbmesh/v2beta1/tcp_route.pb.go index 5a2c401846af..c28f74e56f1a 100644 --- a/proto-public/pbmesh/v2beta1/tcp_route.pb.go +++ b/proto-public/pbmesh/v2beta1/tcp_route.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmesh/v2beta1/tcp_route.proto diff --git a/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.go b/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.go index 11ebe79f9dc6..312b608649bf 100644 --- a/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.go +++ b/proto-public/pbmulticluster/v2beta1/computed_exported_services.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmulticluster/v2beta1/computed_exported_services.proto diff --git a/proto-public/pbmulticluster/v2beta1/exported_services.pb.go b/proto-public/pbmulticluster/v2beta1/exported_services.pb.go index 7e776c3a94c1..d326c9c3f735 100644 --- a/proto-public/pbmulticluster/v2beta1/exported_services.pb.go +++ b/proto-public/pbmulticluster/v2beta1/exported_services.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmulticluster/v2beta1/exported_services.proto diff --git a/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.go b/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.go index a254b81af0a6..dcdd561b2dca 100644 --- a/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.go +++ b/proto-public/pbmulticluster/v2beta1/exported_services_consumer.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmulticluster/v2beta1/exported_services_consumer.proto diff --git a/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.go b/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.go index 5936f86fda11..1199e193b022 100644 --- a/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.go +++ b/proto-public/pbmulticluster/v2beta1/namespace_exported_services.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmulticluster/v2beta1/namespace_exported_services.proto diff --git a/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.go b/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.go index 116e4784e6fe..5417ff57ff0a 100644 --- a/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.go +++ b/proto-public/pbmulticluster/v2beta1/partition_exported_services.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbmulticluster/v2beta1/partition_exported_services.proto diff --git a/proto-public/pbresource/annotations.pb.go b/proto-public/pbresource/annotations.pb.go index fa01056cf3d9..a23c051dab38 100644 --- a/proto-public/pbresource/annotations.pb.go +++ b/proto-public/pbresource/annotations.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbresource/annotations.proto diff --git a/proto-public/pbresource/resource.pb.go b/proto-public/pbresource/resource.pb.go index d5205ae1f150..1bb6e269b010 100644 --- a/proto-public/pbresource/resource.pb.go +++ b/proto-public/pbresource/resource.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbresource/resource.proto diff --git a/proto-public/pbserverdiscovery/serverdiscovery.pb.go b/proto-public/pbserverdiscovery/serverdiscovery.pb.go index 37b3b592e7d8..e010c26dfb9e 100644 --- a/proto-public/pbserverdiscovery/serverdiscovery.pb.go +++ b/proto-public/pbserverdiscovery/serverdiscovery.pb.go @@ -6,7 +6,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbserverdiscovery/serverdiscovery.proto diff --git a/proto-public/pbtenancy/v2beta1/namespace.pb.go b/proto-public/pbtenancy/v2beta1/namespace.pb.go index 2118814a68a7..4ef901783d72 100644 --- a/proto-public/pbtenancy/v2beta1/namespace.pb.go +++ b/proto-public/pbtenancy/v2beta1/namespace.pb.go @@ -1,6 +1,6 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: pbtenancy/v2beta1/namespace.proto diff --git a/proto/private/pbacl/acl.pb.go b/proto/private/pbacl/acl.pb.go index f6aa5c3418cf..a213c24783c5 100644 --- a/proto/private/pbacl/acl.pb.go +++ b/proto/private/pbacl/acl.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbacl/acl.proto diff --git a/proto/private/pbautoconf/auto_config.pb.go b/proto/private/pbautoconf/auto_config.pb.go index a9b4c2c89168..12755fcc1c93 100644 --- a/proto/private/pbautoconf/auto_config.pb.go +++ b/proto/private/pbautoconf/auto_config.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbautoconf/auto_config.proto diff --git a/proto/private/pbcommon/common.pb.go b/proto/private/pbcommon/common.pb.go index fc6928184132..3b25f72b134c 100644 --- a/proto/private/pbcommon/common.pb.go +++ b/proto/private/pbcommon/common.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbcommon/common.proto diff --git a/proto/private/pbconfig/config.pb.go b/proto/private/pbconfig/config.pb.go index ce8e43c7ce91..a9f9d5116707 100644 --- a/proto/private/pbconfig/config.pb.go +++ b/proto/private/pbconfig/config.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbconfig/config.proto diff --git a/proto/private/pbconfigentry/config_entry.pb.go b/proto/private/pbconfigentry/config_entry.pb.go index 538857c92260..356753296fd2 100644 --- a/proto/private/pbconfigentry/config_entry.pb.go +++ b/proto/private/pbconfigentry/config_entry.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbconfigentry/config_entry.proto diff --git a/proto/private/pbconnect/connect.pb.go b/proto/private/pbconnect/connect.pb.go index 72fce82238c9..c8668ebb9432 100644 --- a/proto/private/pbconnect/connect.pb.go +++ b/proto/private/pbconnect/connect.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbconnect/connect.proto diff --git a/proto/private/pbdemo/v1/demo.pb.go b/proto/private/pbdemo/v1/demo.pb.go index cb3e2b8cd3ff..2cbf9ea8d15e 100644 --- a/proto/private/pbdemo/v1/demo.pb.go +++ b/proto/private/pbdemo/v1/demo.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbdemo/v1/demo.proto diff --git a/proto/private/pbdemo/v2/demo.pb.go b/proto/private/pbdemo/v2/demo.pb.go index a4c52a99d6a6..9d9a7053a7f2 100644 --- a/proto/private/pbdemo/v2/demo.pb.go +++ b/proto/private/pbdemo/v2/demo.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbdemo/v2/demo.proto diff --git a/proto/private/pboperator/operator.pb.go b/proto/private/pboperator/operator.pb.go index e7e457bc7389..b21726ae4e08 100644 --- a/proto/private/pboperator/operator.pb.go +++ b/proto/private/pboperator/operator.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pboperator/operator.proto diff --git a/proto/private/pbpeering/peering.pb.go b/proto/private/pbpeering/peering.pb.go index a0c7bd21676d..643f3cc279b7 100644 --- a/proto/private/pbpeering/peering.pb.go +++ b/proto/private/pbpeering/peering.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbpeering/peering.proto diff --git a/proto/private/pbpeerstream/peerstream.pb.go b/proto/private/pbpeerstream/peerstream.pb.go index aeb1bdb22082..2fb0acf7dbd0 100644 --- a/proto/private/pbpeerstream/peerstream.pb.go +++ b/proto/private/pbpeerstream/peerstream.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbpeerstream/peerstream.proto diff --git a/proto/private/pbservice/healthcheck.pb.go b/proto/private/pbservice/healthcheck.pb.go index 0392fd77455b..33080ae2dffc 100644 --- a/proto/private/pbservice/healthcheck.pb.go +++ b/proto/private/pbservice/healthcheck.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbservice/healthcheck.proto diff --git a/proto/private/pbservice/node.pb.go b/proto/private/pbservice/node.pb.go index 3d562fe31f71..05975fad0107 100644 --- a/proto/private/pbservice/node.pb.go +++ b/proto/private/pbservice/node.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbservice/node.proto diff --git a/proto/private/pbservice/service.pb.go b/proto/private/pbservice/service.pb.go index 871b6a04118c..9001dee33e29 100644 --- a/proto/private/pbservice/service.pb.go +++ b/proto/private/pbservice/service.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbservice/service.proto diff --git a/proto/private/pbstatus/status.pb.go b/proto/private/pbstatus/status.pb.go index ce1658b68cc0..3768ad4d783e 100644 --- a/proto/private/pbstatus/status.pb.go +++ b/proto/private/pbstatus/status.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbstatus/status.proto diff --git a/proto/private/pbstorage/raft.pb.go b/proto/private/pbstorage/raft.pb.go index 6efa5c8f8fb1..c8b6a6d6162f 100644 --- a/proto/private/pbstorage/raft.pb.go +++ b/proto/private/pbstorage/raft.pb.go @@ -3,7 +3,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbstorage/raft.proto diff --git a/proto/private/pbsubscribe/subscribe.pb.go b/proto/private/pbsubscribe/subscribe.pb.go index 93dcf9c21c23..485be62bad3f 100644 --- a/proto/private/pbsubscribe/subscribe.pb.go +++ b/proto/private/pbsubscribe/subscribe.pb.go @@ -6,7 +6,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.30.0 +// protoc-gen-go v1.31.0 // protoc (unknown) // source: private/pbsubscribe/subscribe.proto diff --git a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go index ae8ed0401a8f..c29e4b499f86 100644 --- a/test/integration/consul-container/test/upgrade/catalog/catalog_test.go +++ b/test/integration/consul-container/test/upgrade/catalog/catalog_test.go @@ -18,7 +18,7 @@ import ( "github.com/hashicorp/consul/test/integration/consul-container/libs/utils" ) -var minCatalogResourceVersion = version.Must(version.NewVersion("v1.17.0")) +var minCatalogResourceVersion = version.Must(version.NewVersion("v1.18.0")) const ( versionUndetermined = ` diff --git a/test/key/ourdomain_with_intermediate.cer b/test/key/ourdomain_with_intermediate.cer new file mode 100644 index 000000000000..8aa55e500c8a --- /dev/null +++ b/test/key/ourdomain_with_intermediate.cer @@ -0,0 +1,50 @@ +-----BEGIN CERTIFICATE----- +MIIETTCCAzWgAwIBAgIBKDANBgkqhkiG9w0BAQ0FADCBmDELMAkGA1UEBhMCVVMx +CzAJBgNVBAgMAkNBMRYwFAYDVQQHDA1TYW4gRnJhbmNpc2NvMRwwGgYDVQQKDBNI +YXNoaUNvcnAgVGVzdCBDZXJ0MQwwCgYDVQQLDANEZXYxFjAUBgNVBAMMDXRlc3Qu +aW50ZXJuYWwxIDAeBgkqhkiG9w0BCQEWEXRlc3RAaW50ZXJuYWwuY29tMCAXDTIz +MTEwMjE3MjAxNloYDzIxMjMxMDA5MTcyMDE2WjCBjTEYMBYGA1UEAwwPdGVzdGNv +LmludGVybmFsMRMwEQYDVQQIDApDYWxpZm9ybmlhMQswCQYDVQQGEwJVUzEpMCcG +CSqGSIb3DQEJARYaZG8tbm90LXJlcGx5QGhhc2hpY29ycC5jb20xEjAQBgNVBAoM +CUVuZCBQb2ludDEQMA4GA1UECwwHVGVzdGluZzCCASIwDQYJKoZIhvcNAQEBBQAD +ggEPADCCAQoCggEBAOR5UJpDbgTsIgDNF6/fcafrPYTZlJnvMmYGxgPBH7lV2qqI +64yDE03++lLIOwPy8p0JHgCeoCsxRKhOXjaaBjOi3QGQFUU6rl/v8IZFsUo9NIyS +JJttiJaZCTjzgSZri3PdOHAClP5zF1/aAhTmNf326vAxqkn2MI8yglorOq+CSlOM +6p9nUGRAsoSvfjmz1vYDoyf4T0ZCUU+ieQ9KbcSVSrMip+r/CekfXglfIygfA+dx +dSK2Ivp0YjQbsnGEueDOaXMd2HX6Fh93K7IuvGKF2fAHHNl92uhnkbe63aJ7ZYgO +ftHKvVZFgq6cFFccAuI9qJlk6mo8P+m1ZNfv3dsCAwEAAaOBqDCBpTAJBgNVHRME +AjAAMB0GA1UdDgQWBBTxigs6/Ob0ULZZeeWqgTrxhfwQRDAfBgNVHSMEGDAWgBTm +rmqnZIdFOj6vhCUAJKLZNUDwFDALBgNVHQ8EBAMCBaAwHQYDVR0lBBYwFAYIKwYB +BQUHAwEGCCsGAQUFBwMCMCwGA1UdHwQlMCMwIaAfoB2GG2h0dHA6Ly9wYXRoLnRv +LmNybC9teWNhLmNybDANBgkqhkiG9w0BAQ0FAAOCAQEAXS69n70i8mdd2KpUtuVQ +TqCZPggLJ0ctSzSOVFz3ZFMTg50g3bvMZaK3jdwpL8GH7tMjEZANFaM/QNAJWMVb +pc0UD1UxdqahNj40I5V5RL/ocYZbzCVcNi6Y5Z9skROHS6/j4OsvCseYRkpVGMkE +x9bcWJ/cRfLmK9CO8MUrq8gCPYBA1av/uMAot7aT+2rLLcduF5bKuBGGTccVQ01x +5h+2bmFj8jxpju39HPGvZ7mnOqseVKhbKwE87vxirccM4UkwJDmWNuL7pX4CvwHi +aDtzDHJws/WPduT/r4eaXjMat7CF42tLP+w4FWNJH/P3UAzHPaPq2i2eHmCcuw4A +eA== +-----END CERTIFICATE----- +-----BEGIN CERTIFICATE----- +MIIEEzCCAvugAwIBAgIUIYIXKNRBFBPuuOit2D2CfVJAoDAwDQYJKoZIhvcNAQEL +BQAwgZgxCzAJBgNVBAYTAlVTMQswCQYDVQQIDAJDQTEWMBQGA1UEBwwNU2FuIEZy +YW5jaXNjbzEcMBoGA1UECgwTSGFzaGlDb3JwIFRlc3QgQ2VydDEMMAoGA1UECwwD +RGV2MRYwFAYDVQQDDA10ZXN0LmludGVybmFsMSAwHgYJKoZIhvcNAQkBFhF0ZXN0 +QGludGVybmFsLmNvbTAeFw0yMzExMDIxNTUwMjlaFw0zMzEwMzAxNTUwMjlaMIGY +MQswCQYDVQQGEwJVUzELMAkGA1UECAwCQ0ExFjAUBgNVBAcMDVNhbiBGcmFuY2lz +Y28xHDAaBgNVBAoME0hhc2hpQ29ycCBUZXN0IENlcnQxDDAKBgNVBAsMA0RldjEW +MBQGA1UEAwwNdGVzdC5pbnRlcm5hbDEgMB4GCSqGSIb3DQEJARYRdGVzdEBpbnRl +cm5hbC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCIA00iG5Iv +eRzZwf2P1Laih3eoiK2Wl1Re22cz2Pcpf6gb7agPguwU5Hco0DWzsnmek2Qyw9gl +oroX1t7LbTW2rxbK1hP7PkFCwSxi9u8MZDaLF3a79bwbsYZzf3toeoz8DCBxo9bB +SSACj4uI/S+lUjMctQrK1nFjGoNUHfxioXPwIJH+TS/76TiZPu3Zj6kN6taVFNe3 +ISBNXW6Vg8E3koz+9Bwv0a6Ty7oFRoJXpsud1k/83Iy288jhYDuB56+ypUmcCNqG +T+e0Bn/VXHx26GXTx97cXSLJE+o+JrHZaI1TcQUL2Z5DJZVJRUg/wtcXggoMLVI1 +O0enJm2jdmLXAgMBAAGjUzBRMB0GA1UdDgQWBBTmrmqnZIdFOj6vhCUAJKLZNUDw +FDAfBgNVHSMEGDAWgBTmrmqnZIdFOj6vhCUAJKLZNUDwFDAPBgNVHRMBAf8EBTAD +AQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB3j6gvalxq54hZSwVmVZPMzjdTVYRC11b0 +6C9pWKsLwu+WINcs59ui8wpYVjcw1AK4/2I1Q7P4RgpSarAxG5tYIMB1xcfFKqBn +f/dDXexONgwpW6SoBJ58c7OB/aH8CenDT8Vwk3fwjYslOywbFRqBjH+PB8uTlu0e +D1fzjpcQCrQeA5VD4pjJAaTmi7bLVuH5XIya3++f/N3xOn53GVMUDO1OdFz8ZMvJ +Wrrg7E/wMXB1b5Wo2n2ypVU4sejikSjg2nfdLojUWGMrZ8TuUnjFs88PeQ9CObAp +A36dLfs4JLF3sVOtqTd6BGwegDsmmllYO5Ky6I+laoLSHpGDEihS +-----END CERTIFICATE----- diff --git a/testing/deployer/sprawl/catalog.go b/testing/deployer/sprawl/catalog.go index 59a42fd895ea..bde3c9a26676 100644 --- a/testing/deployer/sprawl/catalog.go +++ b/testing/deployer/sprawl/catalog.go @@ -343,16 +343,7 @@ func (s *Sprawl) registerCatalogNode( node *topology.Node, ) error { if node.IsV2() { - - // TODO(rb): nodes are optional in v2 and won't be used in k8s by - // default. There are some scoping issues with the Node Type in 1.17 so - // disable it for now. - // - // To re-enable you also need to link it to the Workload by setting the - // NodeName field. - // - // return s.registerCatalogNodeV2(cluster, node) - return nil + return s.registerCatalogNodeV2(cluster, node) } return s.registerCatalogNodeV1(cluster, node) } @@ -382,7 +373,6 @@ func (s *Sprawl) registerCatalogNodeV2( Name: node.PodName(), Tenancy: &pbresource.Tenancy{ Partition: node.Partition, - Namespace: "default", // temporary requirement }, }, Metadata: map[string]string{ @@ -723,8 +713,7 @@ func workloadInstanceToResources( Metadata: wrk.Meta, }, Data: &pbcatalog.Workload{ - // TODO(rb): disabling this until node scoping makes sense again - // NodeName: node.PodName(), + NodeName: node.PodName(), Identity: wrk.WorkloadIdentity, Ports: wlPorts, Addresses: []*pbcatalog.WorkloadAddress{ diff --git a/tlsutil/config.go b/tlsutil/config.go index 5cba2597f19d..2e2adcad98c2 100644 --- a/tlsutil/config.go +++ b/tlsutil/config.go @@ -183,6 +183,18 @@ type protocolConfig struct { useAutoCert bool } +// ConfiguratorIface is the interface for the Configurator +type ConfiguratorIface interface { + Base() Config + Cert() *tls.Certificate + ManualCAPems() []string + + VerifyIncomingRPC() bool + VerifyServerHostname() bool +} + +var _ ConfiguratorIface = (*Configurator)(nil) + // Configurator provides tls.Config and net.Dial wrappers to enable TLS for // clients and servers, for internal RPC, and external gRPC and HTTPS connections. // diff --git a/tlsutil/mock.go b/tlsutil/mock.go new file mode 100644 index 000000000000..55e98eec2669 --- /dev/null +++ b/tlsutil/mock.go @@ -0,0 +1,37 @@ +// Copyright (c) HashiCorp, Inc. +// SPDX-License-Identifier: BUSL-1.1 + +package tlsutil + +import "crypto/tls" + +var _ ConfiguratorIface = (*MockConfigurator)(nil) + +// MockConfigurator is used for mocking the ConfiguratorIface in testing +type MockConfigurator struct { + BaseConfig Config + TlsCert *tls.Certificate + ManualCAPemsArr []string + VerifyIncomingRPCBool bool + VerifyServerHostnameBool bool +} + +func (m MockConfigurator) Base() Config { + return m.BaseConfig +} + +func (m MockConfigurator) Cert() *tls.Certificate { + return m.TlsCert +} + +func (m MockConfigurator) ManualCAPems() []string { + return m.ManualCAPemsArr +} + +func (m MockConfigurator) VerifyIncomingRPC() bool { + return m.VerifyIncomingRPCBool +} + +func (m MockConfigurator) VerifyServerHostname() bool { + return m.VerifyServerHostnameBool +} diff --git a/website/content/docs/architecture/catalog/v2.mdx b/website/content/docs/architecture/catalog/v2.mdx index c18255fa9ee3..aa646d1bd0d6 100644 --- a/website/content/docs/architecture/catalog/v2.mdx +++ b/website/content/docs/architecture/catalog/v2.mdx @@ -10,7 +10,7 @@ description: Learn about version 2 of the Consul catalog, which uses GAMMA speci The v2 catalog API is in a beta release for testing and development purposes. Do not use the v2 catalog or multi-port services in secure production environments. -This topic provides conceptual information about version 2 (v2) of the Consul catalog API. The catalog tracks registered services and their locations for both service discovery and service mesh use cases +This topic provides information about version 2 (v2) of the Consul catalog API. The catalog tracks registered services and their locations for both service discovery and service mesh use cases. Consul supports the v2 catalog for service mesh use cases on Kubernetes deployments only. For more information about Consul’s default catalog, refer to [v1 Catalog API](/consul/docs/architecture/catalog/v1). @@ -22,38 +22,71 @@ When Consul registers services, it records [user-defined and Consul-assigned inf - Locations of the _nodes_ the instances run on - Names of the _services_ the instances are associated with -This information enables Consul to associate service names with the individual instances and their unique network addresses, and it is essential to Consul’s service discovery and service mesh operations. +This information enables Consul to associate service names with the individual instances and their unique network addresses, which makes it essential to Consul’s service discovery and service mesh operations. -The [Consul v1 catalog API](/consul/docs/architecture/catalog/v1) was designed prior to the introduction of Consul’s service mesh features. Communication in Consul’s service mesh is secured through Consul's ACL system, which requires that a Kubernetes ServiceAccount resource match the Service name. As a result, only one service can represent a service instance in the v1 catalog. +The [Consul v1 catalog API](/consul/docs/architecture/catalog/v1) was designed prior to the introduction of Consul’s service mesh features. One major implication of this design is that communication in Consul’s service mesh is secured through Consul's ACL system, which requires that a Kubernetes ServiceAccount resource match the Service name. As a result, only one Kubernetes Service can represent a service instance in the v1 catalog. -The v2 catalog API aligns more closely with the [Kubernetes Gateway API's GAMMA initiative](https://gateway-api.sigs.k8s.io/concepts/gamma/), enabling functionality such as associating Kubernetes Pods with multiple Kubernetes Services and allowing Services and Pods registered with Consul to have multiple ports. For more information about how the differences between the catalog API impacts Consul operations, refer to [changes to Consul's existing architecture](#changes-to-consul-s-existing-architecture). +The v2 catalog API aligns more closely with the [Kubernetes Gateway API's GAMMA initiative](https://gateway-api.sigs.k8s.io/concepts/gamma/), which conceptualizes a Kubernetes Service as having two facets: + +- The Service _front end_ is a combination of cluster IP and DNS name +- The Service _back end_ is a collection of endpoint IPs + +For more information about the differences between the two facets and their impact on how Kubernetes directs requests, refer to [The Different Facets of a Service](https://gateway-api.sigs.k8s.io/concepts/service-facets/) in the Kubernetes documentation. + +Consul's v2 catalog API makes a similar distinction, enabling it associate Kubernetes Pods with multiple Kubernetes Services. As a direct result of this change in catalog structure, Consul can register Services and Pods with multiple ports. For more information about how the differences between the catalog API impacts other Consul operations, refer to [changes to Consul's existing architecture](#changes-to-consul-s-existing-architecture). The v2 catalog API is available alongside the existing v1 catalog API, but the catalogs cannot be used simultaneously. The v2 catalog is disabled by default. This beta release is for testing and development purposes only. We do not recommend implementing v2 in production environments or migrating to v2 until the API is generally available. ## Catalog structure -Consul v1.17 introduces a new version of the catalog API designed to bridge differences between the Consul and Kubernetes data models. The v2 catalog API still tracks services and nodes for Consul, but replaces service instances with _workloads_ and _workload identites_, which belong to different catalog groups. +Consul v1.17 introduces a new version of the catalog API designed to bridge differences between the Consul and Kubernetes data models. The v2 catalog API continues to track services and nodes for Consul, but it replaces service instances with _workloads_ and _workload identites_. -Traffic permissions are part of the `auth` group, and the [`TrafficPermissions` CRD](/consul/docs/k8s/multiport/reference/trafficpermissions) configures permissions according to an `identityName` that corresponds to the other resource in the `auth` group, workload identity. +### Catalog resources -The [`HTTPRoute`](/consul/docs/k8s/multiport/reference/httproute), [`GRPCRoute`](/consul/docs/k8s/multiport/reference/grpcroute), and [`TCPRoute`](/consul/docs/k8s/multiport/reference/tcproute) CRDS are part of the `mesh` group, but they include `type` blocks that use a `group.groupVersion.kind` syntax to reference Consul services. Because a service is part of the `catalog` group, these CRDs refer to services using `catalog.v2beta1.Service`. +The following table describes resources in the v2 catalog, how they generally compare to the v1 catalog and Kubernetes resources, and whether they are created by Kubernetes or computed by Consul when it registers a service. -The following table describes resources in the v2 catalog, including their `group`, how they compare to the v1 catalog and Kubernetes resources, and whether they are created by Kubernetes or computed by Consul when it registers a service. - -| Catalog v2 resource | Catalog v2 `group` | Description | Catalog v1 analogue | Kubernetes analogue | Source | -| :------------------ | :-------- | :---------- | :--------------------------- | :--------------------------- | :----- | -| Service | `catalog` | The name of the service Consul registers a workload under. | Service | [Kubernetes Service](https://kubernetes.io/docs/concepts/services-networking/service/) | Created by Kubernetes | -| Node | `catalog` | The address of the Consul node where the workload runs. | Node | [Kubernetes Node](https://kubernetes.io/docs/concepts/architecture/nodes/) | Computed by Consul | -| Workload | `catalog` | An application instance running in a set of one or more Pods scheduled according to a Kubernetes Workload resource such as a Deployment or StatefulSet. | Service instance | [Kubernetes Pod](https://kubernetes.io/docs/concepts/workloads/pods/) | Created by Kubernetes | -| Workload identity | `auth` | Provides a distinct identity for a workload to assume. Each workload identity is tied to an Envoy proxy. This identity is used when Consul generates mTLS certificates. | Service name | [Kubernetes Service Accounts](https://kubernetes.io/docs/concepts/security/service-accounts/) | Created by Kubernetes | +| Catalog v2 resource | Description | Catalog v1 analogue | Kubernetes analogue | Source | +| :------------------ | :---------- | :--------------------------- | :--------------------------- | :----- | +| Service | The name of the service Consul registers a workload under. | Service | [Kubernetes Service](https://kubernetes.io/docs/concepts/services-networking/service/) | Created by Kubernetes | +| Node | The address of the Consul node where the workload runs. | Node | [Kubernetes Node](https://kubernetes.io/docs/concepts/architecture/nodes/) | Computed by Consul | +| Workload | An application instance running in a set of one or more Pods scheduled according to a Kubernetes Workload resource such as a Deployment or StatefulSet. | Service instance | [Kubernetes Pod](https://kubernetes.io/docs/concepts/workloads/pods/) | Created by Kubernetes | +| Workload identity | Provides a distinct identity for a workload to assume. Each workload identity is tied to an Envoy proxy. This identity is used when Consul generates mTLS certificates. | Service name | [Kubernetes Service Accounts](https://kubernetes.io/docs/concepts/security/service-accounts/) | Created by Kubernetes | | Service endpoint | Maps services to workload addresses and endpoints. | None | [Kubernetes Endpoints](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/endpoints-v1/) | Computed by Consul | -| Health status | `catalog` | A resource for reporting the health status of a workload. | Service instance health status | [PodStatus](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodStatus) | Created by Kubernetes | -| Health check | None | A resource for defining the health checks for a workload. | [Service instance health check](/consul/docs/services/usage/checks) | [Liveness, Readiness, and Startup Probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | Created by Kubernetes | -| Proxy configuration | `mesh` | Represents a configuration for a sidecar or gateway proxy. | `Proxy` field in service definition | None | Created by Kubernetes or user CRD | -| Destinations | `catalog` | Represents explicit service upstreams. When using the v1 catalog, these upstreams are configured in Helm chart as [Upstream Service annotations](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) | [Proxy Configuration](/consul/docs/connect/proxies/envoy#envoy-proxy-configuration-for-service-mesh) | None | Created by Kubernetes | -| Traffic permissions | `auth` | Enables L4 traffic authorization according to workload identity instead of service identity. | [Service intentions](/consul/docs/connect/intentions) | None | Created by user CRD | +| Health status | A resource for reporting the health status of a workload. | Service instance health status | [PodStatus](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/pod-v1/#PodStatus) | Created by Kubernetes | +| Health check | A resource for defining the health checks for a workload. | [Service instance health check](/consul/docs/services/usage/checks) | [Liveness, Readiness, and Startup Probes](https://kubernetes.io/docs/concepts/workloads/pods/pod-lifecycle/#container-probes) | Created by Kubernetes | +| Proxy configuration | Represents a configuration for a sidecar or gateway proxy. | `Proxy` field in service definition | None | Created by Kubernetes or user CRD | +| Destinations | Represents explicit service upstreams. When using the v1 catalog, these upstreams are configured in Helm chart as [Upstream Service annotations](/consul/docs/k8s/annotations-and-labels#consul-hashicorp-com-connect-service-upstreams) | [Proxy Configuration](/consul/docs/connect/proxies/envoy#envoy-proxy-configuration-for-service-mesh) | None | Created by Kubernetes | +| Traffic permissions| Enables L4 traffic authorization according to workload identity instead of service identity. | [Service intentions](/consul/docs/connect/intentions) | None | Created by user CRD | + +## Resource groups + +Each resource is part of a _resource group_. These resource groups structure Consul's ability to target either an _individual workload identity_ or an _entire collection of workload endpoints_ when managing service mesh traffic. There are three resource groups in the v2 API: + +- `auth` group: Resources apply to workload identity +- `catalog` group: Resources apply to all workloads associated with a service +- `mesh` group: Resources apply to either workload identities or all workloads + +For example, traffic permissions are part of the `auth` group. Permissions allow or deny traffic according to the other v2 catalog resource in the `auth` group, the workload identity. Meanwhile, when Consul routes service mesh traffic it applies rules to workloads based on the Service, which is a resource in the `catalog` group. + +One practical impact of resource groups is that the [HTTPRoute](/consul/docs/k8s/multiport/reference/httproute), [GRPCRoute](/consul/docs/k8s/multiport/reference/grpcroute), and [TCPRoute](/consul/docs/k8s/multiport/reference/tcproute) CRDs require you to specify a `name` and `type` in configuration blocks. The `catalog.v2beta1.Service` type indicates that the rules defined in these CRDs apply to all workloads registered in the Consul catalog under the given name. + +You can also use the `consul resource` command to return information about Consul resources in each group using a `group.groupVersion.kind` syntax. Refer to [`consul resource`](/consul/docs/k8s/multiport/reference/resource-command) for more information. + +The following table describes the Consul resources that belong to each resource group and the resource's `group.groupVersion.kind` syntax. -You can also use the `consul resource` command to return information about resources using the `group.groupVersion.kind` syntax. Refer to [`consul resource`](/consul/docs/k8s/multiport/reference/resource-command) for more information. +| Resource `group` | v2 resource | Consul resource syntax | +| :------------------ | :-------- | :---- | +| `auth` | Traffic permissions | `auth.v2beta1.TrafficPermissions` | +| `auth` | Workload identity | `auth.v2beta1.WorkloadIdentity` | +| `catalog` | Service | `catalog.v2beta1.Service` | +| `catalog` | Node | `catalog.v2beta1.Node` | +| `catalog` | Workload | `catalog.v2beta1.Workload` | +| `catalog` | Health status | `catalog.v2beta1.HealthStatus` | +| `catalog` | Destinations | `catalog.v2beta1.Destination` | +| `mesh` | GRPCRoute | `mesh.v2beta1.GRPCRoute` | +| `mesh` | HTTPRoute | `mesh.v2beta1.HTTPRoute` | +| `mesh` | Proxy configuration | `mesh.v2beta1.ProxyConfiguration` | +| `mesh` | TCPRoute | `mesh.v2beta1.TCPRoute` | ## Changes to Consul’s existing architecture