From b839e864303345fd7f4502db1e9a0baf70e1c166 Mon Sep 17 00:00:00 2001 From: Tam Mach Date: Wed, 15 Feb 2023 17:02:17 +1100 Subject: [PATCH] envoy: Add typeURL for envoy resources This commit is to add typeURL for below resources: - cilium.network - cilium.tls_wrapper - envoy.filters.http.router - envoy.filters.listener.tls_inspector Fixes: https://github.com/cilium/proxy/issues/108 Signed-off-by: Tam Mach --- go.mod | 2 +- go.sum | 4 +- .../pkg/ciliumenvoyconfig/envoy_config.go | 12 +- .../envoy_http_connection_manager.go | 8 +- .../pkg/model/translation/envoy_listener.go | 14 +- pkg/envoy/ciliumenvoyconfig.go | 4 + pkg/envoy/server.go | 36 +- .../proxy/go/cilium/api/tls_wrapper.pb.go | 194 +++++++++++ .../go/cilium/api/tls_wrapper.pb.validate.go | 239 ++++++++++++++ .../filters/http/router/v3/router.pb.go | 307 ++++++++++++++++++ .../http/router/v3/router.pb.validate.go | 228 +++++++++++++ .../tls_inspector/v3/tls_inspector.pb.go | 184 +++++++++++ .../v3/tls_inspector.pb.validate.go | 163 ++++++++++ vendor/modules.txt | 4 +- 14 files changed, 1380 insertions(+), 19 deletions(-) create mode 100644 vendor/github.com/cilium/proxy/go/cilium/api/tls_wrapper.pb.go create mode 100644 vendor/github.com/cilium/proxy/go/cilium/api/tls_wrapper.pb.validate.go create mode 100644 vendor/github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3/router.pb.go create mode 100644 vendor/github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3/router.pb.validate.go create mode 100644 vendor/github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.pb.go create mode 100644 vendor/github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.pb.validate.go diff --git a/go.mod b/go.mod index ffe050f3abafe..170eef966b8e8 100644 --- a/go.mod +++ b/go.mod @@ -24,7 +24,7 @@ require ( github.com/cilium/ipam v0.0.0-20220824141044-46ef3d556735 github.com/cilium/kafka v0.0.0-20180809090225-01ce283b732b github.com/cilium/lumberjack/v2 v2.3.0 - github.com/cilium/proxy v0.0.0-20230205220247-5b9c892d59cd + github.com/cilium/proxy v0.0.0-20230215154421-edb6834301da github.com/cilium/workerpool v1.1.3 github.com/containernetworking/cni v1.1.2 github.com/containernetworking/plugins v1.1.1 diff --git a/go.sum b/go.sum index 307d1fa3fc45e..3ab6ca1770013 100644 --- a/go.sum +++ b/go.sum @@ -179,8 +179,8 @@ github.com/cilium/lumberjack/v2 v2.3.0 h1:IhVJMvPpqDYmQzC0KDhAoy7KlaRsyOsZnT97Ns github.com/cilium/lumberjack/v2 v2.3.0/go.mod h1:yfbtPGmg4i//5oEqzaMxDqSWqgfZFmMoV70Mc2k6v0A= github.com/cilium/metallb v0.1.1-0.20220829170633-5d7dfb1129f7 h1:ocC6/1Gz6LJd0XsJiwhcTlAy3yJrJruzh4sjRzUNvQs= github.com/cilium/metallb v0.1.1-0.20220829170633-5d7dfb1129f7/go.mod h1:8nydvUTW+/9nVywCQ9bE/YGzb4EISALP4lKNpK3fFqo= -github.com/cilium/proxy v0.0.0-20230205220247-5b9c892d59cd h1:OX8lvava1esVfx8RhOTSm4aomVw7NZtL0ELaofsekq0= -github.com/cilium/proxy v0.0.0-20230205220247-5b9c892d59cd/go.mod h1:ontBl/RX7G0GwcR38YQVp6d75MjIsL1FbBidVpn+F8I= +github.com/cilium/proxy v0.0.0-20230215154421-edb6834301da h1:DLOSlh2M3a3hREWAi+GHspcjvFtmoxOtUXyEo6Q+FBo= +github.com/cilium/proxy v0.0.0-20230215154421-edb6834301da/go.mod h1:ontBl/RX7G0GwcR38YQVp6d75MjIsL1FbBidVpn+F8I= github.com/cilium/workerpool v1.1.3 h1:GB5H495r6AXg8kYklLAOn7N4PDR/djeE4WYPbq8U+yY= github.com/cilium/workerpool v1.1.3/go.mod h1:GOYJhwlnIjR+jWSDNBb5kw47G1H/XA9X4WOBpgr4pQU= github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag= diff --git a/operator/pkg/ciliumenvoyconfig/envoy_config.go b/operator/pkg/ciliumenvoyconfig/envoy_config.go index 022ec67365cf9..54e54b08900fb 100644 --- a/operator/pkg/ciliumenvoyconfig/envoy_config.go +++ b/operator/pkg/ciliumenvoyconfig/envoy_config.go @@ -11,6 +11,8 @@ import ( envoy_config_core_v3 "github.com/cilium/proxy/go/envoy/config/core/v3" envoy_config_listener "github.com/cilium/proxy/go/envoy/config/listener/v3" envoy_config_route_v3 "github.com/cilium/proxy/go/envoy/config/route/v3" + envoy_extensions_filters_http_router_v3 "github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3" + envoy_extensions_listener_tls_inspector_v3 "github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3" envoy_extensions_filters_network_http_connection_manager_v3 "github.com/cilium/proxy/go/envoy/extensions/filters/network/http_connection_manager/v3" envoy_config_upstream "github.com/cilium/proxy/go/envoy/extensions/upstreams/http/v3" "google.golang.org/protobuf/proto" @@ -232,6 +234,9 @@ func (m *Manager) getListenerResource(svc *slim_corev1.Service) (ciliumv2.XDSRes ListenerFilters: []*envoy_config_listener.ListenerFilter{ { Name: "envoy.filters.listener.tls_inspector", + ConfigType: &envoy_config_listener.ListenerFilter_TypedConfig{ + TypedConfig: toAny(&envoy_extensions_listener_tls_inspector_v3.TlsInspector{}), + }, }, }, } @@ -262,7 +267,12 @@ func (m *Manager) getConnectionManager(svc *slim_corev1.Service) (ciliumv2.XDSRe }, }, HttpFilters: []*envoy_extensions_filters_network_http_connection_manager_v3.HttpFilter{ - {Name: "envoy.filters.http.router"}, + { + Name: "envoy.filters.http.router", + ConfigType: &envoy_extensions_filters_network_http_connection_manager_v3.HttpFilter_TypedConfig{ + TypedConfig: toAny(&envoy_extensions_filters_http_router_v3.Router{}), + }, + }, }, } diff --git a/operator/pkg/model/translation/envoy_http_connection_manager.go b/operator/pkg/model/translation/envoy_http_connection_manager.go index fe0c3e85cf888..d76bbf37db01b 100644 --- a/operator/pkg/model/translation/envoy_http_connection_manager.go +++ b/operator/pkg/model/translation/envoy_http_connection_manager.go @@ -4,6 +4,7 @@ package translation import ( + httpRouterv3 "github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3" httpConnectionManagerv3 "github.com/cilium/proxy/go/envoy/extensions/filters/network/http_connection_manager/v3" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" @@ -23,7 +24,12 @@ func NewHTTPConnectionManager(name, routeName string, mutationFunc ...HttpConnec Rds: &httpConnectionManagerv3.Rds{RouteConfigName: routeName}, }, HttpFilters: []*httpConnectionManagerv3.HttpFilter{ - {Name: "envoy.filters.http.router"}, + { + Name: "envoy.filters.http.router", + ConfigType: &httpConnectionManagerv3.HttpFilter_TypedConfig{ + TypedConfig: toAny(&httpRouterv3.Router{}), + }, + }, }, UpgradeConfigs: []*httpConnectionManagerv3.HttpConnectionManager_UpgradeConfig{ {UpgradeType: "websocket"}, diff --git a/operator/pkg/model/translation/envoy_listener.go b/operator/pkg/model/translation/envoy_listener.go index f3ec8cb2eb331..8aefe1e379699 100644 --- a/operator/pkg/model/translation/envoy_listener.go +++ b/operator/pkg/model/translation/envoy_listener.go @@ -9,6 +9,7 @@ import ( envoy_config_core_v3 "github.com/cilium/proxy/go/envoy/config/core/v3" envoy_config_listener "github.com/cilium/proxy/go/envoy/config/listener/v3" + envoy_extensions_listener_tls_inspector_v3 "github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3" envoy_extensions_transport_sockets_tls_v3 "github.com/cilium/proxy/go/envoy/extensions/transport_sockets/tls/v3" "google.golang.org/protobuf/proto" "google.golang.org/protobuf/types/known/anypb" @@ -146,9 +147,16 @@ func NewListener(name string, ciliumSecretNamespace string, tls map[model.TLSSec } listener := &envoy_config_listener.Listener{ - Name: name, - FilterChains: filterChains, - ListenerFilters: []*envoy_config_listener.ListenerFilter{{Name: tlsInspectorType}}, + Name: name, + FilterChains: filterChains, + ListenerFilters: []*envoy_config_listener.ListenerFilter{ + { + Name: tlsInspectorType, + ConfigType: &envoy_config_listener.ListenerFilter_TypedConfig{ + TypedConfig: toAny(&envoy_extensions_listener_tls_inspector_v3.TlsInspector{}), + }, + }, + }, } for _, fn := range mutatorFunc { diff --git a/pkg/envoy/ciliumenvoyconfig.go b/pkg/envoy/ciliumenvoyconfig.go index 9105aa3152471..2cb51337852e2 100644 --- a/pkg/envoy/ciliumenvoyconfig.go +++ b/pkg/envoy/ciliumenvoyconfig.go @@ -8,6 +8,7 @@ import ( "fmt" "time" + cilium "github.com/cilium/proxy/go/cilium/api" envoy_config_cluster "github.com/cilium/proxy/go/envoy/config/cluster/v3" envoy_config_core "github.com/cilium/proxy/go/envoy/config/core/v3" envoy_config_endpoint "github.com/cilium/proxy/go/envoy/config/endpoint/v3" @@ -226,6 +227,9 @@ func ParseResources(cecNamespace string, cecName string, anySlice []cilium_v2.XD fc.Filters = append(fc.Filters[:i+1], fc.Filters[i:]...) fc.Filters[i] = &envoy_config_listener.Filter{ Name: "cilium.network", + ConfigType: &envoy_config_listener.Filter_TypedConfig{ + TypedConfig: toAny(&cilium.NetworkFilter{}), + }, } } } diff --git a/pkg/envoy/server.go b/pkg/envoy/server.go index 95037ca55a5cf..90221b5dfa77d 100644 --- a/pkg/envoy/server.go +++ b/pkg/envoy/server.go @@ -22,6 +22,8 @@ import ( envoy_config_endpoint "github.com/cilium/proxy/go/envoy/config/endpoint/v3" envoy_config_listener "github.com/cilium/proxy/go/envoy/config/listener/v3" envoy_config_route "github.com/cilium/proxy/go/envoy/config/route/v3" + envoy_extensions_filters_http_router_v3 "github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3" + envoy_extensions_listener_tls_inspector_v3 "github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3" envoy_config_http "github.com/cilium/proxy/go/envoy/extensions/filters/network/http_connection_manager/v3" envoy_mongo_proxy "github.com/cilium/proxy/go/envoy/extensions/filters/network/mongo_proxy/v3" envoy_config_tcp "github.com/cilium/proxy/go/envoy/extensions/filters/network/tcp_proxy/v3" @@ -280,6 +282,9 @@ func (s *XDSServer) getHttpFilterChainProto(clusterName string, tls bool) *envoy getCiliumHttpFilter(), { Name: "envoy.filters.http.router", + ConfigType: &envoy_config_http.HttpFilter_TypedConfig{ + TypedConfig: toAny(&envoy_extensions_filters_http_router_v3.Router{}), + }, }, }, StreamIdleTimeout: &durationpb.Duration{}, // 0 == disabled @@ -347,6 +352,9 @@ func (s *XDSServer) getHttpFilterChainProto(clusterName string, tls bool) *envoy chain := &envoy_config_listener.FilterChain{ Filters: []*envoy_config_listener.Filter{{ Name: "cilium.network", + ConfigType: &envoy_config_listener.Filter_TypedConfig{ + TypedConfig: toAny(&cilium.NetworkFilter{}), + }, }, { Name: "envoy.filters.network.http_connection_manager", ConfigType: &envoy_config_listener.Filter_TypedConfig{ @@ -361,6 +369,9 @@ func (s *XDSServer) getHttpFilterChainProto(clusterName string, tls bool) *envoy } chain.TransportSocket = &envoy_config_core.TransportSocket{ Name: "cilium.tls_wrapper", + ConfigType: &envoy_config_core.TransportSocket_TypedConfig{ + TypedConfig: toAny(&cilium.DownstreamTlsWrapperContext{}), + }, } } @@ -434,6 +445,9 @@ func (s *XDSServer) getTcpFilterChainProto(clusterName string, filterName string } chain.TransportSocket = &envoy_config_core.TransportSocket{ Name: "cilium.tls_wrapper", + ConfigType: &envoy_config_core.TransportSocket_TypedConfig{ + TypedConfig: toAny(&cilium.DownstreamTlsWrapperContext{}), + }, } } else { chain.FilterChainMatch = &envoy_config_listener.FilterChainMatch{ @@ -483,6 +497,9 @@ func (s *XDSServer) AddMetricsListener(port uint16, wg *completion.WaitGroup) { StatPrefix: metricsListenerName, HttpFilters: []*envoy_config_http.HttpFilter{{ Name: "envoy.filters.http.router", + ConfigType: &envoy_config_http.HttpFilter_TypedConfig{ + TypedConfig: toAny(&envoy_extensions_filters_http_router_v3.Router{}), + }, }}, StreamIdleTimeout: &durationpb.Duration{}, // 0 == disabled RouteSpecifier: &envoy_config_http.HttpConnectionManager_RouteConfig{ @@ -749,6 +766,9 @@ func (s *XDSServer) getListenerConf(name string, kind policy.L7ParserType, port // Always insert tls_inspector as the first filter { Name: "envoy.filters.listener.tls_inspector", + ConfigType: &envoy_config_listener.ListenerFilter_TypedConfig{ + TypedConfig: toAny(&envoy_extensions_listener_tls_inspector_v3.TlsInspector{}), + }, }, getListenerFilter(isIngress, mayUseOriginalSourceAddr, false), }, @@ -1174,6 +1194,9 @@ func createBootstrap(filePath string, nodeId, cluster string, xdsSock, egressClu TypedExtensionProtocolOptions: useDownstreamProtocolAutoSNI, TransportSocket: &envoy_config_core.TransportSocket{ Name: "cilium.tls_wrapper", + ConfigType: &envoy_config_core.TransportSocket_TypedConfig{ + TypedConfig: toAny(&cilium.UpstreamTlsWrapperContext{}), + }, }, }, { @@ -1193,6 +1216,9 @@ func createBootstrap(filePath string, nodeId, cluster string, xdsSock, egressClu TypedExtensionProtocolOptions: useDownstreamProtocolAutoSNI, TransportSocket: &envoy_config_core.TransportSocket{ Name: "cilium.tls_wrapper", + ConfigType: &envoy_config_core.TransportSocket_TypedConfig{ + TypedConfig: toAny(&cilium.UpstreamTlsWrapperContext{}), + }, }, }, { @@ -1263,16 +1289,6 @@ func createBootstrap(filePath string, nodeId, cluster string, xdsSock, egressClu }}, }, }, - { - Name: "deprecation", - LayerSpecifier: &envoy_config_bootstrap.RuntimeLayer_StaticLayer{ - StaticLayer: &structpb.Struct{Fields: map[string]*structpb.Value{ - // This is to avoid empty type URL issue for cilium.tls_wrapper - // TODO: Remove this once we have a type URL for upstream and downstream cilium.tls_wrapper - "envoy.reloadable_features.no_extension_lookup_by_name": {Kind: &structpb.Value_BoolValue{BoolValue: false}}, - }}, - }, - }, }, }, } diff --git a/vendor/github.com/cilium/proxy/go/cilium/api/tls_wrapper.pb.go b/vendor/github.com/cilium/proxy/go/cilium/api/tls_wrapper.pb.go new file mode 100644 index 0000000000000..7d5067029e8a6 --- /dev/null +++ b/vendor/github.com/cilium/proxy/go/cilium/api/tls_wrapper.pb.go @@ -0,0 +1,194 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.19.4 +// source: cilium/api/tls_wrapper.proto + +package cilium + +import ( + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +// Empty configuration messages for Cilium TLS wrapper to make Envoy happy +type UpstreamTlsWrapperContext struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *UpstreamTlsWrapperContext) Reset() { + *x = UpstreamTlsWrapperContext{} + if protoimpl.UnsafeEnabled { + mi := &file_cilium_api_tls_wrapper_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *UpstreamTlsWrapperContext) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*UpstreamTlsWrapperContext) ProtoMessage() {} + +func (x *UpstreamTlsWrapperContext) ProtoReflect() protoreflect.Message { + mi := &file_cilium_api_tls_wrapper_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use UpstreamTlsWrapperContext.ProtoReflect.Descriptor instead. +func (*UpstreamTlsWrapperContext) Descriptor() ([]byte, []int) { + return file_cilium_api_tls_wrapper_proto_rawDescGZIP(), []int{0} +} + +type DownstreamTlsWrapperContext struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields +} + +func (x *DownstreamTlsWrapperContext) Reset() { + *x = DownstreamTlsWrapperContext{} + if protoimpl.UnsafeEnabled { + mi := &file_cilium_api_tls_wrapper_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *DownstreamTlsWrapperContext) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*DownstreamTlsWrapperContext) ProtoMessage() {} + +func (x *DownstreamTlsWrapperContext) ProtoReflect() protoreflect.Message { + mi := &file_cilium_api_tls_wrapper_proto_msgTypes[1] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use DownstreamTlsWrapperContext.ProtoReflect.Descriptor instead. +func (*DownstreamTlsWrapperContext) Descriptor() ([]byte, []int) { + return file_cilium_api_tls_wrapper_proto_rawDescGZIP(), []int{1} +} + +var File_cilium_api_tls_wrapper_proto protoreflect.FileDescriptor + +var file_cilium_api_tls_wrapper_proto_rawDesc = []byte{ + 0x0a, 0x1c, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x6c, 0x73, + 0x5f, 0x77, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x06, + 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x22, 0x1b, 0x0a, 0x19, 0x55, 0x70, 0x73, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x54, 0x6c, 0x73, 0x57, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, + 0x65, 0x78, 0x74, 0x22, 0x1d, 0x0a, 0x1b, 0x44, 0x6f, 0x77, 0x6e, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0x54, 0x6c, 0x73, 0x57, 0x72, 0x61, 0x70, 0x70, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x74, 0x65, + 0x78, 0x74, 0x42, 0x2e, 0x5a, 0x2c, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, + 0x2f, 0x63, 0x69, 0x6c, 0x69, 0x75, 0x6d, 0x2f, 0x61, 0x70, 0x69, 0x3b, 0x63, 0x69, 0x6c, 0x69, + 0x75, 0x6d, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_cilium_api_tls_wrapper_proto_rawDescOnce sync.Once + file_cilium_api_tls_wrapper_proto_rawDescData = file_cilium_api_tls_wrapper_proto_rawDesc +) + +func file_cilium_api_tls_wrapper_proto_rawDescGZIP() []byte { + file_cilium_api_tls_wrapper_proto_rawDescOnce.Do(func() { + file_cilium_api_tls_wrapper_proto_rawDescData = protoimpl.X.CompressGZIP(file_cilium_api_tls_wrapper_proto_rawDescData) + }) + return file_cilium_api_tls_wrapper_proto_rawDescData +} + +var file_cilium_api_tls_wrapper_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_cilium_api_tls_wrapper_proto_goTypes = []interface{}{ + (*UpstreamTlsWrapperContext)(nil), // 0: cilium.UpstreamTlsWrapperContext + (*DownstreamTlsWrapperContext)(nil), // 1: cilium.DownstreamTlsWrapperContext +} +var file_cilium_api_tls_wrapper_proto_depIdxs = []int32{ + 0, // [0:0] is the sub-list for method output_type + 0, // [0:0] is the sub-list for method input_type + 0, // [0:0] is the sub-list for extension type_name + 0, // [0:0] is the sub-list for extension extendee + 0, // [0:0] is the sub-list for field type_name +} + +func init() { file_cilium_api_tls_wrapper_proto_init() } +func file_cilium_api_tls_wrapper_proto_init() { + if File_cilium_api_tls_wrapper_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_cilium_api_tls_wrapper_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*UpstreamTlsWrapperContext); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_cilium_api_tls_wrapper_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*DownstreamTlsWrapperContext); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_cilium_api_tls_wrapper_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_cilium_api_tls_wrapper_proto_goTypes, + DependencyIndexes: file_cilium_api_tls_wrapper_proto_depIdxs, + MessageInfos: file_cilium_api_tls_wrapper_proto_msgTypes, + }.Build() + File_cilium_api_tls_wrapper_proto = out.File + file_cilium_api_tls_wrapper_proto_rawDesc = nil + file_cilium_api_tls_wrapper_proto_goTypes = nil + file_cilium_api_tls_wrapper_proto_depIdxs = nil +} diff --git a/vendor/github.com/cilium/proxy/go/cilium/api/tls_wrapper.pb.validate.go b/vendor/github.com/cilium/proxy/go/cilium/api/tls_wrapper.pb.validate.go new file mode 100644 index 0000000000000..b8c294f2352ba --- /dev/null +++ b/vendor/github.com/cilium/proxy/go/cilium/api/tls_wrapper.pb.validate.go @@ -0,0 +1,239 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: cilium/api/tls_wrapper.proto + +package cilium + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on UpstreamTlsWrapperContext with the rules +// defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *UpstreamTlsWrapperContext) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on UpstreamTlsWrapperContext with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// UpstreamTlsWrapperContextMultiError, or nil if none found. +func (m *UpstreamTlsWrapperContext) ValidateAll() error { + return m.validate(true) +} + +func (m *UpstreamTlsWrapperContext) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if len(errors) > 0 { + return UpstreamTlsWrapperContextMultiError(errors) + } + return nil +} + +// UpstreamTlsWrapperContextMultiError is an error wrapping multiple validation +// errors returned by UpstreamTlsWrapperContext.ValidateAll() if the +// designated constraints aren't met. +type UpstreamTlsWrapperContextMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m UpstreamTlsWrapperContextMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m UpstreamTlsWrapperContextMultiError) AllErrors() []error { return m } + +// UpstreamTlsWrapperContextValidationError is the validation error returned by +// UpstreamTlsWrapperContext.Validate if the designated constraints aren't met. +type UpstreamTlsWrapperContextValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e UpstreamTlsWrapperContextValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e UpstreamTlsWrapperContextValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e UpstreamTlsWrapperContextValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e UpstreamTlsWrapperContextValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e UpstreamTlsWrapperContextValidationError) ErrorName() string { + return "UpstreamTlsWrapperContextValidationError" +} + +// Error satisfies the builtin error interface +func (e UpstreamTlsWrapperContextValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sUpstreamTlsWrapperContext.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = UpstreamTlsWrapperContextValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = UpstreamTlsWrapperContextValidationError{} + +// Validate checks the field values on DownstreamTlsWrapperContext with the +// rules defined in the proto definition for this message. If any rules are +// violated, the first error encountered is returned, or nil if there are no violations. +func (m *DownstreamTlsWrapperContext) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on DownstreamTlsWrapperContext with the +// rules defined in the proto definition for this message. If any rules are +// violated, the result is a list of violation errors wrapped in +// DownstreamTlsWrapperContextMultiError, or nil if none found. +func (m *DownstreamTlsWrapperContext) ValidateAll() error { + return m.validate(true) +} + +func (m *DownstreamTlsWrapperContext) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if len(errors) > 0 { + return DownstreamTlsWrapperContextMultiError(errors) + } + return nil +} + +// DownstreamTlsWrapperContextMultiError is an error wrapping multiple +// validation errors returned by DownstreamTlsWrapperContext.ValidateAll() if +// the designated constraints aren't met. +type DownstreamTlsWrapperContextMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m DownstreamTlsWrapperContextMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m DownstreamTlsWrapperContextMultiError) AllErrors() []error { return m } + +// DownstreamTlsWrapperContextValidationError is the validation error returned +// by DownstreamTlsWrapperContext.Validate if the designated constraints +// aren't met. +type DownstreamTlsWrapperContextValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e DownstreamTlsWrapperContextValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e DownstreamTlsWrapperContextValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e DownstreamTlsWrapperContextValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e DownstreamTlsWrapperContextValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e DownstreamTlsWrapperContextValidationError) ErrorName() string { + return "DownstreamTlsWrapperContextValidationError" +} + +// Error satisfies the builtin error interface +func (e DownstreamTlsWrapperContextValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sDownstreamTlsWrapperContext.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = DownstreamTlsWrapperContextValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = DownstreamTlsWrapperContextValidationError{} diff --git a/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3/router.pb.go b/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3/router.pb.go new file mode 100644 index 0000000000000..8b1e7edd2cef5 --- /dev/null +++ b/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3/router.pb.go @@ -0,0 +1,307 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.19.4 +// source: envoy/extensions/filters/http/router/v3/router.proto + +package routerv3 + +import ( + v3 "github.com/cilium/proxy/go/envoy/config/accesslog/v3" + _ "github.com/cncf/xds/go/udpa/annotations" + _ "github.com/envoyproxy/protoc-gen-validate/validate" + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +// [#next-free-field: 8] +type Router struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Whether the router generates dynamic cluster statistics. Defaults to + // true. Can be disabled in high performance scenarios. + DynamicStats *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=dynamic_stats,json=dynamicStats,proto3" json:"dynamic_stats,omitempty"` + // Whether to start a child span for egress routed calls. This can be + // useful in scenarios where other filters (auth, ratelimit, etc.) make + // outbound calls and have child spans rooted at the same ingress + // parent. Defaults to false. + StartChildSpan bool `protobuf:"varint,2,opt,name=start_child_span,json=startChildSpan,proto3" json:"start_child_span,omitempty"` + // Configuration for HTTP upstream logs emitted by the router. Upstream logs + // are configured in the same way as access logs, but each log entry represents + // an upstream request. Presuming retries are configured, multiple upstream + // requests may be made for each downstream (inbound) request. + UpstreamLog []*v3.AccessLog `protobuf:"bytes,3,rep,name=upstream_log,json=upstreamLog,proto3" json:"upstream_log,omitempty"` + // Do not add any additional *x-envoy-* headers to requests or responses. This + // only affects the :ref:`router filter generated *x-envoy-* headers + // `, other Envoy filters and the HTTP + // connection manager may continue to set *x-envoy-* headers. + SuppressEnvoyHeaders bool `protobuf:"varint,4,opt,name=suppress_envoy_headers,json=suppressEnvoyHeaders,proto3" json:"suppress_envoy_headers,omitempty"` + // Specifies a list of HTTP headers to strictly validate. Envoy will reject a + // request and respond with HTTP status 400 if the request contains an invalid + // value for any of the headers listed in this field. Strict header checking + // is only supported for the following headers: + // + // Value must be a ','-delimited list (i.e. no spaces) of supported retry + // policy values: + // + // * :ref:`config_http_filters_router_x-envoy-retry-grpc-on` + // * :ref:`config_http_filters_router_x-envoy-retry-on` + // + // Value must be an integer: + // + // * :ref:`config_http_filters_router_x-envoy-max-retries` + // * :ref:`config_http_filters_router_x-envoy-upstream-rq-timeout-ms` + // * :ref:`config_http_filters_router_x-envoy-upstream-rq-per-try-timeout-ms` + StrictCheckHeaders []string `protobuf:"bytes,5,rep,name=strict_check_headers,json=strictCheckHeaders,proto3" json:"strict_check_headers,omitempty"` + // If not set, ingress Envoy will ignore + // :ref:`config_http_filters_router_x-envoy-expected-rq-timeout-ms` header, populated by egress + // Envoy, when deriving timeout for upstream cluster. + RespectExpectedRqTimeout bool `protobuf:"varint,6,opt,name=respect_expected_rq_timeout,json=respectExpectedRqTimeout,proto3" json:"respect_expected_rq_timeout,omitempty"` + // If set, Envoy will avoid incrementing HTTP failure code stats + // on gRPC requests. This includes the individual status code value + // (e.g. upstream_rq_504) and group stats (e.g. upstream_rq_5xx). + // This field is useful if interested in relying only on the gRPC + // stats filter to define success and failure metrics for gRPC requests + // as not all failed gRPC requests charge HTTP status code metrics. See + // :ref:`gRPC stats filter` documentation + // for more details. + SuppressGrpcRequestFailureCodeStats bool `protobuf:"varint,7,opt,name=suppress_grpc_request_failure_code_stats,json=suppressGrpcRequestFailureCodeStats,proto3" json:"suppress_grpc_request_failure_code_stats,omitempty"` +} + +func (x *Router) Reset() { + *x = Router{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_extensions_filters_http_router_v3_router_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *Router) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*Router) ProtoMessage() {} + +func (x *Router) ProtoReflect() protoreflect.Message { + mi := &file_envoy_extensions_filters_http_router_v3_router_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use Router.ProtoReflect.Descriptor instead. +func (*Router) Descriptor() ([]byte, []int) { + return file_envoy_extensions_filters_http_router_v3_router_proto_rawDescGZIP(), []int{0} +} + +func (x *Router) GetDynamicStats() *wrapperspb.BoolValue { + if x != nil { + return x.DynamicStats + } + return nil +} + +func (x *Router) GetStartChildSpan() bool { + if x != nil { + return x.StartChildSpan + } + return false +} + +func (x *Router) GetUpstreamLog() []*v3.AccessLog { + if x != nil { + return x.UpstreamLog + } + return nil +} + +func (x *Router) GetSuppressEnvoyHeaders() bool { + if x != nil { + return x.SuppressEnvoyHeaders + } + return false +} + +func (x *Router) GetStrictCheckHeaders() []string { + if x != nil { + return x.StrictCheckHeaders + } + return nil +} + +func (x *Router) GetRespectExpectedRqTimeout() bool { + if x != nil { + return x.RespectExpectedRqTimeout + } + return false +} + +func (x *Router) GetSuppressGrpcRequestFailureCodeStats() bool { + if x != nil { + return x.SuppressGrpcRequestFailureCodeStats + } + return false +} + +var File_envoy_extensions_filters_http_router_v3_router_proto protoreflect.FileDescriptor + +var file_envoy_extensions_filters_http_router_v3_router_proto_rawDesc = []byte{ + 0x0a, 0x34, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, + 0x6e, 0x73, 0x2f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x2f, + 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2f, 0x76, 0x33, 0x2f, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x27, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, + 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, + 0x2e, 0x68, 0x74, 0x74, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x1a, + 0x29, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2f, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2f, 0x76, 0x33, 0x2f, 0x61, 0x63, 0x63, 0x65, 0x73, + 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, 0x61, 0x70, + 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x75, 0x64, 0x70, 0x61, + 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x75, 0x64, 0x70, 0x61, 0x2f, + 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x76, 0x65, 0x72, 0x73, + 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x17, 0x76, 0x61, + 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x84, 0x05, 0x0a, 0x06, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, + 0x12, 0x3f, 0x0a, 0x0d, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x5f, 0x73, 0x74, 0x61, 0x74, + 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x0c, 0x64, 0x79, 0x6e, 0x61, 0x6d, 0x69, 0x63, 0x53, 0x74, 0x61, 0x74, + 0x73, 0x12, 0x28, 0x0a, 0x10, 0x73, 0x74, 0x61, 0x72, 0x74, 0x5f, 0x63, 0x68, 0x69, 0x6c, 0x64, + 0x5f, 0x73, 0x70, 0x61, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0e, 0x73, 0x74, 0x61, + 0x72, 0x74, 0x43, 0x68, 0x69, 0x6c, 0x64, 0x53, 0x70, 0x61, 0x6e, 0x12, 0x47, 0x0a, 0x0c, 0x75, + 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x5f, 0x6c, 0x6f, 0x67, 0x18, 0x03, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x24, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x2e, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, 0x6c, 0x6f, 0x67, 0x2e, 0x76, 0x33, 0x2e, 0x41, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x4c, 0x6f, 0x67, 0x52, 0x0b, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, + 0x6d, 0x4c, 0x6f, 0x67, 0x12, 0x34, 0x0a, 0x16, 0x73, 0x75, 0x70, 0x70, 0x72, 0x65, 0x73, 0x73, + 0x5f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x08, 0x52, 0x14, 0x73, 0x75, 0x70, 0x70, 0x72, 0x65, 0x73, 0x73, 0x45, 0x6e, + 0x76, 0x6f, 0x79, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0xc7, 0x01, 0x0a, 0x14, 0x73, + 0x74, 0x72, 0x69, 0x63, 0x74, 0x5f, 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x68, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x42, 0x94, 0x01, 0xfa, 0x42, 0x90, 0x01, + 0x92, 0x01, 0x8c, 0x01, 0x22, 0x89, 0x01, 0x72, 0x86, 0x01, 0x52, 0x1e, 0x78, 0x2d, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2d, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2d, 0x72, 0x71, 0x2d, + 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x2d, 0x6d, 0x73, 0x52, 0x26, 0x78, 0x2d, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2d, 0x75, 0x70, 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x2d, 0x72, 0x71, 0x2d, + 0x70, 0x65, 0x72, 0x2d, 0x74, 0x72, 0x79, 0x2d, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x2d, + 0x6d, 0x73, 0x52, 0x13, 0x78, 0x2d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2d, 0x6d, 0x61, 0x78, 0x2d, + 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x52, 0x15, 0x78, 0x2d, 0x65, 0x6e, 0x76, 0x6f, 0x79, + 0x2d, 0x72, 0x65, 0x74, 0x72, 0x79, 0x2d, 0x67, 0x72, 0x70, 0x63, 0x2d, 0x6f, 0x6e, 0x52, 0x10, + 0x78, 0x2d, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2d, 0x72, 0x65, 0x74, 0x72, 0x79, 0x2d, 0x6f, 0x6e, + 0x52, 0x12, 0x73, 0x74, 0x72, 0x69, 0x63, 0x74, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x48, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x73, 0x12, 0x3d, 0x0a, 0x1b, 0x72, 0x65, 0x73, 0x70, 0x65, 0x63, 0x74, 0x5f, + 0x65, 0x78, 0x70, 0x65, 0x63, 0x74, 0x65, 0x64, 0x5f, 0x72, 0x71, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x18, 0x72, 0x65, 0x73, 0x70, 0x65, + 0x63, 0x74, 0x45, 0x78, 0x70, 0x65, 0x63, 0x74, 0x65, 0x64, 0x52, 0x71, 0x54, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x12, 0x55, 0x0a, 0x28, 0x73, 0x75, 0x70, 0x70, 0x72, 0x65, 0x73, 0x73, 0x5f, + 0x67, 0x72, 0x70, 0x63, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x66, 0x61, 0x69, + 0x6c, 0x75, 0x72, 0x65, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x73, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x23, 0x73, 0x75, 0x70, 0x70, 0x72, 0x65, 0x73, 0x73, 0x47, + 0x72, 0x70, 0x63, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, + 0x65, 0x43, 0x6f, 0x64, 0x65, 0x53, 0x74, 0x61, 0x74, 0x73, 0x3a, 0x30, 0x9a, 0xc5, 0x88, 0x1e, + 0x2b, 0x0a, 0x29, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, + 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x2e, 0x72, 0x6f, 0x75, 0x74, + 0x65, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x42, 0xa7, 0x01, 0x0a, + 0x35, 0x69, 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, + 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, + 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x68, 0x74, 0x74, 0x70, 0x2e, 0x72, 0x6f, 0x75, + 0x74, 0x65, 0x72, 0x2e, 0x76, 0x33, 0x42, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x57, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, + 0x6d, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, + 0x63, 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e, + 0x76, 0x6f, 0x79, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x66, + 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2f, 0x68, 0x74, 0x74, 0x70, 0x2f, 0x72, 0x6f, 0x75, 0x74, + 0x65, 0x72, 0x2f, 0x76, 0x33, 0x3b, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x72, 0x76, 0x33, 0xba, 0x80, + 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_envoy_extensions_filters_http_router_v3_router_proto_rawDescOnce sync.Once + file_envoy_extensions_filters_http_router_v3_router_proto_rawDescData = file_envoy_extensions_filters_http_router_v3_router_proto_rawDesc +) + +func file_envoy_extensions_filters_http_router_v3_router_proto_rawDescGZIP() []byte { + file_envoy_extensions_filters_http_router_v3_router_proto_rawDescOnce.Do(func() { + file_envoy_extensions_filters_http_router_v3_router_proto_rawDescData = protoimpl.X.CompressGZIP(file_envoy_extensions_filters_http_router_v3_router_proto_rawDescData) + }) + return file_envoy_extensions_filters_http_router_v3_router_proto_rawDescData +} + +var file_envoy_extensions_filters_http_router_v3_router_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_envoy_extensions_filters_http_router_v3_router_proto_goTypes = []interface{}{ + (*Router)(nil), // 0: envoy.extensions.filters.http.router.v3.Router + (*wrapperspb.BoolValue)(nil), // 1: google.protobuf.BoolValue + (*v3.AccessLog)(nil), // 2: envoy.config.accesslog.v3.AccessLog +} +var file_envoy_extensions_filters_http_router_v3_router_proto_depIdxs = []int32{ + 1, // 0: envoy.extensions.filters.http.router.v3.Router.dynamic_stats:type_name -> google.protobuf.BoolValue + 2, // 1: envoy.extensions.filters.http.router.v3.Router.upstream_log:type_name -> envoy.config.accesslog.v3.AccessLog + 2, // [2:2] is the sub-list for method output_type + 2, // [2:2] is the sub-list for method input_type + 2, // [2:2] is the sub-list for extension type_name + 2, // [2:2] is the sub-list for extension extendee + 0, // [0:2] is the sub-list for field type_name +} + +func init() { file_envoy_extensions_filters_http_router_v3_router_proto_init() } +func file_envoy_extensions_filters_http_router_v3_router_proto_init() { + if File_envoy_extensions_filters_http_router_v3_router_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_envoy_extensions_filters_http_router_v3_router_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*Router); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_envoy_extensions_filters_http_router_v3_router_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_envoy_extensions_filters_http_router_v3_router_proto_goTypes, + DependencyIndexes: file_envoy_extensions_filters_http_router_v3_router_proto_depIdxs, + MessageInfos: file_envoy_extensions_filters_http_router_v3_router_proto_msgTypes, + }.Build() + File_envoy_extensions_filters_http_router_v3_router_proto = out.File + file_envoy_extensions_filters_http_router_v3_router_proto_rawDesc = nil + file_envoy_extensions_filters_http_router_v3_router_proto_goTypes = nil + file_envoy_extensions_filters_http_router_v3_router_proto_depIdxs = nil +} diff --git a/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3/router.pb.validate.go b/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3/router.pb.validate.go new file mode 100644 index 0000000000000..cc88bbbf56470 --- /dev/null +++ b/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3/router.pb.validate.go @@ -0,0 +1,228 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: envoy/extensions/filters/http/router/v3/router.proto + +package routerv3 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on Router with the rules defined in the +// proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *Router) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on Router with the rules defined in the +// proto definition for this message. If any rules are violated, the result is +// a list of violation errors wrapped in RouterMultiError, or nil if none found. +func (m *Router) ValidateAll() error { + return m.validate(true) +} + +func (m *Router) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetDynamicStats()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, RouterValidationError{ + field: "DynamicStats", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, RouterValidationError{ + field: "DynamicStats", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetDynamicStats()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return RouterValidationError{ + field: "DynamicStats", + reason: "embedded message failed validation", + cause: err, + } + } + } + + // no validation rules for StartChildSpan + + for idx, item := range m.GetUpstreamLog() { + _, _ = idx, item + + if all { + switch v := interface{}(item).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, RouterValidationError{ + field: fmt.Sprintf("UpstreamLog[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, RouterValidationError{ + field: fmt.Sprintf("UpstreamLog[%v]", idx), + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(item).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return RouterValidationError{ + field: fmt.Sprintf("UpstreamLog[%v]", idx), + reason: "embedded message failed validation", + cause: err, + } + } + } + + } + + // no validation rules for SuppressEnvoyHeaders + + for idx, item := range m.GetStrictCheckHeaders() { + _, _ = idx, item + + if _, ok := _Router_StrictCheckHeaders_InLookup[item]; !ok { + err := RouterValidationError{ + field: fmt.Sprintf("StrictCheckHeaders[%v]", idx), + reason: "value must be in list [x-envoy-upstream-rq-timeout-ms x-envoy-upstream-rq-per-try-timeout-ms x-envoy-max-retries x-envoy-retry-grpc-on x-envoy-retry-on]", + } + if !all { + return err + } + errors = append(errors, err) + } + + } + + // no validation rules for RespectExpectedRqTimeout + + // no validation rules for SuppressGrpcRequestFailureCodeStats + + if len(errors) > 0 { + return RouterMultiError(errors) + } + return nil +} + +// RouterMultiError is an error wrapping multiple validation errors returned by +// Router.ValidateAll() if the designated constraints aren't met. +type RouterMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m RouterMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m RouterMultiError) AllErrors() []error { return m } + +// RouterValidationError is the validation error returned by Router.Validate if +// the designated constraints aren't met. +type RouterValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e RouterValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e RouterValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e RouterValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e RouterValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e RouterValidationError) ErrorName() string { return "RouterValidationError" } + +// Error satisfies the builtin error interface +func (e RouterValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sRouter.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = RouterValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = RouterValidationError{} + +var _Router_StrictCheckHeaders_InLookup = map[string]struct{}{ + "x-envoy-upstream-rq-timeout-ms": {}, + "x-envoy-upstream-rq-per-try-timeout-ms": {}, + "x-envoy-max-retries": {}, + "x-envoy-retry-grpc-on": {}, + "x-envoy-retry-on": {}, +} diff --git a/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.pb.go b/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.pb.go new file mode 100644 index 0000000000000..9f0bc74e7767b --- /dev/null +++ b/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.pb.go @@ -0,0 +1,184 @@ +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.23.0 +// protoc v3.19.4 +// source: envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto + +package tls_inspectorv3 + +import ( + _ "github.com/cncf/xds/go/udpa/annotations" + proto "github.com/golang/protobuf/proto" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + wrapperspb "google.golang.org/protobuf/types/known/wrapperspb" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// This is a compile-time assertion that a sufficiently up-to-date version +// of the legacy proto package is being used. +const _ = proto.ProtoPackageIsVersion4 + +type TlsInspector struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Populate `JA3` fingerprint hash using data from the TLS Client Hello packet. Default is false. + EnableJa3Fingerprinting *wrapperspb.BoolValue `protobuf:"bytes,1,opt,name=enable_ja3_fingerprinting,json=enableJa3Fingerprinting,proto3" json:"enable_ja3_fingerprinting,omitempty"` +} + +func (x *TlsInspector) Reset() { + *x = TlsInspector{} + if protoimpl.UnsafeEnabled { + mi := &file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *TlsInspector) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TlsInspector) ProtoMessage() {} + +func (x *TlsInspector) ProtoReflect() protoreflect.Message { + mi := &file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_msgTypes[0] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TlsInspector.ProtoReflect.Descriptor instead. +func (*TlsInspector) Descriptor() ([]byte, []int) { + return file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDescGZIP(), []int{0} +} + +func (x *TlsInspector) GetEnableJa3Fingerprinting() *wrapperspb.BoolValue { + if x != nil { + return x.EnableJa3Fingerprinting + } + return nil +} + +var File_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto protoreflect.FileDescriptor + +var file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDesc = []byte{ + 0x0a, 0x46, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, + 0x6e, 0x73, 0x2f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2f, 0x6c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x2f, 0x74, 0x6c, 0x73, 0x5f, 0x69, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0x2f, 0x76, 0x33, 0x2f, 0x74, 0x6c, 0x73, 0x5f, 0x69, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x32, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, + 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x74, 0x6c, 0x73, 0x5f, + 0x69, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x33, 0x1a, 0x1e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x77, 0x72, + 0x61, 0x70, 0x70, 0x65, 0x72, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1d, 0x75, 0x64, + 0x70, 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x73, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x75, 0x64, 0x70, + 0x61, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x76, 0x65, + 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xa9, + 0x01, 0x0a, 0x0c, 0x54, 0x6c, 0x73, 0x49, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, + 0x56, 0x0a, 0x19, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x5f, 0x6a, 0x61, 0x33, 0x5f, 0x66, 0x69, + 0x6e, 0x67, 0x65, 0x72, 0x70, 0x72, 0x69, 0x6e, 0x74, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x17, + 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x4a, 0x61, 0x33, 0x46, 0x69, 0x6e, 0x67, 0x65, 0x72, 0x70, + 0x72, 0x69, 0x6e, 0x74, 0x69, 0x6e, 0x67, 0x3a, 0x41, 0x9a, 0xc5, 0x88, 0x1e, 0x3c, 0x0a, 0x3a, + 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x2e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x2e, 0x66, 0x69, 0x6c, + 0x74, 0x65, 0x72, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x74, 0x6c, 0x73, + 0x5f, 0x69, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x32, 0x2e, 0x54, 0x6c, + 0x73, 0x49, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x42, 0xca, 0x01, 0x0a, 0x40, 0x69, + 0x6f, 0x2e, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2e, 0x65, 0x6e, 0x76, + 0x6f, 0x79, 0x2e, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2e, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2e, 0x74, + 0x6c, 0x73, 0x5f, 0x69, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x76, 0x33, 0x42, + 0x11, 0x54, 0x6c, 0x73, 0x49, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x69, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x2f, 0x67, 0x6f, 0x2d, 0x63, + 0x6f, 0x6e, 0x74, 0x72, 0x6f, 0x6c, 0x2d, 0x70, 0x6c, 0x61, 0x6e, 0x65, 0x2f, 0x65, 0x6e, 0x76, + 0x6f, 0x79, 0x2f, 0x65, 0x78, 0x74, 0x65, 0x6e, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x2f, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x73, 0x2f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x2f, 0x74, + 0x6c, 0x73, 0x5f, 0x69, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2f, 0x76, 0x33, 0x3b, + 0x74, 0x6c, 0x73, 0x5f, 0x69, 0x6e, 0x73, 0x70, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x76, 0x33, 0xba, + 0x80, 0xc8, 0xd1, 0x06, 0x02, 0x10, 0x02, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDescOnce sync.Once + file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDescData = file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDesc +) + +func file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDescGZIP() []byte { + file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDescOnce.Do(func() { + file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDescData = protoimpl.X.CompressGZIP(file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDescData) + }) + return file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDescData +} + +var file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_msgTypes = make([]protoimpl.MessageInfo, 1) +var file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_goTypes = []interface{}{ + (*TlsInspector)(nil), // 0: envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector + (*wrapperspb.BoolValue)(nil), // 1: google.protobuf.BoolValue +} +var file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_depIdxs = []int32{ + 1, // 0: envoy.extensions.filters.listener.tls_inspector.v3.TlsInspector.enable_ja3_fingerprinting:type_name -> google.protobuf.BoolValue + 1, // [1:1] is the sub-list for method output_type + 1, // [1:1] is the sub-list for method input_type + 1, // [1:1] is the sub-list for extension type_name + 1, // [1:1] is the sub-list for extension extendee + 0, // [0:1] is the sub-list for field type_name +} + +func init() { file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_init() } +func file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_init() { + if File_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto != nil { + return + } + if !protoimpl.UnsafeEnabled { + file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TlsInspector); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDesc, + NumEnums: 0, + NumMessages: 1, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_goTypes, + DependencyIndexes: file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_depIdxs, + MessageInfos: file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_msgTypes, + }.Build() + File_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto = out.File + file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_rawDesc = nil + file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_goTypes = nil + file_envoy_extensions_filters_listener_tls_inspector_v3_tls_inspector_proto_depIdxs = nil +} diff --git a/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.pb.validate.go b/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.pb.validate.go new file mode 100644 index 0000000000000..56d32877bf459 --- /dev/null +++ b/vendor/github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.pb.validate.go @@ -0,0 +1,163 @@ +// Code generated by protoc-gen-validate. DO NOT EDIT. +// source: envoy/extensions/filters/listener/tls_inspector/v3/tls_inspector.proto + +package tls_inspectorv3 + +import ( + "bytes" + "errors" + "fmt" + "net" + "net/mail" + "net/url" + "regexp" + "sort" + "strings" + "time" + "unicode/utf8" + + "google.golang.org/protobuf/types/known/anypb" +) + +// ensure the imports are used +var ( + _ = bytes.MinRead + _ = errors.New("") + _ = fmt.Print + _ = utf8.UTFMax + _ = (*regexp.Regexp)(nil) + _ = (*strings.Reader)(nil) + _ = net.IPv4len + _ = time.Duration(0) + _ = (*url.URL)(nil) + _ = (*mail.Address)(nil) + _ = anypb.Any{} + _ = sort.Sort +) + +// Validate checks the field values on TlsInspector with the rules defined in +// the proto definition for this message. If any rules are violated, the first +// error encountered is returned, or nil if there are no violations. +func (m *TlsInspector) Validate() error { + return m.validate(false) +} + +// ValidateAll checks the field values on TlsInspector with the rules defined +// in the proto definition for this message. If any rules are violated, the +// result is a list of violation errors wrapped in TlsInspectorMultiError, or +// nil if none found. +func (m *TlsInspector) ValidateAll() error { + return m.validate(true) +} + +func (m *TlsInspector) validate(all bool) error { + if m == nil { + return nil + } + + var errors []error + + if all { + switch v := interface{}(m.GetEnableJa3Fingerprinting()).(type) { + case interface{ ValidateAll() error }: + if err := v.ValidateAll(); err != nil { + errors = append(errors, TlsInspectorValidationError{ + field: "EnableJa3Fingerprinting", + reason: "embedded message failed validation", + cause: err, + }) + } + case interface{ Validate() error }: + if err := v.Validate(); err != nil { + errors = append(errors, TlsInspectorValidationError{ + field: "EnableJa3Fingerprinting", + reason: "embedded message failed validation", + cause: err, + }) + } + } + } else if v, ok := interface{}(m.GetEnableJa3Fingerprinting()).(interface{ Validate() error }); ok { + if err := v.Validate(); err != nil { + return TlsInspectorValidationError{ + field: "EnableJa3Fingerprinting", + reason: "embedded message failed validation", + cause: err, + } + } + } + + if len(errors) > 0 { + return TlsInspectorMultiError(errors) + } + return nil +} + +// TlsInspectorMultiError is an error wrapping multiple validation errors +// returned by TlsInspector.ValidateAll() if the designated constraints aren't met. +type TlsInspectorMultiError []error + +// Error returns a concatenation of all the error messages it wraps. +func (m TlsInspectorMultiError) Error() string { + var msgs []string + for _, err := range m { + msgs = append(msgs, err.Error()) + } + return strings.Join(msgs, "; ") +} + +// AllErrors returns a list of validation violation errors. +func (m TlsInspectorMultiError) AllErrors() []error { return m } + +// TlsInspectorValidationError is the validation error returned by +// TlsInspector.Validate if the designated constraints aren't met. +type TlsInspectorValidationError struct { + field string + reason string + cause error + key bool +} + +// Field function returns field value. +func (e TlsInspectorValidationError) Field() string { return e.field } + +// Reason function returns reason value. +func (e TlsInspectorValidationError) Reason() string { return e.reason } + +// Cause function returns cause value. +func (e TlsInspectorValidationError) Cause() error { return e.cause } + +// Key function returns key value. +func (e TlsInspectorValidationError) Key() bool { return e.key } + +// ErrorName returns error name. +func (e TlsInspectorValidationError) ErrorName() string { return "TlsInspectorValidationError" } + +// Error satisfies the builtin error interface +func (e TlsInspectorValidationError) Error() string { + cause := "" + if e.cause != nil { + cause = fmt.Sprintf(" | caused by: %v", e.cause) + } + + key := "" + if e.key { + key = "key for " + } + + return fmt.Sprintf( + "invalid %sTlsInspector.%s: %s%s", + key, + e.field, + e.reason, + cause) +} + +var _ error = TlsInspectorValidationError{} + +var _ interface { + Field() string + Reason() string + Key() bool + Cause() error + ErrorName() string +} = TlsInspectorValidationError{} diff --git a/vendor/modules.txt b/vendor/modules.txt index c814c8714fe47..b27caa037bdfc 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -205,7 +205,7 @@ github.com/cilium/kafka/proto # github.com/cilium/lumberjack/v2 v2.3.0 ## explicit; go 1.13 github.com/cilium/lumberjack/v2 -# github.com/cilium/proxy v0.0.0-20230205220247-5b9c892d59cd +# github.com/cilium/proxy v0.0.0-20230215154421-edb6834301da ## explicit; go 1.13 github.com/cilium/proxy/go/cilium/api github.com/cilium/proxy/go/contrib/envoy/extensions/filters/network/mysql_proxy/v3 @@ -230,7 +230,9 @@ github.com/cilium/proxy/go/envoy/extensions/filters/http/dynamic_forward_proxy/v github.com/cilium/proxy/go/envoy/extensions/filters/http/ext_authz/v3 github.com/cilium/proxy/go/envoy/extensions/filters/http/local_ratelimit/v3 github.com/cilium/proxy/go/envoy/extensions/filters/http/ratelimit/v3 +github.com/cilium/proxy/go/envoy/extensions/filters/http/router/v3 github.com/cilium/proxy/go/envoy/extensions/filters/http/set_metadata/v3 +github.com/cilium/proxy/go/envoy/extensions/filters/listener/tls_inspector/v3 github.com/cilium/proxy/go/envoy/extensions/filters/network/connection_limit/v3 github.com/cilium/proxy/go/envoy/extensions/filters/network/ext_authz/v3 github.com/cilium/proxy/go/envoy/extensions/filters/network/http_connection_manager/v3