[backport--v1.16.x] Cloud Run Upstreams

changelog/v1.16.15/6828-cloud-run-integration.yaml

@@ -0,0 +1,10 @@
+changelog:
+- type: FIX
+  issueLink: https://github.com/solo-io/gloo/issues/6828
+  resolvesIssue: false
+  description: >-
+    Adds the API for a new enterprise only feature designed to allow authenticating requests using tokens from the google metadata service
+    before sending the requests upstreams. This feature will be exposed as a new Upstream type.
+
+
+

docs/data/ProtoMap.yaml

@@ -695,6 +695,9 @@ apis:
   gateway.solo.io.VirtualServiceSelectorExpressions:
     relativepath: reference/api/github.com/solo-io/gloo/projects/gateway/api/v1/http_gateway.proto.sk/#VirtualServiceSelectorExpressions
     package: gateway.solo.io
+  gcp.options.gloo.solo.io.UpstreamSpec:
+    relativepath: reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/gcp/gcp.proto.sk/#UpstreamSpec
+    package: gcp.options.gloo.solo.io
   gloo.solo.io.AccountCredentialsSecret:
     relativepath: reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/secret.proto.sk/#AccountCredentialsSecret
     package: gloo.solo.io

install/helm/gloo/crds/gloo.solo.io_v1_Upstream.yaml

@@ -543,6 +543,13 @@ spec:
                       type: object
                     type: array
                 type: object
+              gcp:
+                properties:
+                  audience:
+                    type: string
+                  host:
+                    type: string
+                type: object
               healthChecks:
                 items:
                   properties:

projects/gloo/api/v1/enterprise/options/gcp/gcp.proto

@@ -0,0 +1,19 @@
+syntax = "proto3";
+package gcp.options.gloo.solo.io;
+
+option go_package = "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/enterprise/options/gcp";
+
+import "extproto/ext.proto";
+option (extproto.hash_all) = true;
+option (extproto.clone_all) = true;
+option (extproto.equal_all) = true;
+
+// Enterprise-only: Configuration to enable GCP authentication for upstreams.
+message UpstreamSpec {
+  // Required. host of the GCP service to be connected to
+  string host = 1;
+
+  // Optional override for the audience used to fetch the token from the GCP metadata server.
+  // By default it will use the URL of the service
+  string audience = 2;
+}

projects/gloo/api/v1/upstream.proto

@@ -25,6 +25,7 @@ import "github.com/solo-io/gloo/projects/gloo/api/v1/options/azure/azure.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/options/consul/consul.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/options/aws/ec2/aws_ec2.proto";
 import "github.com/solo-io/gloo/projects/gloo/api/v1/failover.proto";
+import "github.com/solo-io/gloo/projects/gloo/api/v1/enterprise/options/gcp/gcp.proto";
 import "google/protobuf/duration.proto";
 import "google/protobuf/wrappers.proto";
 import "validate/validate.proto";
@@ -78,6 +79,7 @@ message Upstream {
         azure.options.gloo.solo.io.UpstreamSpec azure = 15;
         consul.options.gloo.solo.io.UpstreamSpec consul = 16;
         aws_ec2.options.gloo.solo.io.UpstreamSpec aws_ec2 = 17;
+        gcp.options.gloo.solo.io.UpstreamSpec gcp = 34;
     }
 
     // Failover endpoints for this upstream. If omitted (the default) no failovers will be applied.

projects/gloo/cli/pkg/printers/upstream.go

@@ -81,6 +81,8 @@ func upstreamType(up *v1.Upstream) string {
 		return "Kubernetes"
 	case *v1.Upstream_Static:
 		return "Static"
+	case *v1.Upstream_Gcp:
+		return "GCP"
 	default:
 		return "Unknown"
 	}
@@ -169,6 +171,12 @@ func upstreamDetails(up *v1.Upstream, xdsDump *xdsinspection.XdsDump) []string {
 		if usType.Static.GetServiceSpec() != nil {
 			add(linesForServiceSpec(usType.Static.GetServiceSpec())...)
 		}
+	case *v1.Upstream_Gcp:
+		add(fmt.Sprintf("host: %v", usType.Gcp.GetHost()))
+		if usType.Gcp.GetAudience() != "" {
+			add(fmt.Sprintf("host: %v", usType.Gcp.GetAudience()))
+		}
+
 	}
 	add("")
 	return details