From a4ff924ce3be0e8e366c30822b3a0a11080d3fd5 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Thu, 19 Dec 2024 12:20:13 +0000 Subject: [PATCH] Bump istio.io/api from 1.19.4 to 1.24.2 Bumps [istio.io/api](https://github.com/istio/api) from 1.19.4 to 1.24.2. - [Commits](https://github.com/istio/api/compare/1.19.4...1.24.2) --- updated-dependencies: - dependency-name: istio.io/api dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] --- go.mod | 8 +- go.sum | 16 +- .../api/annotations/annotations.pb.go | 4 +- .../googleapis/api/annotations/client.pb.go | 348 ++- .../api/annotations/field_behavior.pb.go | 26 +- .../api/annotations/field_info.pb.go | 10 +- .../googleapis/api/annotations/http.pb.go | 4 +- .../googleapis/api/annotations/resource.pb.go | 4 +- .../googleapis/api/annotations/routing.pb.go | 4 +- .../googleapis/api/launch_stage.pb.go | 4 +- .../genproto/googleapis/api/tidyfix.go | 23 - .../genproto/googleapis/rpc/code/code.pb.go | 4 +- .../rpc/errdetails/error_details.pb.go | 4 +- .../googleapis/rpc/status/status.pb.go | 4 +- .../genproto/internal/doc.go | 17 - vendor/google.golang.org/grpc/CONTRIBUTING.md | 2 +- vendor/google.golang.org/grpc/MAINTAINERS.md | 1 + vendor/google.golang.org/grpc/Makefile | 7 +- .../grpc/balancer/balancer.go | 9 +- .../grpclb/grpc_lb_v1/load_balancer.pb.go | 4 +- .../grpc_lb_v1/load_balancer_grpc.pb.go | 13 +- .../grpc/balancer/grpclb/grpclb.go | 2 +- .../balancer/grpclb/grpclb_remote_balancer.go | 6 +- .../grpc/balancer_conn_wrappers.go | 454 --- .../grpc/balancer_wrapper.go | 337 +++ .../grpc_binarylog_v1/binarylog.pb.go | 6 +- vendor/google.golang.org/grpc/clientconn.go | 775 ++--- vendor/google.golang.org/grpc/codegen.sh | 17 - vendor/google.golang.org/grpc/codes/codes.go | 10 +- .../grpc/credentials/alts/alts.go | 2 +- .../alts/internal/handshaker/handshaker.go | 19 +- .../internal/proto/grpc_gcp/altscontext.pb.go | 4 +- .../internal/proto/grpc_gcp/handshaker.pb.go | 299 +- .../proto/grpc_gcp/handshaker_grpc.pb.go | 67 +- .../grpc_gcp/transport_security_common.pb.go | 4 +- .../grpc/credentials/credentials.go | 4 +- .../grpc/credentials/google/xds.go | 4 +- .../google.golang.org/grpc/credentials/tls.go | 75 +- vendor/google.golang.org/grpc/dialoptions.go | 104 +- .../grpc/encoding/proto/proto.go | 24 +- .../balancer/gracefulswitch/config.go | 82 + .../balancer/gracefulswitch/gracefulswitch.go | 44 +- .../grpc/internal/binarylog/method_logger.go | 15 +- .../grpc/internal/binarylog/sink.go | 2 +- .../grpc/internal/buffer/unbounded.go | 41 +- .../grpc/internal/channelz/channel.go | 255 ++ .../grpc/internal/channelz/channelmap.go | 402 +++ .../grpc/internal/channelz/funcs.go | 702 +---- .../grpc/internal/channelz/id.go | 75 - .../grpc/internal/channelz/logging.go | 28 +- .../grpc/internal/channelz/server.go | 119 + .../grpc/internal/channelz/socket.go | 130 + .../grpc/internal/channelz/subchannel.go | 151 + .../{types_linux.go => syscall_linux.go} | 14 + ...{types_nonlinux.go => syscall_nonlinux.go} | 6 +- .../grpc/internal/channelz/trace.go | 204 ++ .../grpc/internal/channelz/types.go | 727 ----- .../grpc/internal/envconfig/envconfig.go | 6 - .../grpc/internal/envconfig/xds.go | 39 - .../grpc/internal/experimental.go | 28 + .../grpc/internal/grpcrand/grpcrand.go | 5 + .../grpc/internal/grpcrand/grpcrand_go1.21.go | 73 + .../internal/grpcsync/callback_serializer.go | 51 +- .../grpc/internal/grpcutil/compressor.go | 5 - .../grpc/internal/idle/idle.go | 175 +- .../grpc/internal/internal.go | 33 +- .../grpc/internal/pretty/pretty.go | 35 +- .../internal/resolver/dns/dns_resolver.go | 110 +- .../resolver/dns/internal/internal.go | 66 + .../grpc/internal/resolver/unix/unix.go | 4 + .../grpc/internal/status/status.go | 15 +- ...il_nonlinux.go => tcp_keepalive_others.go} | 18 +- .../grpc/internal/tcp_keepalive_unix.go | 54 + .../grpc/internal/tcp_keepalive_windows.go | 54 + .../grpc/internal/transport/controlbuf.go | 38 +- .../grpc/internal/transport/handler_server.go | 82 +- .../grpc/internal/transport/http2_client.go | 170 +- .../grpc/internal/transport/http2_server.go | 228 +- .../grpc/internal/transport/http_util.go | 3 +- .../grpc/internal/transport/proxy.go | 14 +- .../grpc/internal/transport/transport.go | 63 +- .../{xds_handshake_cluster.go => xds/xds.go} | 4 +- .../grpc/metadata/metadata.go | 31 +- vendor/google.golang.org/grpc/peer/peer.go | 32 + .../google.golang.org/grpc/picker_wrapper.go | 24 +- vendor/google.golang.org/grpc/pickfirst.go | 70 +- vendor/google.golang.org/grpc/regenerate.sh | 6 +- .../grpc/resolver/dns/dns_resolver.go | 60 + .../grpc/resolver/manual/manual.go | 15 +- vendor/google.golang.org/grpc/resolver/map.go | 113 + .../grpc/resolver/resolver.go | 30 +- .../grpc/resolver_conn_wrapper.go | 247 -- .../grpc/resolver_wrapper.go | 198 ++ vendor/google.golang.org/grpc/rpc_util.go | 93 +- vendor/google.golang.org/grpc/server.go | 393 ++- .../google.golang.org/grpc/service_config.go | 49 +- vendor/google.golang.org/grpc/stats/stats.go | 10 +- vendor/google.golang.org/grpc/stream.go | 14 +- .../grpc/stream_interfaces.go | 152 + vendor/google.golang.org/grpc/trace.go | 26 +- .../google.golang.org/grpc/trace_notrace.go | 52 + .../util_linux.go => trace_withtrace.go} | 32 +- vendor/google.golang.org/grpc/version.go | 2 +- vendor/google.golang.org/grpc/vet.sh | 212 -- .../protobuf/protoadapt/convert.go | 31 + vendor/istio.io/api/LICENSE | 2 +- .../api/analysis/v1alpha1/message.pb.go | 635 ++++ .../api/analysis/v1alpha1/message.pb.html | 353 +++ .../api/analysis/v1alpha1/message.proto | 144 + .../analysis/v1alpha1/message_deepcopy.gen.go | 132 + .../api/analysis/v1alpha1/message_json.gen.go | 78 + .../istio.io/api/meta/v1alpha1/status.pb.go | 314 ++ .../istio.io/api/meta/v1alpha1/status.pb.html | 141 + .../istio.io/api/meta/v1alpha1/status.proto | 73 + .../api/meta/v1alpha1/status_deepcopy.gen.go | 48 + .../api/meta/v1alpha1/status_json.gen.go | 34 + .../v1alpha3/destination_rule.gen.json | 679 ----- .../v1alpha3/destination_rule.pb.go | 1971 ++++++------- .../v1alpha3/destination_rule.pb.html | 663 ++--- .../v1alpha3/destination_rule.proto | 395 +-- .../v1alpha3/destination_rule_deepcopy.gen.go | 42 + .../v1alpha3/destination_rule_json.gen.go | 22 + .../networking/v1alpha3/envoy_filter.gen.json | 385 --- .../networking/v1alpha3/envoy_filter.pb.go | 851 +++--- .../networking/v1alpha3/envoy_filter.pb.html | 221 +- .../networking/v1alpha3/envoy_filter.proto | 77 +- .../api/networking/v1alpha3/gateway.gen.json | 170 -- .../api/networking/v1alpha3/gateway.pb.go | 560 +--- .../api/networking/v1alpha3/gateway.pb.html | 317 +- .../api/networking/v1alpha3/gateway.proto | 263 +- .../v1alpha3/service_entry.gen.json | 161 -- .../networking/v1alpha3/service_entry.pb.go | 784 ++--- .../networking/v1alpha3/service_entry.pb.html | 516 +--- .../networking/v1alpha3/service_entry.proto | 470 +-- .../v1alpha3/service_entry_deepcopy.gen.go | 42 + .../v1alpha3/service_entry_json.gen.go | 22 + .../api/networking/v1alpha3/sidecar.gen.json | 259 -- .../api/networking/v1alpha3/sidecar.pb.go | 795 +++-- .../api/networking/v1alpha3/sidecar.pb.html | 417 ++- .../api/networking/v1alpha3/sidecar.proto | 357 +-- .../v1alpha3/sidecar_deepcopy.gen.go | 21 + .../networking/v1alpha3/sidecar_json.gen.go | 11 + .../v1alpha3/virtual_service.gen.json | 949 ------ .../networking/v1alpha3/virtual_service.pb.go | 2546 +++++------------ .../v1alpha3/virtual_service.pb.html | 977 ++----- .../networking/v1alpha3/virtual_service.proto | 741 +---- .../v1alpha3/workload_entry.gen.json | 51 - .../networking/v1alpha3/workload_entry.pb.go | 175 +- .../v1alpha3/workload_entry.pb.html | 130 +- .../networking/v1alpha3/workload_entry.proto | 147 +- .../v1alpha3/workload_group.gen.json | 250 -- .../networking/v1alpha3/workload_group.pb.go | 386 +-- .../v1alpha3/workload_group.pb.html | 86 +- .../networking/v1alpha3/workload_group.proto | 63 +- .../api/type/v1beta1/selector.gen.json | 44 - .../istio.io/api/type/v1beta1/selector.pb.go | 235 +- .../api/type/v1beta1/selector.pb.html | 105 +- .../istio.io/api/type/v1beta1/selector.proto | 71 +- .../api/type/v1beta1/selector_deepcopy.gen.go | 21 + .../api/type/v1beta1/selector_json.gen.go | 11 + vendor/modules.txt | 17 +- 161 files changed, 11667 insertions(+), 16754 deletions(-) delete mode 100644 vendor/google.golang.org/genproto/googleapis/api/tidyfix.go delete mode 100644 vendor/google.golang.org/genproto/internal/doc.go delete mode 100644 vendor/google.golang.org/grpc/balancer_conn_wrappers.go create mode 100644 vendor/google.golang.org/grpc/balancer_wrapper.go delete mode 100644 vendor/google.golang.org/grpc/codegen.sh create mode 100644 vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/config.go create mode 100644 vendor/google.golang.org/grpc/internal/channelz/channel.go create mode 100644 vendor/google.golang.org/grpc/internal/channelz/channelmap.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/id.go create mode 100644 vendor/google.golang.org/grpc/internal/channelz/server.go create mode 100644 vendor/google.golang.org/grpc/internal/channelz/socket.go create mode 100644 vendor/google.golang.org/grpc/internal/channelz/subchannel.go rename vendor/google.golang.org/grpc/internal/channelz/{types_linux.go => syscall_linux.go} (83%) rename vendor/google.golang.org/grpc/internal/channelz/{types_nonlinux.go => syscall_nonlinux.go} (90%) create mode 100644 vendor/google.golang.org/grpc/internal/channelz/trace.go delete mode 100644 vendor/google.golang.org/grpc/internal/channelz/types.go create mode 100644 vendor/google.golang.org/grpc/internal/experimental.go create mode 100644 vendor/google.golang.org/grpc/internal/grpcrand/grpcrand_go1.21.go create mode 100644 vendor/google.golang.org/grpc/internal/resolver/dns/internal/internal.go rename vendor/google.golang.org/grpc/internal/{channelz/util_nonlinux.go => tcp_keepalive_others.go} (69%) create mode 100644 vendor/google.golang.org/grpc/internal/tcp_keepalive_unix.go create mode 100644 vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go rename vendor/google.golang.org/grpc/internal/{xds_handshake_cluster.go => xds/xds.go} (89%) create mode 100644 vendor/google.golang.org/grpc/resolver/dns/dns_resolver.go delete mode 100644 vendor/google.golang.org/grpc/resolver_conn_wrapper.go create mode 100644 vendor/google.golang.org/grpc/resolver_wrapper.go create mode 100644 vendor/google.golang.org/grpc/stream_interfaces.go create mode 100644 vendor/google.golang.org/grpc/trace_notrace.go rename vendor/google.golang.org/grpc/{internal/channelz/util_linux.go => trace_withtrace.go} (59%) delete mode 100644 vendor/google.golang.org/grpc/vet.sh create mode 100644 vendor/google.golang.org/protobuf/protoadapt/convert.go create mode 100644 vendor/istio.io/api/analysis/v1alpha1/message.pb.go create mode 100644 vendor/istio.io/api/analysis/v1alpha1/message.pb.html create mode 100644 vendor/istio.io/api/analysis/v1alpha1/message.proto create mode 100644 vendor/istio.io/api/analysis/v1alpha1/message_deepcopy.gen.go create mode 100644 vendor/istio.io/api/analysis/v1alpha1/message_json.gen.go create mode 100644 vendor/istio.io/api/meta/v1alpha1/status.pb.go create mode 100644 vendor/istio.io/api/meta/v1alpha1/status.pb.html create mode 100644 vendor/istio.io/api/meta/v1alpha1/status.proto create mode 100644 vendor/istio.io/api/meta/v1alpha1/status_deepcopy.gen.go create mode 100644 vendor/istio.io/api/meta/v1alpha1/status_json.gen.go delete mode 100644 vendor/istio.io/api/networking/v1alpha3/destination_rule.gen.json delete mode 100644 vendor/istio.io/api/networking/v1alpha3/envoy_filter.gen.json delete mode 100644 vendor/istio.io/api/networking/v1alpha3/gateway.gen.json delete mode 100644 vendor/istio.io/api/networking/v1alpha3/service_entry.gen.json delete mode 100644 vendor/istio.io/api/networking/v1alpha3/sidecar.gen.json delete mode 100644 vendor/istio.io/api/networking/v1alpha3/virtual_service.gen.json delete mode 100644 vendor/istio.io/api/networking/v1alpha3/workload_entry.gen.json delete mode 100644 vendor/istio.io/api/networking/v1alpha3/workload_group.gen.json delete mode 100644 vendor/istio.io/api/type/v1beta1/selector.gen.json diff --git a/go.mod b/go.mod index 8e73dce43..997c688df 100644 --- a/go.mod +++ b/go.mod @@ -19,7 +19,7 @@ require ( golang.org/x/crypto v0.29.0 google.golang.org/protobuf v1.35.1 gopkg.in/yaml.v2 v2.4.0 - istio.io/api v1.19.4 + istio.io/api v1.24.2 k8s.io/api v0.30.2 k8s.io/apiextensions-apiserver v0.29.6 k8s.io/apimachinery v0.30.2 @@ -116,9 +116,9 @@ require ( gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/api v0.151.0 // indirect google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 // indirect - google.golang.org/grpc v1.59.0 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240513163218-0867130af1f8 // indirect + google.golang.org/grpc v1.64.1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/ini.v1 v1.66.2 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect diff --git a/go.sum b/go.sum index b421ae692..73182d773 100644 --- a/go.sum +++ b/go.sum @@ -426,10 +426,10 @@ google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98 google.golang.org/genproto v0.0.0-20200526211855-cb27e3aa2013/go.mod h1:NbSheEEYHJ7i3ixzK3sjbqSGDJWnxyFXZblF3eUsNvo= google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17 h1:wpZ8pe2x1Q3f2KyT5f8oP/fa9rHAKgFPr/HZdNuS+PQ= google.golang.org/genproto v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:J7XzRzVy1+IPwWHZUzoD0IccYZIrXILAQpc+Qy9CMhY= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 h1:JpwMPBpFN3uKhdaekDpiNlImDdkUAyiJ6ez/uxGaUSo= -google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:0xJLfVdJqpAPl8tDg1ujOCGzx6LFLttXT5NhllGOXY4= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 h1:Jyp0Hsi0bmHXG6k9eATXoYtjd6e2UzZ1SCn/wIupY14= -google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17/go.mod h1:oQ5rr10WTTMvP4A36n8JpR1OrO1BEiV4f78CneXZxkA= +google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 h1:W5Xj/70xIA4x60O/IFyXivR5MGqblAb8R3w26pnD6No= +google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8/go.mod h1:vPrPUTsDCYxXWjP7clS81mZ6/803D8K4iM9Ma27VKas= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240513163218-0867130af1f8 h1:mxSlqyb8ZAHsYDCfiXN1EDdNTdvjUJSLY+OnAUtYNYA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240513163218-0867130af1f8/go.mod h1:I7Y+G38R2bu5j1aLzfFmQfTcU/WnFuqDwLZAbvKTKpM= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -437,8 +437,8 @@ google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyac google.golang.org/grpc v1.25.1/go.mod h1:c3i+UQWmh7LiEpx4sFZnkU36qjEYZ0imhYfXVyQciAY= google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk= google.golang.org/grpc v1.33.2/go.mod h1:JMHMWHQWaTccqQQlmk3MJZS+GWXOdAesneDmEnv2fbc= -google.golang.org/grpc v1.59.0 h1:Z5Iec2pjwb+LEOqzpB2MR12/eKFhDPhuqW91O+4bwUk= -google.golang.org/grpc v1.59.0/go.mod h1:aUPDwccQo6OTjy7Hct4AfBPD1GptF4fyUjIkQ9YtF98= +google.golang.org/grpc v1.64.1 h1:LKtvyfbX3UGVPFcGqJ9ItpVWW6oN/2XqTxfAnwRRXiA= +google.golang.org/grpc v1.64.1/go.mod h1:hiQF4LFZelK2WKaP6W0L92zGHtiQdZxk8CrSdvyjeP0= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= google.golang.org/protobuf v0.0.0-20200228230310-ab0ca4ff8a60/go.mod h1:cfTl7dwQJ+fmap5saPgwCLgHXTUD7jkjRqWcaiX5VyM= @@ -468,8 +468,8 @@ honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWh honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= -istio.io/api v1.19.4 h1:uKSnHcsUTZBUr09xY+Vu30QCMsmwU3lssNYaVFcPewY= -istio.io/api v1.19.4/go.mod h1:KstZe4bKbXouALUJ5PqpjNEhu5nj90HrDFitZfpNhlU= +istio.io/api v1.24.2 h1:jYjcN6Iq0RPtQj/3KMFsybxmfqmjGN/dxhL7FGJEdIM= +istio.io/api v1.24.2/go.mod h1:MQnRok7RZ20/PE56v0LxmoWH0xVxnCQPNuf9O7PAN1I= k8s.io/api v0.28.4 h1:8ZBrLjwosLl/NYgv1P7EQLqoO8MGQApnbgH8tu3BMzY= k8s.io/api v0.28.4/go.mod h1:axWTGrY88s/5YE+JSt4uUi6NMM+gur1en2REMR7IRj0= k8s.io/apiextensions-apiserver v0.28.4 h1:AZpKY/7wQ8n+ZYDtNHbAJBb+N4AXXJvyZx6ww6yAJvU= diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go index 191bea48c..8b462f3df 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/annotations.pb.go @@ -1,4 +1,4 @@ -// Copyright 2015 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.12.2 +// protoc v4.24.4 // source: google/api/annotations.proto package annotations diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go index 83774fbcb..636edb460 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/client.pb.go @@ -1,4 +1,4 @@ -// Copyright 2023 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.12 +// protoc v4.24.4 // source: google/api/client.proto package annotations @@ -409,6 +409,9 @@ type Publishing struct { // Optional link to proto reference documentation. Example: // https://cloud.google.com/pubsub/lite/docs/reference/rpc ProtoReferenceDocumentationUri string `protobuf:"bytes,110,opt,name=proto_reference_documentation_uri,json=protoReferenceDocumentationUri,proto3" json:"proto_reference_documentation_uri,omitempty"` + // Optional link to REST reference documentation. Example: + // https://cloud.google.com/pubsub/lite/docs/reference/rest + RestReferenceDocumentationUri string `protobuf:"bytes,111,opt,name=rest_reference_documentation_uri,json=restReferenceDocumentationUri,proto3" json:"rest_reference_documentation_uri,omitempty"` } func (x *Publishing) Reset() { @@ -513,6 +516,13 @@ func (x *Publishing) GetProtoReferenceDocumentationUri() string { return "" } +func (x *Publishing) GetRestReferenceDocumentationUri() string { + if x != nil { + return x.RestReferenceDocumentationUri + } + return "" +} + // Settings for Java client libraries. type JavaSettings struct { state protoimpl.MessageState @@ -1033,6 +1043,18 @@ type MethodSettings struct { // total_poll_timeout: // seconds: 54000 # 90 minutes LongRunning *MethodSettings_LongRunning `protobuf:"bytes,2,opt,name=long_running,json=longRunning,proto3" json:"long_running,omitempty"` + // List of top-level fields of the request message, that should be + // automatically populated by the client libraries based on their + // (google.api.field_info).format. Currently supported format: UUID4. + // + // Example of a YAML configuration: + // + // publishing: + // method_settings: + // - selector: google.example.v1.ExampleService.CreateExample + // auto_populated_fields: + // - request_id + AutoPopulatedFields []string `protobuf:"bytes,3,rep,name=auto_populated_fields,json=autoPopulatedFields,proto3" json:"auto_populated_fields,omitempty"` } func (x *MethodSettings) Reset() { @@ -1081,6 +1103,13 @@ func (x *MethodSettings) GetLongRunning() *MethodSettings_LongRunning { return nil } +func (x *MethodSettings) GetAutoPopulatedFields() []string { + if x != nil { + return x.AutoPopulatedFields + } + return nil +} + // Describes settings to use when generating API methods that use the // long-running operation pattern. // All default values below are from those used in the client library @@ -1191,6 +1220,14 @@ var file_google_api_client_proto_extTypes = []protoimpl.ExtensionInfo{ Tag: "bytes,1050,opt,name=oauth_scopes", Filename: "google/api/client.proto", }, + { + ExtendedType: (*descriptorpb.ServiceOptions)(nil), + ExtensionType: (*string)(nil), + Field: 525000001, + Name: "google.api.api_version", + Tag: "bytes,525000001,opt,name=api_version", + Filename: "google/api/client.proto", + }, } // Extension fields to descriptorpb.MethodOptions. @@ -1272,6 +1309,23 @@ var ( // // optional string oauth_scopes = 1050; E_OauthScopes = &file_google_api_client_proto_extTypes[2] + // The API version of this service, which should be sent by version-aware + // clients to the service. This allows services to abide by the schema and + // behavior of the service at the time this API version was deployed. + // The format of the API version must be treated as opaque by clients. + // Services may use a format with an apparent structure, but clients must + // not rely on this to determine components within an API version, or attempt + // to construct other valid API versions. Note that this is for upcoming + // functionality and may not be implemented for all services. + // + // Example: + // + // service Foo { + // option (google.api.api_version) = "v1_20230821_preview"; + // } + // + // optional string api_version = 525000001; + E_ApiVersion = &file_google_api_client_proto_extTypes[3] ) var File_google_api_client_proto protoreflect.FileDescriptor @@ -1336,7 +1390,7 @@ var file_google_api_client_proto_rawDesc = []byte{ 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x1c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x16, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0a, 0x67, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x22, 0xab, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69, + 0x6e, 0x67, 0x73, 0x22, 0xf4, 0x04, 0x0a, 0x0a, 0x50, 0x75, 0x62, 0x6c, 0x69, 0x73, 0x68, 0x69, 0x6e, 0x67, 0x12, 0x43, 0x0a, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, @@ -1371,150 +1425,163 @@ var file_google_api_client_proto_rawDesc = []byte{ 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, - 0x69, 0x22, 0x9a, 0x02, 0x0a, 0x0c, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61, - 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62, - 0x72, 0x61, 0x72, 0x79, 0x50, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73, - 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d, - 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4a, 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, - 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06, - 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, - 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x12, 0x47, 0x0a, 0x20, 0x72, 0x65, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x66, 0x65, 0x72, 0x65, + 0x6e, 0x63, 0x65, 0x5f, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x75, 0x72, 0x69, 0x18, 0x6f, 0x20, 0x01, 0x28, 0x09, 0x52, 0x1d, 0x72, 0x65, 0x73, + 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x44, 0x6f, 0x63, 0x75, 0x6d, 0x65, + 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x69, 0x22, 0x9a, 0x02, 0x0a, 0x0c, 0x4a, + 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6c, + 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x63, 0x6b, 0x61, 0x67, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x50, 0x61, 0x63, + 0x6b, 0x61, 0x67, 0x65, 0x12, 0x5f, 0x0a, 0x13, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x5f, + 0x63, 0x6c, 0x61, 0x73, 0x73, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4a, + 0x61, 0x76, 0x61, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, - 0x0a, 0x0b, 0x43, 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, - 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, - 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x49, 0x0a, 0x0b, 0x50, 0x68, 0x70, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, - 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, - 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, 0x0e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65, + 0x72, 0x79, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, 0x73, + 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, + 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, + 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, + 0x6e, 0x1a, 0x44, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x43, 0x6c, 0x61, 0x73, + 0x73, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, + 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x49, 0x0a, 0x0b, 0x43, 0x70, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, - 0x6f, 0x6e, 0x22, 0x4a, 0x0a, 0x0c, 0x4e, 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, - 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xae, - 0x04, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x6f, 0x6e, 0x22, 0x49, 0x0a, 0x0b, 0x50, 0x68, 0x70, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x5a, 0x0a, - 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, - 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x72, 0x65, 0x6e, - 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, - 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, - 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x67, 0x6e, 0x6f, - 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, 0x0a, 0x18, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x5f, - 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x65, - 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x16, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x4e, - 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x12, - 0x35, 0x0a, 0x16, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x5f, 0x73, - 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x15, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x53, 0x69, 0x67, 0x6e, - 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, - 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x52, 0x65, - 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, - 0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4c, 0x0a, + 0x0e, 0x50, 0x79, 0x74, 0x68, 0x6f, 0x6e, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, - 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x0a, 0x47, - 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, - 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, - 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, - 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x8e, 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, - 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, - 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6e, - 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, - 0x6e, 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x1a, - 0x94, 0x02, 0x0a, 0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, - 0x47, 0x0a, 0x12, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, - 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50, - 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c, - 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, - 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, - 0x61, 0x79, 0x4d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e, - 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x0c, 0x6d, 0x61, 0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a, - 0x12, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54, - 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x2a, 0xa3, 0x01, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65, 0x6e, - 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, - 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41, 0x54, + 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x4a, 0x0a, 0x0c, 0x4e, + 0x6f, 0x64, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, + 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, + 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, + 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xae, 0x04, 0x0a, 0x0e, 0x44, 0x6f, 0x74, 0x6e, + 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, + 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, + 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x12, 0x5a, 0x0a, 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, + 0x64, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x2f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, + 0x74, 0x6e, 0x65, 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, + 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x0f, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x73, 0x12, 0x5d, 0x0a, 0x11, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x5f, 0x72, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x44, 0x6f, 0x74, 0x6e, 0x65, + 0x74, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, + 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x10, 0x72, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x5f, 0x72, 0x65, 0x73, + 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x69, 0x67, + 0x6e, 0x6f, 0x72, 0x65, 0x64, 0x52, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x12, 0x38, + 0x0a, 0x18, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, + 0x63, 0x65, 0x5f, 0x61, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, + 0x52, 0x16, 0x66, 0x6f, 0x72, 0x63, 0x65, 0x64, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, + 0x65, 0x41, 0x6c, 0x69, 0x61, 0x73, 0x65, 0x73, 0x12, 0x35, 0x0a, 0x16, 0x68, 0x61, 0x6e, 0x64, + 0x77, 0x72, 0x69, 0x74, 0x74, 0x65, 0x6e, 0x5f, 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, + 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x68, 0x61, 0x6e, 0x64, 0x77, 0x72, + 0x69, 0x74, 0x74, 0x65, 0x6e, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x73, 0x1a, + 0x42, 0x0a, 0x14, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x1a, 0x43, 0x0a, 0x15, 0x52, 0x65, 0x6e, 0x61, 0x6d, 0x65, 0x64, 0x52, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x4a, 0x0a, 0x0c, 0x52, 0x75, 0x62, 0x79, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, + 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, + 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, + 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0x48, 0x0a, 0x0a, 0x47, 0x6f, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x67, 0x73, 0x12, 0x3a, 0x0a, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, + 0x43, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x4c, 0x61, 0x6e, 0x67, 0x75, 0x61, 0x67, 0x65, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, 0x63, 0x6f, 0x6d, 0x6d, 0x6f, 0x6e, 0x22, 0xc2, + 0x03, 0x0a, 0x0e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, + 0x0c, 0x6c, 0x6f, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, + 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x0b, 0x6c, 0x6f, 0x6e, + 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x32, 0x0a, 0x15, 0x61, 0x75, 0x74, 0x6f, + 0x5f, 0x70, 0x6f, 0x70, 0x75, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x5f, 0x66, 0x69, 0x65, 0x6c, 0x64, + 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x13, 0x61, 0x75, 0x74, 0x6f, 0x50, 0x6f, 0x70, + 0x75, 0x6c, 0x61, 0x74, 0x65, 0x64, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x73, 0x1a, 0x94, 0x02, 0x0a, + 0x0b, 0x4c, 0x6f, 0x6e, 0x67, 0x52, 0x75, 0x6e, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x47, 0x0a, 0x12, + 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, + 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, + 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x32, 0x0a, 0x15, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, + 0x6c, 0x61, 0x79, 0x5f, 0x6d, 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x02, 0x52, 0x13, 0x70, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x4d, + 0x75, 0x6c, 0x74, 0x69, 0x70, 0x6c, 0x69, 0x65, 0x72, 0x12, 0x3f, 0x0a, 0x0e, 0x6d, 0x61, 0x78, + 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0c, 0x6d, 0x61, + 0x78, 0x50, 0x6f, 0x6c, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x47, 0x0a, 0x12, 0x74, 0x6f, + 0x74, 0x61, 0x6c, 0x5f, 0x70, 0x6f, 0x6c, 0x6c, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x10, 0x74, 0x6f, 0x74, 0x61, 0x6c, 0x50, 0x6f, 0x6c, 0x6c, 0x54, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x2a, 0xa3, 0x01, 0x0a, 0x19, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, + 0x62, 0x72, 0x61, 0x72, 0x79, 0x4f, 0x72, 0x67, 0x61, 0x6e, 0x69, 0x7a, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x2b, 0x0a, 0x27, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, + 0x41, 0x52, 0x59, 0x5f, 0x4f, 0x52, 0x47, 0x41, 0x4e, 0x49, 0x5a, 0x41, 0x54, 0x49, 0x4f, 0x4e, + 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, + 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x44, 0x53, + 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53, 0x10, 0x03, 0x12, 0x0f, + 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45, 0x57, 0x10, 0x04, 0x12, + 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x4f, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x10, 0x05, 0x12, 0x07, 0x0a, + 0x03, 0x47, 0x45, 0x4f, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, 0x45, 0x52, 0x41, + 0x54, 0x49, 0x56, 0x45, 0x5f, 0x41, 0x49, 0x10, 0x07, 0x2a, 0x67, 0x0a, 0x18, 0x43, 0x6c, 0x69, + 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x26, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, + 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x49, 0x4e, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, - 0x00, 0x12, 0x09, 0x0a, 0x05, 0x43, 0x4c, 0x4f, 0x55, 0x44, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, - 0x41, 0x44, 0x53, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x50, 0x48, 0x4f, 0x54, 0x4f, 0x53, 0x10, - 0x03, 0x12, 0x0f, 0x0a, 0x0b, 0x53, 0x54, 0x52, 0x45, 0x45, 0x54, 0x5f, 0x56, 0x49, 0x45, 0x57, - 0x10, 0x04, 0x12, 0x0c, 0x0a, 0x08, 0x53, 0x48, 0x4f, 0x50, 0x50, 0x49, 0x4e, 0x47, 0x10, 0x05, - 0x12, 0x07, 0x0a, 0x03, 0x47, 0x45, 0x4f, 0x10, 0x06, 0x12, 0x11, 0x0a, 0x0d, 0x47, 0x45, 0x4e, - 0x45, 0x52, 0x41, 0x54, 0x49, 0x56, 0x45, 0x5f, 0x41, 0x49, 0x10, 0x07, 0x2a, 0x67, 0x0a, 0x18, - 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x4c, 0x69, 0x62, 0x72, 0x61, 0x72, 0x79, 0x44, 0x65, 0x73, - 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2a, 0x0a, 0x26, 0x43, 0x4c, 0x49, 0x45, - 0x4e, 0x54, 0x5f, 0x4c, 0x49, 0x42, 0x52, 0x41, 0x52, 0x59, 0x5f, 0x44, 0x45, 0x53, 0x54, 0x49, - 0x4e, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, - 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x10, 0x0a, - 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41, - 0x47, 0x45, 0x52, 0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, - 0x73, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, - 0x6f, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, - 0x65, 0x3a, 0x43, 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73, - 0x74, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x18, 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75, - 0x6c, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f, - 0x73, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, - 0x6f, 0x61, 0x75, 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x42, 0x69, 0x0a, 0x0e, 0x63, - 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x0b, 0x43, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, - 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, - 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, - 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x47, 0x49, 0x54, 0x48, 0x55, 0x42, 0x10, 0x0a, 0x12, 0x13, 0x0a, + 0x0f, 0x50, 0x41, 0x43, 0x4b, 0x41, 0x47, 0x45, 0x5f, 0x4d, 0x41, 0x4e, 0x41, 0x47, 0x45, 0x52, + 0x10, 0x14, 0x3a, 0x4a, 0x0a, 0x10, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x5f, 0x73, 0x69, 0x67, + 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x12, 0x1e, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x4f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9b, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x6d, + 0x65, 0x74, 0x68, 0x6f, 0x64, 0x53, 0x69, 0x67, 0x6e, 0x61, 0x74, 0x75, 0x72, 0x65, 0x3a, 0x43, + 0x0a, 0x0c, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x1f, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, + 0x99, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x48, + 0x6f, 0x73, 0x74, 0x3a, 0x43, 0x0a, 0x0c, 0x6f, 0x61, 0x75, 0x74, 0x68, 0x5f, 0x73, 0x63, 0x6f, + 0x70, 0x65, 0x73, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4f, 0x70, 0x74, + 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9a, 0x08, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x6f, 0x61, 0x75, + 0x74, 0x68, 0x53, 0x63, 0x6f, 0x70, 0x65, 0x73, 0x3a, 0x44, 0x0a, 0x0b, 0x61, 0x70, 0x69, 0x5f, + 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, + 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0xc1, 0xba, 0xab, 0xfa, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0a, 0x61, 0x70, 0x69, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x42, 0x69, + 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x42, 0x0b, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, + 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, + 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -1587,10 +1654,11 @@ var file_google_api_client_proto_depIdxs = []int32{ 20, // 28: google.api.method_signature:extendee -> google.protobuf.MethodOptions 21, // 29: google.api.default_host:extendee -> google.protobuf.ServiceOptions 21, // 30: google.api.oauth_scopes:extendee -> google.protobuf.ServiceOptions - 31, // [31:31] is the sub-list for method output_type - 31, // [31:31] is the sub-list for method input_type - 31, // [31:31] is the sub-list for extension type_name - 28, // [28:31] is the sub-list for extension extendee + 21, // 31: google.api.api_version:extendee -> google.protobuf.ServiceOptions + 32, // [32:32] is the sub-list for method output_type + 32, // [32:32] is the sub-list for method input_type + 32, // [32:32] is the sub-list for extension type_name + 28, // [28:32] is the sub-list for extension extendee 0, // [0:28] is the sub-list for field type_name } @@ -1764,7 +1832,7 @@ func file_google_api_client_proto_init() { RawDescriptor: file_google_api_client_proto_rawDesc, NumEnums: 2, NumMessages: 16, - NumExtensions: 3, + NumExtensions: 4, NumServices: 0, }, GoTypes: file_google_api_client_proto_goTypes, diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go index 6ce01ac9a..08505ba3f 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_behavior.pb.go @@ -1,4 +1,4 @@ -// Copyright 2023 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.12 +// protoc v4.24.4 // source: google/api/field_behavior.proto package annotations @@ -195,21 +195,21 @@ var file_google_api_field_behavior_proto_rawDesc = []byte{ 0x0e, 0x55, 0x4e, 0x4f, 0x52, 0x44, 0x45, 0x52, 0x45, 0x44, 0x5f, 0x4c, 0x49, 0x53, 0x54, 0x10, 0x06, 0x12, 0x15, 0x0a, 0x11, 0x4e, 0x4f, 0x4e, 0x5f, 0x45, 0x4d, 0x50, 0x54, 0x59, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x07, 0x12, 0x0e, 0x0a, 0x0a, 0x49, 0x44, 0x45, 0x4e, - 0x54, 0x49, 0x46, 0x49, 0x45, 0x52, 0x10, 0x08, 0x3a, 0x60, 0x0a, 0x0e, 0x66, 0x69, 0x65, 0x6c, + 0x54, 0x49, 0x46, 0x49, 0x45, 0x52, 0x10, 0x08, 0x3a, 0x64, 0x0a, 0x0e, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x12, 0x1d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x9c, 0x08, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x2e, 0x46, 0x69, - 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x52, 0x0d, 0x66, 0x69, 0x65, - 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x42, 0x70, 0x0a, 0x0e, 0x63, 0x6f, - 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, 0x42, 0x12, 0x46, 0x69, - 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, - 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, - 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x42, 0x02, 0x10, 0x00, 0x52, + 0x0d, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x42, 0x70, + 0x0a, 0x0e, 0x63, 0x6f, 0x6d, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x61, 0x70, 0x69, + 0x42, 0x12, 0x46, 0x69, 0x65, 0x6c, 0x64, 0x42, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x41, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, + 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x65, 0x6e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x2f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x61, 0x70, 0x69, 0x73, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x3b, 0x61, 0x6e, + 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0xa2, 0x02, 0x04, 0x47, 0x41, 0x50, 0x49, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go index d02e6bbc8..d339dfb02 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/field_info.pb.go @@ -1,4 +1,4 @@ -// Copyright 2023 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.12 +// protoc v4.24.4 // source: google/api/field_info.proto package annotations @@ -56,9 +56,9 @@ const ( FieldInfo_IPV4 FieldInfo_Format = 2 // Internet Protocol v6 value as defined by [RFC // 2460](https://datatracker.ietf.org/doc/html/rfc2460). The value may be - // normalized to entirely lowercase letters, and zero-padded partial and - // empty octets. For example, the value `2001:DB8::` would be normalized to - // `2001:0db8:0:0`. + // normalized to entirely lowercase letters with zeros compressed, following + // [RFC 5952](https://datatracker.ietf.org/doc/html/rfc5952). For example, + // the value `2001:0DB8:0::0` would be normalized to `2001:db8::`. FieldInfo_IPV6 FieldInfo_Format = 3 // An IP address in either v4 or v6 format as described by the individual // values defined herein. See the comments on the IPV4 and IPV6 types for diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go index 8a0e1c345..76ea76df3 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/http.pb.go @@ -1,4 +1,4 @@ -// Copyright 2023 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.9 +// protoc v4.24.4 // source: google/api/http.proto package annotations diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go index bbcc12d29..7a3fd93fc 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/resource.pb.go @@ -1,4 +1,4 @@ -// Copyright 2023 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.9 +// protoc v4.24.4 // source: google/api/resource.proto package annotations diff --git a/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go b/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go index 9a9ae04c2..1d8397b02 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/annotations/routing.pb.go @@ -1,4 +1,4 @@ -// Copyright 2023 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.9 +// protoc v4.24.4 // source: google/api/routing.proto package annotations diff --git a/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go index 454948669..498020e33 100644 --- a/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/api/launch_stage.pb.go @@ -1,4 +1,4 @@ -// Copyright 2023 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.9 +// protoc v4.24.4 // source: google/api/launch_stage.proto package api diff --git a/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go b/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go deleted file mode 100644 index 1d3f1b5b7..000000000 --- a/vendor/google.golang.org/genproto/googleapis/api/tidyfix.go +++ /dev/null @@ -1,23 +0,0 @@ -// Copyright 2023 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// This file, and the {{.RootMod}} import, won't actually become part of -// the resultant binary. -//go:build modhack -// +build modhack - -package api - -// Necessary for safely adding multi-module repo. See: https://github.com/golang/go/wiki/Modules#is-it-possible-to-add-a-module-to-a-multi-module-repository -import _ "google.golang.org/genproto/internal" diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go index cc5d52fbc..bd46edbe7 100644 --- a/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/rpc/code/code.pb.go @@ -1,4 +1,4 @@ -// Copyright 2022 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.9 +// protoc v4.24.4 // source: google/rpc/code.proto package code diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go index 7bd161e48..3e5621827 100644 --- a/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/rpc/errdetails/error_details.pb.go @@ -1,4 +1,4 @@ -// Copyright 2022 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.9 +// protoc v4.24.4 // source: google/rpc/error_details.proto package errdetails diff --git a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go index a6b508188..6ad1b1c1d 100644 --- a/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go +++ b/vendor/google.golang.org/genproto/googleapis/rpc/status/status.pb.go @@ -1,4 +1,4 @@ -// Copyright 2022 Google LLC +// Copyright 2024 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -15,7 +15,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: // protoc-gen-go v1.26.0 -// protoc v3.21.9 +// protoc v4.24.4 // source: google/rpc/status.proto package status diff --git a/vendor/google.golang.org/genproto/internal/doc.go b/vendor/google.golang.org/genproto/internal/doc.go deleted file mode 100644 index 90e89b4aa..000000000 --- a/vendor/google.golang.org/genproto/internal/doc.go +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2023 Google LLC -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -// This file makes internal an importable go package -// for use with backreferences from submodules. -package internal diff --git a/vendor/google.golang.org/grpc/CONTRIBUTING.md b/vendor/google.golang.org/grpc/CONTRIBUTING.md index 608aa6e1a..0854d298e 100644 --- a/vendor/google.golang.org/grpc/CONTRIBUTING.md +++ b/vendor/google.golang.org/grpc/CONTRIBUTING.md @@ -66,7 +66,7 @@ How to get your contributions merged smoothly and quickly. - **All tests need to be passing** before your change can be merged. We recommend you **run tests locally** before creating your PR to catch breakages early on. - - `VET_SKIP_PROTO=1 ./vet.sh` to catch vet errors + - `./scripts/vet.sh` to catch vet errors - `go test -cpu 1,4 -timeout 7m ./...` to run the tests - `go test -race -cpu 1,4 -timeout 7m ./...` to run tests in race mode diff --git a/vendor/google.golang.org/grpc/MAINTAINERS.md b/vendor/google.golang.org/grpc/MAINTAINERS.md index c6672c0a3..6a8a07781 100644 --- a/vendor/google.golang.org/grpc/MAINTAINERS.md +++ b/vendor/google.golang.org/grpc/MAINTAINERS.md @@ -9,6 +9,7 @@ for general contribution guidelines. ## Maintainers (in alphabetical order) +- [atollena](https://github.com/atollena), Datadog, Inc. - [cesarghali](https://github.com/cesarghali), Google LLC - [dfawley](https://github.com/dfawley), Google LLC - [easwars](https://github.com/easwars), Google LLC diff --git a/vendor/google.golang.org/grpc/Makefile b/vendor/google.golang.org/grpc/Makefile index 1f8960922..be38384ff 100644 --- a/vendor/google.golang.org/grpc/Makefile +++ b/vendor/google.golang.org/grpc/Makefile @@ -30,17 +30,20 @@ testdeps: GO111MODULE=on go get -d -v -t google.golang.org/grpc/... vet: vetdeps - ./vet.sh + ./scripts/vet.sh vetdeps: - ./vet.sh -install + ./scripts/vet.sh -install .PHONY: \ all \ build \ clean \ + deps \ proto \ test \ + testsubmodule \ testrace \ + testdeps \ vet \ vetdeps diff --git a/vendor/google.golang.org/grpc/balancer/balancer.go b/vendor/google.golang.org/grpc/balancer/balancer.go index d79560a2e..f391744f7 100644 --- a/vendor/google.golang.org/grpc/balancer/balancer.go +++ b/vendor/google.golang.org/grpc/balancer/balancer.go @@ -54,13 +54,14 @@ var ( // an init() function), and is not thread-safe. If multiple Balancers are // registered with the same name, the one registered last will take effect. func Register(b Builder) { - if strings.ToLower(b.Name()) != b.Name() { + name := strings.ToLower(b.Name()) + if name != b.Name() { // TODO: Skip the use of strings.ToLower() to index the map after v1.59 // is released to switch to case sensitive balancer registry. Also, // remove this warning and update the docstrings for Register and Get. logger.Warningf("Balancer registered with name %q. grpc-go will be switching to case sensitive balancer registries soon", b.Name()) } - m[strings.ToLower(b.Name())] = b + m[name] = b } // unregisterForTesting deletes the balancer with the given name from the @@ -232,8 +233,8 @@ type BuildOptions struct { // implementations which do not communicate with a remote load balancer // server can ignore this field. Authority string - // ChannelzParentID is the parent ClientConn's channelz ID. - ChannelzParentID *channelz.Identifier + // ChannelzParent is the parent ClientConn's channelz channel. + ChannelzParent channelz.Identifier // CustomUserAgent is the custom user agent set on the parent ClientConn. // The balancer should set the same custom user agent if it creates a // ClientConn. diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go index f35453028..bdf93dbfe 100644 --- a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go +++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer.pb.go @@ -19,8 +19,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 -// protoc v4.22.0 +// protoc-gen-go v1.33.0 +// protoc v4.25.2 // source: grpc/lb/v1/load_balancer.proto package grpc_lb_v1 diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go index 00d0954b3..c57857ac0 100644 --- a/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go +++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpc_lb_v1/load_balancer_grpc.pb.go @@ -20,7 +20,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v4.22.0 +// - protoc v4.25.2 // source: grpc/lb/v1/load_balancer.proto package grpc_lb_v1 @@ -34,8 +34,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.62.0 or later. +const _ = grpc.SupportPackageIsVersion8 const ( LoadBalancer_BalanceLoad_FullMethodName = "/grpc.lb.v1.LoadBalancer/BalanceLoad" @@ -58,11 +58,12 @@ func NewLoadBalancerClient(cc grpc.ClientConnInterface) LoadBalancerClient { } func (c *loadBalancerClient) BalanceLoad(ctx context.Context, opts ...grpc.CallOption) (LoadBalancer_BalanceLoadClient, error) { - stream, err := c.cc.NewStream(ctx, &LoadBalancer_ServiceDesc.Streams[0], LoadBalancer_BalanceLoad_FullMethodName, opts...) + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &LoadBalancer_ServiceDesc.Streams[0], LoadBalancer_BalanceLoad_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &loadBalancerBalanceLoadClient{stream} + x := &loadBalancerBalanceLoadClient{ClientStream: stream} return x, nil } @@ -116,7 +117,7 @@ func RegisterLoadBalancerServer(s grpc.ServiceRegistrar, srv LoadBalancerServer) } func _LoadBalancer_BalanceLoad_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(LoadBalancerServer).BalanceLoad(&loadBalancerBalanceLoadServer{stream}) + return srv.(LoadBalancerServer).BalanceLoad(&loadBalancerBalanceLoadServer{ServerStream: stream}) } type LoadBalancer_BalanceLoadServer interface { diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb.go index 86ba65be4..47a3e938d 100644 --- a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb.go +++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb.go @@ -44,8 +44,8 @@ import ( "google.golang.org/grpc/internal/resolver/dns" "google.golang.org/grpc/resolver" "google.golang.org/grpc/resolver/manual" + "google.golang.org/protobuf/types/known/durationpb" - durationpb "github.com/golang/protobuf/ptypes/duration" lbpb "google.golang.org/grpc/balancer/grpclb/grpc_lb_v1" ) diff --git a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go index c8fe1edd8..506fae0d4 100644 --- a/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go +++ b/vendor/google.golang.org/grpc/balancer/grpclb/grpclb_remote_balancer.go @@ -26,7 +26,6 @@ import ( "sync" "time" - "github.com/golang/protobuf/proto" "google.golang.org/grpc" "google.golang.org/grpc/balancer" "google.golang.org/grpc/connectivity" @@ -36,8 +35,9 @@ import ( "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" "google.golang.org/grpc/resolver" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/timestamppb" - timestamppb "github.com/golang/protobuf/ptypes/timestamp" lbpb "google.golang.org/grpc/balancer/grpclb/grpc_lb_v1" ) @@ -246,7 +246,7 @@ func (lb *lbBalancer) newRemoteBalancerCCWrapper() error { // Explicitly set pickfirst as the balancer. dopts = append(dopts, grpc.WithDefaultServiceConfig(`{"loadBalancingPolicy":"pick_first"}`)) dopts = append(dopts, grpc.WithResolvers(lb.manualResolver)) - dopts = append(dopts, grpc.WithChannelzParentID(lb.opt.ChannelzParentID)) + dopts = append(dopts, grpc.WithChannelzParentID(lb.opt.ChannelzParent)) // Enable Keepalive for grpclb client. dopts = append(dopts, grpc.WithKeepaliveParams(keepalive.ClientParameters{ diff --git a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go b/vendor/google.golang.org/grpc/balancer_conn_wrappers.go deleted file mode 100644 index a4411c22b..000000000 --- a/vendor/google.golang.org/grpc/balancer_conn_wrappers.go +++ /dev/null @@ -1,454 +0,0 @@ -/* - * - * Copyright 2017 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package grpc - -import ( - "context" - "fmt" - "strings" - "sync" - - "google.golang.org/grpc/balancer" - "google.golang.org/grpc/connectivity" - "google.golang.org/grpc/internal/balancer/gracefulswitch" - "google.golang.org/grpc/internal/channelz" - "google.golang.org/grpc/internal/grpcsync" - "google.golang.org/grpc/resolver" -) - -type ccbMode int - -const ( - ccbModeActive = iota - ccbModeIdle - ccbModeClosed - ccbModeExitingIdle -) - -// ccBalancerWrapper sits between the ClientConn and the Balancer. -// -// ccBalancerWrapper implements methods corresponding to the ones on the -// balancer.Balancer interface. The ClientConn is free to call these methods -// concurrently and the ccBalancerWrapper ensures that calls from the ClientConn -// to the Balancer happen synchronously and in order. -// -// ccBalancerWrapper also implements the balancer.ClientConn interface and is -// passed to the Balancer implementations. It invokes unexported methods on the -// ClientConn to handle these calls from the Balancer. -// -// It uses the gracefulswitch.Balancer internally to ensure that balancer -// switches happen in a graceful manner. -type ccBalancerWrapper struct { - // The following fields are initialized when the wrapper is created and are - // read-only afterwards, and therefore can be accessed without a mutex. - cc *ClientConn - opts balancer.BuildOptions - - // Outgoing (gRPC --> balancer) calls are guaranteed to execute in a - // mutually exclusive manner as they are scheduled in the serializer. Fields - // accessed *only* in these serializer callbacks, can therefore be accessed - // without a mutex. - balancer *gracefulswitch.Balancer - curBalancerName string - - // mu guards access to the below fields. Access to the serializer and its - // cancel function needs to be mutex protected because they are overwritten - // when the wrapper exits idle mode. - mu sync.Mutex - serializer *grpcsync.CallbackSerializer // To serialize all outoing calls. - serializerCancel context.CancelFunc // To close the seralizer at close/enterIdle time. - mode ccbMode // Tracks the current mode of the wrapper. -} - -// newCCBalancerWrapper creates a new balancer wrapper. The underlying balancer -// is not created until the switchTo() method is invoked. -func newCCBalancerWrapper(cc *ClientConn, bopts balancer.BuildOptions) *ccBalancerWrapper { - ctx, cancel := context.WithCancel(context.Background()) - ccb := &ccBalancerWrapper{ - cc: cc, - opts: bopts, - serializer: grpcsync.NewCallbackSerializer(ctx), - serializerCancel: cancel, - } - ccb.balancer = gracefulswitch.NewBalancer(ccb, bopts) - return ccb -} - -// updateClientConnState is invoked by grpc to push a ClientConnState update to -// the underlying balancer. -func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnState) error { - ccb.mu.Lock() - errCh := make(chan error, 1) - // Here and everywhere else where Schedule() is called, it is done with the - // lock held. But the lock guards only the scheduling part. The actual - // callback is called asynchronously without the lock being held. - ok := ccb.serializer.Schedule(func(_ context.Context) { - errCh <- ccb.balancer.UpdateClientConnState(*ccs) - }) - if !ok { - // If we are unable to schedule a function with the serializer, it - // indicates that it has been closed. A serializer is only closed when - // the wrapper is closed or is in idle. - ccb.mu.Unlock() - return fmt.Errorf("grpc: cannot send state update to a closed or idle balancer") - } - ccb.mu.Unlock() - - // We get here only if the above call to Schedule succeeds, in which case it - // is guaranteed that the scheduled function will run. Therefore it is safe - // to block on this channel. - err := <-errCh - if logger.V(2) && err != nil { - logger.Infof("error from balancer.UpdateClientConnState: %v", err) - } - return err -} - -// updateSubConnState is invoked by grpc to push a subConn state update to the -// underlying balancer. -func (ccb *ccBalancerWrapper) updateSubConnState(sc balancer.SubConn, s connectivity.State, err error) { - ccb.mu.Lock() - ccb.serializer.Schedule(func(_ context.Context) { - // Even though it is optional for balancers, gracefulswitch ensures - // opts.StateListener is set, so this cannot ever be nil. - sc.(*acBalancerWrapper).stateListener(balancer.SubConnState{ConnectivityState: s, ConnectionError: err}) - }) - ccb.mu.Unlock() -} - -func (ccb *ccBalancerWrapper) resolverError(err error) { - ccb.mu.Lock() - ccb.serializer.Schedule(func(_ context.Context) { - ccb.balancer.ResolverError(err) - }) - ccb.mu.Unlock() -} - -// switchTo is invoked by grpc to instruct the balancer wrapper to switch to the -// LB policy identified by name. -// -// ClientConn calls newCCBalancerWrapper() at creation time. Upon receipt of the -// first good update from the name resolver, it determines the LB policy to use -// and invokes the switchTo() method. Upon receipt of every subsequent update -// from the name resolver, it invokes this method. -// -// the ccBalancerWrapper keeps track of the current LB policy name, and skips -// the graceful balancer switching process if the name does not change. -func (ccb *ccBalancerWrapper) switchTo(name string) { - ccb.mu.Lock() - ccb.serializer.Schedule(func(_ context.Context) { - // TODO: Other languages use case-sensitive balancer registries. We should - // switch as well. See: https://github.com/grpc/grpc-go/issues/5288. - if strings.EqualFold(ccb.curBalancerName, name) { - return - } - ccb.buildLoadBalancingPolicy(name) - }) - ccb.mu.Unlock() -} - -// buildLoadBalancingPolicy performs the following: -// - retrieve a balancer builder for the given name. Use the default LB -// policy, pick_first, if no LB policy with name is found in the registry. -// - instruct the gracefulswitch balancer to switch to the above builder. This -// will actually build the new balancer. -// - update the `curBalancerName` field -// -// Must be called from a serializer callback. -func (ccb *ccBalancerWrapper) buildLoadBalancingPolicy(name string) { - builder := balancer.Get(name) - if builder == nil { - channelz.Warningf(logger, ccb.cc.channelzID, "Channel switches to new LB policy %q, since the specified LB policy %q was not registered", PickFirstBalancerName, name) - builder = newPickfirstBuilder() - } else { - channelz.Infof(logger, ccb.cc.channelzID, "Channel switches to new LB policy %q", name) - } - - if err := ccb.balancer.SwitchTo(builder); err != nil { - channelz.Errorf(logger, ccb.cc.channelzID, "Channel failed to build new LB policy %q: %v", name, err) - return - } - ccb.curBalancerName = builder.Name() -} - -func (ccb *ccBalancerWrapper) close() { - channelz.Info(logger, ccb.cc.channelzID, "ccBalancerWrapper: closing") - ccb.closeBalancer(ccbModeClosed) -} - -// enterIdleMode is invoked by grpc when the channel enters idle mode upon -// expiry of idle_timeout. This call blocks until the balancer is closed. -func (ccb *ccBalancerWrapper) enterIdleMode() { - channelz.Info(logger, ccb.cc.channelzID, "ccBalancerWrapper: entering idle mode") - ccb.closeBalancer(ccbModeIdle) -} - -// closeBalancer is invoked when the channel is being closed or when it enters -// idle mode upon expiry of idle_timeout. -func (ccb *ccBalancerWrapper) closeBalancer(m ccbMode) { - ccb.mu.Lock() - if ccb.mode == ccbModeClosed || ccb.mode == ccbModeIdle { - ccb.mu.Unlock() - return - } - - ccb.mode = m - done := ccb.serializer.Done() - b := ccb.balancer - ok := ccb.serializer.Schedule(func(_ context.Context) { - // Close the serializer to ensure that no more calls from gRPC are sent - // to the balancer. - ccb.serializerCancel() - // Empty the current balancer name because we don't have a balancer - // anymore and also so that we act on the next call to switchTo by - // creating a new balancer specified by the new resolver. - ccb.curBalancerName = "" - }) - if !ok { - ccb.mu.Unlock() - return - } - ccb.mu.Unlock() - - // Give enqueued callbacks a chance to finish before closing the balancer. - <-done - b.Close() -} - -// exitIdleMode is invoked by grpc when the channel exits idle mode either -// because of an RPC or because of an invocation of the Connect() API. This -// recreates the balancer that was closed previously when entering idle mode. -// -// If the channel is not in idle mode, we know for a fact that we are here as a -// result of the user calling the Connect() method on the ClientConn. In this -// case, we can simply forward the call to the underlying balancer, instructing -// it to reconnect to the backends. -func (ccb *ccBalancerWrapper) exitIdleMode() { - ccb.mu.Lock() - if ccb.mode == ccbModeClosed { - // Request to exit idle is a no-op when wrapper is already closed. - ccb.mu.Unlock() - return - } - - if ccb.mode == ccbModeIdle { - // Recreate the serializer which was closed when we entered idle. - ctx, cancel := context.WithCancel(context.Background()) - ccb.serializer = grpcsync.NewCallbackSerializer(ctx) - ccb.serializerCancel = cancel - } - - // The ClientConn guarantees that mutual exclusion between close() and - // exitIdleMode(), and since we just created a new serializer, we can be - // sure that the below function will be scheduled. - done := make(chan struct{}) - ccb.serializer.Schedule(func(_ context.Context) { - defer close(done) - - ccb.mu.Lock() - defer ccb.mu.Unlock() - - if ccb.mode != ccbModeIdle { - ccb.balancer.ExitIdle() - return - } - - // Gracefulswitch balancer does not support a switchTo operation after - // being closed. Hence we need to create a new one here. - ccb.balancer = gracefulswitch.NewBalancer(ccb, ccb.opts) - ccb.mode = ccbModeActive - channelz.Info(logger, ccb.cc.channelzID, "ccBalancerWrapper: exiting idle mode") - - }) - ccb.mu.Unlock() - - <-done -} - -func (ccb *ccBalancerWrapper) isIdleOrClosed() bool { - ccb.mu.Lock() - defer ccb.mu.Unlock() - return ccb.mode == ccbModeIdle || ccb.mode == ccbModeClosed -} - -func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer.NewSubConnOptions) (balancer.SubConn, error) { - if ccb.isIdleOrClosed() { - return nil, fmt.Errorf("grpc: cannot create SubConn when balancer is closed or idle") - } - - if len(addrs) == 0 { - return nil, fmt.Errorf("grpc: cannot create SubConn with empty address list") - } - ac, err := ccb.cc.newAddrConn(addrs, opts) - if err != nil { - channelz.Warningf(logger, ccb.cc.channelzID, "acBalancerWrapper: NewSubConn: failed to newAddrConn: %v", err) - return nil, err - } - acbw := &acBalancerWrapper{ - ccb: ccb, - ac: ac, - producers: make(map[balancer.ProducerBuilder]*refCountedProducer), - stateListener: opts.StateListener, - } - ac.acbw = acbw - return acbw, nil -} - -func (ccb *ccBalancerWrapper) RemoveSubConn(sc balancer.SubConn) { - // The graceful switch balancer will never call this. - logger.Errorf("ccb RemoveSubConn(%v) called unexpectedly, sc") -} - -func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) { - if ccb.isIdleOrClosed() { - return - } - - acbw, ok := sc.(*acBalancerWrapper) - if !ok { - return - } - acbw.UpdateAddresses(addrs) -} - -func (ccb *ccBalancerWrapper) UpdateState(s balancer.State) { - if ccb.isIdleOrClosed() { - return - } - - // Update picker before updating state. Even though the ordering here does - // not matter, it can lead to multiple calls of Pick in the common start-up - // case where we wait for ready and then perform an RPC. If the picker is - // updated later, we could call the "connecting" picker when the state is - // updated, and then call the "ready" picker after the picker gets updated. - ccb.cc.blockingpicker.updatePicker(s.Picker) - ccb.cc.csMgr.updateState(s.ConnectivityState) -} - -func (ccb *ccBalancerWrapper) ResolveNow(o resolver.ResolveNowOptions) { - if ccb.isIdleOrClosed() { - return - } - - ccb.cc.resolveNow(o) -} - -func (ccb *ccBalancerWrapper) Target() string { - return ccb.cc.target -} - -// acBalancerWrapper is a wrapper on top of ac for balancers. -// It implements balancer.SubConn interface. -type acBalancerWrapper struct { - ac *addrConn // read-only - ccb *ccBalancerWrapper // read-only - stateListener func(balancer.SubConnState) - - mu sync.Mutex - producers map[balancer.ProducerBuilder]*refCountedProducer -} - -func (acbw *acBalancerWrapper) String() string { - return fmt.Sprintf("SubConn(id:%d)", acbw.ac.channelzID.Int()) -} - -func (acbw *acBalancerWrapper) UpdateAddresses(addrs []resolver.Address) { - acbw.ac.updateAddrs(addrs) -} - -func (acbw *acBalancerWrapper) Connect() { - go acbw.ac.connect() -} - -func (acbw *acBalancerWrapper) Shutdown() { - ccb := acbw.ccb - if ccb.isIdleOrClosed() { - // It it safe to ignore this call when the balancer is closed or in idle - // because the ClientConn takes care of closing the connections. - // - // Not returning early from here when the balancer is closed or in idle - // leads to a deadlock though, because of the following sequence of - // calls when holding cc.mu: - // cc.exitIdleMode --> ccb.enterIdleMode --> gsw.Close --> - // ccb.RemoveAddrConn --> cc.removeAddrConn - return - } - - ccb.cc.removeAddrConn(acbw.ac, errConnDrain) -} - -// NewStream begins a streaming RPC on the addrConn. If the addrConn is not -// ready, blocks until it is or ctx expires. Returns an error when the context -// expires or the addrConn is shut down. -func (acbw *acBalancerWrapper) NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error) { - transport, err := acbw.ac.getTransport(ctx) - if err != nil { - return nil, err - } - return newNonRetryClientStream(ctx, desc, method, transport, acbw.ac, opts...) -} - -// Invoke performs a unary RPC. If the addrConn is not ready, returns -// errSubConnNotReady. -func (acbw *acBalancerWrapper) Invoke(ctx context.Context, method string, args any, reply any, opts ...CallOption) error { - cs, err := acbw.NewStream(ctx, unaryStreamDesc, method, opts...) - if err != nil { - return err - } - if err := cs.SendMsg(args); err != nil { - return err - } - return cs.RecvMsg(reply) -} - -type refCountedProducer struct { - producer balancer.Producer - refs int // number of current refs to the producer - close func() // underlying producer's close function -} - -func (acbw *acBalancerWrapper) GetOrBuildProducer(pb balancer.ProducerBuilder) (balancer.Producer, func()) { - acbw.mu.Lock() - defer acbw.mu.Unlock() - - // Look up existing producer from this builder. - pData := acbw.producers[pb] - if pData == nil { - // Not found; create a new one and add it to the producers map. - p, close := pb.Build(acbw) - pData = &refCountedProducer{producer: p, close: close} - acbw.producers[pb] = pData - } - // Account for this new reference. - pData.refs++ - - // Return a cleanup function wrapped in a OnceFunc to remove this reference - // and delete the refCountedProducer from the map if the total reference - // count goes to zero. - unref := func() { - acbw.mu.Lock() - pData.refs-- - if pData.refs == 0 { - defer pData.close() // Run outside the acbw mutex - delete(acbw.producers, pb) - } - acbw.mu.Unlock() - } - return pData.producer, grpcsync.OnceFunc(unref) -} diff --git a/vendor/google.golang.org/grpc/balancer_wrapper.go b/vendor/google.golang.org/grpc/balancer_wrapper.go new file mode 100644 index 000000000..af39b8a4c --- /dev/null +++ b/vendor/google.golang.org/grpc/balancer_wrapper.go @@ -0,0 +1,337 @@ +/* + * + * Copyright 2017 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package grpc + +import ( + "context" + "fmt" + "sync" + + "google.golang.org/grpc/balancer" + "google.golang.org/grpc/connectivity" + "google.golang.org/grpc/internal/balancer/gracefulswitch" + "google.golang.org/grpc/internal/channelz" + "google.golang.org/grpc/internal/grpcsync" + "google.golang.org/grpc/resolver" +) + +// ccBalancerWrapper sits between the ClientConn and the Balancer. +// +// ccBalancerWrapper implements methods corresponding to the ones on the +// balancer.Balancer interface. The ClientConn is free to call these methods +// concurrently and the ccBalancerWrapper ensures that calls from the ClientConn +// to the Balancer happen in order by performing them in the serializer, without +// any mutexes held. +// +// ccBalancerWrapper also implements the balancer.ClientConn interface and is +// passed to the Balancer implementations. It invokes unexported methods on the +// ClientConn to handle these calls from the Balancer. +// +// It uses the gracefulswitch.Balancer internally to ensure that balancer +// switches happen in a graceful manner. +type ccBalancerWrapper struct { + // The following fields are initialized when the wrapper is created and are + // read-only afterwards, and therefore can be accessed without a mutex. + cc *ClientConn + opts balancer.BuildOptions + serializer *grpcsync.CallbackSerializer + serializerCancel context.CancelFunc + + // The following fields are only accessed within the serializer or during + // initialization. + curBalancerName string + balancer *gracefulswitch.Balancer + + // The following field is protected by mu. Caller must take cc.mu before + // taking mu. + mu sync.Mutex + closed bool +} + +// newCCBalancerWrapper creates a new balancer wrapper in idle state. The +// underlying balancer is not created until the updateClientConnState() method +// is invoked. +func newCCBalancerWrapper(cc *ClientConn) *ccBalancerWrapper { + ctx, cancel := context.WithCancel(cc.ctx) + ccb := &ccBalancerWrapper{ + cc: cc, + opts: balancer.BuildOptions{ + DialCreds: cc.dopts.copts.TransportCredentials, + CredsBundle: cc.dopts.copts.CredsBundle, + Dialer: cc.dopts.copts.Dialer, + Authority: cc.authority, + CustomUserAgent: cc.dopts.copts.UserAgent, + ChannelzParent: cc.channelz, + Target: cc.parsedTarget, + }, + serializer: grpcsync.NewCallbackSerializer(ctx), + serializerCancel: cancel, + } + ccb.balancer = gracefulswitch.NewBalancer(ccb, ccb.opts) + return ccb +} + +// updateClientConnState is invoked by grpc to push a ClientConnState update to +// the underlying balancer. This is always executed from the serializer, so +// it is safe to call into the balancer here. +func (ccb *ccBalancerWrapper) updateClientConnState(ccs *balancer.ClientConnState) error { + errCh := make(chan error) + ok := ccb.serializer.Schedule(func(ctx context.Context) { + defer close(errCh) + if ctx.Err() != nil || ccb.balancer == nil { + return + } + name := gracefulswitch.ChildName(ccs.BalancerConfig) + if ccb.curBalancerName != name { + ccb.curBalancerName = name + channelz.Infof(logger, ccb.cc.channelz, "Channel switches to new LB policy %q", name) + } + err := ccb.balancer.UpdateClientConnState(*ccs) + if logger.V(2) && err != nil { + logger.Infof("error from balancer.UpdateClientConnState: %v", err) + } + errCh <- err + }) + if !ok { + return nil + } + return <-errCh +} + +// resolverError is invoked by grpc to push a resolver error to the underlying +// balancer. The call to the balancer is executed from the serializer. +func (ccb *ccBalancerWrapper) resolverError(err error) { + ccb.serializer.Schedule(func(ctx context.Context) { + if ctx.Err() != nil || ccb.balancer == nil { + return + } + ccb.balancer.ResolverError(err) + }) +} + +// close initiates async shutdown of the wrapper. cc.mu must be held when +// calling this function. To determine the wrapper has finished shutting down, +// the channel should block on ccb.serializer.Done() without cc.mu held. +func (ccb *ccBalancerWrapper) close() { + ccb.mu.Lock() + ccb.closed = true + ccb.mu.Unlock() + channelz.Info(logger, ccb.cc.channelz, "ccBalancerWrapper: closing") + ccb.serializer.Schedule(func(context.Context) { + if ccb.balancer == nil { + return + } + ccb.balancer.Close() + ccb.balancer = nil + }) + ccb.serializerCancel() +} + +// exitIdle invokes the balancer's exitIdle method in the serializer. +func (ccb *ccBalancerWrapper) exitIdle() { + ccb.serializer.Schedule(func(ctx context.Context) { + if ctx.Err() != nil || ccb.balancer == nil { + return + } + ccb.balancer.ExitIdle() + }) +} + +func (ccb *ccBalancerWrapper) NewSubConn(addrs []resolver.Address, opts balancer.NewSubConnOptions) (balancer.SubConn, error) { + ccb.cc.mu.Lock() + defer ccb.cc.mu.Unlock() + + ccb.mu.Lock() + if ccb.closed { + ccb.mu.Unlock() + return nil, fmt.Errorf("balancer is being closed; no new SubConns allowed") + } + ccb.mu.Unlock() + + if len(addrs) == 0 { + return nil, fmt.Errorf("grpc: cannot create SubConn with empty address list") + } + ac, err := ccb.cc.newAddrConnLocked(addrs, opts) + if err != nil { + channelz.Warningf(logger, ccb.cc.channelz, "acBalancerWrapper: NewSubConn: failed to newAddrConn: %v", err) + return nil, err + } + acbw := &acBalancerWrapper{ + ccb: ccb, + ac: ac, + producers: make(map[balancer.ProducerBuilder]*refCountedProducer), + stateListener: opts.StateListener, + } + ac.acbw = acbw + return acbw, nil +} + +func (ccb *ccBalancerWrapper) RemoveSubConn(sc balancer.SubConn) { + // The graceful switch balancer will never call this. + logger.Errorf("ccb RemoveSubConn(%v) called unexpectedly, sc") +} + +func (ccb *ccBalancerWrapper) UpdateAddresses(sc balancer.SubConn, addrs []resolver.Address) { + acbw, ok := sc.(*acBalancerWrapper) + if !ok { + return + } + acbw.UpdateAddresses(addrs) +} + +func (ccb *ccBalancerWrapper) UpdateState(s balancer.State) { + ccb.cc.mu.Lock() + defer ccb.cc.mu.Unlock() + + ccb.mu.Lock() + if ccb.closed { + ccb.mu.Unlock() + return + } + ccb.mu.Unlock() + // Update picker before updating state. Even though the ordering here does + // not matter, it can lead to multiple calls of Pick in the common start-up + // case where we wait for ready and then perform an RPC. If the picker is + // updated later, we could call the "connecting" picker when the state is + // updated, and then call the "ready" picker after the picker gets updated. + + // Note that there is no need to check if the balancer wrapper was closed, + // as we know the graceful switch LB policy will not call cc if it has been + // closed. + ccb.cc.pickerWrapper.updatePicker(s.Picker) + ccb.cc.csMgr.updateState(s.ConnectivityState) +} + +func (ccb *ccBalancerWrapper) ResolveNow(o resolver.ResolveNowOptions) { + ccb.cc.mu.RLock() + defer ccb.cc.mu.RUnlock() + + ccb.mu.Lock() + if ccb.closed { + ccb.mu.Unlock() + return + } + ccb.mu.Unlock() + ccb.cc.resolveNowLocked(o) +} + +func (ccb *ccBalancerWrapper) Target() string { + return ccb.cc.target +} + +// acBalancerWrapper is a wrapper on top of ac for balancers. +// It implements balancer.SubConn interface. +type acBalancerWrapper struct { + ac *addrConn // read-only + ccb *ccBalancerWrapper // read-only + stateListener func(balancer.SubConnState) + + mu sync.Mutex + producers map[balancer.ProducerBuilder]*refCountedProducer +} + +// updateState is invoked by grpc to push a subConn state update to the +// underlying balancer. +func (acbw *acBalancerWrapper) updateState(s connectivity.State, err error) { + acbw.ccb.serializer.Schedule(func(ctx context.Context) { + if ctx.Err() != nil || acbw.ccb.balancer == nil { + return + } + // Even though it is optional for balancers, gracefulswitch ensures + // opts.StateListener is set, so this cannot ever be nil. + // TODO: delete this comment when UpdateSubConnState is removed. + acbw.stateListener(balancer.SubConnState{ConnectivityState: s, ConnectionError: err}) + }) +} + +func (acbw *acBalancerWrapper) String() string { + return fmt.Sprintf("SubConn(id:%d)", acbw.ac.channelz.ID) +} + +func (acbw *acBalancerWrapper) UpdateAddresses(addrs []resolver.Address) { + acbw.ac.updateAddrs(addrs) +} + +func (acbw *acBalancerWrapper) Connect() { + go acbw.ac.connect() +} + +func (acbw *acBalancerWrapper) Shutdown() { + acbw.ccb.cc.removeAddrConn(acbw.ac, errConnDrain) +} + +// NewStream begins a streaming RPC on the addrConn. If the addrConn is not +// ready, blocks until it is or ctx expires. Returns an error when the context +// expires or the addrConn is shut down. +func (acbw *acBalancerWrapper) NewStream(ctx context.Context, desc *StreamDesc, method string, opts ...CallOption) (ClientStream, error) { + transport, err := acbw.ac.getTransport(ctx) + if err != nil { + return nil, err + } + return newNonRetryClientStream(ctx, desc, method, transport, acbw.ac, opts...) +} + +// Invoke performs a unary RPC. If the addrConn is not ready, returns +// errSubConnNotReady. +func (acbw *acBalancerWrapper) Invoke(ctx context.Context, method string, args any, reply any, opts ...CallOption) error { + cs, err := acbw.NewStream(ctx, unaryStreamDesc, method, opts...) + if err != nil { + return err + } + if err := cs.SendMsg(args); err != nil { + return err + } + return cs.RecvMsg(reply) +} + +type refCountedProducer struct { + producer balancer.Producer + refs int // number of current refs to the producer + close func() // underlying producer's close function +} + +func (acbw *acBalancerWrapper) GetOrBuildProducer(pb balancer.ProducerBuilder) (balancer.Producer, func()) { + acbw.mu.Lock() + defer acbw.mu.Unlock() + + // Look up existing producer from this builder. + pData := acbw.producers[pb] + if pData == nil { + // Not found; create a new one and add it to the producers map. + p, close := pb.Build(acbw) + pData = &refCountedProducer{producer: p, close: close} + acbw.producers[pb] = pData + } + // Account for this new reference. + pData.refs++ + + // Return a cleanup function wrapped in a OnceFunc to remove this reference + // and delete the refCountedProducer from the map if the total reference + // count goes to zero. + unref := func() { + acbw.mu.Lock() + pData.refs-- + if pData.refs == 0 { + defer pData.close() // Run outside the acbw mutex + delete(acbw.producers, pb) + } + acbw.mu.Unlock() + } + return pData.producer, grpcsync.OnceFunc(unref) +} diff --git a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go index 595480112..1afb1e84a 100644 --- a/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go +++ b/vendor/google.golang.org/grpc/binarylog/grpc_binarylog_v1/binarylog.pb.go @@ -18,8 +18,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 -// protoc v4.22.0 +// protoc-gen-go v1.33.0 +// protoc v4.25.2 // source: grpc/binlog/v1/binarylog.proto package grpc_binarylog_v1 @@ -430,7 +430,7 @@ type ClientHeader struct { MethodName string `protobuf:"bytes,2,opt,name=method_name,json=methodName,proto3" json:"method_name,omitempty"` // A single process may be used to run multiple virtual // servers with different identities. - // The authority is the name of such a server identitiy. + // The authority is the name of such a server identity. // It is typically a portion of the URI in the form of // or : . Authority string `protobuf:"bytes,3,opt,name=authority,proto3" json:"authority,omitempty"` diff --git a/vendor/google.golang.org/grpc/clientconn.go b/vendor/google.golang.org/grpc/clientconn.go index 429c389e4..2359f94b8 100644 --- a/vendor/google.golang.org/grpc/clientconn.go +++ b/vendor/google.golang.org/grpc/clientconn.go @@ -33,13 +33,10 @@ import ( "google.golang.org/grpc/balancer/base" "google.golang.org/grpc/codes" "google.golang.org/grpc/connectivity" - "google.golang.org/grpc/credentials" "google.golang.org/grpc/internal" - "google.golang.org/grpc/internal/backoff" "google.golang.org/grpc/internal/channelz" "google.golang.org/grpc/internal/grpcsync" "google.golang.org/grpc/internal/idle" - "google.golang.org/grpc/internal/pretty" iresolver "google.golang.org/grpc/internal/resolver" "google.golang.org/grpc/internal/transport" "google.golang.org/grpc/keepalive" @@ -48,9 +45,9 @@ import ( "google.golang.org/grpc/status" _ "google.golang.org/grpc/balancer/roundrobin" // To register roundrobin. - _ "google.golang.org/grpc/internal/resolver/dns" // To register dns resolver. _ "google.golang.org/grpc/internal/resolver/passthrough" // To register passthrough resolver. _ "google.golang.org/grpc/internal/resolver/unix" // To register unix resolver. + _ "google.golang.org/grpc/resolver/dns" // To register dns resolver. ) const ( @@ -69,7 +66,7 @@ var ( errConnDrain = errors.New("grpc: the connection is drained") // errConnClosing indicates that the connection is closing. errConnClosing = errors.New("grpc: the connection is closing") - // errConnIdling indicates the the connection is being closed as the channel + // errConnIdling indicates the connection is being closed as the channel // is moving to an idle mode due to inactivity. errConnIdling = errors.New("grpc: the connection is closing due to channel idleness") // invalidDefaultServiceConfigErrPrefix is used to prefix the json parsing error for the default @@ -103,11 +100,6 @@ const ( defaultReadBufSize = 32 * 1024 ) -// Dial creates a client connection to the given target. -func Dial(target string, opts ...DialOption) (*ClientConn, error) { - return DialContext(context.Background(), target, opts...) -} - type defaultConfigSelector struct { sc *ServiceConfig } @@ -119,47 +111,30 @@ func (dcs *defaultConfigSelector) SelectConfig(rpcInfo iresolver.RPCInfo) (*ires }, nil } -// DialContext creates a client connection to the given target. By default, it's -// a non-blocking dial (the function won't wait for connections to be -// established, and connecting happens in the background). To make it a blocking -// dial, use WithBlock() dial option. -// -// In the non-blocking case, the ctx does not act against the connection. It -// only controls the setup steps. -// -// In the blocking case, ctx can be used to cancel or expire the pending -// connection. Once this function returns, the cancellation and expiration of -// ctx will be noop. Users should call ClientConn.Close to terminate all the -// pending operations after this function returns. +// NewClient creates a new gRPC "channel" for the target URI provided. No I/O +// is performed. Use of the ClientConn for RPCs will automatically cause it to +// connect. Connect may be used to manually create a connection, but for most +// users this is unnecessary. // // The target name syntax is defined in -// https://github.com/grpc/grpc/blob/master/doc/naming.md. -// e.g. to use dns resolver, a "dns:///" prefix should be applied to the target. -func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *ClientConn, err error) { +// https://github.com/grpc/grpc/blob/master/doc/naming.md. e.g. to use dns +// resolver, a "dns:///" prefix should be applied to the target. +// +// The DialOptions returned by WithBlock, WithTimeout, +// WithReturnConnectionError, and FailOnNonTempDialError are ignored by this +// function. +func NewClient(target string, opts ...DialOption) (conn *ClientConn, err error) { cc := &ClientConn{ target: target, conns: make(map[*addrConn]struct{}), dopts: defaultDialOptions(), - czData: new(channelzData), } - // We start the channel off in idle mode, but kick it out of idle at the end - // of this method, instead of waiting for the first RPC. Other gRPC - // implementations do wait for the first RPC to kick the channel out of - // idle. But doing so would be a major behavior change for our users who are - // used to seeing the channel active after Dial. - // - // Taking this approach of kicking it out of idle at the end of this method - // allows us to share the code between channel creation and exiting idle - // mode. This will also make it easy for us to switch to starting the - // channel off in idle, if at all we ever get to do that. - cc.idlenessState = ccIdlenessStateIdle - cc.retryThrottler.Store((*retryThrottler)(nil)) cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{nil}) cc.ctx, cc.cancel = context.WithCancel(context.Background()) - cc.exitIdleCond = sync.NewCond(&cc.mu) + // Apply dial options. disableGlobalOpts := false for _, opt := range opts { if _, ok := opt.(*disableGlobalDialOptions); ok { @@ -177,21 +152,9 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * for _, opt := range opts { opt.apply(&cc.dopts) } - chainUnaryClientInterceptors(cc) chainStreamClientInterceptors(cc) - defer func() { - if err != nil { - cc.Close() - } - }() - - // Register ClientConn with channelz. - cc.channelzRegistration(target) - - cc.csMgr = newConnectivityStateManager(cc.ctx, cc.channelzID) - if err := cc.validateTransportCredentials(); err != nil { return nil, err } @@ -205,10 +168,77 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * } cc.mkp = cc.dopts.copts.KeepaliveParams - if cc.dopts.copts.UserAgent != "" { - cc.dopts.copts.UserAgent += " " + grpcUA - } else { - cc.dopts.copts.UserAgent = grpcUA + // Register ClientConn with channelz. + cc.channelzRegistration(target) + + // TODO: Ideally it should be impossible to error from this function after + // channelz registration. This will require removing some channelz logs + // from the following functions that can error. Errors can be returned to + // the user, and successful logs can be emitted here, after the checks have + // passed and channelz is subsequently registered. + + // Determine the resolver to use. + if err := cc.parseTargetAndFindResolver(); err != nil { + channelz.RemoveEntry(cc.channelz.ID) + return nil, err + } + if err = cc.determineAuthority(); err != nil { + channelz.RemoveEntry(cc.channelz.ID) + return nil, err + } + + cc.csMgr = newConnectivityStateManager(cc.ctx, cc.channelz) + cc.pickerWrapper = newPickerWrapper(cc.dopts.copts.StatsHandlers) + + cc.initIdleStateLocked() // Safe to call without the lock, since nothing else has a reference to cc. + cc.idlenessMgr = idle.NewManager((*idler)(cc), cc.dopts.idleTimeout) + return cc, nil +} + +// Dial calls DialContext(context.Background(), target, opts...). +// +// Deprecated: use NewClient instead. Will be supported throughout 1.x. +func Dial(target string, opts ...DialOption) (*ClientConn, error) { + return DialContext(context.Background(), target, opts...) +} + +// DialContext calls NewClient and then exits idle mode. If WithBlock(true) is +// used, it calls Connect and WaitForStateChange until either the context +// expires or the state of the ClientConn is Ready. +// +// One subtle difference between NewClient and Dial and DialContext is that the +// former uses "dns" as the default name resolver, while the latter use +// "passthrough" for backward compatibility. This distinction should not matter +// to most users, but could matter to legacy users that specify a custom dialer +// and expect it to receive the target string directly. +// +// Deprecated: use NewClient instead. Will be supported throughout 1.x. +func DialContext(ctx context.Context, target string, opts ...DialOption) (conn *ClientConn, err error) { + // At the end of this method, we kick the channel out of idle, rather than + // waiting for the first rpc. + opts = append([]DialOption{withDefaultScheme("passthrough")}, opts...) + cc, err := NewClient(target, opts...) + if err != nil { + return nil, err + } + + // We start the channel off in idle mode, but kick it out of idle now, + // instead of waiting for the first RPC. This is the legacy behavior of + // Dial. + defer func() { + if err != nil { + cc.Close() + } + }() + + // This creates the name resolver, load balancer, etc. + if err := cc.idlenessMgr.ExitIdleMode(); err != nil { + return nil, err + } + + // Return now for non-blocking dials. + if !cc.dopts.block { + return cc, nil } if cc.dopts.timeout > 0 { @@ -231,49 +261,6 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * } }() - if cc.dopts.bs == nil { - cc.dopts.bs = backoff.DefaultExponential - } - - // Determine the resolver to use. - if err := cc.parseTargetAndFindResolver(); err != nil { - return nil, err - } - if err = cc.determineAuthority(); err != nil { - return nil, err - } - - if cc.dopts.scChan != nil { - // Blocking wait for the initial service config. - select { - case sc, ok := <-cc.dopts.scChan: - if ok { - cc.sc = &sc - cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{&sc}) - } - case <-ctx.Done(): - return nil, ctx.Err() - } - } - if cc.dopts.scChan != nil { - go cc.scWatcher() - } - - // This creates the name resolver, load balancer, blocking picker etc. - if err := cc.exitIdleMode(); err != nil { - return nil, err - } - - // Configure idleness support with configured idle timeout or default idle - // timeout duration. Idleness can be explicitly disabled by the user, by - // setting the dial option to 0. - cc.idlenessMgr = idle.NewManager(idle.ManagerOptions{Enforcer: (*idler)(cc), Timeout: cc.dopts.idleTimeout, Logger: logger}) - - // Return early for non-blocking dials. - if !cc.dopts.block { - return cc, nil - } - // A blocking dial blocks until the clientConn is ready. for { s := cc.GetState() @@ -305,23 +292,23 @@ func DialContext(ctx context.Context, target string, opts ...DialOption) (conn * // addTraceEvent is a helper method to add a trace event on the channel. If the // channel is a nested one, the same event is also added on the parent channel. func (cc *ClientConn) addTraceEvent(msg string) { - ted := &channelz.TraceEventDesc{ + ted := &channelz.TraceEvent{ Desc: fmt.Sprintf("Channel %s", msg), Severity: channelz.CtInfo, } - if cc.dopts.channelzParentID != nil { - ted.Parent = &channelz.TraceEventDesc{ - Desc: fmt.Sprintf("Nested channel(id:%d) %s", cc.channelzID.Int(), msg), + if cc.dopts.channelzParent != nil { + ted.Parent = &channelz.TraceEvent{ + Desc: fmt.Sprintf("Nested channel(id:%d) %s", cc.channelz.ID, msg), Severity: channelz.CtInfo, } } - channelz.AddTraceEvent(logger, cc.channelzID, 0, ted) + channelz.AddTraceEvent(logger, cc.channelz, 0, ted) } type idler ClientConn -func (i *idler) EnterIdleMode() error { - return (*ClientConn)(i).enterIdleMode() +func (i *idler) EnterIdleMode() { + (*ClientConn)(i).enterIdleMode() } func (i *idler) ExitIdleMode() error { @@ -329,117 +316,71 @@ func (i *idler) ExitIdleMode() error { } // exitIdleMode moves the channel out of idle mode by recreating the name -// resolver and load balancer. -func (cc *ClientConn) exitIdleMode() error { +// resolver and load balancer. This should never be called directly; use +// cc.idlenessMgr.ExitIdleMode instead. +func (cc *ClientConn) exitIdleMode() (err error) { cc.mu.Lock() if cc.conns == nil { cc.mu.Unlock() return errConnClosing } - if cc.idlenessState != ccIdlenessStateIdle { - channelz.Infof(logger, cc.channelzID, "ClientConn asked to exit idle mode, current mode is %v", cc.idlenessState) - cc.mu.Unlock() - return nil - } - - defer func() { - // When Close() and exitIdleMode() race against each other, one of the - // following two can happen: - // - Close() wins the race and runs first. exitIdleMode() runs after, and - // sees that the ClientConn is already closed and hence returns early. - // - exitIdleMode() wins the race and runs first and recreates the balancer - // and releases the lock before recreating the resolver. If Close() runs - // in this window, it will wait for exitIdleMode to complete. - // - // We achieve this synchronization using the below condition variable. - cc.mu.Lock() - cc.idlenessState = ccIdlenessStateActive - cc.exitIdleCond.Signal() - cc.mu.Unlock() - }() - - cc.idlenessState = ccIdlenessStateExitingIdle - exitedIdle := false - if cc.blockingpicker == nil { - cc.blockingpicker = newPickerWrapper(cc.dopts.copts.StatsHandlers) - } else { - cc.blockingpicker.exitIdleMode() - exitedIdle = true - } - - var credsClone credentials.TransportCredentials - if creds := cc.dopts.copts.TransportCredentials; creds != nil { - credsClone = creds.Clone() - } - if cc.balancerWrapper == nil { - cc.balancerWrapper = newCCBalancerWrapper(cc, balancer.BuildOptions{ - DialCreds: credsClone, - CredsBundle: cc.dopts.copts.CredsBundle, - Dialer: cc.dopts.copts.Dialer, - Authority: cc.authority, - CustomUserAgent: cc.dopts.copts.UserAgent, - ChannelzParentID: cc.channelzID, - Target: cc.parsedTarget, - }) - } else { - cc.balancerWrapper.exitIdleMode() - } - cc.firstResolveEvent = grpcsync.NewEvent() cc.mu.Unlock() // This needs to be called without cc.mu because this builds a new resolver - // which might update state or report error inline which needs to be handled - // by cc.updateResolverState() which also grabs cc.mu. - if err := cc.initResolverWrapper(credsClone); err != nil { + // which might update state or report error inline, which would then need to + // acquire cc.mu. + if err := cc.resolverWrapper.start(); err != nil { return err } - if exitedIdle { - cc.addTraceEvent("exiting idle mode") - } + cc.addTraceEvent("exiting idle mode") return nil } +// initIdleStateLocked initializes common state to how it should be while idle. +func (cc *ClientConn) initIdleStateLocked() { + cc.resolverWrapper = newCCResolverWrapper(cc) + cc.balancerWrapper = newCCBalancerWrapper(cc) + cc.firstResolveEvent = grpcsync.NewEvent() + // cc.conns == nil is a proxy for the ClientConn being closed. So, instead + // of setting it to nil here, we recreate the map. This also means that we + // don't have to do this when exiting idle mode. + cc.conns = make(map[*addrConn]struct{}) +} + // enterIdleMode puts the channel in idle mode, and as part of it shuts down the -// name resolver, load balancer and any subchannels. -func (cc *ClientConn) enterIdleMode() error { +// name resolver, load balancer, and any subchannels. This should never be +// called directly; use cc.idlenessMgr.EnterIdleMode instead. +func (cc *ClientConn) enterIdleMode() { cc.mu.Lock() - defer cc.mu.Unlock() if cc.conns == nil { - return ErrClientConnClosing - } - if cc.idlenessState != ccIdlenessStateActive { - channelz.Warningf(logger, cc.channelzID, "ClientConn asked to enter idle mode, current mode is %v", cc.idlenessState) - return nil + cc.mu.Unlock() + return } - // cc.conns == nil is a proxy for the ClientConn being closed. So, instead - // of setting it to nil here, we recreate the map. This also means that we - // don't have to do this when exiting idle mode. conns := cc.conns - cc.conns = make(map[*addrConn]struct{}) - // TODO: Currently, we close the resolver wrapper upon entering idle mode - // and create a new one upon exiting idle mode. This means that the - // `cc.resolverWrapper` field would be overwritten everytime we exit idle - // mode. While this means that we need to hold `cc.mu` when accessing - // `cc.resolverWrapper`, it makes the code simpler in the wrapper. We should - // try to do the same for the balancer and picker wrappers too. - cc.resolverWrapper.close() - cc.blockingpicker.enterIdleMode() - cc.balancerWrapper.enterIdleMode() + rWrapper := cc.resolverWrapper + rWrapper.close() + cc.pickerWrapper.reset() + bWrapper := cc.balancerWrapper + bWrapper.close() cc.csMgr.updateState(connectivity.Idle) - cc.idlenessState = ccIdlenessStateIdle cc.addTraceEvent("entering idle mode") - go func() { - for ac := range conns { - ac.tearDown(errConnIdling) - } - }() + cc.initIdleStateLocked() - return nil + cc.mu.Unlock() + + // Block until the name resolver and LB policy are closed. + <-rWrapper.serializer.Done() + <-bWrapper.serializer.Done() + + // Close all subchannels after the LB policy is closed. + for ac := range conns { + ac.tearDown(errConnIdling) + } } // validateTransportCredentials performs a series of checks on the configured @@ -478,14 +419,15 @@ func (cc *ClientConn) validateTransportCredentials() error { } // channelzRegistration registers the newly created ClientConn with channelz and -// stores the returned identifier in `cc.channelzID` and `cc.csMgr.channelzID`. -// A channelz trace event is emitted for ClientConn creation. If the newly -// created ClientConn is a nested one, i.e a valid parent ClientConn ID is -// specified via a dial option, the trace event is also added to the parent. +// stores the returned identifier in `cc.channelz`. A channelz trace event is +// emitted for ClientConn creation. If the newly created ClientConn is a nested +// one, i.e a valid parent ClientConn ID is specified via a dial option, the +// trace event is also added to the parent. // // Doesn't grab cc.mu as this method is expected to be called only at Dial time. func (cc *ClientConn) channelzRegistration(target string) { - cc.channelzID = channelz.RegisterChannel(&channelzChannel{cc}, cc.dopts.channelzParentID, target) + parentChannel, _ := cc.dopts.channelzParent.(*channelz.Channel) + cc.channelz = channelz.RegisterChannel(parentChannel, target) cc.addTraceEvent("created") } @@ -552,11 +494,11 @@ func getChainStreamer(interceptors []StreamClientInterceptor, curr int, finalStr } // newConnectivityStateManager creates an connectivityStateManager with -// the specified id. -func newConnectivityStateManager(ctx context.Context, id *channelz.Identifier) *connectivityStateManager { +// the specified channel. +func newConnectivityStateManager(ctx context.Context, channel *channelz.Channel) *connectivityStateManager { return &connectivityStateManager{ - channelzID: id, - pubSub: grpcsync.NewPubSub(ctx), + channelz: channel, + pubSub: grpcsync.NewPubSub(ctx), } } @@ -570,7 +512,7 @@ type connectivityStateManager struct { mu sync.Mutex state connectivity.State notifyChan chan struct{} - channelzID *channelz.Identifier + channelz *channelz.Channel pubSub *grpcsync.PubSub } @@ -587,9 +529,10 @@ func (csm *connectivityStateManager) updateState(state connectivity.State) { return } csm.state = state + csm.channelz.ChannelMetrics.State.Store(&state) csm.pubSub.Publish(state) - channelz.Infof(logger, csm.channelzID, "Channel Connectivity change to %v", state) + channelz.Infof(logger, csm.channelz, "Channel Connectivity change to %v", state) if csm.notifyChan != nil { // There are other goroutines waiting on this channel. close(csm.notifyChan) @@ -643,72 +586,40 @@ type ClientConn struct { cancel context.CancelFunc // Cancelled on close. // The following are initialized at dial time, and are read-only after that. - target string // User's dial target. - parsedTarget resolver.Target // See parseTargetAndFindResolver(). - authority string // See determineAuthority(). - dopts dialOptions // Default and user specified dial options. - channelzID *channelz.Identifier // Channelz identifier for the channel. - resolverBuilder resolver.Builder // See parseTargetAndFindResolver(). - balancerWrapper *ccBalancerWrapper // Uses gracefulswitch.balancer underneath. - idlenessMgr idle.Manager + target string // User's dial target. + parsedTarget resolver.Target // See parseTargetAndFindResolver(). + authority string // See determineAuthority(). + dopts dialOptions // Default and user specified dial options. + channelz *channelz.Channel // Channelz object. + resolverBuilder resolver.Builder // See parseTargetAndFindResolver(). + idlenessMgr *idle.Manager // The following provide their own synchronization, and therefore don't // require cc.mu to be held to access them. csMgr *connectivityStateManager - blockingpicker *pickerWrapper + pickerWrapper *pickerWrapper safeConfigSelector iresolver.SafeConfigSelector - czData *channelzData retryThrottler atomic.Value // Updated from service config. - // firstResolveEvent is used to track whether the name resolver sent us at - // least one update. RPCs block on this event. - firstResolveEvent *grpcsync.Event - // mu protects the following fields. // TODO: split mu so the same mutex isn't used for everything. mu sync.RWMutex - resolverWrapper *ccResolverWrapper // Initialized in Dial; cleared in Close. + resolverWrapper *ccResolverWrapper // Always recreated whenever entering idle to simplify Close. + balancerWrapper *ccBalancerWrapper // Always recreated whenever entering idle to simplify Close. sc *ServiceConfig // Latest service config received from the resolver. conns map[*addrConn]struct{} // Set to nil on close. mkp keepalive.ClientParameters // May be updated upon receipt of a GoAway. - idlenessState ccIdlenessState // Tracks idleness state of the channel. - exitIdleCond *sync.Cond // Signalled when channel exits idle. + // firstResolveEvent is used to track whether the name resolver sent us at + // least one update. RPCs block on this event. May be accessed without mu + // if we know we cannot be asked to enter idle mode while accessing it (e.g. + // when the idle manager has already been closed, or if we are already + // entering idle mode). + firstResolveEvent *grpcsync.Event lceMu sync.Mutex // protects lastConnectionError lastConnectionError error } -// ccIdlenessState tracks the idleness state of the channel. -// -// Channels start off in `active` and move to `idle` after a period of -// inactivity. When moving back to `active` upon an incoming RPC, they -// transition through `exiting_idle`. This state is useful for synchronization -// with Close(). -// -// This state tracking is mostly for self-protection. The idlenessManager is -// expected to keep track of the state as well, and is expected not to call into -// the ClientConn unnecessarily. -type ccIdlenessState int8 - -const ( - ccIdlenessStateActive ccIdlenessState = iota - ccIdlenessStateIdle - ccIdlenessStateExitingIdle -) - -func (s ccIdlenessState) String() string { - switch s { - case ccIdlenessStateActive: - return "active" - case ccIdlenessStateIdle: - return "idle" - case ccIdlenessStateExitingIdle: - return "exitingIdle" - default: - return "unknown" - } -} - // WaitForStateChange waits until the connectivity.State of ClientConn changes from sourceState or // ctx expires. A true value is returned in former case and false in latter. // @@ -748,29 +659,15 @@ func (cc *ClientConn) GetState() connectivity.State { // Notice: This API is EXPERIMENTAL and may be changed or removed in a later // release. func (cc *ClientConn) Connect() { - cc.exitIdleMode() + if err := cc.idlenessMgr.ExitIdleMode(); err != nil { + cc.addTraceEvent(err.Error()) + return + } // If the ClientConn was not in idle mode, we need to call ExitIdle on the // LB policy so that connections can be created. - cc.balancerWrapper.exitIdleMode() -} - -func (cc *ClientConn) scWatcher() { - for { - select { - case sc, ok := <-cc.dopts.scChan: - if !ok { - return - } - cc.mu.Lock() - // TODO: load balance policy runtime change is ignored. - // We may revisit this decision in the future. - cc.sc = &sc - cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{&sc}) - cc.mu.Unlock() - case <-cc.ctx.Done(): - return - } - } + cc.mu.Lock() + cc.balancerWrapper.exitIdle() + cc.mu.Unlock() } // waitForResolvedAddrs blocks until the resolver has provided addresses or the @@ -795,6 +692,7 @@ func (cc *ClientConn) waitForResolvedAddrs(ctx context.Context) error { var emptyServiceConfig *ServiceConfig func init() { + balancer.Register(pickfirstBuilder{}) cfg := parseServiceConfig("{}") if cfg.Err != nil { panic(fmt.Sprintf("impossible error parsing empty service config: %v", cfg.Err)) @@ -804,29 +702,28 @@ func init() { internal.SubscribeToConnectivityStateChanges = func(cc *ClientConn, s grpcsync.Subscriber) func() { return cc.csMgr.pubSub.Subscribe(s) } - internal.EnterIdleModeForTesting = func(cc *ClientConn) error { - return cc.enterIdleMode() + internal.EnterIdleModeForTesting = func(cc *ClientConn) { + cc.idlenessMgr.EnterIdleModeForTesting() } internal.ExitIdleModeForTesting = func(cc *ClientConn) error { - return cc.exitIdleMode() + return cc.idlenessMgr.ExitIdleMode() } } -func (cc *ClientConn) maybeApplyDefaultServiceConfig(addrs []resolver.Address) { +func (cc *ClientConn) maybeApplyDefaultServiceConfig() { if cc.sc != nil { - cc.applyServiceConfigAndBalancer(cc.sc, nil, addrs) + cc.applyServiceConfigAndBalancer(cc.sc, nil) return } if cc.dopts.defaultServiceConfig != nil { - cc.applyServiceConfigAndBalancer(cc.dopts.defaultServiceConfig, &defaultConfigSelector{cc.dopts.defaultServiceConfig}, addrs) + cc.applyServiceConfigAndBalancer(cc.dopts.defaultServiceConfig, &defaultConfigSelector{cc.dopts.defaultServiceConfig}) } else { - cc.applyServiceConfigAndBalancer(emptyServiceConfig, &defaultConfigSelector{emptyServiceConfig}, addrs) + cc.applyServiceConfigAndBalancer(emptyServiceConfig, &defaultConfigSelector{emptyServiceConfig}) } } -func (cc *ClientConn) updateResolverState(s resolver.State, err error) error { +func (cc *ClientConn) updateResolverStateAndUnlock(s resolver.State, err error) error { defer cc.firstResolveEvent.Fire() - cc.mu.Lock() // Check if the ClientConn is already closed. Some fields (e.g. // balancerWrapper) are set to nil when closing the ClientConn, and could // cause nil pointer panic if we don't have this check. @@ -839,7 +736,7 @@ func (cc *ClientConn) updateResolverState(s resolver.State, err error) error { // May need to apply the initial service config in case the resolver // doesn't support service configs, or doesn't provide a service config // with the new addresses. - cc.maybeApplyDefaultServiceConfig(nil) + cc.maybeApplyDefaultServiceConfig() cc.balancerWrapper.resolverError(err) @@ -850,10 +747,10 @@ func (cc *ClientConn) updateResolverState(s resolver.State, err error) error { var ret error if cc.dopts.disableServiceConfig { - channelz.Infof(logger, cc.channelzID, "ignoring service config from resolver (%v) and applying the default because service config is disabled", s.ServiceConfig) - cc.maybeApplyDefaultServiceConfig(s.Addresses) + channelz.Infof(logger, cc.channelz, "ignoring service config from resolver (%v) and applying the default because service config is disabled", s.ServiceConfig) + cc.maybeApplyDefaultServiceConfig() } else if s.ServiceConfig == nil { - cc.maybeApplyDefaultServiceConfig(s.Addresses) + cc.maybeApplyDefaultServiceConfig() // TODO: do we need to apply a failing LB policy if there is no // default, per the error handling design? } else { @@ -861,18 +758,18 @@ func (cc *ClientConn) updateResolverState(s resolver.State, err error) error { configSelector := iresolver.GetConfigSelector(s) if configSelector != nil { if len(s.ServiceConfig.Config.(*ServiceConfig).Methods) != 0 { - channelz.Infof(logger, cc.channelzID, "method configs in service config will be ignored due to presence of config selector") + channelz.Infof(logger, cc.channelz, "method configs in service config will be ignored due to presence of config selector") } } else { configSelector = &defaultConfigSelector{sc} } - cc.applyServiceConfigAndBalancer(sc, configSelector, s.Addresses) + cc.applyServiceConfigAndBalancer(sc, configSelector) } else { ret = balancer.ErrBadResolverState if cc.sc == nil { // Apply the failing LB only if we haven't received valid service config // from the name resolver in the past. - cc.applyFailingLB(s.ServiceConfig) + cc.applyFailingLBLocked(s.ServiceConfig) cc.mu.Unlock() return ret } @@ -881,7 +778,7 @@ func (cc *ClientConn) updateResolverState(s resolver.State, err error) error { var balCfg serviceconfig.LoadBalancingConfig if cc.sc != nil && cc.sc.lbConfig != nil { - balCfg = cc.sc.lbConfig.cfg + balCfg = cc.sc.lbConfig } bw := cc.balancerWrapper cc.mu.Unlock() @@ -894,15 +791,13 @@ func (cc *ClientConn) updateResolverState(s resolver.State, err error) error { return ret } -// applyFailingLB is akin to configuring an LB policy on the channel which +// applyFailingLBLocked is akin to configuring an LB policy on the channel which // always fails RPCs. Here, an actual LB policy is not configured, but an always // erroring picker is configured, which returns errors with information about // what was invalid in the received service config. A config selector with no // service config is configured, and the connectivity state of the channel is // set to TransientFailure. -// -// Caller must hold cc.mu. -func (cc *ClientConn) applyFailingLB(sc *serviceconfig.ParseResult) { +func (cc *ClientConn) applyFailingLBLocked(sc *serviceconfig.ParseResult) { var err error if sc.Err != nil { err = status.Errorf(codes.Unavailable, "error parsing service config: %v", sc.Err) @@ -910,14 +805,10 @@ func (cc *ClientConn) applyFailingLB(sc *serviceconfig.ParseResult) { err = status.Errorf(codes.Unavailable, "illegal service config type: %T", sc.Config) } cc.safeConfigSelector.UpdateConfigSelector(&defaultConfigSelector{nil}) - cc.blockingpicker.updatePicker(base.NewErrPicker(err)) + cc.pickerWrapper.updatePicker(base.NewErrPicker(err)) cc.csMgr.updateState(connectivity.TransientFailure) } -func (cc *ClientConn) handleSubConnStateChange(sc balancer.SubConn, s connectivity.State, err error) { - cc.balancerWrapper.updateSubConnState(sc, s, err) -} - // Makes a copy of the input addresses slice and clears out the balancer // attributes field. Addresses are passed during subconn creation and address // update operations. In both cases, we will clear the balancer attributes by @@ -932,42 +823,39 @@ func copyAddressesWithoutBalancerAttributes(in []resolver.Address) []resolver.Ad return out } -// newAddrConn creates an addrConn for addrs and adds it to cc.conns. +// newAddrConnLocked creates an addrConn for addrs and adds it to cc.conns. // // Caller needs to make sure len(addrs) > 0. -func (cc *ClientConn) newAddrConn(addrs []resolver.Address, opts balancer.NewSubConnOptions) (*addrConn, error) { +func (cc *ClientConn) newAddrConnLocked(addrs []resolver.Address, opts balancer.NewSubConnOptions) (*addrConn, error) { + if cc.conns == nil { + return nil, ErrClientConnClosing + } + ac := &addrConn{ state: connectivity.Idle, cc: cc, addrs: copyAddressesWithoutBalancerAttributes(addrs), scopts: opts, dopts: cc.dopts, - czData: new(channelzData), + channelz: channelz.RegisterSubChannel(cc.channelz, ""), resetBackoff: make(chan struct{}), stateChan: make(chan struct{}), } ac.ctx, ac.cancel = context.WithCancel(cc.ctx) - // Track ac in cc. This needs to be done before any getTransport(...) is called. - cc.mu.Lock() - defer cc.mu.Unlock() - if cc.conns == nil { - return nil, ErrClientConnClosing - } + // Start with our address set to the first address; this may be updated if + // we connect to different addresses. + ac.channelz.ChannelMetrics.Target.Store(&addrs[0].Addr) - var err error - ac.channelzID, err = channelz.RegisterSubChannel(ac, cc.channelzID, "") - if err != nil { - return nil, err - } - channelz.AddTraceEvent(logger, ac.channelzID, 0, &channelz.TraceEventDesc{ + channelz.AddTraceEvent(logger, ac.channelz, 0, &channelz.TraceEvent{ Desc: "Subchannel created", Severity: channelz.CtInfo, - Parent: &channelz.TraceEventDesc{ - Desc: fmt.Sprintf("Subchannel(id:%d) created", ac.channelzID.Int()), + Parent: &channelz.TraceEvent{ + Desc: fmt.Sprintf("Subchannel(id:%d) created", ac.channelz.ID), Severity: channelz.CtInfo, }, }) + // Track ac in cc. This needs to be done before any getTransport(...) is called. cc.conns[ac] = struct{}{} return ac, nil } @@ -985,38 +873,27 @@ func (cc *ClientConn) removeAddrConn(ac *addrConn, err error) { ac.tearDown(err) } -func (cc *ClientConn) channelzMetric() *channelz.ChannelInternalMetric { - return &channelz.ChannelInternalMetric{ - State: cc.GetState(), - Target: cc.target, - CallsStarted: atomic.LoadInt64(&cc.czData.callsStarted), - CallsSucceeded: atomic.LoadInt64(&cc.czData.callsSucceeded), - CallsFailed: atomic.LoadInt64(&cc.czData.callsFailed), - LastCallStartedTimestamp: time.Unix(0, atomic.LoadInt64(&cc.czData.lastCallStartedTime)), - } -} - // Target returns the target string of the ClientConn. -// -// # Experimental -// -// Notice: This API is EXPERIMENTAL and may be changed or removed in a -// later release. func (cc *ClientConn) Target() string { return cc.target } +// CanonicalTarget returns the canonical target string of the ClientConn. +func (cc *ClientConn) CanonicalTarget() string { + return cc.parsedTarget.String() +} + func (cc *ClientConn) incrCallsStarted() { - atomic.AddInt64(&cc.czData.callsStarted, 1) - atomic.StoreInt64(&cc.czData.lastCallStartedTime, time.Now().UnixNano()) + cc.channelz.ChannelMetrics.CallsStarted.Add(1) + cc.channelz.ChannelMetrics.LastCallStartedTimestamp.Store(time.Now().UnixNano()) } func (cc *ClientConn) incrCallsSucceeded() { - atomic.AddInt64(&cc.czData.callsSucceeded, 1) + cc.channelz.ChannelMetrics.CallsSucceeded.Add(1) } func (cc *ClientConn) incrCallsFailed() { - atomic.AddInt64(&cc.czData.callsFailed, 1) + cc.channelz.ChannelMetrics.CallsFailed.Add(1) } // connect starts creating a transport. @@ -1059,10 +936,14 @@ func equalAddresses(a, b []resolver.Address) bool { // updateAddrs updates ac.addrs with the new addresses list and handles active // connections or connection attempts. func (ac *addrConn) updateAddrs(addrs []resolver.Address) { - ac.mu.Lock() - channelz.Infof(logger, ac.channelzID, "addrConn: updateAddrs curAddr: %v, addrs: %v", pretty.ToJSON(ac.curAddr), pretty.ToJSON(addrs)) - addrs = copyAddressesWithoutBalancerAttributes(addrs) + limit := len(addrs) + if limit > 5 { + limit = 5 + } + channelz.Infof(logger, ac.channelz, "addrConn: updateAddrs addrs (%d of %d): %v", limit, len(addrs), addrs[:limit]) + + ac.mu.Lock() if equalAddresses(ac.addrs, addrs) { ac.mu.Unlock() return @@ -1174,13 +1055,13 @@ func (cc *ClientConn) healthCheckConfig() *healthCheckConfig { } func (cc *ClientConn) getTransport(ctx context.Context, failfast bool, method string) (transport.ClientTransport, balancer.PickResult, error) { - return cc.blockingpicker.pick(ctx, failfast, balancer.PickInfo{ + return cc.pickerWrapper.pick(ctx, failfast, balancer.PickInfo{ Ctx: ctx, FullMethodName: method, }) } -func (cc *ClientConn) applyServiceConfigAndBalancer(sc *ServiceConfig, configSelector iresolver.ConfigSelector, addrs []resolver.Address) { +func (cc *ClientConn) applyServiceConfigAndBalancer(sc *ServiceConfig, configSelector iresolver.ConfigSelector) { if sc == nil { // should never reach here. return @@ -1201,27 +1082,16 @@ func (cc *ClientConn) applyServiceConfigAndBalancer(sc *ServiceConfig, configSel } else { cc.retryThrottler.Store((*retryThrottler)(nil)) } - - var newBalancerName string - if cc.sc == nil || (cc.sc.lbConfig == nil && cc.sc.LB == nil) { - // No service config or no LB policy specified in config. - newBalancerName = PickFirstBalancerName - } else if cc.sc.lbConfig != nil { - newBalancerName = cc.sc.lbConfig.name - } else { // cc.sc.LB != nil - newBalancerName = *cc.sc.LB - } - cc.balancerWrapper.switchTo(newBalancerName) } func (cc *ClientConn) resolveNow(o resolver.ResolveNowOptions) { cc.mu.RLock() - r := cc.resolverWrapper + cc.resolverWrapper.resolveNow(o) cc.mu.RUnlock() - if r == nil { - return - } - go r.resolveNow(o) +} + +func (cc *ClientConn) resolveNowLocked(o resolver.ResolveNowOptions) { + cc.resolverWrapper.resolveNow(o) } // ResetConnectBackoff wakes up all subchannels in transient failure and causes @@ -1253,40 +1123,32 @@ func (cc *ClientConn) Close() error { <-cc.csMgr.pubSub.Done() }() + // Prevent calls to enter/exit idle immediately, and ensure we are not + // currently entering/exiting idle mode. + cc.idlenessMgr.Close() + cc.mu.Lock() if cc.conns == nil { cc.mu.Unlock() return ErrClientConnClosing } - for cc.idlenessState == ccIdlenessStateExitingIdle { - cc.exitIdleCond.Wait() - } - conns := cc.conns cc.conns = nil cc.csMgr.updateState(connectivity.Shutdown) - pWrapper := cc.blockingpicker - rWrapper := cc.resolverWrapper - bWrapper := cc.balancerWrapper - idlenessMgr := cc.idlenessMgr + // We can safely unlock and continue to access all fields now as + // cc.conns==nil, preventing any further operations on cc. cc.mu.Unlock() + cc.resolverWrapper.close() // The order of closing matters here since the balancer wrapper assumes the // picker is closed before it is closed. - if pWrapper != nil { - pWrapper.close() - } - if bWrapper != nil { - bWrapper.close() - } - if rWrapper != nil { - rWrapper.close() - } - if idlenessMgr != nil { - idlenessMgr.Close() - } + cc.pickerWrapper.close() + cc.balancerWrapper.close() + + <-cc.resolverWrapper.serializer.Done() + <-cc.balancerWrapper.serializer.Done() for ac := range conns { ac.tearDown(ErrClientConnClosing) @@ -1295,7 +1157,7 @@ func (cc *ClientConn) Close() error { // TraceEvent needs to be called before RemoveEntry, as TraceEvent may add // trace reference to the entity being deleted, and thus prevent it from being // deleted right away. - channelz.RemoveEntry(cc.channelzID) + channelz.RemoveEntry(cc.channelz.ID) return nil } @@ -1307,7 +1169,7 @@ type addrConn struct { cc *ClientConn dopts dialOptions - acbw balancer.SubConn + acbw *acBalancerWrapper scopts balancer.NewSubConnOptions // transport is set when there's a viable transport (note: ac state may not be READY as LB channel @@ -1316,6 +1178,10 @@ type addrConn struct { // is received, transport is closed, ac has been torn down). transport transport.ClientTransport // The current transport. + // This mutex is used on the RPC path, so its usage should be minimized as + // much as possible. + // TODO: Find a lock-free way to retrieve the transport and state from the + // addrConn. mu sync.Mutex curAddr resolver.Address // The current address. addrs []resolver.Address // All addresses that the resolver resolved to. @@ -1327,8 +1193,7 @@ type addrConn struct { backoffIdx int // Needs to be stateful for resetConnectBackoff. resetBackoff chan struct{} - channelzID *channelz.Identifier - czData *channelzData + channelz *channelz.SubChannel } // Note: this requires a lock on ac.mu. @@ -1340,12 +1205,13 @@ func (ac *addrConn) updateConnectivityState(s connectivity.State, lastErr error) close(ac.stateChan) ac.stateChan = make(chan struct{}) ac.state = s + ac.channelz.ChannelMetrics.State.Store(&s) if lastErr == nil { - channelz.Infof(logger, ac.channelzID, "Subchannel Connectivity change to %v", s) + channelz.Infof(logger, ac.channelz, "Subchannel Connectivity change to %v", s) } else { - channelz.Infof(logger, ac.channelzID, "Subchannel Connectivity change to %v, last error: %s", s, lastErr) + channelz.Infof(logger, ac.channelz, "Subchannel Connectivity change to %v, last error: %s", s, lastErr) } - ac.cc.handleSubConnStateChange(ac.acbw, s, lastErr) + ac.acbw.updateState(s, lastErr) } // adjustParams updates parameters used to create transports upon @@ -1441,6 +1307,7 @@ func (ac *addrConn) resetTransport() { func (ac *addrConn) tryAllAddrs(ctx context.Context, addrs []resolver.Address, connectDeadline time.Time) error { var firstConnErr error for _, addr := range addrs { + ac.channelz.ChannelMetrics.Target.Store(&addr.Addr) if ctx.Err() != nil { return errConnClosing } @@ -1456,7 +1323,7 @@ func (ac *addrConn) tryAllAddrs(ctx context.Context, addrs []resolver.Address, c } ac.mu.Unlock() - channelz.Infof(logger, ac.channelzID, "Subchannel picks a new address %q to connect", addr.Addr) + channelz.Infof(logger, ac.channelz, "Subchannel picks a new address %q to connect", addr.Addr) err := ac.createTransport(ctx, addr, copts, connectDeadline) if err == nil { @@ -1509,7 +1376,7 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, connectCtx, cancel := context.WithDeadline(ctx, connectDeadline) defer cancel() - copts.ChannelzParentID = ac.channelzID + copts.ChannelzParent = ac.channelz newTr, err := transport.NewClientTransport(connectCtx, ac.cc.ctx, addr, copts, onClose) if err != nil { @@ -1518,7 +1385,7 @@ func (ac *addrConn) createTransport(ctx context.Context, addr resolver.Address, } // newTr is either nil, or closed. hcancel() - channelz.Warningf(logger, ac.channelzID, "grpc: addrConn.createTransport failed to connect to %s. Err: %v", addr, err) + channelz.Warningf(logger, ac.channelz, "grpc: addrConn.createTransport failed to connect to %s. Err: %v", addr, err) return err } @@ -1590,7 +1457,7 @@ func (ac *addrConn) startHealthCheck(ctx context.Context) { // The health package is not imported to set health check function. // // TODO: add a link to the health check doc in the error message. - channelz.Error(logger, ac.channelzID, "Health check is requested but health check function is not set.") + channelz.Error(logger, ac.channelz, "Health check is requested but health check function is not set.") return } @@ -1620,9 +1487,9 @@ func (ac *addrConn) startHealthCheck(ctx context.Context) { err := ac.cc.dopts.healthCheckFunc(ctx, newStream, setConnectivityState, healthCheckConfig.ServiceName) if err != nil { if status.Code(err) == codes.Unimplemented { - channelz.Error(logger, ac.channelzID, "Subchannel health check is unimplemented at server side, thus health check is disabled") + channelz.Error(logger, ac.channelz, "Subchannel health check is unimplemented at server side, thus health check is disabled") } else { - channelz.Errorf(logger, ac.channelzID, "Health checking failed: %v", err) + channelz.Errorf(logger, ac.channelz, "Health checking failed: %v", err) } } }() @@ -1687,18 +1554,18 @@ func (ac *addrConn) tearDown(err error) { ac.cancel() ac.curAddr = resolver.Address{} - channelz.AddTraceEvent(logger, ac.channelzID, 0, &channelz.TraceEventDesc{ + channelz.AddTraceEvent(logger, ac.channelz, 0, &channelz.TraceEvent{ Desc: "Subchannel deleted", Severity: channelz.CtInfo, - Parent: &channelz.TraceEventDesc{ - Desc: fmt.Sprintf("Subchannel(id:%d) deleted", ac.channelzID.Int()), + Parent: &channelz.TraceEvent{ + Desc: fmt.Sprintf("Subchannel(id:%d) deleted", ac.channelz.ID), Severity: channelz.CtInfo, }, }) // TraceEvent needs to be called before RemoveEntry, as TraceEvent may add // trace reference to the entity being deleted, and thus prevent it from // being deleted right away. - channelz.RemoveEntry(ac.channelzID) + channelz.RemoveEntry(ac.channelz.ID) ac.mu.Unlock() // We have to release the lock before the call to GracefulClose/Close here @@ -1725,39 +1592,6 @@ func (ac *addrConn) tearDown(err error) { } } -func (ac *addrConn) getState() connectivity.State { - ac.mu.Lock() - defer ac.mu.Unlock() - return ac.state -} - -func (ac *addrConn) ChannelzMetric() *channelz.ChannelInternalMetric { - ac.mu.Lock() - addr := ac.curAddr.Addr - ac.mu.Unlock() - return &channelz.ChannelInternalMetric{ - State: ac.getState(), - Target: addr, - CallsStarted: atomic.LoadInt64(&ac.czData.callsStarted), - CallsSucceeded: atomic.LoadInt64(&ac.czData.callsSucceeded), - CallsFailed: atomic.LoadInt64(&ac.czData.callsFailed), - LastCallStartedTimestamp: time.Unix(0, atomic.LoadInt64(&ac.czData.lastCallStartedTime)), - } -} - -func (ac *addrConn) incrCallsStarted() { - atomic.AddInt64(&ac.czData.callsStarted, 1) - atomic.StoreInt64(&ac.czData.lastCallStartedTime, time.Now().UnixNano()) -} - -func (ac *addrConn) incrCallsSucceeded() { - atomic.AddInt64(&ac.czData.callsSucceeded, 1) -} - -func (ac *addrConn) incrCallsFailed() { - atomic.AddInt64(&ac.czData.callsFailed, 1) -} - type retryThrottler struct { max float64 thresh float64 @@ -1795,12 +1629,17 @@ func (rt *retryThrottler) successfulRPC() { } } -type channelzChannel struct { - cc *ClientConn +func (ac *addrConn) incrCallsStarted() { + ac.channelz.ChannelMetrics.CallsStarted.Add(1) + ac.channelz.ChannelMetrics.LastCallStartedTimestamp.Store(time.Now().UnixNano()) +} + +func (ac *addrConn) incrCallsSucceeded() { + ac.channelz.ChannelMetrics.CallsSucceeded.Add(1) } -func (c *channelzChannel) ChannelzMetric() *channelz.ChannelInternalMetric { - return c.cc.channelzMetric() +func (ac *addrConn) incrCallsFailed() { + ac.channelz.ChannelMetrics.CallsFailed.Add(1) } // ErrClientConnTimeout indicates that the ClientConn cannot establish the @@ -1842,14 +1681,14 @@ func (cc *ClientConn) connectionError() error { // // Doesn't grab cc.mu as this method is expected to be called only at Dial time. func (cc *ClientConn) parseTargetAndFindResolver() error { - channelz.Infof(logger, cc.channelzID, "original dial target is: %q", cc.target) + channelz.Infof(logger, cc.channelz, "original dial target is: %q", cc.target) var rb resolver.Builder parsedTarget, err := parseTarget(cc.target) if err != nil { - channelz.Infof(logger, cc.channelzID, "dial target %q parse failed: %v", cc.target, err) + channelz.Infof(logger, cc.channelz, "dial target %q parse failed: %v", cc.target, err) } else { - channelz.Infof(logger, cc.channelzID, "parsed dial target is: %+v", parsedTarget) + channelz.Infof(logger, cc.channelz, "parsed dial target is: %#v", parsedTarget) rb = cc.getResolver(parsedTarget.URL.Scheme) if rb != nil { cc.parsedTarget = parsedTarget @@ -1861,17 +1700,22 @@ func (cc *ClientConn) parseTargetAndFindResolver() error { // We are here because the user's dial target did not contain a scheme or // specified an unregistered scheme. We should fallback to the default // scheme, except when a custom dialer is specified in which case, we should - // always use passthrough scheme. - defScheme := resolver.GetDefaultScheme() - channelz.Infof(logger, cc.channelzID, "fallback to scheme %q", defScheme) + // always use passthrough scheme. For either case, we need to respect any overridden + // global defaults set by the user. + defScheme := cc.dopts.defaultScheme + if internal.UserSetDefaultScheme { + defScheme = resolver.GetDefaultScheme() + } + + channelz.Infof(logger, cc.channelz, "fallback to scheme %q", defScheme) canonicalTarget := defScheme + ":///" + cc.target parsedTarget, err = parseTarget(canonicalTarget) if err != nil { - channelz.Infof(logger, cc.channelzID, "dial target %q parse failed: %v", canonicalTarget, err) + channelz.Infof(logger, cc.channelz, "dial target %q parse failed: %v", canonicalTarget, err) return err } - channelz.Infof(logger, cc.channelzID, "parsed dial target is: %+v", parsedTarget) + channelz.Infof(logger, cc.channelz, "parsed dial target is: %+v", parsedTarget) rb = cc.getResolver(parsedTarget.URL.Scheme) if rb == nil { return fmt.Errorf("could not get resolver for default scheme: %q", parsedTarget.URL.Scheme) @@ -1893,6 +1737,8 @@ func parseTarget(target string) (resolver.Target, error) { return resolver.Target{URL: *u}, nil } +// encodeAuthority escapes the authority string based on valid chars defined in +// https://datatracker.ietf.org/doc/html/rfc3986#section-3.2. func encodeAuthority(authority string) string { const upperhex = "0123456789ABCDEF" @@ -1909,7 +1755,7 @@ func encodeAuthority(authority string) string { return false case '!', '$', '&', '\'', '(', ')', '*', '+', ',', ';', '=': // Subdelim characters return false - case ':', '[', ']', '@': // Authority related delimeters + case ':', '[', ']', '@': // Authority related delimiters return false } // Everything else must be escaped. @@ -1981,58 +1827,17 @@ func (cc *ClientConn) determineAuthority() error { } endpoint := cc.parsedTarget.Endpoint() - target := cc.target - switch { - case authorityFromDialOption != "": + if authorityFromDialOption != "" { cc.authority = authorityFromDialOption - case authorityFromCreds != "": + } else if authorityFromCreds != "" { cc.authority = authorityFromCreds - case strings.HasPrefix(target, "unix:") || strings.HasPrefix(target, "unix-abstract:"): - // TODO: remove when the unix resolver implements optional interface to - // return channel authority. - cc.authority = "localhost" - case strings.HasPrefix(endpoint, ":"): + } else if auth, ok := cc.resolverBuilder.(resolver.AuthorityOverrider); ok { + cc.authority = auth.OverrideAuthority(cc.parsedTarget) + } else if strings.HasPrefix(endpoint, ":") { cc.authority = "localhost" + endpoint - default: - // TODO: Define an optional interface on the resolver builder to return - // the channel authority given the user's dial target. For resolvers - // which don't implement this interface, we will use the endpoint from - // "scheme://authority/endpoint" as the default authority. - // Escape the endpoint to handle use cases where the endpoint - // might not be a valid authority by default. - // For example an endpoint which has multiple paths like - // 'a/b/c', which is not a valid authority by default. + } else { cc.authority = encodeAuthority(endpoint) } - channelz.Infof(logger, cc.channelzID, "Channel authority set to %q", cc.authority) - return nil -} - -// initResolverWrapper creates a ccResolverWrapper, which builds the name -// resolver. This method grabs the lock to assign the newly built resolver -// wrapper to the cc.resolverWrapper field. -func (cc *ClientConn) initResolverWrapper(creds credentials.TransportCredentials) error { - rw, err := newCCResolverWrapper(cc, ccResolverWrapperOpts{ - target: cc.parsedTarget, - builder: cc.resolverBuilder, - bOpts: resolver.BuildOptions{ - DisableServiceConfig: cc.dopts.disableServiceConfig, - DialCreds: creds, - CredsBundle: cc.dopts.copts.CredsBundle, - Dialer: cc.dopts.copts.Dialer, - }, - channelzID: cc.channelzID, - }) - if err != nil { - return fmt.Errorf("failed to build resolver: %v", err) - } - // Resolver implementations may report state update or error inline when - // built (or right after), and this is handled in cc.updateResolverState. - // Also, an error from the resolver might lead to a re-resolution request - // from the balancer, which is handled in resolveNow() where - // `cc.resolverWrapper` is accessed. Hence, we need to hold the lock here. - cc.mu.Lock() - cc.resolverWrapper = rw - cc.mu.Unlock() + channelz.Infof(logger, cc.channelz, "Channel authority set to %q", cc.authority) return nil } diff --git a/vendor/google.golang.org/grpc/codegen.sh b/vendor/google.golang.org/grpc/codegen.sh deleted file mode 100644 index 4cdc6ba7c..000000000 --- a/vendor/google.golang.org/grpc/codegen.sh +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env bash - -# This script serves as an example to demonstrate how to generate the gRPC-Go -# interface and the related messages from .proto file. -# -# It assumes the installation of i) Google proto buffer compiler at -# https://github.com/google/protobuf (after v2.6.1) and ii) the Go codegen -# plugin at https://github.com/golang/protobuf (after 2015-02-20). If you have -# not, please install them first. -# -# We recommend running this script at $GOPATH/src. -# -# If this is not what you need, feel free to make your own scripts. Again, this -# script is for demonstration purpose. -# -proto=$1 -protoc --go_out=plugins=grpc:. $proto diff --git a/vendor/google.golang.org/grpc/codes/codes.go b/vendor/google.golang.org/grpc/codes/codes.go index 11b106182..0b42c302b 100644 --- a/vendor/google.golang.org/grpc/codes/codes.go +++ b/vendor/google.golang.org/grpc/codes/codes.go @@ -25,7 +25,13 @@ import ( "strconv" ) -// A Code is an unsigned 32-bit error code as defined in the gRPC spec. +// A Code is a status code defined according to the [gRPC documentation]. +// +// Only the codes defined as consts in this package are valid codes. Do not use +// other code values. Behavior of other codes is implementation-specific and +// interoperability between implementations is not guaranteed. +// +// [gRPC documentation]: https://github.com/grpc/grpc/blob/master/doc/statuscodes.md type Code uint32 const ( @@ -229,7 +235,7 @@ func (c *Code) UnmarshalJSON(b []byte) error { if ci, err := strconv.ParseUint(string(b), 10, 32); err == nil { if ci >= _maxCode { - return fmt.Errorf("invalid code: %q", ci) + return fmt.Errorf("invalid code: %d", ci) } *c = Code(ci) diff --git a/vendor/google.golang.org/grpc/credentials/alts/alts.go b/vendor/google.golang.org/grpc/credentials/alts/alts.go index 579adf210..afcdb8a0d 100644 --- a/vendor/google.golang.org/grpc/credentials/alts/alts.go +++ b/vendor/google.golang.org/grpc/credentials/alts/alts.go @@ -43,7 +43,7 @@ import ( const ( // hypervisorHandshakerServiceAddress represents the default ALTS gRPC // handshaker service address in the hypervisor. - hypervisorHandshakerServiceAddress = "metadata.google.internal.:8080" + hypervisorHandshakerServiceAddress = "dns:///metadata.google.internal.:8080" // defaultTimeout specifies the server handshake timeout. defaultTimeout = 30.0 * time.Second // The following constants specify the minimum and maximum acceptable diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go index 0854e7af6..6c867dd85 100644 --- a/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go +++ b/vendor/google.golang.org/grpc/credentials/alts/internal/handshaker/handshaker.go @@ -25,6 +25,7 @@ import ( "fmt" "io" "net" + "time" "golang.org/x/sync/semaphore" grpc "google.golang.org/grpc" @@ -60,8 +61,6 @@ var ( // control number of concurrent created (but not closed) handshakes. clientHandshakes = semaphore.NewWeighted(int64(envconfig.ALTSMaxConcurrentHandshakes)) serverHandshakes = semaphore.NewWeighted(int64(envconfig.ALTSMaxConcurrentHandshakes)) - // errDropped occurs when maxPendingHandshakes is reached. - errDropped = errors.New("maximum number of concurrent ALTS handshakes is reached") // errOutOfBound occurs when the handshake service returns a consumed // bytes value larger than the buffer that was passed to it originally. errOutOfBound = errors.New("handshaker service consumed bytes value is out-of-bound") @@ -155,8 +154,8 @@ func NewServerHandshaker(ctx context.Context, conn *grpc.ClientConn, c net.Conn, // ClientHandshake starts and completes a client ALTS handshake for GCP. Once // done, ClientHandshake returns a secure connection. func (h *altsHandshaker) ClientHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error) { - if !clientHandshakes.TryAcquire(1) { - return nil, nil, errDropped + if err := clientHandshakes.Acquire(ctx, 1); err != nil { + return nil, nil, err } defer clientHandshakes.Release(1) @@ -208,8 +207,8 @@ func (h *altsHandshaker) ClientHandshake(ctx context.Context) (net.Conn, credent // ServerHandshake starts and completes a server ALTS handshake for GCP. Once // done, ServerHandshake returns a secure connection. func (h *altsHandshaker) ServerHandshake(ctx context.Context) (net.Conn, credentials.AuthInfo, error) { - if !serverHandshakes.TryAcquire(1) { - return nil, nil, errDropped + if err := serverHandshakes.Acquire(ctx, 1); err != nil { + return nil, nil, err } defer serverHandshakes.Release(1) @@ -308,8 +307,10 @@ func (h *altsHandshaker) accessHandshakerService(req *altspb.HandshakerReq) (*al // the results. Handshaker service takes care of frame parsing, so we read // whatever received from the network and send it to the handshaker service. func (h *altsHandshaker) processUntilDone(resp *altspb.HandshakerResp, extra []byte) (*altspb.HandshakerResult, []byte, error) { + var lastWriteTime time.Time for { if len(resp.OutFrames) > 0 { + lastWriteTime = time.Now() if _, err := h.conn.Write(resp.OutFrames); err != nil { return nil, nil, err } @@ -333,11 +334,15 @@ func (h *altsHandshaker) processUntilDone(resp *altspb.HandshakerResp, extra []b // Append extra bytes from the previous interaction with the // handshaker service with the current buffer read from conn. p := append(extra, buf[:n]...) + // Compute the time elapsed since the last write to the peer. + timeElapsed := time.Since(lastWriteTime) + timeElapsedMs := uint32(timeElapsed.Milliseconds()) // From here on, p and extra point to the same slice. resp, err = h.accessHandshakerService(&altspb.HandshakerReq{ ReqOneof: &altspb.HandshakerReq_Next{ Next: &altspb.NextHandshakeMessageReq{ - InBytes: p, + InBytes: p, + NetworkLatencyMs: timeElapsedMs, }, }, }) diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go index c7cf1810a..fe4488a95 100644 --- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go +++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/altscontext.pb.go @@ -17,8 +17,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 -// protoc v4.22.0 +// protoc-gen-go v1.33.0 +// protoc v4.25.2 // source: grpc/gcp/altscontext.proto package grpc_gcp diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go index 81d0f1140..adbad6b2f 100644 --- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go +++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker.pb.go @@ -17,8 +17,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 -// protoc v4.22.0 +// protoc-gen-go v1.33.0 +// protoc v4.25.2 // source: grpc/gcp/handshaker.proto package grpc_gcp @@ -331,6 +331,11 @@ type StartClientHandshakeReq struct { RpcVersions *RpcProtocolVersions `protobuf:"bytes,9,opt,name=rpc_versions,json=rpcVersions,proto3" json:"rpc_versions,omitempty"` // (Optional) Maximum frame size supported by the client. MaxFrameSize uint32 `protobuf:"varint,10,opt,name=max_frame_size,json=maxFrameSize,proto3" json:"max_frame_size,omitempty"` + // (Optional) An access token created by the caller only intended for use in + // ALTS connections. The access token that should be used to authenticate to + // the peer. The access token MUST be strongly bound to the ALTS credentials + // used to establish the connection that the token is sent over. + AccessToken string `protobuf:"bytes,11,opt,name=access_token,json=accessToken,proto3" json:"access_token,omitempty"` } func (x *StartClientHandshakeReq) Reset() { @@ -435,6 +440,13 @@ func (x *StartClientHandshakeReq) GetMaxFrameSize() uint32 { return 0 } +func (x *StartClientHandshakeReq) GetAccessToken() string { + if x != nil { + return x.AccessToken + } + return "" +} + type ServerHandshakeParameters struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -446,6 +458,11 @@ type ServerHandshakeParameters struct { // (Optional) A list of local identities supported by the server, if // specified. Otherwise, the handshaker chooses a default local identity. LocalIdentities []*Identity `protobuf:"bytes,2,rep,name=local_identities,json=localIdentities,proto3" json:"local_identities,omitempty"` + // A token created by the caller only intended for use in + // ALTS connections. The token should be used to authenticate to + // the peer. The token MUST be strongly bound to the ALTS credentials + // used to establish the connection that the token is sent over. + Token *string `protobuf:"bytes,3,opt,name=token,proto3,oneof" json:"token,omitempty"` } func (x *ServerHandshakeParameters) Reset() { @@ -494,6 +511,13 @@ func (x *ServerHandshakeParameters) GetLocalIdentities() []*Identity { return nil } +func (x *ServerHandshakeParameters) GetToken() string { + if x != nil && x.Token != nil { + return *x.Token + } + return "" +} + type StartServerHandshakeReq struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -613,6 +637,10 @@ type NextHandshakeMessageReq struct { // that the peer's out_frames are split into multiple NextHandshakerMessageReq // messages. InBytes []byte `protobuf:"bytes,1,opt,name=in_bytes,json=inBytes,proto3" json:"in_bytes,omitempty"` + // Number of milliseconds between when the application send the last handshake + // message to the peer and when the application received the current handshake + // message (in the in_bytes field) from the peer. + NetworkLatencyMs uint32 `protobuf:"varint,2,opt,name=network_latency_ms,json=networkLatencyMs,proto3" json:"network_latency_ms,omitempty"` } func (x *NextHandshakeMessageReq) Reset() { @@ -654,6 +682,13 @@ func (x *NextHandshakeMessageReq) GetInBytes() []byte { return nil } +func (x *NextHandshakeMessageReq) GetNetworkLatencyMs() uint32 { + if x != nil { + return x.NetworkLatencyMs + } + return 0 +} + type HandshakerReq struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1036,7 +1071,7 @@ var file_grpc_gcp_handshaker_proto_rawDesc = []byte{ 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x42, 0x10, 0x0a, 0x0e, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, - 0x22, 0xd3, 0x04, 0x0a, 0x17, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, + 0x22, 0xf6, 0x04, 0x0a, 0x17, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x71, 0x12, 0x5b, 0x0a, 0x1b, 0x68, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x5f, 0x73, 0x65, 0x63, 0x75, 0x72, 0x69, 0x74, 0x79, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, @@ -1073,132 +1108,139 @@ var file_grpc_gcp_handshaker_proto_rawDesc = []byte{ 0x6f, 0x6e, 0x73, 0x52, 0x0b, 0x72, 0x70, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x61, 0x78, 0x46, 0x72, 0x61, - 0x6d, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x85, 0x01, 0x0a, 0x19, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, - 0x74, 0x65, 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x5f, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, - 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, - 0x3d, 0x0a, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, - 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x72, 0x70, 0x63, - 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0f, 0x6c, - 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0xa5, - 0x04, 0x0a, 0x17, 0x53, 0x74, 0x61, 0x72, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x61, - 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x71, 0x12, 0x33, 0x0a, 0x15, 0x61, 0x70, - 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x14, 0x61, 0x70, 0x70, 0x6c, 0x69, - 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, - 0x6d, 0x0a, 0x14, 0x68, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x5f, 0x70, 0x61, 0x72, - 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, - 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x53, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x71, - 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, - 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x13, 0x68, 0x61, 0x6e, 0x64, 0x73, - 0x68, 0x61, 0x6b, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, - 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, - 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x12, 0x39, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x45, 0x6e, 0x64, - 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x45, 0x6e, 0x64, 0x70, - 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x3b, 0x0a, 0x0f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x65, - 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, - 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, - 0x74, 0x52, 0x0e, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, - 0x74, 0x12, 0x40, 0x0a, 0x0c, 0x72, 0x70, 0x63, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, - 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, - 0x63, 0x70, 0x2e, 0x52, 0x70, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, - 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0b, 0x72, 0x70, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x72, 0x61, 0x6d, 0x65, - 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x61, 0x78, - 0x46, 0x72, 0x61, 0x6d, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x6b, 0x0a, 0x18, 0x48, 0x61, 0x6e, - 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, - 0x70, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, - 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x34, 0x0a, 0x17, 0x4e, 0x65, 0x78, 0x74, 0x48, 0x61, - 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, - 0x71, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, 0x73, 0x22, 0xe5, 0x01, 0x0a, - 0x0d, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x52, 0x65, 0x71, 0x12, 0x46, - 0x0a, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, - 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x6e, 0x64, 0x73, - 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, - 0x74, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x46, 0x0a, 0x0c, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, - 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x71, 0x48, - 0x00, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x37, - 0x0a, 0x04, 0x6e, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, - 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x4e, 0x65, 0x78, 0x74, 0x48, 0x61, 0x6e, 0x64, - 0x73, 0x68, 0x61, 0x6b, 0x65, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x48, - 0x00, 0x52, 0x04, 0x6e, 0x65, 0x78, 0x74, 0x42, 0x0b, 0x0a, 0x09, 0x72, 0x65, 0x71, 0x5f, 0x6f, - 0x6e, 0x65, 0x6f, 0x66, 0x22, 0x9a, 0x03, 0x0a, 0x10, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, - 0x6b, 0x65, 0x72, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x31, 0x0a, 0x14, 0x61, 0x70, 0x70, - 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, - 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x27, 0x0a, 0x0f, - 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x50, 0x72, 0x6f, - 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6b, 0x65, 0x79, 0x5f, 0x64, 0x61, 0x74, - 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6b, 0x65, 0x79, 0x44, 0x61, 0x74, 0x61, - 0x12, 0x37, 0x0a, 0x0d, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, - 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, - 0x63, 0x70, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0c, 0x70, 0x65, 0x65, - 0x72, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x39, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, - 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x49, 0x64, 0x65, - 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, - 0x74, 0x69, 0x74, 0x79, 0x12, 0x2a, 0x0a, 0x11, 0x6b, 0x65, 0x65, 0x70, 0x5f, 0x63, 0x68, 0x61, - 0x6e, 0x6e, 0x65, 0x6c, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, - 0x0f, 0x6b, 0x65, 0x65, 0x70, 0x43, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x4f, 0x70, 0x65, 0x6e, - 0x12, 0x49, 0x0a, 0x11, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x72, 0x70, 0x63, 0x5f, 0x76, 0x65, 0x72, - 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x72, - 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x52, 0x70, 0x63, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0f, 0x70, 0x65, 0x65, 0x72, - 0x52, 0x70, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x6d, - 0x61, 0x78, 0x5f, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x08, 0x20, + 0x6d, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x12, 0x21, 0x0a, 0x0c, 0x61, 0x63, 0x63, 0x65, 0x73, 0x73, + 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x61, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x54, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xaa, 0x01, 0x0a, 0x19, 0x53, 0x65, + 0x72, 0x76, 0x65, 0x72, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x50, 0x61, 0x72, + 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x72, 0x65, 0x63, 0x6f, 0x72, + 0x64, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x0f, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x73, 0x12, 0x3d, 0x0a, 0x10, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, + 0x74, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, + 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, + 0x52, 0x0f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x69, 0x65, + 0x73, 0x12, 0x19, 0x0a, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x48, 0x00, 0x52, 0x05, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x88, 0x01, 0x01, 0x42, 0x08, 0x0a, 0x06, + 0x5f, 0x74, 0x6f, 0x6b, 0x65, 0x6e, 0x22, 0xa5, 0x04, 0x0a, 0x17, 0x53, 0x74, 0x61, 0x72, 0x74, + 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, + 0x65, 0x71, 0x12, 0x33, 0x0a, 0x15, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x14, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x6d, 0x0a, 0x14, 0x68, 0x61, 0x6e, 0x64, 0x73, + 0x68, 0x61, 0x6b, 0x65, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, + 0x2e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x61, 0x6e, 0x64, + 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x71, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, + 0x6b, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, + 0x79, 0x52, 0x13, 0x68, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x50, 0x61, 0x72, 0x61, + 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, 0x62, 0x79, 0x74, + 0x65, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, 0x79, 0x74, 0x65, + 0x73, 0x12, 0x39, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x72, 0x70, 0x63, + 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x0d, 0x6c, + 0x6f, 0x63, 0x61, 0x6c, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x3b, 0x0a, 0x0f, + 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, + 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, + 0x2e, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x52, 0x0e, 0x72, 0x65, 0x6d, 0x6f, 0x74, + 0x65, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x40, 0x0a, 0x0c, 0x72, 0x70, 0x63, + 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1d, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x52, 0x70, 0x63, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x0b, + 0x72, 0x70, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x6d, + 0x61, 0x78, 0x5f, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x61, 0x78, 0x46, 0x72, 0x61, 0x6d, 0x65, 0x53, 0x69, 0x7a, - 0x65, 0x22, 0x40, 0x0a, 0x10, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x53, - 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, - 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, - 0x69, 0x6c, 0x73, 0x22, 0xbe, 0x01, 0x0a, 0x0e, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, - 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1d, 0x0a, 0x0a, 0x6f, 0x75, 0x74, 0x5f, 0x66, 0x72, - 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x09, 0x6f, 0x75, 0x74, 0x46, - 0x72, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x62, 0x79, 0x74, 0x65, 0x73, 0x5f, 0x63, - 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x62, - 0x79, 0x74, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x12, 0x32, 0x0a, 0x06, - 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, - 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, - 0x65, 0x72, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, - 0x12, 0x32, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x1a, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x48, 0x61, 0x6e, 0x64, - 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, - 0x61, 0x74, 0x75, 0x73, 0x2a, 0x4a, 0x0a, 0x11, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, - 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x22, 0x0a, 0x1e, 0x48, 0x41, 0x4e, - 0x44, 0x53, 0x48, 0x41, 0x4b, 0x45, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, - 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, - 0x03, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x41, 0x4c, 0x54, 0x53, 0x10, 0x02, - 0x2a, 0x45, 0x0a, 0x0f, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x12, 0x20, 0x0a, 0x1c, 0x4e, 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x5f, 0x50, - 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, - 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x43, 0x50, 0x10, 0x01, 0x12, 0x07, - 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x02, 0x32, 0x5b, 0x0a, 0x11, 0x48, 0x61, 0x6e, 0x64, 0x73, - 0x68, 0x61, 0x6b, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x46, 0x0a, 0x0b, - 0x44, 0x6f, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x12, 0x17, 0x2e, 0x67, 0x72, - 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, - 0x72, 0x52, 0x65, 0x71, 0x1a, 0x18, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, - 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, - 0x28, 0x01, 0x30, 0x01, 0x42, 0x6b, 0x0a, 0x15, 0x69, 0x6f, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, - 0x61, 0x6c, 0x74, 0x73, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x42, 0x0f, 0x48, - 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, - 0x5a, 0x3f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, - 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, - 0x69, 0x61, 0x6c, 0x73, 0x2f, 0x61, 0x6c, 0x74, 0x73, 0x2f, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x67, 0x63, - 0x70, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x65, 0x1a, 0x6b, 0x0a, 0x18, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x50, 0x61, + 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, + 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, + 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, + 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, + 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x65, 0x74, + 0x65, 0x72, 0x73, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x62, + 0x0a, 0x17, 0x4e, 0x65, 0x78, 0x74, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x52, 0x65, 0x71, 0x12, 0x19, 0x0a, 0x08, 0x69, 0x6e, 0x5f, + 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x69, 0x6e, 0x42, + 0x79, 0x74, 0x65, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x5f, + 0x6c, 0x61, 0x74, 0x65, 0x6e, 0x63, 0x79, 0x5f, 0x6d, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x10, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x4c, 0x61, 0x74, 0x65, 0x6e, 0x63, 0x79, + 0x4d, 0x73, 0x22, 0xe5, 0x01, 0x0a, 0x0d, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, + 0x72, 0x52, 0x65, 0x71, 0x12, 0x46, 0x0a, 0x0c, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x73, + 0x74, 0x61, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x72, 0x70, + 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x53, 0x74, 0x61, 0x72, 0x74, 0x43, 0x6c, 0x69, 0x65, 0x6e, + 0x74, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, + 0x0b, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x61, 0x72, 0x74, 0x12, 0x46, 0x0a, 0x0c, + 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x73, 0x74, 0x61, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x53, 0x74, + 0x61, 0x72, 0x74, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, + 0x6b, 0x65, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x0b, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x53, + 0x74, 0x61, 0x72, 0x74, 0x12, 0x37, 0x0a, 0x04, 0x6e, 0x65, 0x78, 0x74, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x4e, 0x65, + 0x78, 0x74, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x4d, 0x65, 0x73, 0x73, 0x61, + 0x67, 0x65, 0x52, 0x65, 0x71, 0x48, 0x00, 0x52, 0x04, 0x6e, 0x65, 0x78, 0x74, 0x42, 0x0b, 0x0a, + 0x09, 0x72, 0x65, 0x71, 0x5f, 0x6f, 0x6e, 0x65, 0x6f, 0x66, 0x22, 0x9a, 0x03, 0x0a, 0x10, 0x48, + 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, + 0x31, 0x0a, 0x14, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x13, 0x61, + 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, + 0x6f, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x72, 0x65, 0x63, 0x6f, 0x72, 0x64, 0x5f, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x72, 0x65, 0x63, + 0x6f, 0x72, 0x64, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x19, 0x0a, 0x08, 0x6b, + 0x65, 0x79, 0x5f, 0x64, 0x61, 0x74, 0x61, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0c, 0x52, 0x07, 0x6b, + 0x65, 0x79, 0x44, 0x61, 0x74, 0x61, 0x12, 0x37, 0x0a, 0x0d, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x69, + 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, + 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x52, 0x0c, 0x70, 0x65, 0x65, 0x72, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, + 0x39, 0x0a, 0x0e, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x69, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, + 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x12, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, + 0x63, 0x70, 0x2e, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x52, 0x0d, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x49, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x74, 0x79, 0x12, 0x2a, 0x0a, 0x11, 0x6b, 0x65, + 0x65, 0x70, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x6e, 0x65, 0x6c, 0x5f, 0x6f, 0x70, 0x65, 0x6e, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0f, 0x6b, 0x65, 0x65, 0x70, 0x43, 0x68, 0x61, 0x6e, 0x6e, + 0x65, 0x6c, 0x4f, 0x70, 0x65, 0x6e, 0x12, 0x49, 0x0a, 0x11, 0x70, 0x65, 0x65, 0x72, 0x5f, 0x72, + 0x70, 0x63, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x1d, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x52, 0x70, 0x63, + 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x73, + 0x52, 0x0f, 0x70, 0x65, 0x65, 0x72, 0x52, 0x70, 0x63, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x73, 0x12, 0x24, 0x0a, 0x0e, 0x6d, 0x61, 0x78, 0x5f, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x5f, 0x73, + 0x69, 0x7a, 0x65, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x6d, 0x61, 0x78, 0x46, 0x72, + 0x61, 0x6d, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x22, 0x40, 0x0a, 0x10, 0x48, 0x61, 0x6e, 0x64, 0x73, + 0x68, 0x61, 0x6b, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x63, + 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x12, + 0x18, 0x0a, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x07, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x73, 0x22, 0xbe, 0x01, 0x0a, 0x0e, 0x48, 0x61, + 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x52, 0x65, 0x73, 0x70, 0x12, 0x1d, 0x0a, 0x0a, + 0x6f, 0x75, 0x74, 0x5f, 0x66, 0x72, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0c, + 0x52, 0x09, 0x6f, 0x75, 0x74, 0x46, 0x72, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x62, + 0x79, 0x74, 0x65, 0x73, 0x5f, 0x63, 0x6f, 0x6e, 0x73, 0x75, 0x6d, 0x65, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x0d, 0x62, 0x79, 0x74, 0x65, 0x73, 0x43, 0x6f, 0x6e, 0x73, 0x75, 0x6d, + 0x65, 0x64, 0x12, 0x32, 0x0a, 0x06, 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x48, 0x61, + 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x52, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x52, 0x06, + 0x72, 0x65, 0x73, 0x75, 0x6c, 0x74, 0x12, 0x32, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, + 0x70, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x53, 0x74, 0x61, 0x74, + 0x75, 0x73, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2a, 0x4a, 0x0a, 0x11, 0x48, 0x61, + 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, + 0x22, 0x0a, 0x1e, 0x48, 0x41, 0x4e, 0x44, 0x53, 0x48, 0x41, 0x4b, 0x45, 0x5f, 0x50, 0x52, 0x4f, + 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, + 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, 0x4c, 0x53, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, + 0x41, 0x4c, 0x54, 0x53, 0x10, 0x02, 0x2a, 0x45, 0x0a, 0x0f, 0x4e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x20, 0x0a, 0x1c, 0x4e, 0x45, 0x54, + 0x57, 0x4f, 0x52, 0x4b, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x55, 0x4e, + 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x07, 0x0a, 0x03, 0x54, + 0x43, 0x50, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x55, 0x44, 0x50, 0x10, 0x02, 0x32, 0x5b, 0x0a, + 0x11, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x12, 0x46, 0x0a, 0x0b, 0x44, 0x6f, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, + 0x65, 0x12, 0x17, 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x48, 0x61, 0x6e, + 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x52, 0x65, 0x71, 0x1a, 0x18, 0x2e, 0x67, 0x72, 0x70, + 0x63, 0x2e, 0x67, 0x63, 0x70, 0x2e, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, + 0x52, 0x65, 0x73, 0x70, 0x22, 0x00, 0x28, 0x01, 0x30, 0x01, 0x42, 0x6b, 0x0a, 0x15, 0x69, 0x6f, + 0x2e, 0x67, 0x72, 0x70, 0x63, 0x2e, 0x61, 0x6c, 0x74, 0x73, 0x2e, 0x69, 0x6e, 0x74, 0x65, 0x72, + 0x6e, 0x61, 0x6c, 0x42, 0x0f, 0x48, 0x61, 0x6e, 0x64, 0x73, 0x68, 0x61, 0x6b, 0x65, 0x72, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x50, 0x01, 0x5a, 0x3f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x67, + 0x6f, 0x6c, 0x61, 0x6e, 0x67, 0x2e, 0x6f, 0x72, 0x67, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x63, + 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x2f, 0x61, 0x6c, 0x74, 0x73, 0x2f, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x2f, 0x67, + 0x72, 0x70, 0x63, 0x5f, 0x67, 0x63, 0x70, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1396,6 +1438,7 @@ func file_grpc_gcp_handshaker_proto_init() { (*Identity_ServiceAccount)(nil), (*Identity_Hostname)(nil), } + file_grpc_gcp_handshaker_proto_msgTypes[3].OneofWrappers = []interface{}{} file_grpc_gcp_handshaker_proto_msgTypes[6].OneofWrappers = []interface{}{ (*HandshakerReq_ClientStart)(nil), (*HandshakerReq_ServerStart)(nil), diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go index 39ecccf87..d1af55260 100644 --- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go +++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/handshaker_grpc.pb.go @@ -18,7 +18,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: // - protoc-gen-go-grpc v1.3.0 -// - protoc v4.22.0 +// - protoc v4.25.2 // source: grpc/gcp/handshaker.proto package grpc_gcp @@ -32,8 +32,8 @@ import ( // This is a compile-time assertion to ensure that this generated file // is compatible with the grpc package it is being compiled against. -// Requires gRPC-Go v1.32.0 or later. -const _ = grpc.SupportPackageIsVersion7 +// Requires gRPC-Go v1.64.0 or later. +const _ = grpc.SupportPackageIsVersion9 const ( HandshakerService_DoHandshake_FullMethodName = "/grpc.gcp.HandshakerService/DoHandshake" @@ -49,7 +49,7 @@ type HandshakerServiceClient interface { // messages with next. Each time client sends a request, the handshaker // service expects to respond. Client does not have to wait for service's // response before sending next request. - DoHandshake(ctx context.Context, opts ...grpc.CallOption) (HandshakerService_DoHandshakeClient, error) + DoHandshake(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[HandshakerReq, HandshakerResp], error) } type handshakerServiceClient struct { @@ -60,36 +60,18 @@ func NewHandshakerServiceClient(cc grpc.ClientConnInterface) HandshakerServiceCl return &handshakerServiceClient{cc} } -func (c *handshakerServiceClient) DoHandshake(ctx context.Context, opts ...grpc.CallOption) (HandshakerService_DoHandshakeClient, error) { - stream, err := c.cc.NewStream(ctx, &HandshakerService_ServiceDesc.Streams[0], HandshakerService_DoHandshake_FullMethodName, opts...) +func (c *handshakerServiceClient) DoHandshake(ctx context.Context, opts ...grpc.CallOption) (grpc.BidiStreamingClient[HandshakerReq, HandshakerResp], error) { + cOpts := append([]grpc.CallOption{grpc.StaticMethod()}, opts...) + stream, err := c.cc.NewStream(ctx, &HandshakerService_ServiceDesc.Streams[0], HandshakerService_DoHandshake_FullMethodName, cOpts...) if err != nil { return nil, err } - x := &handshakerServiceDoHandshakeClient{stream} + x := &grpc.GenericClientStream[HandshakerReq, HandshakerResp]{ClientStream: stream} return x, nil } -type HandshakerService_DoHandshakeClient interface { - Send(*HandshakerReq) error - Recv() (*HandshakerResp, error) - grpc.ClientStream -} - -type handshakerServiceDoHandshakeClient struct { - grpc.ClientStream -} - -func (x *handshakerServiceDoHandshakeClient) Send(m *HandshakerReq) error { - return x.ClientStream.SendMsg(m) -} - -func (x *handshakerServiceDoHandshakeClient) Recv() (*HandshakerResp, error) { - m := new(HandshakerResp) - if err := x.ClientStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type HandshakerService_DoHandshakeClient = grpc.BidiStreamingClient[HandshakerReq, HandshakerResp] // HandshakerServiceServer is the server API for HandshakerService service. // All implementations must embed UnimplementedHandshakerServiceServer @@ -101,7 +83,7 @@ type HandshakerServiceServer interface { // messages with next. Each time client sends a request, the handshaker // service expects to respond. Client does not have to wait for service's // response before sending next request. - DoHandshake(HandshakerService_DoHandshakeServer) error + DoHandshake(grpc.BidiStreamingServer[HandshakerReq, HandshakerResp]) error mustEmbedUnimplementedHandshakerServiceServer() } @@ -109,7 +91,7 @@ type HandshakerServiceServer interface { type UnimplementedHandshakerServiceServer struct { } -func (UnimplementedHandshakerServiceServer) DoHandshake(HandshakerService_DoHandshakeServer) error { +func (UnimplementedHandshakerServiceServer) DoHandshake(grpc.BidiStreamingServer[HandshakerReq, HandshakerResp]) error { return status.Errorf(codes.Unimplemented, "method DoHandshake not implemented") } func (UnimplementedHandshakerServiceServer) mustEmbedUnimplementedHandshakerServiceServer() {} @@ -126,30 +108,11 @@ func RegisterHandshakerServiceServer(s grpc.ServiceRegistrar, srv HandshakerServ } func _HandshakerService_DoHandshake_Handler(srv interface{}, stream grpc.ServerStream) error { - return srv.(HandshakerServiceServer).DoHandshake(&handshakerServiceDoHandshakeServer{stream}) + return srv.(HandshakerServiceServer).DoHandshake(&grpc.GenericServerStream[HandshakerReq, HandshakerResp]{ServerStream: stream}) } -type HandshakerService_DoHandshakeServer interface { - Send(*HandshakerResp) error - Recv() (*HandshakerReq, error) - grpc.ServerStream -} - -type handshakerServiceDoHandshakeServer struct { - grpc.ServerStream -} - -func (x *handshakerServiceDoHandshakeServer) Send(m *HandshakerResp) error { - return x.ServerStream.SendMsg(m) -} - -func (x *handshakerServiceDoHandshakeServer) Recv() (*HandshakerReq, error) { - m := new(HandshakerReq) - if err := x.ServerStream.RecvMsg(m); err != nil { - return nil, err - } - return m, nil -} +// This type alias is provided for backwards compatibility with existing code that references the prior non-generic stream type by name. +type HandshakerService_DoHandshakeServer = grpc.BidiStreamingServer[HandshakerReq, HandshakerResp] // HandshakerService_ServiceDesc is the grpc.ServiceDesc for HandshakerService service. // It's only intended for direct use with grpc.RegisterService, diff --git a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go index 69f094758..d65ffe6e7 100644 --- a/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go +++ b/vendor/google.golang.org/grpc/credentials/alts/internal/proto/grpc_gcp/transport_security_common.pb.go @@ -17,8 +17,8 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 -// protoc v4.22.0 +// protoc-gen-go v1.33.0 +// protoc v4.25.2 // source: grpc/gcp/transport_security_common.proto package grpc_gcp diff --git a/vendor/google.golang.org/grpc/credentials/credentials.go b/vendor/google.golang.org/grpc/credentials/credentials.go index 5feac3aa0..665e790bb 100644 --- a/vendor/google.golang.org/grpc/credentials/credentials.go +++ b/vendor/google.golang.org/grpc/credentials/credentials.go @@ -28,9 +28,9 @@ import ( "fmt" "net" - "github.com/golang/protobuf/proto" "google.golang.org/grpc/attributes" icredentials "google.golang.org/grpc/internal/credentials" + "google.golang.org/protobuf/proto" ) // PerRPCCredentials defines the common interface for the credentials which need to @@ -237,7 +237,7 @@ func ClientHandshakeInfoFromContext(ctx context.Context) ClientHandshakeInfo { } // CheckSecurityLevel checks if a connection's security level is greater than or equal to the specified one. -// It returns success if 1) the condition is satisified or 2) AuthInfo struct does not implement GetCommonAuthInfo() method +// It returns success if 1) the condition is satisfied or 2) AuthInfo struct does not implement GetCommonAuthInfo() method // or 3) CommonAuthInfo.SecurityLevel has an invalid zero value. For 2) and 3), it is for the purpose of backward-compatibility. // // This API is experimental. diff --git a/vendor/google.golang.org/grpc/credentials/google/xds.go b/vendor/google.golang.org/grpc/credentials/google/xds.go index 2c5c8b9ee..cccb22271 100644 --- a/vendor/google.golang.org/grpc/credentials/google/xds.go +++ b/vendor/google.golang.org/grpc/credentials/google/xds.go @@ -25,7 +25,7 @@ import ( "strings" "google.golang.org/grpc/credentials" - "google.golang.org/grpc/internal" + "google.golang.org/grpc/internal/xds" ) const cfeClusterNamePrefix = "google_cfe_" @@ -63,7 +63,7 @@ func clusterName(ctx context.Context) string { if chi.Attributes == nil { return "" } - cluster, _ := internal.GetXDSHandshakeClusterName(chi.Attributes) + cluster, _ := xds.GetXDSHandshakeClusterName(chi.Attributes) return cluster } diff --git a/vendor/google.golang.org/grpc/credentials/tls.go b/vendor/google.golang.org/grpc/credentials/tls.go index 877b7cd21..5dafd34ed 100644 --- a/vendor/google.golang.org/grpc/credentials/tls.go +++ b/vendor/google.golang.org/grpc/credentials/tls.go @@ -44,10 +44,25 @@ func (t TLSInfo) AuthType() string { return "tls" } +// cipherSuiteLookup returns the string version of a TLS cipher suite ID. +func cipherSuiteLookup(cipherSuiteID uint16) string { + for _, s := range tls.CipherSuites() { + if s.ID == cipherSuiteID { + return s.Name + } + } + for _, s := range tls.InsecureCipherSuites() { + if s.ID == cipherSuiteID { + return s.Name + } + } + return fmt.Sprintf("unknown ID: %v", cipherSuiteID) +} + // GetSecurityValue returns security info requested by channelz. func (t TLSInfo) GetSecurityValue() ChannelzSecurityValue { v := &TLSChannelzSecurityValue{ - StandardName: cipherSuiteLookup[t.State.CipherSuite], + StandardName: cipherSuiteLookup(t.State.CipherSuite), } // Currently there's no way to get LocalCertificate info from tls package. if len(t.State.PeerCertificates) > 0 { @@ -138,10 +153,39 @@ func (c *tlsCreds) OverrideServerName(serverNameOverride string) error { return nil } +// The following cipher suites are forbidden for use with HTTP/2 by +// https://datatracker.ietf.org/doc/html/rfc7540#appendix-A +var tls12ForbiddenCipherSuites = map[uint16]struct{}{ + tls.TLS_RSA_WITH_AES_128_CBC_SHA: {}, + tls.TLS_RSA_WITH_AES_256_CBC_SHA: {}, + tls.TLS_RSA_WITH_AES_128_GCM_SHA256: {}, + tls.TLS_RSA_WITH_AES_256_GCM_SHA384: {}, + tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: {}, + tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: {}, + tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: {}, + tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: {}, +} + // NewTLS uses c to construct a TransportCredentials based on TLS. func NewTLS(c *tls.Config) TransportCredentials { tc := &tlsCreds{credinternal.CloneTLSConfig(c)} tc.config.NextProtos = credinternal.AppendH2ToNextProtos(tc.config.NextProtos) + // If the user did not configure a MinVersion and did not configure a + // MaxVersion < 1.2, use MinVersion=1.2, which is required by + // https://datatracker.ietf.org/doc/html/rfc7540#section-9.2 + if tc.config.MinVersion == 0 && (tc.config.MaxVersion == 0 || tc.config.MaxVersion >= tls.VersionTLS12) { + tc.config.MinVersion = tls.VersionTLS12 + } + // If the user did not configure CipherSuites, use all "secure" cipher + // suites reported by the TLS package, but remove some explicitly forbidden + // by https://datatracker.ietf.org/doc/html/rfc7540#appendix-A + if tc.config.CipherSuites == nil { + for _, cs := range tls.CipherSuites() { + if _, ok := tls12ForbiddenCipherSuites[cs.ID]; !ok { + tc.config.CipherSuites = append(tc.config.CipherSuites, cs.ID) + } + } + } return tc } @@ -205,32 +249,3 @@ type TLSChannelzSecurityValue struct { LocalCertificate []byte RemoteCertificate []byte } - -var cipherSuiteLookup = map[uint16]string{ - tls.TLS_RSA_WITH_RC4_128_SHA: "TLS_RSA_WITH_RC4_128_SHA", - tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA: "TLS_RSA_WITH_3DES_EDE_CBC_SHA", - tls.TLS_RSA_WITH_AES_128_CBC_SHA: "TLS_RSA_WITH_AES_128_CBC_SHA", - tls.TLS_RSA_WITH_AES_256_CBC_SHA: "TLS_RSA_WITH_AES_256_CBC_SHA", - tls.TLS_RSA_WITH_AES_128_GCM_SHA256: "TLS_RSA_WITH_AES_128_GCM_SHA256", - tls.TLS_RSA_WITH_AES_256_GCM_SHA384: "TLS_RSA_WITH_AES_256_GCM_SHA384", - tls.TLS_ECDHE_ECDSA_WITH_RC4_128_SHA: "TLS_ECDHE_ECDSA_WITH_RC4_128_SHA", - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA", - tls.TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA", - tls.TLS_ECDHE_RSA_WITH_RC4_128_SHA: "TLS_ECDHE_RSA_WITH_RC4_128_SHA", - tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA: "TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA", - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA", - tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA: "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA", - tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", - tls.TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256", - tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", - tls.TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384: "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", - tls.TLS_FALLBACK_SCSV: "TLS_FALLBACK_SCSV", - tls.TLS_RSA_WITH_AES_128_CBC_SHA256: "TLS_RSA_WITH_AES_128_CBC_SHA256", - tls.TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256", - tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256: "TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256", - tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305: "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305", - tls.TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305: "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305", - tls.TLS_AES_128_GCM_SHA256: "TLS_AES_128_GCM_SHA256", - tls.TLS_AES_256_GCM_SHA384: "TLS_AES_256_GCM_SHA384", - tls.TLS_CHACHA20_POLY1305_SHA256: "TLS_CHACHA20_POLY1305_SHA256", -} diff --git a/vendor/google.golang.org/grpc/dialoptions.go b/vendor/google.golang.org/grpc/dialoptions.go index cfc9fd85e..00273702b 100644 --- a/vendor/google.golang.org/grpc/dialoptions.go +++ b/vendor/google.golang.org/grpc/dialoptions.go @@ -46,6 +46,7 @@ func init() { internal.WithBinaryLogger = withBinaryLogger internal.JoinDialOptions = newJoinDialOption internal.DisableGlobalDialOptions = newDisableGlobalDialOptions + internal.WithRecvBufferPool = withRecvBufferPool } // dialOptions configure a Dial call. dialOptions are set by the DialOption @@ -63,12 +64,11 @@ type dialOptions struct { block bool returnLastError bool timeout time.Duration - scChan <-chan ServiceConfig authority string binaryLogger binarylog.Logger copts transport.ConnectOptions callOptions []CallOption - channelzParentID *channelz.Identifier + channelzParent channelz.Identifier disableServiceConfig bool disableRetry bool disableHealthCheck bool @@ -79,6 +79,7 @@ type dialOptions struct { resolvers []resolver.Builder idleTimeout time.Duration recvBufferPool SharedBufferPool + defaultScheme string } // DialOption configures how we set up the connection. @@ -154,9 +155,7 @@ func WithSharedWriteBuffer(val bool) DialOption { } // WithWriteBufferSize determines how much data can be batched before doing a -// write on the wire. The corresponding memory allocation for this buffer will -// be twice the size to keep syscalls low. The default value for this buffer is -// 32KB. +// write on the wire. The default value for this buffer is 32KB. // // Zero or negative values will disable the write buffer such that each write // will be on underlying connection. Note: A Send call may not directly @@ -250,19 +249,6 @@ func WithDecompressor(dc Decompressor) DialOption { }) } -// WithServiceConfig returns a DialOption which has a channel to read the -// service configuration. -// -// Deprecated: service config should be received through name resolver or via -// WithDefaultServiceConfig, as specified at -// https://github.com/grpc/grpc/blob/master/doc/service_config.md. Will be -// removed in a future 1.x release. -func WithServiceConfig(c <-chan ServiceConfig) DialOption { - return newFuncDialOption(func(o *dialOptions) { - o.scChan = c - }) -} - // WithConnectParams configures the ClientConn to use the provided ConnectParams // for creating and maintaining connections to servers. // @@ -314,6 +300,9 @@ func withBackoff(bs internalbackoff.Strategy) DialOption { // // Use of this feature is not recommended. For more information, please see: // https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md +// +// Deprecated: this DialOption is not supported by NewClient. +// Will be supported throughout 1.x. func WithBlock() DialOption { return newFuncDialOption(func(o *dialOptions) { o.block = true @@ -328,10 +317,8 @@ func WithBlock() DialOption { // Use of this feature is not recommended. For more information, please see: // https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md // -// # Experimental -// -// Notice: This API is EXPERIMENTAL and may be changed or removed in a -// later release. +// Deprecated: this DialOption is not supported by NewClient. +// Will be supported throughout 1.x. func WithReturnConnectionError() DialOption { return newFuncDialOption(func(o *dialOptions) { o.block = true @@ -401,8 +388,8 @@ func WithCredentialsBundle(b credentials.Bundle) DialOption { // WithTimeout returns a DialOption that configures a timeout for dialing a // ClientConn initially. This is valid if and only if WithBlock() is present. // -// Deprecated: use DialContext instead of Dial and context.WithTimeout -// instead. Will be supported throughout 1.x. +// Deprecated: this DialOption is not supported by NewClient. +// Will be supported throughout 1.x. func WithTimeout(d time.Duration) DialOption { return newFuncDialOption(func(o *dialOptions) { o.timeout = d @@ -413,6 +400,17 @@ func WithTimeout(d time.Duration) DialOption { // connections. If FailOnNonTempDialError() is set to true, and an error is // returned by f, gRPC checks the error's Temporary() method to decide if it // should try to reconnect to the network address. +// +// Note: All supported releases of Go (as of December 2023) override the OS +// defaults for TCP keepalive time and interval to 15s. To enable TCP keepalive +// with OS defaults for keepalive time and interval, use a net.Dialer that sets +// the KeepAlive field to a negative value, and sets the SO_KEEPALIVE socket +// option to true from the Control field. For a concrete example of how to do +// this, see internal.NetDialerWithTCPKeepalive(). +// +// For more information, please see [issue 23459] in the Go github repo. +// +// [issue 23459]: https://github.com/golang/go/issues/23459 func WithContextDialer(f func(context.Context, string) (net.Conn, error)) DialOption { return newFuncDialOption(func(o *dialOptions) { o.copts.Dialer = f @@ -473,9 +471,8 @@ func withBinaryLogger(bl binarylog.Logger) DialOption { // Use of this feature is not recommended. For more information, please see: // https://github.com/grpc/grpc-go/blob/master/Documentation/anti-patterns.md // -// # Experimental -// -// Notice: This API is EXPERIMENTAL and may be changed or removed in a +// Deprecated: this DialOption is not supported by NewClient. +// This API may be changed or removed in a // later release. func FailOnNonTempDialError(f bool) DialOption { return newFuncDialOption(func(o *dialOptions) { @@ -487,7 +484,7 @@ func FailOnNonTempDialError(f bool) DialOption { // the RPCs. func WithUserAgent(s string) DialOption { return newFuncDialOption(func(o *dialOptions) { - o.copts.UserAgent = s + o.copts.UserAgent = s + " " + grpcUA }) } @@ -557,9 +554,9 @@ func WithAuthority(a string) DialOption { // // Notice: This API is EXPERIMENTAL and may be changed or removed in a // later release. -func WithChannelzParentID(id *channelz.Identifier) DialOption { +func WithChannelzParentID(c channelz.Identifier) DialOption { return newFuncDialOption(func(o *dialOptions) { - o.channelzParentID = id + o.channelzParent = c }) } @@ -604,12 +601,22 @@ func WithDisableRetry() DialOption { }) } +// MaxHeaderListSizeDialOption is a DialOption that specifies the maximum +// (uncompressed) size of header list that the client is prepared to accept. +type MaxHeaderListSizeDialOption struct { + MaxHeaderListSize uint32 +} + +func (o MaxHeaderListSizeDialOption) apply(do *dialOptions) { + do.copts.MaxHeaderListSize = &o.MaxHeaderListSize +} + // WithMaxHeaderListSize returns a DialOption that specifies the maximum // (uncompressed) size of header list that the client is prepared to accept. func WithMaxHeaderListSize(s uint32) DialOption { - return newFuncDialOption(func(o *dialOptions) { - o.copts.MaxHeaderListSize = &s - }) + return MaxHeaderListSizeDialOption{ + MaxHeaderListSize: s, + } } // WithDisableHealthCheck disables the LB channel health checking for all @@ -637,18 +644,21 @@ func withHealthCheckFunc(f internal.HealthChecker) DialOption { func defaultDialOptions() dialOptions { return dialOptions{ - healthCheckFunc: internal.HealthCheckFunc, copts: transport.ConnectOptions{ - WriteBufferSize: defaultWriteBufSize, ReadBufferSize: defaultReadBufSize, + WriteBufferSize: defaultWriteBufSize, UseProxy: true, + UserAgent: grpcUA, }, - recvBufferPool: nopBufferPool{}, - idleTimeout: 30 * time.Minute, + bs: internalbackoff.DefaultExponential, + healthCheckFunc: internal.HealthCheckFunc, + idleTimeout: 30 * time.Minute, + recvBufferPool: nopBufferPool{}, + defaultScheme: "dns", } } -// withGetMinConnectDeadline specifies the function that clientconn uses to +// withMinConnectDeadline specifies the function that clientconn uses to // get minConnectDeadline. This can be used to make connection attempts happen // faster/slower. // @@ -659,6 +669,14 @@ func withMinConnectDeadline(f func() time.Duration) DialOption { }) } +// withDefaultScheme is used to allow Dial to use "passthrough" as the default +// name resolver, while NewClient uses "dns" otherwise. +func withDefaultScheme(s string) DialOption { + return newFuncDialOption(func(o *dialOptions) { + o.defaultScheme = s + }) +} + // WithResolvers allows a list of resolver implementations to be registered // locally with the ClientConn without needing to be globally registered via // resolver.Register. They will be matched against the scheme used for the @@ -705,11 +723,13 @@ func WithIdleTimeout(d time.Duration) DialOption { // options are used: WithStatsHandler, EnableTracing, or binary logging. In such // cases, the shared buffer pool will be ignored. // -// # Experimental -// -// Notice: This API is EXPERIMENTAL and may be changed or removed in a -// later release. +// Deprecated: use experimental.WithRecvBufferPool instead. Will be deleted in +// v1.60.0 or later. func WithRecvBufferPool(bufferPool SharedBufferPool) DialOption { + return withRecvBufferPool(bufferPool) +} + +func withRecvBufferPool(bufferPool SharedBufferPool) DialOption { return newFuncDialOption(func(o *dialOptions) { o.recvBufferPool = bufferPool }) diff --git a/vendor/google.golang.org/grpc/encoding/proto/proto.go b/vendor/google.golang.org/grpc/encoding/proto/proto.go index 0ee3d3bae..66d5cdf03 100644 --- a/vendor/google.golang.org/grpc/encoding/proto/proto.go +++ b/vendor/google.golang.org/grpc/encoding/proto/proto.go @@ -23,8 +23,9 @@ package proto import ( "fmt" - "github.com/golang/protobuf/proto" "google.golang.org/grpc/encoding" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/protoadapt" ) // Name is the name registered for the proto compressor. @@ -38,21 +39,34 @@ func init() { type codec struct{} func (codec) Marshal(v any) ([]byte, error) { - vv, ok := v.(proto.Message) - if !ok { + vv := messageV2Of(v) + if vv == nil { return nil, fmt.Errorf("failed to marshal, message is %T, want proto.Message", v) } + return proto.Marshal(vv) } func (codec) Unmarshal(data []byte, v any) error { - vv, ok := v.(proto.Message) - if !ok { + vv := messageV2Of(v) + if vv == nil { return fmt.Errorf("failed to unmarshal, message is %T, want proto.Message", v) } + return proto.Unmarshal(data, vv) } +func messageV2Of(v any) proto.Message { + switch v := v.(type) { + case protoadapt.MessageV1: + return protoadapt.MessageV2Of(v) + case protoadapt.MessageV2: + return v + } + + return nil +} + func (codec) Name() string { return Name } diff --git a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/config.go b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/config.go new file mode 100644 index 000000000..13821a926 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/config.go @@ -0,0 +1,82 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package gracefulswitch + +import ( + "encoding/json" + "fmt" + + "google.golang.org/grpc/balancer" + "google.golang.org/grpc/serviceconfig" +) + +type lbConfig struct { + serviceconfig.LoadBalancingConfig + + childBuilder balancer.Builder + childConfig serviceconfig.LoadBalancingConfig +} + +func ChildName(l serviceconfig.LoadBalancingConfig) string { + return l.(*lbConfig).childBuilder.Name() +} + +// ParseConfig parses a child config list and returns a LB config for the +// gracefulswitch Balancer. +// +// cfg is expected to be a json.RawMessage containing a JSON array of LB policy +// names + configs as the format of the "loadBalancingConfig" field in +// ServiceConfig. It returns a type that should be passed to +// UpdateClientConnState in the BalancerConfig field. +func ParseConfig(cfg json.RawMessage) (serviceconfig.LoadBalancingConfig, error) { + var lbCfg []map[string]json.RawMessage + if err := json.Unmarshal(cfg, &lbCfg); err != nil { + return nil, err + } + for i, e := range lbCfg { + if len(e) != 1 { + return nil, fmt.Errorf("expected a JSON struct with one entry; received entry %v at index %d", e, i) + } + + var name string + var jsonCfg json.RawMessage + for name, jsonCfg = range e { + } + + builder := balancer.Get(name) + if builder == nil { + // Skip unregistered balancer names. + continue + } + + parser, ok := builder.(balancer.ConfigParser) + if !ok { + // This is a valid child with no config. + return &lbConfig{childBuilder: builder}, nil + } + + cfg, err := parser.ParseConfig(jsonCfg) + if err != nil { + return nil, fmt.Errorf("error parsing config for policy %q: %v", name, err) + } + return &lbConfig{childBuilder: builder, childConfig: cfg}, nil + } + + return nil, fmt.Errorf("no supported policies found in config: %v", string(cfg)) +} diff --git a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go index 3c594e6e4..73bb4c4ee 100644 --- a/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go +++ b/vendor/google.golang.org/grpc/internal/balancer/gracefulswitch/gracefulswitch.go @@ -94,14 +94,23 @@ func (gsb *Balancer) balancerCurrentOrPending(bw *balancerWrapper) bool { // process is not complete when this method returns. This method must be called // synchronously alongside the rest of the balancer.Balancer methods this // Graceful Switch Balancer implements. +// +// Deprecated: use ParseConfig and pass a parsed config to UpdateClientConnState +// to cause the Balancer to automatically change to the new child when necessary. func (gsb *Balancer) SwitchTo(builder balancer.Builder) error { + _, err := gsb.switchTo(builder) + return err +} + +func (gsb *Balancer) switchTo(builder balancer.Builder) (*balancerWrapper, error) { gsb.mu.Lock() if gsb.closed { gsb.mu.Unlock() - return errBalancerClosed + return nil, errBalancerClosed } bw := &balancerWrapper{ - gsb: gsb, + builder: builder, + gsb: gsb, lastState: balancer.State{ ConnectivityState: connectivity.Connecting, Picker: base.NewErrPicker(balancer.ErrNoSubConnAvailable), @@ -129,7 +138,7 @@ func (gsb *Balancer) SwitchTo(builder balancer.Builder) error { gsb.balancerCurrent = nil } gsb.mu.Unlock() - return balancer.ErrBadResolverState + return nil, balancer.ErrBadResolverState } // This write doesn't need to take gsb.mu because this field never gets read @@ -138,7 +147,7 @@ func (gsb *Balancer) SwitchTo(builder balancer.Builder) error { // bw.Balancer field will never be forwarded to until this SwitchTo() // function returns. bw.Balancer = newBalancer - return nil + return bw, nil } // Returns nil if the graceful switch balancer is closed. @@ -152,12 +161,32 @@ func (gsb *Balancer) latestBalancer() *balancerWrapper { } // UpdateClientConnState forwards the update to the latest balancer created. +// +// If the state's BalancerConfig is the config returned by a call to +// gracefulswitch.ParseConfig, then this function will automatically SwitchTo +// the balancer indicated by the config before forwarding its config to it, if +// necessary. func (gsb *Balancer) UpdateClientConnState(state balancer.ClientConnState) error { // The resolver data is only relevant to the most recent LB Policy. balToUpdate := gsb.latestBalancer() + gsbCfg, ok := state.BalancerConfig.(*lbConfig) + if ok { + // Switch to the child in the config unless it is already active. + if balToUpdate == nil || gsbCfg.childBuilder.Name() != balToUpdate.builder.Name() { + var err error + balToUpdate, err = gsb.switchTo(gsbCfg.childBuilder) + if err != nil { + return fmt.Errorf("could not switch to new child balancer: %w", err) + } + } + // Unwrap the child balancer's config. + state.BalancerConfig = gsbCfg.childConfig + } + if balToUpdate == nil { return errBalancerClosed } + // Perform this call without gsb.mu to prevent deadlocks if the child calls // back into the channel. The latest balancer can never be closed during a // call from the channel, even without gsb.mu held. @@ -169,6 +198,10 @@ func (gsb *Balancer) ResolverError(err error) { // The resolver data is only relevant to the most recent LB Policy. balToUpdate := gsb.latestBalancer() if balToUpdate == nil { + gsb.cc.UpdateState(balancer.State{ + ConnectivityState: connectivity.TransientFailure, + Picker: base.NewErrPicker(err), + }) return } // Perform this call without gsb.mu to prevent deadlocks if the child calls @@ -261,7 +294,8 @@ func (gsb *Balancer) Close() { // graceful switch logic. type balancerWrapper struct { balancer.Balancer - gsb *Balancer + gsb *Balancer + builder balancer.Builder lastState balancer.State subconns map[balancer.SubConn]bool // subconns created by this balancer diff --git a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go index 0f31274a3..aa4505a87 100644 --- a/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go +++ b/vendor/google.golang.org/grpc/internal/binarylog/method_logger.go @@ -25,11 +25,12 @@ import ( "sync/atomic" "time" - "github.com/golang/protobuf/proto" - "github.com/golang/protobuf/ptypes" binlogpb "google.golang.org/grpc/binarylog/grpc_binarylog_v1" "google.golang.org/grpc/metadata" "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/types/known/durationpb" + "google.golang.org/protobuf/types/known/timestamppb" ) type callIDGenerator struct { @@ -64,7 +65,7 @@ type TruncatingMethodLogger struct { callID uint64 idWithinCallGen *callIDGenerator - sink Sink // TODO(blog): make this plugable. + sink Sink // TODO(blog): make this pluggable. } // NewTruncatingMethodLogger returns a new truncating method logger. @@ -79,7 +80,7 @@ func NewTruncatingMethodLogger(h, m uint64) *TruncatingMethodLogger { callID: idGen.next(), idWithinCallGen: &callIDGenerator{}, - sink: DefaultSink, // TODO(blog): make it plugable. + sink: DefaultSink, // TODO(blog): make it pluggable. } } @@ -88,7 +89,7 @@ func NewTruncatingMethodLogger(h, m uint64) *TruncatingMethodLogger { // in TruncatingMethodLogger as possible. func (ml *TruncatingMethodLogger) Build(c LogEntryConfig) *binlogpb.GrpcLogEntry { m := c.toProto() - timestamp, _ := ptypes.TimestampProto(time.Now()) + timestamp := timestamppb.Now() m.Timestamp = timestamp m.CallId = ml.callID m.SequenceIdWithinCall = ml.idWithinCallGen.next() @@ -178,7 +179,7 @@ func (c *ClientHeader) toProto() *binlogpb.GrpcLogEntry { Authority: c.Authority, } if c.Timeout > 0 { - clientHeader.Timeout = ptypes.DurationProto(c.Timeout) + clientHeader.Timeout = durationpb.New(c.Timeout) } ret := &binlogpb.GrpcLogEntry{ Type: binlogpb.GrpcLogEntry_EVENT_TYPE_CLIENT_HEADER, @@ -396,7 +397,7 @@ func metadataKeyOmit(key string) bool { switch key { case "lb-token", ":path", ":authority", "content-encoding", "content-type", "user-agent", "te": return true - case "grpc-trace-bin": // grpc-trace-bin is special because it's visiable to users. + case "grpc-trace-bin": // grpc-trace-bin is special because it's visible to users. return false } return strings.HasPrefix(key, "grpc-") diff --git a/vendor/google.golang.org/grpc/internal/binarylog/sink.go b/vendor/google.golang.org/grpc/internal/binarylog/sink.go index 264de387c..9ea598b14 100644 --- a/vendor/google.golang.org/grpc/internal/binarylog/sink.go +++ b/vendor/google.golang.org/grpc/internal/binarylog/sink.go @@ -25,8 +25,8 @@ import ( "sync" "time" - "github.com/golang/protobuf/proto" binlogpb "google.golang.org/grpc/binarylog/grpc_binarylog_v1" + "google.golang.org/protobuf/proto" ) var ( diff --git a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go index 4399c3df4..11f91668a 100644 --- a/vendor/google.golang.org/grpc/internal/buffer/unbounded.go +++ b/vendor/google.golang.org/grpc/internal/buffer/unbounded.go @@ -18,7 +18,10 @@ // Package buffer provides an implementation of an unbounded buffer. package buffer -import "sync" +import ( + "errors" + "sync" +) // Unbounded is an implementation of an unbounded buffer which does not use // extra goroutines. This is typically used for passing updates from one entity @@ -36,6 +39,7 @@ import "sync" type Unbounded struct { c chan any closed bool + closing bool mu sync.Mutex backlog []any } @@ -45,32 +49,32 @@ func NewUnbounded() *Unbounded { return &Unbounded{c: make(chan any, 1)} } +var errBufferClosed = errors.New("Put called on closed buffer.Unbounded") + // Put adds t to the unbounded buffer. -func (b *Unbounded) Put(t any) { +func (b *Unbounded) Put(t any) error { b.mu.Lock() defer b.mu.Unlock() - if b.closed { - return + if b.closing { + return errBufferClosed } if len(b.backlog) == 0 { select { case b.c <- t: - return + return nil default: } } b.backlog = append(b.backlog, t) + return nil } -// Load sends the earliest buffered data, if any, onto the read channel -// returned by Get(). Users are expected to call this every time they read a +// Load sends the earliest buffered data, if any, onto the read channel returned +// by Get(). Users are expected to call this every time they successfully read a // value from the read channel. func (b *Unbounded) Load() { b.mu.Lock() defer b.mu.Unlock() - if b.closed { - return - } if len(b.backlog) > 0 { select { case b.c <- b.backlog[0]: @@ -78,6 +82,8 @@ func (b *Unbounded) Load() { b.backlog = b.backlog[1:] default: } + } else if b.closing && !b.closed { + close(b.c) } } @@ -88,18 +94,23 @@ func (b *Unbounded) Load() { // send the next buffered value onto the channel if there is any. // // If the unbounded buffer is closed, the read channel returned by this method -// is closed. +// is closed after all data is drained. func (b *Unbounded) Get() <-chan any { return b.c } -// Close closes the unbounded buffer. +// Close closes the unbounded buffer. No subsequent data may be Put(), and the +// channel returned from Get() will be closed after all the data is read and +// Load() is called for the final time. func (b *Unbounded) Close() { b.mu.Lock() defer b.mu.Unlock() - if b.closed { + if b.closing { return } - b.closed = true - close(b.c) + b.closing = true + if len(b.backlog) == 0 { + b.closed = true + close(b.c) + } } diff --git a/vendor/google.golang.org/grpc/internal/channelz/channel.go b/vendor/google.golang.org/grpc/internal/channelz/channel.go new file mode 100644 index 000000000..d7e9e1d54 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/channelz/channel.go @@ -0,0 +1,255 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package channelz + +import ( + "fmt" + "sync/atomic" + + "google.golang.org/grpc/connectivity" +) + +// Channel represents a channel within channelz, which includes metrics and +// internal channelz data, such as channelz id, child list, etc. +type Channel struct { + Entity + // ID is the channelz id of this channel. + ID int64 + // RefName is the human readable reference string of this channel. + RefName string + + closeCalled bool + nestedChans map[int64]string + subChans map[int64]string + Parent *Channel + trace *ChannelTrace + // traceRefCount is the number of trace events that reference this channel. + // Non-zero traceRefCount means the trace of this channel cannot be deleted. + traceRefCount int32 + + ChannelMetrics ChannelMetrics +} + +// Implemented to make Channel implement the Identifier interface used for +// nesting. +func (c *Channel) channelzIdentifier() {} + +func (c *Channel) String() string { + if c.Parent == nil { + return fmt.Sprintf("Channel #%d", c.ID) + } + return fmt.Sprintf("%s Channel #%d", c.Parent, c.ID) +} + +func (c *Channel) id() int64 { + return c.ID +} + +func (c *Channel) SubChans() map[int64]string { + db.mu.RLock() + defer db.mu.RUnlock() + return copyMap(c.subChans) +} + +func (c *Channel) NestedChans() map[int64]string { + db.mu.RLock() + defer db.mu.RUnlock() + return copyMap(c.nestedChans) +} + +func (c *Channel) Trace() *ChannelTrace { + db.mu.RLock() + defer db.mu.RUnlock() + return c.trace.copy() +} + +type ChannelMetrics struct { + // The current connectivity state of the channel. + State atomic.Pointer[connectivity.State] + // The target this channel originally tried to connect to. May be absent + Target atomic.Pointer[string] + // The number of calls started on the channel. + CallsStarted atomic.Int64 + // The number of calls that have completed with an OK status. + CallsSucceeded atomic.Int64 + // The number of calls that have a completed with a non-OK status. + CallsFailed atomic.Int64 + // The last time a call was started on the channel. + LastCallStartedTimestamp atomic.Int64 +} + +// CopyFrom copies the metrics in o to c. For testing only. +func (c *ChannelMetrics) CopyFrom(o *ChannelMetrics) { + c.State.Store(o.State.Load()) + c.Target.Store(o.Target.Load()) + c.CallsStarted.Store(o.CallsStarted.Load()) + c.CallsSucceeded.Store(o.CallsSucceeded.Load()) + c.CallsFailed.Store(o.CallsFailed.Load()) + c.LastCallStartedTimestamp.Store(o.LastCallStartedTimestamp.Load()) +} + +// Equal returns true iff the metrics of c are the same as the metrics of o. +// For testing only. +func (c *ChannelMetrics) Equal(o any) bool { + oc, ok := o.(*ChannelMetrics) + if !ok { + return false + } + if (c.State.Load() == nil) != (oc.State.Load() == nil) { + return false + } + if c.State.Load() != nil && *c.State.Load() != *oc.State.Load() { + return false + } + if (c.Target.Load() == nil) != (oc.Target.Load() == nil) { + return false + } + if c.Target.Load() != nil && *c.Target.Load() != *oc.Target.Load() { + return false + } + return c.CallsStarted.Load() == oc.CallsStarted.Load() && + c.CallsFailed.Load() == oc.CallsFailed.Load() && + c.CallsSucceeded.Load() == oc.CallsSucceeded.Load() && + c.LastCallStartedTimestamp.Load() == oc.LastCallStartedTimestamp.Load() +} + +func strFromPointer(s *string) string { + if s == nil { + return "" + } + return *s +} + +func (c *ChannelMetrics) String() string { + return fmt.Sprintf("State: %v, Target: %s, CallsStarted: %v, CallsSucceeded: %v, CallsFailed: %v, LastCallStartedTimestamp: %v", + c.State.Load(), strFromPointer(c.Target.Load()), c.CallsStarted.Load(), c.CallsSucceeded.Load(), c.CallsFailed.Load(), c.LastCallStartedTimestamp.Load(), + ) +} + +func NewChannelMetricForTesting(state connectivity.State, target string, started, succeeded, failed, timestamp int64) *ChannelMetrics { + c := &ChannelMetrics{} + c.State.Store(&state) + c.Target.Store(&target) + c.CallsStarted.Store(started) + c.CallsSucceeded.Store(succeeded) + c.CallsFailed.Store(failed) + c.LastCallStartedTimestamp.Store(timestamp) + return c +} + +func (c *Channel) addChild(id int64, e entry) { + switch v := e.(type) { + case *SubChannel: + c.subChans[id] = v.RefName + case *Channel: + c.nestedChans[id] = v.RefName + default: + logger.Errorf("cannot add a child (id = %d) of type %T to a channel", id, e) + } +} + +func (c *Channel) deleteChild(id int64) { + delete(c.subChans, id) + delete(c.nestedChans, id) + c.deleteSelfIfReady() +} + +func (c *Channel) triggerDelete() { + c.closeCalled = true + c.deleteSelfIfReady() +} + +func (c *Channel) getParentID() int64 { + if c.Parent == nil { + return -1 + } + return c.Parent.ID +} + +// deleteSelfFromTree tries to delete the channel from the channelz entry relation tree, which means +// deleting the channel reference from its parent's child list. +// +// In order for a channel to be deleted from the tree, it must meet the criteria that, removal of the +// corresponding grpc object has been invoked, and the channel does not have any children left. +// +// The returned boolean value indicates whether the channel has been successfully deleted from tree. +func (c *Channel) deleteSelfFromTree() (deleted bool) { + if !c.closeCalled || len(c.subChans)+len(c.nestedChans) != 0 { + return false + } + // not top channel + if c.Parent != nil { + c.Parent.deleteChild(c.ID) + } + return true +} + +// deleteSelfFromMap checks whether it is valid to delete the channel from the map, which means +// deleting the channel from channelz's tracking entirely. Users can no longer use id to query the +// channel, and its memory will be garbage collected. +// +// The trace reference count of the channel must be 0 in order to be deleted from the map. This is +// specified in the channel tracing gRFC that as long as some other trace has reference to an entity, +// the trace of the referenced entity must not be deleted. In order to release the resource allocated +// by grpc, the reference to the grpc object is reset to a dummy object. +// +// deleteSelfFromMap must be called after deleteSelfFromTree returns true. +// +// It returns a bool to indicate whether the channel can be safely deleted from map. +func (c *Channel) deleteSelfFromMap() (delete bool) { + return c.getTraceRefCount() == 0 +} + +// deleteSelfIfReady tries to delete the channel itself from the channelz database. +// The delete process includes two steps: +// 1. delete the channel from the entry relation tree, i.e. delete the channel reference from its +// parent's child list. +// 2. delete the channel from the map, i.e. delete the channel entirely from channelz. Lookup by id +// will return entry not found error. +func (c *Channel) deleteSelfIfReady() { + if !c.deleteSelfFromTree() { + return + } + if !c.deleteSelfFromMap() { + return + } + db.deleteEntry(c.ID) + c.trace.clear() +} + +func (c *Channel) getChannelTrace() *ChannelTrace { + return c.trace +} + +func (c *Channel) incrTraceRefCount() { + atomic.AddInt32(&c.traceRefCount, 1) +} + +func (c *Channel) decrTraceRefCount() { + atomic.AddInt32(&c.traceRefCount, -1) +} + +func (c *Channel) getTraceRefCount() int { + i := atomic.LoadInt32(&c.traceRefCount) + return int(i) +} + +func (c *Channel) getRefName() string { + return c.RefName +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/channelmap.go b/vendor/google.golang.org/grpc/internal/channelz/channelmap.go new file mode 100644 index 000000000..dfe18b089 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/channelz/channelmap.go @@ -0,0 +1,402 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package channelz + +import ( + "fmt" + "sort" + "sync" + "time" +) + +// entry represents a node in the channelz database. +type entry interface { + // addChild adds a child e, whose channelz id is id to child list + addChild(id int64, e entry) + // deleteChild deletes a child with channelz id to be id from child list + deleteChild(id int64) + // triggerDelete tries to delete self from channelz database. However, if + // child list is not empty, then deletion from the database is on hold until + // the last child is deleted from database. + triggerDelete() + // deleteSelfIfReady check whether triggerDelete() has been called before, + // and whether child list is now empty. If both conditions are met, then + // delete self from database. + deleteSelfIfReady() + // getParentID returns parent ID of the entry. 0 value parent ID means no parent. + getParentID() int64 + Entity +} + +// channelMap is the storage data structure for channelz. +// +// Methods of channelMap can be divided in two two categories with respect to +// locking. +// +// 1. Methods acquire the global lock. +// 2. Methods that can only be called when global lock is held. +// +// A second type of method need always to be called inside a first type of method. +type channelMap struct { + mu sync.RWMutex + topLevelChannels map[int64]struct{} + channels map[int64]*Channel + subChannels map[int64]*SubChannel + sockets map[int64]*Socket + servers map[int64]*Server +} + +func newChannelMap() *channelMap { + return &channelMap{ + topLevelChannels: make(map[int64]struct{}), + channels: make(map[int64]*Channel), + subChannels: make(map[int64]*SubChannel), + sockets: make(map[int64]*Socket), + servers: make(map[int64]*Server), + } +} + +func (c *channelMap) addServer(id int64, s *Server) { + c.mu.Lock() + defer c.mu.Unlock() + s.cm = c + c.servers[id] = s +} + +func (c *channelMap) addChannel(id int64, cn *Channel, isTopChannel bool, pid int64) { + c.mu.Lock() + defer c.mu.Unlock() + cn.trace.cm = c + c.channels[id] = cn + if isTopChannel { + c.topLevelChannels[id] = struct{}{} + } else if p := c.channels[pid]; p != nil { + p.addChild(id, cn) + } else { + logger.Infof("channel %d references invalid parent ID %d", id, pid) + } +} + +func (c *channelMap) addSubChannel(id int64, sc *SubChannel, pid int64) { + c.mu.Lock() + defer c.mu.Unlock() + sc.trace.cm = c + c.subChannels[id] = sc + if p := c.channels[pid]; p != nil { + p.addChild(id, sc) + } else { + logger.Infof("subchannel %d references invalid parent ID %d", id, pid) + } +} + +func (c *channelMap) addSocket(s *Socket) { + c.mu.Lock() + defer c.mu.Unlock() + s.cm = c + c.sockets[s.ID] = s + if s.Parent == nil { + logger.Infof("normal socket %d has no parent", s.ID) + } + s.Parent.(entry).addChild(s.ID, s) +} + +// removeEntry triggers the removal of an entry, which may not indeed delete the +// entry, if it has to wait on the deletion of its children and until no other +// entity's channel trace references it. It may lead to a chain of entry +// deletion. For example, deleting the last socket of a gracefully shutting down +// server will lead to the server being also deleted. +func (c *channelMap) removeEntry(id int64) { + c.mu.Lock() + defer c.mu.Unlock() + c.findEntry(id).triggerDelete() +} + +// tracedChannel represents tracing operations which are present on both +// channels and subChannels. +type tracedChannel interface { + getChannelTrace() *ChannelTrace + incrTraceRefCount() + decrTraceRefCount() + getRefName() string +} + +// c.mu must be held by the caller +func (c *channelMap) decrTraceRefCount(id int64) { + e := c.findEntry(id) + if v, ok := e.(tracedChannel); ok { + v.decrTraceRefCount() + e.deleteSelfIfReady() + } +} + +// c.mu must be held by the caller. +func (c *channelMap) findEntry(id int64) entry { + if v, ok := c.channels[id]; ok { + return v + } + if v, ok := c.subChannels[id]; ok { + return v + } + if v, ok := c.servers[id]; ok { + return v + } + if v, ok := c.sockets[id]; ok { + return v + } + return &dummyEntry{idNotFound: id} +} + +// c.mu must be held by the caller +// +// deleteEntry deletes an entry from the channelMap. Before calling this method, +// caller must check this entry is ready to be deleted, i.e removeEntry() has +// been called on it, and no children still exist. +func (c *channelMap) deleteEntry(id int64) entry { + if v, ok := c.sockets[id]; ok { + delete(c.sockets, id) + return v + } + if v, ok := c.subChannels[id]; ok { + delete(c.subChannels, id) + return v + } + if v, ok := c.channels[id]; ok { + delete(c.channels, id) + delete(c.topLevelChannels, id) + return v + } + if v, ok := c.servers[id]; ok { + delete(c.servers, id) + return v + } + return &dummyEntry{idNotFound: id} +} + +func (c *channelMap) traceEvent(id int64, desc *TraceEvent) { + c.mu.Lock() + defer c.mu.Unlock() + child := c.findEntry(id) + childTC, ok := child.(tracedChannel) + if !ok { + return + } + childTC.getChannelTrace().append(&traceEvent{Desc: desc.Desc, Severity: desc.Severity, Timestamp: time.Now()}) + if desc.Parent != nil { + parent := c.findEntry(child.getParentID()) + var chanType RefChannelType + switch child.(type) { + case *Channel: + chanType = RefChannel + case *SubChannel: + chanType = RefSubChannel + } + if parentTC, ok := parent.(tracedChannel); ok { + parentTC.getChannelTrace().append(&traceEvent{ + Desc: desc.Parent.Desc, + Severity: desc.Parent.Severity, + Timestamp: time.Now(), + RefID: id, + RefName: childTC.getRefName(), + RefType: chanType, + }) + childTC.incrTraceRefCount() + } + } +} + +type int64Slice []int64 + +func (s int64Slice) Len() int { return len(s) } +func (s int64Slice) Swap(i, j int) { s[i], s[j] = s[j], s[i] } +func (s int64Slice) Less(i, j int) bool { return s[i] < s[j] } + +func copyMap(m map[int64]string) map[int64]string { + n := make(map[int64]string) + for k, v := range m { + n[k] = v + } + return n +} + +func min(a, b int) int { + if a < b { + return a + } + return b +} + +func (c *channelMap) getTopChannels(id int64, maxResults int) ([]*Channel, bool) { + if maxResults <= 0 { + maxResults = EntriesPerPage + } + c.mu.RLock() + defer c.mu.RUnlock() + l := int64(len(c.topLevelChannels)) + ids := make([]int64, 0, l) + + for k := range c.topLevelChannels { + ids = append(ids, k) + } + sort.Sort(int64Slice(ids)) + idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id }) + end := true + var t []*Channel + for _, v := range ids[idx:] { + if len(t) == maxResults { + end = false + break + } + if cn, ok := c.channels[v]; ok { + t = append(t, cn) + } + } + return t, end +} + +func (c *channelMap) getServers(id int64, maxResults int) ([]*Server, bool) { + if maxResults <= 0 { + maxResults = EntriesPerPage + } + c.mu.RLock() + defer c.mu.RUnlock() + ids := make([]int64, 0, len(c.servers)) + for k := range c.servers { + ids = append(ids, k) + } + sort.Sort(int64Slice(ids)) + idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id }) + end := true + var s []*Server + for _, v := range ids[idx:] { + if len(s) == maxResults { + end = false + break + } + if svr, ok := c.servers[v]; ok { + s = append(s, svr) + } + } + return s, end +} + +func (c *channelMap) getServerSockets(id int64, startID int64, maxResults int) ([]*Socket, bool) { + if maxResults <= 0 { + maxResults = EntriesPerPage + } + c.mu.RLock() + defer c.mu.RUnlock() + svr, ok := c.servers[id] + if !ok { + // server with id doesn't exist. + return nil, true + } + svrskts := svr.sockets + ids := make([]int64, 0, len(svrskts)) + sks := make([]*Socket, 0, min(len(svrskts), maxResults)) + for k := range svrskts { + ids = append(ids, k) + } + sort.Sort(int64Slice(ids)) + idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= startID }) + end := true + for _, v := range ids[idx:] { + if len(sks) == maxResults { + end = false + break + } + if ns, ok := c.sockets[v]; ok { + sks = append(sks, ns) + } + } + return sks, end +} + +func (c *channelMap) getChannel(id int64) *Channel { + c.mu.RLock() + defer c.mu.RUnlock() + return c.channels[id] +} + +func (c *channelMap) getSubChannel(id int64) *SubChannel { + c.mu.RLock() + defer c.mu.RUnlock() + return c.subChannels[id] +} + +func (c *channelMap) getSocket(id int64) *Socket { + c.mu.RLock() + defer c.mu.RUnlock() + return c.sockets[id] +} + +func (c *channelMap) getServer(id int64) *Server { + c.mu.RLock() + defer c.mu.RUnlock() + return c.servers[id] +} + +type dummyEntry struct { + // dummyEntry is a fake entry to handle entry not found case. + idNotFound int64 + Entity +} + +func (d *dummyEntry) String() string { + return fmt.Sprintf("non-existent entity #%d", d.idNotFound) +} + +func (d *dummyEntry) ID() int64 { return d.idNotFound } + +func (d *dummyEntry) addChild(id int64, e entry) { + // Note: It is possible for a normal program to reach here under race + // condition. For example, there could be a race between ClientConn.Close() + // info being propagated to addrConn and http2Client. ClientConn.Close() + // cancel the context and result in http2Client to error. The error info is + // then caught by transport monitor and before addrConn.tearDown() is called + // in side ClientConn.Close(). Therefore, the addrConn will create a new + // transport. And when registering the new transport in channelz, its parent + // addrConn could have already been torn down and deleted from channelz + // tracking, and thus reach the code here. + logger.Infof("attempt to add child of type %T with id %d to a parent (id=%d) that doesn't currently exist", e, id, d.idNotFound) +} + +func (d *dummyEntry) deleteChild(id int64) { + // It is possible for a normal program to reach here under race condition. + // Refer to the example described in addChild(). + logger.Infof("attempt to delete child with id %d from a parent (id=%d) that doesn't currently exist", id, d.idNotFound) +} + +func (d *dummyEntry) triggerDelete() { + logger.Warningf("attempt to delete an entry (id=%d) that doesn't currently exist", d.idNotFound) +} + +func (*dummyEntry) deleteSelfIfReady() { + // code should not reach here. deleteSelfIfReady is always called on an existing entry. +} + +func (*dummyEntry) getParentID() int64 { + return 0 +} + +// Entity is implemented by all channelz types. +type Entity interface { + isEntity() + fmt.Stringer + id() int64 +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/funcs.go b/vendor/google.golang.org/grpc/internal/channelz/funcs.go index 5395e7752..03e24e150 100644 --- a/vendor/google.golang.org/grpc/internal/channelz/funcs.go +++ b/vendor/google.golang.org/grpc/internal/channelz/funcs.go @@ -16,25 +16,16 @@ * */ -// Package channelz defines APIs for enabling channelz service, entry +// Package channelz defines internal APIs for enabling channelz service, entry // registration/deletion, and accessing channelz data. It also defines channelz // metric struct formats. -// -// All APIs in this package are experimental. package channelz import ( - "errors" - "sort" - "sync" "sync/atomic" "time" - "google.golang.org/grpc/grpclog" -) - -const ( - defaultMaxTraceEntry int32 = 30 + "google.golang.org/grpc/internal" ) var ( @@ -42,19 +33,20 @@ var ( // outside this package except by tests. IDGen IDGenerator - db dbWrapper - // EntryPerPage defines the number of channelz entries to be shown on a web page. - EntryPerPage = int64(50) - curState int32 - maxTraceEntry = defaultMaxTraceEntry + db *channelMap = newChannelMap() + // EntriesPerPage defines the number of channelz entries to be shown on a web page. + EntriesPerPage = 50 + curState int32 ) // TurnOn turns on channelz data collection. func TurnOn() { - if !IsOn() { - db.set(newChannelMap()) - IDGen.Reset() - atomic.StoreInt32(&curState, 1) + atomic.StoreInt32(&curState, 1) +} + +func init() { + internal.ChannelzTurnOffForTesting = func() { + atomic.StoreInt32(&curState, 0) } } @@ -63,49 +55,15 @@ func IsOn() bool { return atomic.LoadInt32(&curState) == 1 } -// SetMaxTraceEntry sets maximum number of trace entry per entity (i.e. channel/subchannel). -// Setting it to 0 will disable channel tracing. -func SetMaxTraceEntry(i int32) { - atomic.StoreInt32(&maxTraceEntry, i) -} - -// ResetMaxTraceEntryToDefault resets the maximum number of trace entry per entity to default. -func ResetMaxTraceEntryToDefault() { - atomic.StoreInt32(&maxTraceEntry, defaultMaxTraceEntry) -} - -func getMaxTraceEntry() int { - i := atomic.LoadInt32(&maxTraceEntry) - return int(i) -} - -// dbWarpper wraps around a reference to internal channelz data storage, and -// provide synchronized functionality to set and get the reference. -type dbWrapper struct { - mu sync.RWMutex - DB *channelMap -} - -func (d *dbWrapper) set(db *channelMap) { - d.mu.Lock() - d.DB = db - d.mu.Unlock() -} - -func (d *dbWrapper) get() *channelMap { - d.mu.RLock() - defer d.mu.RUnlock() - return d.DB -} - // GetTopChannels returns a slice of top channel's ChannelMetric, along with a // boolean indicating whether there's more top channels to be queried for. // -// The arg id specifies that only top channel with id at or above it will be included -// in the result. The returned slice is up to a length of the arg maxResults or -// EntryPerPage if maxResults is zero, and is sorted in ascending id order. -func GetTopChannels(id int64, maxResults int64) ([]*ChannelMetric, bool) { - return db.get().GetTopChannels(id, maxResults) +// The arg id specifies that only top channel with id at or above it will be +// included in the result. The returned slice is up to a length of the arg +// maxResults or EntriesPerPage if maxResults is zero, and is sorted in ascending +// id order. +func GetTopChannels(id int64, maxResults int) ([]*Channel, bool) { + return db.getTopChannels(id, maxResults) } // GetServers returns a slice of server's ServerMetric, along with a @@ -113,73 +71,69 @@ func GetTopChannels(id int64, maxResults int64) ([]*ChannelMetric, bool) { // // The arg id specifies that only server with id at or above it will be included // in the result. The returned slice is up to a length of the arg maxResults or -// EntryPerPage if maxResults is zero, and is sorted in ascending id order. -func GetServers(id int64, maxResults int64) ([]*ServerMetric, bool) { - return db.get().GetServers(id, maxResults) +// EntriesPerPage if maxResults is zero, and is sorted in ascending id order. +func GetServers(id int64, maxResults int) ([]*Server, bool) { + return db.getServers(id, maxResults) } // GetServerSockets returns a slice of server's (identified by id) normal socket's -// SocketMetric, along with a boolean indicating whether there's more sockets to +// SocketMetrics, along with a boolean indicating whether there's more sockets to // be queried for. // // The arg startID specifies that only sockets with id at or above it will be // included in the result. The returned slice is up to a length of the arg maxResults -// or EntryPerPage if maxResults is zero, and is sorted in ascending id order. -func GetServerSockets(id int64, startID int64, maxResults int64) ([]*SocketMetric, bool) { - return db.get().GetServerSockets(id, startID, maxResults) +// or EntriesPerPage if maxResults is zero, and is sorted in ascending id order. +func GetServerSockets(id int64, startID int64, maxResults int) ([]*Socket, bool) { + return db.getServerSockets(id, startID, maxResults) } -// GetChannel returns the ChannelMetric for the channel (identified by id). -func GetChannel(id int64) *ChannelMetric { - return db.get().GetChannel(id) +// GetChannel returns the Channel for the channel (identified by id). +func GetChannel(id int64) *Channel { + return db.getChannel(id) } -// GetSubChannel returns the SubChannelMetric for the subchannel (identified by id). -func GetSubChannel(id int64) *SubChannelMetric { - return db.get().GetSubChannel(id) +// GetSubChannel returns the SubChannel for the subchannel (identified by id). +func GetSubChannel(id int64) *SubChannel { + return db.getSubChannel(id) } -// GetSocket returns the SocketInternalMetric for the socket (identified by id). -func GetSocket(id int64) *SocketMetric { - return db.get().GetSocket(id) +// GetSocket returns the Socket for the socket (identified by id). +func GetSocket(id int64) *Socket { + return db.getSocket(id) } // GetServer returns the ServerMetric for the server (identified by id). -func GetServer(id int64) *ServerMetric { - return db.get().GetServer(id) +func GetServer(id int64) *Server { + return db.getServer(id) } // RegisterChannel registers the given channel c in the channelz database with -// ref as its reference name, and adds it to the child list of its parent -// (identified by pid). pid == nil means no parent. +// target as its target and reference name, and adds it to the child list of its +// parent. parent == nil means no parent. // // Returns a unique channelz identifier assigned to this channel. // // If channelz is not turned ON, the channelz database is not mutated. -func RegisterChannel(c Channel, pid *Identifier, ref string) *Identifier { +func RegisterChannel(parent *Channel, target string) *Channel { id := IDGen.genID() - var parent int64 - isTopChannel := true - if pid != nil { - isTopChannel = false - parent = pid.Int() - } if !IsOn() { - return newIdentifer(RefChannel, id, pid) + return &Channel{ID: id} } - cn := &channel{ - refName: ref, - c: c, - subChans: make(map[int64]string), + isTopChannel := parent == nil + + cn := &Channel{ + ID: id, + RefName: target, nestedChans: make(map[int64]string), - id: id, - pid: parent, - trace: &channelTrace{createdTime: time.Now(), events: make([]*TraceEvent, 0, getMaxTraceEntry())}, + subChans: make(map[int64]string), + Parent: parent, + trace: &ChannelTrace{CreationTime: time.Now(), Events: make([]*traceEvent, 0, getMaxTraceEntry())}, } - db.get().addChannel(id, cn, isTopChannel, parent) - return newIdentifer(RefChannel, id, pid) + cn.ChannelMetrics.Target.Store(&target) + db.addChannel(id, cn, isTopChannel, cn.getParentID()) + return cn } // RegisterSubChannel registers the given subChannel c in the channelz database @@ -189,555 +143,67 @@ func RegisterChannel(c Channel, pid *Identifier, ref string) *Identifier { // Returns a unique channelz identifier assigned to this subChannel. // // If channelz is not turned ON, the channelz database is not mutated. -func RegisterSubChannel(c Channel, pid *Identifier, ref string) (*Identifier, error) { - if pid == nil { - return nil, errors.New("a SubChannel's parent id cannot be nil") - } +func RegisterSubChannel(parent *Channel, ref string) *SubChannel { id := IDGen.genID() - if !IsOn() { - return newIdentifer(RefSubChannel, id, pid), nil + sc := &SubChannel{ + ID: id, + RefName: ref, + parent: parent, } - sc := &subChannel{ - refName: ref, - c: c, - sockets: make(map[int64]string), - id: id, - pid: pid.Int(), - trace: &channelTrace{createdTime: time.Now(), events: make([]*TraceEvent, 0, getMaxTraceEntry())}, + if !IsOn() { + return sc } - db.get().addSubChannel(id, sc, pid.Int()) - return newIdentifer(RefSubChannel, id, pid), nil + + sc.sockets = make(map[int64]string) + sc.trace = &ChannelTrace{CreationTime: time.Now(), Events: make([]*traceEvent, 0, getMaxTraceEntry())} + db.addSubChannel(id, sc, parent.ID) + return sc } // RegisterServer registers the given server s in channelz database. It returns // the unique channelz tracking id assigned to this server. // // If channelz is not turned ON, the channelz database is not mutated. -func RegisterServer(s Server, ref string) *Identifier { +func RegisterServer(ref string) *Server { id := IDGen.genID() if !IsOn() { - return newIdentifer(RefServer, id, nil) + return &Server{ID: id} } - svr := &server{ - refName: ref, - s: s, + svr := &Server{ + RefName: ref, sockets: make(map[int64]string), listenSockets: make(map[int64]string), - id: id, - } - db.get().addServer(id, svr) - return newIdentifer(RefServer, id, nil) -} - -// RegisterListenSocket registers the given listen socket s in channelz database -// with ref as its reference name, and add it to the child list of its parent -// (identified by pid). It returns the unique channelz tracking id assigned to -// this listen socket. -// -// If channelz is not turned ON, the channelz database is not mutated. -func RegisterListenSocket(s Socket, pid *Identifier, ref string) (*Identifier, error) { - if pid == nil { - return nil, errors.New("a ListenSocket's parent id cannot be 0") + ID: id, } - id := IDGen.genID() - if !IsOn() { - return newIdentifer(RefListenSocket, id, pid), nil - } - - ls := &listenSocket{refName: ref, s: s, id: id, pid: pid.Int()} - db.get().addListenSocket(id, ls, pid.Int()) - return newIdentifer(RefListenSocket, id, pid), nil + db.addServer(id, svr) + return svr } -// RegisterNormalSocket registers the given normal socket s in channelz database +// RegisterSocket registers the given normal socket s in channelz database // with ref as its reference name, and adds it to the child list of its parent -// (identified by pid). It returns the unique channelz tracking id assigned to -// this normal socket. +// (identified by skt.Parent, which must be set). It returns the unique channelz +// tracking id assigned to this normal socket. // // If channelz is not turned ON, the channelz database is not mutated. -func RegisterNormalSocket(s Socket, pid *Identifier, ref string) (*Identifier, error) { - if pid == nil { - return nil, errors.New("a NormalSocket's parent id cannot be 0") - } - id := IDGen.genID() - if !IsOn() { - return newIdentifer(RefNormalSocket, id, pid), nil +func RegisterSocket(skt *Socket) *Socket { + skt.ID = IDGen.genID() + if IsOn() { + db.addSocket(skt) } - - ns := &normalSocket{refName: ref, s: s, id: id, pid: pid.Int()} - db.get().addNormalSocket(id, ns, pid.Int()) - return newIdentifer(RefNormalSocket, id, pid), nil + return skt } // RemoveEntry removes an entry with unique channelz tracking id to be id from // channelz database. // // If channelz is not turned ON, this function is a no-op. -func RemoveEntry(id *Identifier) { +func RemoveEntry(id int64) { if !IsOn() { return } - db.get().removeEntry(id.Int()) -} - -// TraceEventDesc is what the caller of AddTraceEvent should provide to describe -// the event to be added to the channel trace. -// -// The Parent field is optional. It is used for an event that will be recorded -// in the entity's parent trace. -type TraceEventDesc struct { - Desc string - Severity Severity - Parent *TraceEventDesc -} - -// AddTraceEvent adds trace related to the entity with specified id, using the -// provided TraceEventDesc. -// -// If channelz is not turned ON, this will simply log the event descriptions. -func AddTraceEvent(l grpclog.DepthLoggerV2, id *Identifier, depth int, desc *TraceEventDesc) { - // Log only the trace description associated with the bottom most entity. - switch desc.Severity { - case CtUnknown, CtInfo: - l.InfoDepth(depth+1, withParens(id)+desc.Desc) - case CtWarning: - l.WarningDepth(depth+1, withParens(id)+desc.Desc) - case CtError: - l.ErrorDepth(depth+1, withParens(id)+desc.Desc) - } - - if getMaxTraceEntry() == 0 { - return - } - if IsOn() { - db.get().traceEvent(id.Int(), desc) - } -} - -// channelMap is the storage data structure for channelz. -// Methods of channelMap can be divided in two two categories with respect to locking. -// 1. Methods acquire the global lock. -// 2. Methods that can only be called when global lock is held. -// A second type of method need always to be called inside a first type of method. -type channelMap struct { - mu sync.RWMutex - topLevelChannels map[int64]struct{} - servers map[int64]*server - channels map[int64]*channel - subChannels map[int64]*subChannel - listenSockets map[int64]*listenSocket - normalSockets map[int64]*normalSocket -} - -func newChannelMap() *channelMap { - return &channelMap{ - topLevelChannels: make(map[int64]struct{}), - channels: make(map[int64]*channel), - listenSockets: make(map[int64]*listenSocket), - normalSockets: make(map[int64]*normalSocket), - servers: make(map[int64]*server), - subChannels: make(map[int64]*subChannel), - } -} - -func (c *channelMap) addServer(id int64, s *server) { - c.mu.Lock() - s.cm = c - c.servers[id] = s - c.mu.Unlock() -} - -func (c *channelMap) addChannel(id int64, cn *channel, isTopChannel bool, pid int64) { - c.mu.Lock() - cn.cm = c - cn.trace.cm = c - c.channels[id] = cn - if isTopChannel { - c.topLevelChannels[id] = struct{}{} - } else { - c.findEntry(pid).addChild(id, cn) - } - c.mu.Unlock() -} - -func (c *channelMap) addSubChannel(id int64, sc *subChannel, pid int64) { - c.mu.Lock() - sc.cm = c - sc.trace.cm = c - c.subChannels[id] = sc - c.findEntry(pid).addChild(id, sc) - c.mu.Unlock() -} - -func (c *channelMap) addListenSocket(id int64, ls *listenSocket, pid int64) { - c.mu.Lock() - ls.cm = c - c.listenSockets[id] = ls - c.findEntry(pid).addChild(id, ls) - c.mu.Unlock() -} - -func (c *channelMap) addNormalSocket(id int64, ns *normalSocket, pid int64) { - c.mu.Lock() - ns.cm = c - c.normalSockets[id] = ns - c.findEntry(pid).addChild(id, ns) - c.mu.Unlock() -} - -// removeEntry triggers the removal of an entry, which may not indeed delete the entry, if it has to -// wait on the deletion of its children and until no other entity's channel trace references it. -// It may lead to a chain of entry deletion. For example, deleting the last socket of a gracefully -// shutting down server will lead to the server being also deleted. -func (c *channelMap) removeEntry(id int64) { - c.mu.Lock() - c.findEntry(id).triggerDelete() - c.mu.Unlock() -} - -// c.mu must be held by the caller -func (c *channelMap) decrTraceRefCount(id int64) { - e := c.findEntry(id) - if v, ok := e.(tracedChannel); ok { - v.decrTraceRefCount() - e.deleteSelfIfReady() - } -} - -// c.mu must be held by the caller. -func (c *channelMap) findEntry(id int64) entry { - var v entry - var ok bool - if v, ok = c.channels[id]; ok { - return v - } - if v, ok = c.subChannels[id]; ok { - return v - } - if v, ok = c.servers[id]; ok { - return v - } - if v, ok = c.listenSockets[id]; ok { - return v - } - if v, ok = c.normalSockets[id]; ok { - return v - } - return &dummyEntry{idNotFound: id} -} - -// c.mu must be held by the caller -// deleteEntry simply deletes an entry from the channelMap. Before calling this -// method, caller must check this entry is ready to be deleted, i.e removeEntry() -// has been called on it, and no children still exist. -// Conditionals are ordered by the expected frequency of deletion of each entity -// type, in order to optimize performance. -func (c *channelMap) deleteEntry(id int64) { - var ok bool - if _, ok = c.normalSockets[id]; ok { - delete(c.normalSockets, id) - return - } - if _, ok = c.subChannels[id]; ok { - delete(c.subChannels, id) - return - } - if _, ok = c.channels[id]; ok { - delete(c.channels, id) - delete(c.topLevelChannels, id) - return - } - if _, ok = c.listenSockets[id]; ok { - delete(c.listenSockets, id) - return - } - if _, ok = c.servers[id]; ok { - delete(c.servers, id) - return - } -} - -func (c *channelMap) traceEvent(id int64, desc *TraceEventDesc) { - c.mu.Lock() - child := c.findEntry(id) - childTC, ok := child.(tracedChannel) - if !ok { - c.mu.Unlock() - return - } - childTC.getChannelTrace().append(&TraceEvent{Desc: desc.Desc, Severity: desc.Severity, Timestamp: time.Now()}) - if desc.Parent != nil { - parent := c.findEntry(child.getParentID()) - var chanType RefChannelType - switch child.(type) { - case *channel: - chanType = RefChannel - case *subChannel: - chanType = RefSubChannel - } - if parentTC, ok := parent.(tracedChannel); ok { - parentTC.getChannelTrace().append(&TraceEvent{ - Desc: desc.Parent.Desc, - Severity: desc.Parent.Severity, - Timestamp: time.Now(), - RefID: id, - RefName: childTC.getRefName(), - RefType: chanType, - }) - childTC.incrTraceRefCount() - } - } - c.mu.Unlock() -} - -type int64Slice []int64 - -func (s int64Slice) Len() int { return len(s) } -func (s int64Slice) Swap(i, j int) { s[i], s[j] = s[j], s[i] } -func (s int64Slice) Less(i, j int) bool { return s[i] < s[j] } - -func copyMap(m map[int64]string) map[int64]string { - n := make(map[int64]string) - for k, v := range m { - n[k] = v - } - return n -} - -func min(a, b int64) int64 { - if a < b { - return a - } - return b -} - -func (c *channelMap) GetTopChannels(id int64, maxResults int64) ([]*ChannelMetric, bool) { - if maxResults <= 0 { - maxResults = EntryPerPage - } - c.mu.RLock() - l := int64(len(c.topLevelChannels)) - ids := make([]int64, 0, l) - cns := make([]*channel, 0, min(l, maxResults)) - - for k := range c.topLevelChannels { - ids = append(ids, k) - } - sort.Sort(int64Slice(ids)) - idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id }) - count := int64(0) - var end bool - var t []*ChannelMetric - for i, v := range ids[idx:] { - if count == maxResults { - break - } - if cn, ok := c.channels[v]; ok { - cns = append(cns, cn) - t = append(t, &ChannelMetric{ - NestedChans: copyMap(cn.nestedChans), - SubChans: copyMap(cn.subChans), - }) - count++ - } - if i == len(ids[idx:])-1 { - end = true - break - } - } - c.mu.RUnlock() - if count == 0 { - end = true - } - - for i, cn := range cns { - t[i].ChannelData = cn.c.ChannelzMetric() - t[i].ID = cn.id - t[i].RefName = cn.refName - t[i].Trace = cn.trace.dumpData() - } - return t, end -} - -func (c *channelMap) GetServers(id, maxResults int64) ([]*ServerMetric, bool) { - if maxResults <= 0 { - maxResults = EntryPerPage - } - c.mu.RLock() - l := int64(len(c.servers)) - ids := make([]int64, 0, l) - ss := make([]*server, 0, min(l, maxResults)) - for k := range c.servers { - ids = append(ids, k) - } - sort.Sort(int64Slice(ids)) - idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= id }) - count := int64(0) - var end bool - var s []*ServerMetric - for i, v := range ids[idx:] { - if count == maxResults { - break - } - if svr, ok := c.servers[v]; ok { - ss = append(ss, svr) - s = append(s, &ServerMetric{ - ListenSockets: copyMap(svr.listenSockets), - }) - count++ - } - if i == len(ids[idx:])-1 { - end = true - break - } - } - c.mu.RUnlock() - if count == 0 { - end = true - } - - for i, svr := range ss { - s[i].ServerData = svr.s.ChannelzMetric() - s[i].ID = svr.id - s[i].RefName = svr.refName - } - return s, end -} - -func (c *channelMap) GetServerSockets(id int64, startID int64, maxResults int64) ([]*SocketMetric, bool) { - if maxResults <= 0 { - maxResults = EntryPerPage - } - var svr *server - var ok bool - c.mu.RLock() - if svr, ok = c.servers[id]; !ok { - // server with id doesn't exist. - c.mu.RUnlock() - return nil, true - } - svrskts := svr.sockets - l := int64(len(svrskts)) - ids := make([]int64, 0, l) - sks := make([]*normalSocket, 0, min(l, maxResults)) - for k := range svrskts { - ids = append(ids, k) - } - sort.Sort(int64Slice(ids)) - idx := sort.Search(len(ids), func(i int) bool { return ids[i] >= startID }) - count := int64(0) - var end bool - for i, v := range ids[idx:] { - if count == maxResults { - break - } - if ns, ok := c.normalSockets[v]; ok { - sks = append(sks, ns) - count++ - } - if i == len(ids[idx:])-1 { - end = true - break - } - } - c.mu.RUnlock() - if count == 0 { - end = true - } - s := make([]*SocketMetric, 0, len(sks)) - for _, ns := range sks { - sm := &SocketMetric{} - sm.SocketData = ns.s.ChannelzMetric() - sm.ID = ns.id - sm.RefName = ns.refName - s = append(s, sm) - } - return s, end -} - -func (c *channelMap) GetChannel(id int64) *ChannelMetric { - cm := &ChannelMetric{} - var cn *channel - var ok bool - c.mu.RLock() - if cn, ok = c.channels[id]; !ok { - // channel with id doesn't exist. - c.mu.RUnlock() - return nil - } - cm.NestedChans = copyMap(cn.nestedChans) - cm.SubChans = copyMap(cn.subChans) - // cn.c can be set to &dummyChannel{} when deleteSelfFromMap is called. Save a copy of cn.c when - // holding the lock to prevent potential data race. - chanCopy := cn.c - c.mu.RUnlock() - cm.ChannelData = chanCopy.ChannelzMetric() - cm.ID = cn.id - cm.RefName = cn.refName - cm.Trace = cn.trace.dumpData() - return cm -} - -func (c *channelMap) GetSubChannel(id int64) *SubChannelMetric { - cm := &SubChannelMetric{} - var sc *subChannel - var ok bool - c.mu.RLock() - if sc, ok = c.subChannels[id]; !ok { - // subchannel with id doesn't exist. - c.mu.RUnlock() - return nil - } - cm.Sockets = copyMap(sc.sockets) - // sc.c can be set to &dummyChannel{} when deleteSelfFromMap is called. Save a copy of sc.c when - // holding the lock to prevent potential data race. - chanCopy := sc.c - c.mu.RUnlock() - cm.ChannelData = chanCopy.ChannelzMetric() - cm.ID = sc.id - cm.RefName = sc.refName - cm.Trace = sc.trace.dumpData() - return cm -} - -func (c *channelMap) GetSocket(id int64) *SocketMetric { - sm := &SocketMetric{} - c.mu.RLock() - if ls, ok := c.listenSockets[id]; ok { - c.mu.RUnlock() - sm.SocketData = ls.s.ChannelzMetric() - sm.ID = ls.id - sm.RefName = ls.refName - return sm - } - if ns, ok := c.normalSockets[id]; ok { - c.mu.RUnlock() - sm.SocketData = ns.s.ChannelzMetric() - sm.ID = ns.id - sm.RefName = ns.refName - return sm - } - c.mu.RUnlock() - return nil -} - -func (c *channelMap) GetServer(id int64) *ServerMetric { - sm := &ServerMetric{} - var svr *server - var ok bool - c.mu.RLock() - if svr, ok = c.servers[id]; !ok { - c.mu.RUnlock() - return nil - } - sm.ListenSockets = copyMap(svr.listenSockets) - c.mu.RUnlock() - sm.ID = svr.id - sm.RefName = svr.refName - sm.ServerData = svr.s.ChannelzMetric() - return sm + db.removeEntry(id) } // IDGenerator is an incrementing atomic that tracks IDs for channelz entities. @@ -754,3 +220,11 @@ func (i *IDGenerator) Reset() { func (i *IDGenerator) genID() int64 { return atomic.AddInt64(&i.id, 1) } + +// Identifier is an opaque channelz identifier used to expose channelz symbols +// outside of grpc. Currently only implemented by Channel since no other +// types require exposure outside grpc. +type Identifier interface { + Entity + channelzIdentifier() +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/id.go b/vendor/google.golang.org/grpc/internal/channelz/id.go deleted file mode 100644 index c9a27acd3..000000000 --- a/vendor/google.golang.org/grpc/internal/channelz/id.go +++ /dev/null @@ -1,75 +0,0 @@ -/* - * - * Copyright 2022 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package channelz - -import "fmt" - -// Identifier is an opaque identifier which uniquely identifies an entity in the -// channelz database. -type Identifier struct { - typ RefChannelType - id int64 - str string - pid *Identifier -} - -// Type returns the entity type corresponding to id. -func (id *Identifier) Type() RefChannelType { - return id.typ -} - -// Int returns the integer identifier corresponding to id. -func (id *Identifier) Int() int64 { - return id.id -} - -// String returns a string representation of the entity corresponding to id. -// -// This includes some information about the parent as well. Examples: -// Top-level channel: [Channel #channel-number] -// Nested channel: [Channel #parent-channel-number Channel #channel-number] -// Sub channel: [Channel #parent-channel SubChannel #subchannel-number] -func (id *Identifier) String() string { - return id.str -} - -// Equal returns true if other is the same as id. -func (id *Identifier) Equal(other *Identifier) bool { - if (id != nil) != (other != nil) { - return false - } - if id == nil && other == nil { - return true - } - return id.typ == other.typ && id.id == other.id && id.pid == other.pid -} - -// NewIdentifierForTesting returns a new opaque identifier to be used only for -// testing purposes. -func NewIdentifierForTesting(typ RefChannelType, id int64, pid *Identifier) *Identifier { - return newIdentifer(typ, id, pid) -} - -func newIdentifer(typ RefChannelType, id int64, pid *Identifier) *Identifier { - str := fmt.Sprintf("%s #%d", typ, id) - if pid != nil { - str = fmt.Sprintf("%s %s", pid, str) - } - return &Identifier{typ: typ, id: id, str: str, pid: pid} -} diff --git a/vendor/google.golang.org/grpc/internal/channelz/logging.go b/vendor/google.golang.org/grpc/internal/channelz/logging.go index f89e6f77b..ee4d72125 100644 --- a/vendor/google.golang.org/grpc/internal/channelz/logging.go +++ b/vendor/google.golang.org/grpc/internal/channelz/logging.go @@ -26,53 +26,49 @@ import ( var logger = grpclog.Component("channelz") -func withParens(id *Identifier) string { - return "[" + id.String() + "] " -} - // Info logs and adds a trace event if channelz is on. -func Info(l grpclog.DepthLoggerV2, id *Identifier, args ...any) { - AddTraceEvent(l, id, 1, &TraceEventDesc{ +func Info(l grpclog.DepthLoggerV2, e Entity, args ...any) { + AddTraceEvent(l, e, 1, &TraceEvent{ Desc: fmt.Sprint(args...), Severity: CtInfo, }) } // Infof logs and adds a trace event if channelz is on. -func Infof(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) { - AddTraceEvent(l, id, 1, &TraceEventDesc{ +func Infof(l grpclog.DepthLoggerV2, e Entity, format string, args ...any) { + AddTraceEvent(l, e, 1, &TraceEvent{ Desc: fmt.Sprintf(format, args...), Severity: CtInfo, }) } // Warning logs and adds a trace event if channelz is on. -func Warning(l grpclog.DepthLoggerV2, id *Identifier, args ...any) { - AddTraceEvent(l, id, 1, &TraceEventDesc{ +func Warning(l grpclog.DepthLoggerV2, e Entity, args ...any) { + AddTraceEvent(l, e, 1, &TraceEvent{ Desc: fmt.Sprint(args...), Severity: CtWarning, }) } // Warningf logs and adds a trace event if channelz is on. -func Warningf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) { - AddTraceEvent(l, id, 1, &TraceEventDesc{ +func Warningf(l grpclog.DepthLoggerV2, e Entity, format string, args ...any) { + AddTraceEvent(l, e, 1, &TraceEvent{ Desc: fmt.Sprintf(format, args...), Severity: CtWarning, }) } // Error logs and adds a trace event if channelz is on. -func Error(l grpclog.DepthLoggerV2, id *Identifier, args ...any) { - AddTraceEvent(l, id, 1, &TraceEventDesc{ +func Error(l grpclog.DepthLoggerV2, e Entity, args ...any) { + AddTraceEvent(l, e, 1, &TraceEvent{ Desc: fmt.Sprint(args...), Severity: CtError, }) } // Errorf logs and adds a trace event if channelz is on. -func Errorf(l grpclog.DepthLoggerV2, id *Identifier, format string, args ...any) { - AddTraceEvent(l, id, 1, &TraceEventDesc{ +func Errorf(l grpclog.DepthLoggerV2, e Entity, format string, args ...any) { + AddTraceEvent(l, e, 1, &TraceEvent{ Desc: fmt.Sprintf(format, args...), Severity: CtError, }) diff --git a/vendor/google.golang.org/grpc/internal/channelz/server.go b/vendor/google.golang.org/grpc/internal/channelz/server.go new file mode 100644 index 000000000..cdfc49d6e --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/channelz/server.go @@ -0,0 +1,119 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package channelz + +import ( + "fmt" + "sync/atomic" +) + +// Server is the channelz representation of a server. +type Server struct { + Entity + ID int64 + RefName string + + ServerMetrics ServerMetrics + + closeCalled bool + sockets map[int64]string + listenSockets map[int64]string + cm *channelMap +} + +// ServerMetrics defines a struct containing metrics for servers. +type ServerMetrics struct { + // The number of incoming calls started on the server. + CallsStarted atomic.Int64 + // The number of incoming calls that have completed with an OK status. + CallsSucceeded atomic.Int64 + // The number of incoming calls that have a completed with a non-OK status. + CallsFailed atomic.Int64 + // The last time a call was started on the server. + LastCallStartedTimestamp atomic.Int64 +} + +// NewServerMetricsForTesting returns an initialized ServerMetrics. +func NewServerMetricsForTesting(started, succeeded, failed, timestamp int64) *ServerMetrics { + sm := &ServerMetrics{} + sm.CallsStarted.Store(started) + sm.CallsSucceeded.Store(succeeded) + sm.CallsFailed.Store(failed) + sm.LastCallStartedTimestamp.Store(timestamp) + return sm +} + +func (sm *ServerMetrics) CopyFrom(o *ServerMetrics) { + sm.CallsStarted.Store(o.CallsStarted.Load()) + sm.CallsSucceeded.Store(o.CallsSucceeded.Load()) + sm.CallsFailed.Store(o.CallsFailed.Load()) + sm.LastCallStartedTimestamp.Store(o.LastCallStartedTimestamp.Load()) +} + +// ListenSockets returns the listening sockets for s. +func (s *Server) ListenSockets() map[int64]string { + db.mu.RLock() + defer db.mu.RUnlock() + return copyMap(s.listenSockets) +} + +// String returns a printable description of s. +func (s *Server) String() string { + return fmt.Sprintf("Server #%d", s.ID) +} + +func (s *Server) id() int64 { + return s.ID +} + +func (s *Server) addChild(id int64, e entry) { + switch v := e.(type) { + case *Socket: + switch v.SocketType { + case SocketTypeNormal: + s.sockets[id] = v.RefName + case SocketTypeListen: + s.listenSockets[id] = v.RefName + } + default: + logger.Errorf("cannot add a child (id = %d) of type %T to a server", id, e) + } +} + +func (s *Server) deleteChild(id int64) { + delete(s.sockets, id) + delete(s.listenSockets, id) + s.deleteSelfIfReady() +} + +func (s *Server) triggerDelete() { + s.closeCalled = true + s.deleteSelfIfReady() +} + +func (s *Server) deleteSelfIfReady() { + if !s.closeCalled || len(s.sockets)+len(s.listenSockets) != 0 { + return + } + s.cm.deleteEntry(s.ID) +} + +func (s *Server) getParentID() int64 { + return 0 +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/socket.go b/vendor/google.golang.org/grpc/internal/channelz/socket.go new file mode 100644 index 000000000..fa64834b2 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/channelz/socket.go @@ -0,0 +1,130 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package channelz + +import ( + "fmt" + "net" + "sync/atomic" + + "google.golang.org/grpc/credentials" +) + +// SocketMetrics defines the struct that the implementor of Socket interface +// should return from ChannelzMetric(). +type SocketMetrics struct { + // The number of streams that have been started. + StreamsStarted atomic.Int64 + // The number of streams that have ended successfully: + // On client side, receiving frame with eos bit set. + // On server side, sending frame with eos bit set. + StreamsSucceeded atomic.Int64 + // The number of streams that have ended unsuccessfully: + // On client side, termination without receiving frame with eos bit set. + // On server side, termination without sending frame with eos bit set. + StreamsFailed atomic.Int64 + // The number of messages successfully sent on this socket. + MessagesSent atomic.Int64 + MessagesReceived atomic.Int64 + // The number of keep alives sent. This is typically implemented with HTTP/2 + // ping messages. + KeepAlivesSent atomic.Int64 + // The last time a stream was created by this endpoint. Usually unset for + // servers. + LastLocalStreamCreatedTimestamp atomic.Int64 + // The last time a stream was created by the remote endpoint. Usually unset + // for clients. + LastRemoteStreamCreatedTimestamp atomic.Int64 + // The last time a message was sent by this endpoint. + LastMessageSentTimestamp atomic.Int64 + // The last time a message was received by this endpoint. + LastMessageReceivedTimestamp atomic.Int64 +} + +// EphemeralSocketMetrics are metrics that change rapidly and are tracked +// outside of channelz. +type EphemeralSocketMetrics struct { + // The amount of window, granted to the local endpoint by the remote endpoint. + // This may be slightly out of date due to network latency. This does NOT + // include stream level or TCP level flow control info. + LocalFlowControlWindow int64 + // The amount of window, granted to the remote endpoint by the local endpoint. + // This may be slightly out of date due to network latency. This does NOT + // include stream level or TCP level flow control info. + RemoteFlowControlWindow int64 +} + +type SocketType string + +const ( + SocketTypeNormal = "NormalSocket" + SocketTypeListen = "ListenSocket" +) + +type Socket struct { + Entity + SocketType SocketType + ID int64 + Parent Entity + cm *channelMap + SocketMetrics SocketMetrics + EphemeralMetrics func() *EphemeralSocketMetrics + + RefName string + // The locally bound address. Immutable. + LocalAddr net.Addr + // The remote bound address. May be absent. Immutable. + RemoteAddr net.Addr + // Optional, represents the name of the remote endpoint, if different than + // the original target name. Immutable. + RemoteName string + // Immutable. + SocketOptions *SocketOptionData + // Immutable. + Security credentials.ChannelzSecurityValue +} + +func (ls *Socket) String() string { + return fmt.Sprintf("%s %s #%d", ls.Parent, ls.SocketType, ls.ID) +} + +func (ls *Socket) id() int64 { + return ls.ID +} + +func (ls *Socket) addChild(id int64, e entry) { + logger.Errorf("cannot add a child (id = %d) of type %T to a listen socket", id, e) +} + +func (ls *Socket) deleteChild(id int64) { + logger.Errorf("cannot delete a child (id = %d) from a listen socket", id) +} + +func (ls *Socket) triggerDelete() { + ls.cm.deleteEntry(ls.ID) + ls.Parent.(entry).deleteChild(ls.ID) +} + +func (ls *Socket) deleteSelfIfReady() { + logger.Errorf("cannot call deleteSelfIfReady on a listen socket") +} + +func (ls *Socket) getParentID() int64 { + return ls.Parent.id() +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/subchannel.go b/vendor/google.golang.org/grpc/internal/channelz/subchannel.go new file mode 100644 index 000000000..3b88e4cba --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/channelz/subchannel.go @@ -0,0 +1,151 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package channelz + +import ( + "fmt" + "sync/atomic" +) + +// SubChannel is the channelz representation of a subchannel. +type SubChannel struct { + Entity + // ID is the channelz id of this subchannel. + ID int64 + // RefName is the human readable reference string of this subchannel. + RefName string + closeCalled bool + sockets map[int64]string + parent *Channel + trace *ChannelTrace + traceRefCount int32 + + ChannelMetrics ChannelMetrics +} + +func (sc *SubChannel) String() string { + return fmt.Sprintf("%s SubChannel #%d", sc.parent, sc.ID) +} + +func (sc *SubChannel) id() int64 { + return sc.ID +} + +func (sc *SubChannel) Sockets() map[int64]string { + db.mu.RLock() + defer db.mu.RUnlock() + return copyMap(sc.sockets) +} + +func (sc *SubChannel) Trace() *ChannelTrace { + db.mu.RLock() + defer db.mu.RUnlock() + return sc.trace.copy() +} + +func (sc *SubChannel) addChild(id int64, e entry) { + if v, ok := e.(*Socket); ok && v.SocketType == SocketTypeNormal { + sc.sockets[id] = v.RefName + } else { + logger.Errorf("cannot add a child (id = %d) of type %T to a subChannel", id, e) + } +} + +func (sc *SubChannel) deleteChild(id int64) { + delete(sc.sockets, id) + sc.deleteSelfIfReady() +} + +func (sc *SubChannel) triggerDelete() { + sc.closeCalled = true + sc.deleteSelfIfReady() +} + +func (sc *SubChannel) getParentID() int64 { + return sc.parent.ID +} + +// deleteSelfFromTree tries to delete the subchannel from the channelz entry relation tree, which +// means deleting the subchannel reference from its parent's child list. +// +// In order for a subchannel to be deleted from the tree, it must meet the criteria that, removal of +// the corresponding grpc object has been invoked, and the subchannel does not have any children left. +// +// The returned boolean value indicates whether the channel has been successfully deleted from tree. +func (sc *SubChannel) deleteSelfFromTree() (deleted bool) { + if !sc.closeCalled || len(sc.sockets) != 0 { + return false + } + sc.parent.deleteChild(sc.ID) + return true +} + +// deleteSelfFromMap checks whether it is valid to delete the subchannel from the map, which means +// deleting the subchannel from channelz's tracking entirely. Users can no longer use id to query +// the subchannel, and its memory will be garbage collected. +// +// The trace reference count of the subchannel must be 0 in order to be deleted from the map. This is +// specified in the channel tracing gRFC that as long as some other trace has reference to an entity, +// the trace of the referenced entity must not be deleted. In order to release the resource allocated +// by grpc, the reference to the grpc object is reset to a dummy object. +// +// deleteSelfFromMap must be called after deleteSelfFromTree returns true. +// +// It returns a bool to indicate whether the channel can be safely deleted from map. +func (sc *SubChannel) deleteSelfFromMap() (delete bool) { + return sc.getTraceRefCount() == 0 +} + +// deleteSelfIfReady tries to delete the subchannel itself from the channelz database. +// The delete process includes two steps: +// 1. delete the subchannel from the entry relation tree, i.e. delete the subchannel reference from +// its parent's child list. +// 2. delete the subchannel from the map, i.e. delete the subchannel entirely from channelz. Lookup +// by id will return entry not found error. +func (sc *SubChannel) deleteSelfIfReady() { + if !sc.deleteSelfFromTree() { + return + } + if !sc.deleteSelfFromMap() { + return + } + db.deleteEntry(sc.ID) + sc.trace.clear() +} + +func (sc *SubChannel) getChannelTrace() *ChannelTrace { + return sc.trace +} + +func (sc *SubChannel) incrTraceRefCount() { + atomic.AddInt32(&sc.traceRefCount, 1) +} + +func (sc *SubChannel) decrTraceRefCount() { + atomic.AddInt32(&sc.traceRefCount, -1) +} + +func (sc *SubChannel) getTraceRefCount() int { + i := atomic.LoadInt32(&sc.traceRefCount) + return int(i) +} + +func (sc *SubChannel) getRefName() string { + return sc.RefName +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/types_linux.go b/vendor/google.golang.org/grpc/internal/channelz/syscall_linux.go similarity index 83% rename from vendor/google.golang.org/grpc/internal/channelz/types_linux.go rename to vendor/google.golang.org/grpc/internal/channelz/syscall_linux.go index 1b1c4cce3..5ac73ff83 100644 --- a/vendor/google.golang.org/grpc/internal/channelz/types_linux.go +++ b/vendor/google.golang.org/grpc/internal/channelz/syscall_linux.go @@ -49,3 +49,17 @@ func (s *SocketOptionData) Getsockopt(fd uintptr) { s.TCPInfo = v } } + +// GetSocketOption gets the socket option info of the conn. +func GetSocketOption(socket any) *SocketOptionData { + c, ok := socket.(syscall.Conn) + if !ok { + return nil + } + data := &SocketOptionData{} + if rawConn, err := c.SyscallConn(); err == nil { + rawConn.Control(data.Getsockopt) + return data + } + return nil +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/types_nonlinux.go b/vendor/google.golang.org/grpc/internal/channelz/syscall_nonlinux.go similarity index 90% rename from vendor/google.golang.org/grpc/internal/channelz/types_nonlinux.go rename to vendor/google.golang.org/grpc/internal/channelz/syscall_nonlinux.go index 8b06eed1a..d1ed8df6a 100644 --- a/vendor/google.golang.org/grpc/internal/channelz/types_nonlinux.go +++ b/vendor/google.golang.org/grpc/internal/channelz/syscall_nonlinux.go @@ -1,5 +1,4 @@ //go:build !linux -// +build !linux /* * @@ -41,3 +40,8 @@ func (s *SocketOptionData) Getsockopt(fd uintptr) { logger.Warning("Channelz: socket options are not supported on non-linux environments") }) } + +// GetSocketOption gets the socket option info of the conn. +func GetSocketOption(c any) *SocketOptionData { + return nil +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/trace.go b/vendor/google.golang.org/grpc/internal/channelz/trace.go new file mode 100644 index 000000000..36b867403 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/channelz/trace.go @@ -0,0 +1,204 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package channelz + +import ( + "fmt" + "sync" + "sync/atomic" + "time" + + "google.golang.org/grpc/grpclog" +) + +const ( + defaultMaxTraceEntry int32 = 30 +) + +var maxTraceEntry = defaultMaxTraceEntry + +// SetMaxTraceEntry sets maximum number of trace entries per entity (i.e. +// channel/subchannel). Setting it to 0 will disable channel tracing. +func SetMaxTraceEntry(i int32) { + atomic.StoreInt32(&maxTraceEntry, i) +} + +// ResetMaxTraceEntryToDefault resets the maximum number of trace entries per +// entity to default. +func ResetMaxTraceEntryToDefault() { + atomic.StoreInt32(&maxTraceEntry, defaultMaxTraceEntry) +} + +func getMaxTraceEntry() int { + i := atomic.LoadInt32(&maxTraceEntry) + return int(i) +} + +// traceEvent is an internal representation of a single trace event +type traceEvent struct { + // Desc is a simple description of the trace event. + Desc string + // Severity states the severity of this trace event. + Severity Severity + // Timestamp is the event time. + Timestamp time.Time + // RefID is the id of the entity that gets referenced in the event. RefID is 0 if no other entity is + // involved in this event. + // e.g. SubChannel (id: 4[]) Created. --> RefID = 4, RefName = "" (inside []) + RefID int64 + // RefName is the reference name for the entity that gets referenced in the event. + RefName string + // RefType indicates the referenced entity type, i.e Channel or SubChannel. + RefType RefChannelType +} + +// TraceEvent is what the caller of AddTraceEvent should provide to describe the +// event to be added to the channel trace. +// +// The Parent field is optional. It is used for an event that will be recorded +// in the entity's parent trace. +type TraceEvent struct { + Desc string + Severity Severity + Parent *TraceEvent +} + +type ChannelTrace struct { + cm *channelMap + clearCalled bool + CreationTime time.Time + EventNum int64 + mu sync.Mutex + Events []*traceEvent +} + +func (c *ChannelTrace) copy() *ChannelTrace { + return &ChannelTrace{ + CreationTime: c.CreationTime, + EventNum: c.EventNum, + Events: append(([]*traceEvent)(nil), c.Events...), + } +} + +func (c *ChannelTrace) append(e *traceEvent) { + c.mu.Lock() + if len(c.Events) == getMaxTraceEntry() { + del := c.Events[0] + c.Events = c.Events[1:] + if del.RefID != 0 { + // start recursive cleanup in a goroutine to not block the call originated from grpc. + go func() { + // need to acquire c.cm.mu lock to call the unlocked attemptCleanup func. + c.cm.mu.Lock() + c.cm.decrTraceRefCount(del.RefID) + c.cm.mu.Unlock() + }() + } + } + e.Timestamp = time.Now() + c.Events = append(c.Events, e) + c.EventNum++ + c.mu.Unlock() +} + +func (c *ChannelTrace) clear() { + if c.clearCalled { + return + } + c.clearCalled = true + c.mu.Lock() + for _, e := range c.Events { + if e.RefID != 0 { + // caller should have already held the c.cm.mu lock. + c.cm.decrTraceRefCount(e.RefID) + } + } + c.mu.Unlock() +} + +// Severity is the severity level of a trace event. +// The canonical enumeration of all valid values is here: +// https://github.com/grpc/grpc-proto/blob/9b13d199cc0d4703c7ea26c9c330ba695866eb23/grpc/channelz/v1/channelz.proto#L126. +type Severity int + +const ( + // CtUnknown indicates unknown severity of a trace event. + CtUnknown Severity = iota + // CtInfo indicates info level severity of a trace event. + CtInfo + // CtWarning indicates warning level severity of a trace event. + CtWarning + // CtError indicates error level severity of a trace event. + CtError +) + +// RefChannelType is the type of the entity being referenced in a trace event. +type RefChannelType int + +const ( + // RefUnknown indicates an unknown entity type, the zero value for this type. + RefUnknown RefChannelType = iota + // RefChannel indicates the referenced entity is a Channel. + RefChannel + // RefSubChannel indicates the referenced entity is a SubChannel. + RefSubChannel + // RefServer indicates the referenced entity is a Server. + RefServer + // RefListenSocket indicates the referenced entity is a ListenSocket. + RefListenSocket + // RefNormalSocket indicates the referenced entity is a NormalSocket. + RefNormalSocket +) + +var refChannelTypeToString = map[RefChannelType]string{ + RefUnknown: "Unknown", + RefChannel: "Channel", + RefSubChannel: "SubChannel", + RefServer: "Server", + RefListenSocket: "ListenSocket", + RefNormalSocket: "NormalSocket", +} + +func (r RefChannelType) String() string { + return refChannelTypeToString[r] +} + +// AddTraceEvent adds trace related to the entity with specified id, using the +// provided TraceEventDesc. +// +// If channelz is not turned ON, this will simply log the event descriptions. +func AddTraceEvent(l grpclog.DepthLoggerV2, e Entity, depth int, desc *TraceEvent) { + // Log only the trace description associated with the bottom most entity. + d := fmt.Sprintf("[%s]%s", e, desc.Desc) + switch desc.Severity { + case CtUnknown, CtInfo: + l.InfoDepth(depth+1, d) + case CtWarning: + l.WarningDepth(depth+1, d) + case CtError: + l.ErrorDepth(depth+1, d) + } + + if getMaxTraceEntry() == 0 { + return + } + if IsOn() { + db.traceEvent(e.id(), desc) + } +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/types.go b/vendor/google.golang.org/grpc/internal/channelz/types.go deleted file mode 100644 index 1d4020f53..000000000 --- a/vendor/google.golang.org/grpc/internal/channelz/types.go +++ /dev/null @@ -1,727 +0,0 @@ -/* - * - * Copyright 2018 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package channelz - -import ( - "net" - "sync" - "sync/atomic" - "time" - - "google.golang.org/grpc/connectivity" - "google.golang.org/grpc/credentials" -) - -// entry represents a node in the channelz database. -type entry interface { - // addChild adds a child e, whose channelz id is id to child list - addChild(id int64, e entry) - // deleteChild deletes a child with channelz id to be id from child list - deleteChild(id int64) - // triggerDelete tries to delete self from channelz database. However, if child - // list is not empty, then deletion from the database is on hold until the last - // child is deleted from database. - triggerDelete() - // deleteSelfIfReady check whether triggerDelete() has been called before, and whether child - // list is now empty. If both conditions are met, then delete self from database. - deleteSelfIfReady() - // getParentID returns parent ID of the entry. 0 value parent ID means no parent. - getParentID() int64 -} - -// dummyEntry is a fake entry to handle entry not found case. -type dummyEntry struct { - idNotFound int64 -} - -func (d *dummyEntry) addChild(id int64, e entry) { - // Note: It is possible for a normal program to reach here under race condition. - // For example, there could be a race between ClientConn.Close() info being propagated - // to addrConn and http2Client. ClientConn.Close() cancel the context and result - // in http2Client to error. The error info is then caught by transport monitor - // and before addrConn.tearDown() is called in side ClientConn.Close(). Therefore, - // the addrConn will create a new transport. And when registering the new transport in - // channelz, its parent addrConn could have already been torn down and deleted - // from channelz tracking, and thus reach the code here. - logger.Infof("attempt to add child of type %T with id %d to a parent (id=%d) that doesn't currently exist", e, id, d.idNotFound) -} - -func (d *dummyEntry) deleteChild(id int64) { - // It is possible for a normal program to reach here under race condition. - // Refer to the example described in addChild(). - logger.Infof("attempt to delete child with id %d from a parent (id=%d) that doesn't currently exist", id, d.idNotFound) -} - -func (d *dummyEntry) triggerDelete() { - logger.Warningf("attempt to delete an entry (id=%d) that doesn't currently exist", d.idNotFound) -} - -func (*dummyEntry) deleteSelfIfReady() { - // code should not reach here. deleteSelfIfReady is always called on an existing entry. -} - -func (*dummyEntry) getParentID() int64 { - return 0 -} - -// ChannelMetric defines the info channelz provides for a specific Channel, which -// includes ChannelInternalMetric and channelz-specific data, such as channelz id, -// child list, etc. -type ChannelMetric struct { - // ID is the channelz id of this channel. - ID int64 - // RefName is the human readable reference string of this channel. - RefName string - // ChannelData contains channel internal metric reported by the channel through - // ChannelzMetric(). - ChannelData *ChannelInternalMetric - // NestedChans tracks the nested channel type children of this channel in the format of - // a map from nested channel channelz id to corresponding reference string. - NestedChans map[int64]string - // SubChans tracks the subchannel type children of this channel in the format of a - // map from subchannel channelz id to corresponding reference string. - SubChans map[int64]string - // Sockets tracks the socket type children of this channel in the format of a map - // from socket channelz id to corresponding reference string. - // Note current grpc implementation doesn't allow channel having sockets directly, - // therefore, this is field is unused. - Sockets map[int64]string - // Trace contains the most recent traced events. - Trace *ChannelTrace -} - -// SubChannelMetric defines the info channelz provides for a specific SubChannel, -// which includes ChannelInternalMetric and channelz-specific data, such as -// channelz id, child list, etc. -type SubChannelMetric struct { - // ID is the channelz id of this subchannel. - ID int64 - // RefName is the human readable reference string of this subchannel. - RefName string - // ChannelData contains subchannel internal metric reported by the subchannel - // through ChannelzMetric(). - ChannelData *ChannelInternalMetric - // NestedChans tracks the nested channel type children of this subchannel in the format of - // a map from nested channel channelz id to corresponding reference string. - // Note current grpc implementation doesn't allow subchannel to have nested channels - // as children, therefore, this field is unused. - NestedChans map[int64]string - // SubChans tracks the subchannel type children of this subchannel in the format of a - // map from subchannel channelz id to corresponding reference string. - // Note current grpc implementation doesn't allow subchannel to have subchannels - // as children, therefore, this field is unused. - SubChans map[int64]string - // Sockets tracks the socket type children of this subchannel in the format of a map - // from socket channelz id to corresponding reference string. - Sockets map[int64]string - // Trace contains the most recent traced events. - Trace *ChannelTrace -} - -// ChannelInternalMetric defines the struct that the implementor of Channel interface -// should return from ChannelzMetric(). -type ChannelInternalMetric struct { - // current connectivity state of the channel. - State connectivity.State - // The target this channel originally tried to connect to. May be absent - Target string - // The number of calls started on the channel. - CallsStarted int64 - // The number of calls that have completed with an OK status. - CallsSucceeded int64 - // The number of calls that have a completed with a non-OK status. - CallsFailed int64 - // The last time a call was started on the channel. - LastCallStartedTimestamp time.Time -} - -// ChannelTrace stores traced events on a channel/subchannel and related info. -type ChannelTrace struct { - // EventNum is the number of events that ever got traced (i.e. including those that have been deleted) - EventNum int64 - // CreationTime is the creation time of the trace. - CreationTime time.Time - // Events stores the most recent trace events (up to $maxTraceEntry, newer event will overwrite the - // oldest one) - Events []*TraceEvent -} - -// TraceEvent represent a single trace event -type TraceEvent struct { - // Desc is a simple description of the trace event. - Desc string - // Severity states the severity of this trace event. - Severity Severity - // Timestamp is the event time. - Timestamp time.Time - // RefID is the id of the entity that gets referenced in the event. RefID is 0 if no other entity is - // involved in this event. - // e.g. SubChannel (id: 4[]) Created. --> RefID = 4, RefName = "" (inside []) - RefID int64 - // RefName is the reference name for the entity that gets referenced in the event. - RefName string - // RefType indicates the referenced entity type, i.e Channel or SubChannel. - RefType RefChannelType -} - -// Channel is the interface that should be satisfied in order to be tracked by -// channelz as Channel or SubChannel. -type Channel interface { - ChannelzMetric() *ChannelInternalMetric -} - -type dummyChannel struct{} - -func (d *dummyChannel) ChannelzMetric() *ChannelInternalMetric { - return &ChannelInternalMetric{} -} - -type channel struct { - refName string - c Channel - closeCalled bool - nestedChans map[int64]string - subChans map[int64]string - id int64 - pid int64 - cm *channelMap - trace *channelTrace - // traceRefCount is the number of trace events that reference this channel. - // Non-zero traceRefCount means the trace of this channel cannot be deleted. - traceRefCount int32 -} - -func (c *channel) addChild(id int64, e entry) { - switch v := e.(type) { - case *subChannel: - c.subChans[id] = v.refName - case *channel: - c.nestedChans[id] = v.refName - default: - logger.Errorf("cannot add a child (id = %d) of type %T to a channel", id, e) - } -} - -func (c *channel) deleteChild(id int64) { - delete(c.subChans, id) - delete(c.nestedChans, id) - c.deleteSelfIfReady() -} - -func (c *channel) triggerDelete() { - c.closeCalled = true - c.deleteSelfIfReady() -} - -func (c *channel) getParentID() int64 { - return c.pid -} - -// deleteSelfFromTree tries to delete the channel from the channelz entry relation tree, which means -// deleting the channel reference from its parent's child list. -// -// In order for a channel to be deleted from the tree, it must meet the criteria that, removal of the -// corresponding grpc object has been invoked, and the channel does not have any children left. -// -// The returned boolean value indicates whether the channel has been successfully deleted from tree. -func (c *channel) deleteSelfFromTree() (deleted bool) { - if !c.closeCalled || len(c.subChans)+len(c.nestedChans) != 0 { - return false - } - // not top channel - if c.pid != 0 { - c.cm.findEntry(c.pid).deleteChild(c.id) - } - return true -} - -// deleteSelfFromMap checks whether it is valid to delete the channel from the map, which means -// deleting the channel from channelz's tracking entirely. Users can no longer use id to query the -// channel, and its memory will be garbage collected. -// -// The trace reference count of the channel must be 0 in order to be deleted from the map. This is -// specified in the channel tracing gRFC that as long as some other trace has reference to an entity, -// the trace of the referenced entity must not be deleted. In order to release the resource allocated -// by grpc, the reference to the grpc object is reset to a dummy object. -// -// deleteSelfFromMap must be called after deleteSelfFromTree returns true. -// -// It returns a bool to indicate whether the channel can be safely deleted from map. -func (c *channel) deleteSelfFromMap() (delete bool) { - if c.getTraceRefCount() != 0 { - c.c = &dummyChannel{} - return false - } - return true -} - -// deleteSelfIfReady tries to delete the channel itself from the channelz database. -// The delete process includes two steps: -// 1. delete the channel from the entry relation tree, i.e. delete the channel reference from its -// parent's child list. -// 2. delete the channel from the map, i.e. delete the channel entirely from channelz. Lookup by id -// will return entry not found error. -func (c *channel) deleteSelfIfReady() { - if !c.deleteSelfFromTree() { - return - } - if !c.deleteSelfFromMap() { - return - } - c.cm.deleteEntry(c.id) - c.trace.clear() -} - -func (c *channel) getChannelTrace() *channelTrace { - return c.trace -} - -func (c *channel) incrTraceRefCount() { - atomic.AddInt32(&c.traceRefCount, 1) -} - -func (c *channel) decrTraceRefCount() { - atomic.AddInt32(&c.traceRefCount, -1) -} - -func (c *channel) getTraceRefCount() int { - i := atomic.LoadInt32(&c.traceRefCount) - return int(i) -} - -func (c *channel) getRefName() string { - return c.refName -} - -type subChannel struct { - refName string - c Channel - closeCalled bool - sockets map[int64]string - id int64 - pid int64 - cm *channelMap - trace *channelTrace - traceRefCount int32 -} - -func (sc *subChannel) addChild(id int64, e entry) { - if v, ok := e.(*normalSocket); ok { - sc.sockets[id] = v.refName - } else { - logger.Errorf("cannot add a child (id = %d) of type %T to a subChannel", id, e) - } -} - -func (sc *subChannel) deleteChild(id int64) { - delete(sc.sockets, id) - sc.deleteSelfIfReady() -} - -func (sc *subChannel) triggerDelete() { - sc.closeCalled = true - sc.deleteSelfIfReady() -} - -func (sc *subChannel) getParentID() int64 { - return sc.pid -} - -// deleteSelfFromTree tries to delete the subchannel from the channelz entry relation tree, which -// means deleting the subchannel reference from its parent's child list. -// -// In order for a subchannel to be deleted from the tree, it must meet the criteria that, removal of -// the corresponding grpc object has been invoked, and the subchannel does not have any children left. -// -// The returned boolean value indicates whether the channel has been successfully deleted from tree. -func (sc *subChannel) deleteSelfFromTree() (deleted bool) { - if !sc.closeCalled || len(sc.sockets) != 0 { - return false - } - sc.cm.findEntry(sc.pid).deleteChild(sc.id) - return true -} - -// deleteSelfFromMap checks whether it is valid to delete the subchannel from the map, which means -// deleting the subchannel from channelz's tracking entirely. Users can no longer use id to query -// the subchannel, and its memory will be garbage collected. -// -// The trace reference count of the subchannel must be 0 in order to be deleted from the map. This is -// specified in the channel tracing gRFC that as long as some other trace has reference to an entity, -// the trace of the referenced entity must not be deleted. In order to release the resource allocated -// by grpc, the reference to the grpc object is reset to a dummy object. -// -// deleteSelfFromMap must be called after deleteSelfFromTree returns true. -// -// It returns a bool to indicate whether the channel can be safely deleted from map. -func (sc *subChannel) deleteSelfFromMap() (delete bool) { - if sc.getTraceRefCount() != 0 { - // free the grpc struct (i.e. addrConn) - sc.c = &dummyChannel{} - return false - } - return true -} - -// deleteSelfIfReady tries to delete the subchannel itself from the channelz database. -// The delete process includes two steps: -// 1. delete the subchannel from the entry relation tree, i.e. delete the subchannel reference from -// its parent's child list. -// 2. delete the subchannel from the map, i.e. delete the subchannel entirely from channelz. Lookup -// by id will return entry not found error. -func (sc *subChannel) deleteSelfIfReady() { - if !sc.deleteSelfFromTree() { - return - } - if !sc.deleteSelfFromMap() { - return - } - sc.cm.deleteEntry(sc.id) - sc.trace.clear() -} - -func (sc *subChannel) getChannelTrace() *channelTrace { - return sc.trace -} - -func (sc *subChannel) incrTraceRefCount() { - atomic.AddInt32(&sc.traceRefCount, 1) -} - -func (sc *subChannel) decrTraceRefCount() { - atomic.AddInt32(&sc.traceRefCount, -1) -} - -func (sc *subChannel) getTraceRefCount() int { - i := atomic.LoadInt32(&sc.traceRefCount) - return int(i) -} - -func (sc *subChannel) getRefName() string { - return sc.refName -} - -// SocketMetric defines the info channelz provides for a specific Socket, which -// includes SocketInternalMetric and channelz-specific data, such as channelz id, etc. -type SocketMetric struct { - // ID is the channelz id of this socket. - ID int64 - // RefName is the human readable reference string of this socket. - RefName string - // SocketData contains socket internal metric reported by the socket through - // ChannelzMetric(). - SocketData *SocketInternalMetric -} - -// SocketInternalMetric defines the struct that the implementor of Socket interface -// should return from ChannelzMetric(). -type SocketInternalMetric struct { - // The number of streams that have been started. - StreamsStarted int64 - // The number of streams that have ended successfully: - // On client side, receiving frame with eos bit set. - // On server side, sending frame with eos bit set. - StreamsSucceeded int64 - // The number of streams that have ended unsuccessfully: - // On client side, termination without receiving frame with eos bit set. - // On server side, termination without sending frame with eos bit set. - StreamsFailed int64 - // The number of messages successfully sent on this socket. - MessagesSent int64 - MessagesReceived int64 - // The number of keep alives sent. This is typically implemented with HTTP/2 - // ping messages. - KeepAlivesSent int64 - // The last time a stream was created by this endpoint. Usually unset for - // servers. - LastLocalStreamCreatedTimestamp time.Time - // The last time a stream was created by the remote endpoint. Usually unset - // for clients. - LastRemoteStreamCreatedTimestamp time.Time - // The last time a message was sent by this endpoint. - LastMessageSentTimestamp time.Time - // The last time a message was received by this endpoint. - LastMessageReceivedTimestamp time.Time - // The amount of window, granted to the local endpoint by the remote endpoint. - // This may be slightly out of date due to network latency. This does NOT - // include stream level or TCP level flow control info. - LocalFlowControlWindow int64 - // The amount of window, granted to the remote endpoint by the local endpoint. - // This may be slightly out of date due to network latency. This does NOT - // include stream level or TCP level flow control info. - RemoteFlowControlWindow int64 - // The locally bound address. - LocalAddr net.Addr - // The remote bound address. May be absent. - RemoteAddr net.Addr - // Optional, represents the name of the remote endpoint, if different than - // the original target name. - RemoteName string - SocketOptions *SocketOptionData - Security credentials.ChannelzSecurityValue -} - -// Socket is the interface that should be satisfied in order to be tracked by -// channelz as Socket. -type Socket interface { - ChannelzMetric() *SocketInternalMetric -} - -type listenSocket struct { - refName string - s Socket - id int64 - pid int64 - cm *channelMap -} - -func (ls *listenSocket) addChild(id int64, e entry) { - logger.Errorf("cannot add a child (id = %d) of type %T to a listen socket", id, e) -} - -func (ls *listenSocket) deleteChild(id int64) { - logger.Errorf("cannot delete a child (id = %d) from a listen socket", id) -} - -func (ls *listenSocket) triggerDelete() { - ls.cm.deleteEntry(ls.id) - ls.cm.findEntry(ls.pid).deleteChild(ls.id) -} - -func (ls *listenSocket) deleteSelfIfReady() { - logger.Errorf("cannot call deleteSelfIfReady on a listen socket") -} - -func (ls *listenSocket) getParentID() int64 { - return ls.pid -} - -type normalSocket struct { - refName string - s Socket - id int64 - pid int64 - cm *channelMap -} - -func (ns *normalSocket) addChild(id int64, e entry) { - logger.Errorf("cannot add a child (id = %d) of type %T to a normal socket", id, e) -} - -func (ns *normalSocket) deleteChild(id int64) { - logger.Errorf("cannot delete a child (id = %d) from a normal socket", id) -} - -func (ns *normalSocket) triggerDelete() { - ns.cm.deleteEntry(ns.id) - ns.cm.findEntry(ns.pid).deleteChild(ns.id) -} - -func (ns *normalSocket) deleteSelfIfReady() { - logger.Errorf("cannot call deleteSelfIfReady on a normal socket") -} - -func (ns *normalSocket) getParentID() int64 { - return ns.pid -} - -// ServerMetric defines the info channelz provides for a specific Server, which -// includes ServerInternalMetric and channelz-specific data, such as channelz id, -// child list, etc. -type ServerMetric struct { - // ID is the channelz id of this server. - ID int64 - // RefName is the human readable reference string of this server. - RefName string - // ServerData contains server internal metric reported by the server through - // ChannelzMetric(). - ServerData *ServerInternalMetric - // ListenSockets tracks the listener socket type children of this server in the - // format of a map from socket channelz id to corresponding reference string. - ListenSockets map[int64]string -} - -// ServerInternalMetric defines the struct that the implementor of Server interface -// should return from ChannelzMetric(). -type ServerInternalMetric struct { - // The number of incoming calls started on the server. - CallsStarted int64 - // The number of incoming calls that have completed with an OK status. - CallsSucceeded int64 - // The number of incoming calls that have a completed with a non-OK status. - CallsFailed int64 - // The last time a call was started on the server. - LastCallStartedTimestamp time.Time -} - -// Server is the interface to be satisfied in order to be tracked by channelz as -// Server. -type Server interface { - ChannelzMetric() *ServerInternalMetric -} - -type server struct { - refName string - s Server - closeCalled bool - sockets map[int64]string - listenSockets map[int64]string - id int64 - cm *channelMap -} - -func (s *server) addChild(id int64, e entry) { - switch v := e.(type) { - case *normalSocket: - s.sockets[id] = v.refName - case *listenSocket: - s.listenSockets[id] = v.refName - default: - logger.Errorf("cannot add a child (id = %d) of type %T to a server", id, e) - } -} - -func (s *server) deleteChild(id int64) { - delete(s.sockets, id) - delete(s.listenSockets, id) - s.deleteSelfIfReady() -} - -func (s *server) triggerDelete() { - s.closeCalled = true - s.deleteSelfIfReady() -} - -func (s *server) deleteSelfIfReady() { - if !s.closeCalled || len(s.sockets)+len(s.listenSockets) != 0 { - return - } - s.cm.deleteEntry(s.id) -} - -func (s *server) getParentID() int64 { - return 0 -} - -type tracedChannel interface { - getChannelTrace() *channelTrace - incrTraceRefCount() - decrTraceRefCount() - getRefName() string -} - -type channelTrace struct { - cm *channelMap - clearCalled bool - createdTime time.Time - eventCount int64 - mu sync.Mutex - events []*TraceEvent -} - -func (c *channelTrace) append(e *TraceEvent) { - c.mu.Lock() - if len(c.events) == getMaxTraceEntry() { - del := c.events[0] - c.events = c.events[1:] - if del.RefID != 0 { - // start recursive cleanup in a goroutine to not block the call originated from grpc. - go func() { - // need to acquire c.cm.mu lock to call the unlocked attemptCleanup func. - c.cm.mu.Lock() - c.cm.decrTraceRefCount(del.RefID) - c.cm.mu.Unlock() - }() - } - } - e.Timestamp = time.Now() - c.events = append(c.events, e) - c.eventCount++ - c.mu.Unlock() -} - -func (c *channelTrace) clear() { - if c.clearCalled { - return - } - c.clearCalled = true - c.mu.Lock() - for _, e := range c.events { - if e.RefID != 0 { - // caller should have already held the c.cm.mu lock. - c.cm.decrTraceRefCount(e.RefID) - } - } - c.mu.Unlock() -} - -// Severity is the severity level of a trace event. -// The canonical enumeration of all valid values is here: -// https://github.com/grpc/grpc-proto/blob/9b13d199cc0d4703c7ea26c9c330ba695866eb23/grpc/channelz/v1/channelz.proto#L126. -type Severity int - -const ( - // CtUnknown indicates unknown severity of a trace event. - CtUnknown Severity = iota - // CtInfo indicates info level severity of a trace event. - CtInfo - // CtWarning indicates warning level severity of a trace event. - CtWarning - // CtError indicates error level severity of a trace event. - CtError -) - -// RefChannelType is the type of the entity being referenced in a trace event. -type RefChannelType int - -const ( - // RefUnknown indicates an unknown entity type, the zero value for this type. - RefUnknown RefChannelType = iota - // RefChannel indicates the referenced entity is a Channel. - RefChannel - // RefSubChannel indicates the referenced entity is a SubChannel. - RefSubChannel - // RefServer indicates the referenced entity is a Server. - RefServer - // RefListenSocket indicates the referenced entity is a ListenSocket. - RefListenSocket - // RefNormalSocket indicates the referenced entity is a NormalSocket. - RefNormalSocket -) - -var refChannelTypeToString = map[RefChannelType]string{ - RefUnknown: "Unknown", - RefChannel: "Channel", - RefSubChannel: "SubChannel", - RefServer: "Server", - RefListenSocket: "ListenSocket", - RefNormalSocket: "NormalSocket", -} - -func (r RefChannelType) String() string { - return refChannelTypeToString[r] -} - -func (c *channelTrace) dumpData() *ChannelTrace { - c.mu.Lock() - ct := &ChannelTrace{EventNum: c.eventCount, CreationTime: c.createdTime} - ct.Events = c.events[:len(c.events)] - c.mu.Unlock() - return ct -} diff --git a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go index 3cf10ddfb..9c915d9e4 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/envconfig.go @@ -28,17 +28,11 @@ import ( var ( // TXTErrIgnore is set if TXT errors should be ignored ("GRPC_GO_IGNORE_TXT_ERRORS" is not "false"). TXTErrIgnore = boolFromEnv("GRPC_GO_IGNORE_TXT_ERRORS", true) - // AdvertiseCompressors is set if registered compressor should be advertised - // ("GRPC_GO_ADVERTISE_COMPRESSORS" is not "false"). - AdvertiseCompressors = boolFromEnv("GRPC_GO_ADVERTISE_COMPRESSORS", true) // RingHashCap indicates the maximum ring size which defaults to 4096 // entries but may be overridden by setting the environment variable // "GRPC_RING_HASH_CAP". This does not override the default bounds // checking which NACKs configs specifying ring sizes > 8*1024*1024 (~8M). RingHashCap = uint64FromEnv("GRPC_RING_HASH_CAP", 4096, 1, 8*1024*1024) - // PickFirstLBConfig is set if we should support configuration of the - // pick_first LB policy. - PickFirstLBConfig = boolFromEnv("GRPC_EXPERIMENTAL_PICKFIRST_LB_CONFIG", true) // LeastRequestLB is set if we should support the least_request_experimental // LB policy, which can be enabled by setting the environment variable // "GRPC_EXPERIMENTAL_ENABLE_LEAST_REQUEST" to "true". diff --git a/vendor/google.golang.org/grpc/internal/envconfig/xds.go b/vendor/google.golang.org/grpc/internal/envconfig/xds.go index 02b4b6a1c..29f234acb 100644 --- a/vendor/google.golang.org/grpc/internal/envconfig/xds.go +++ b/vendor/google.golang.org/grpc/internal/envconfig/xds.go @@ -50,46 +50,7 @@ var ( // // When both bootstrap FileName and FileContent are set, FileName is used. XDSBootstrapFileContent = os.Getenv(XDSBootstrapFileContentEnv) - // XDSRingHash indicates whether ring hash support is enabled, which can be - // disabled by setting the environment variable - // "GRPC_XDS_EXPERIMENTAL_ENABLE_RING_HASH" to "false". - XDSRingHash = boolFromEnv("GRPC_XDS_EXPERIMENTAL_ENABLE_RING_HASH", true) - // XDSClientSideSecurity is used to control processing of security - // configuration on the client-side. - // - // Note that there is no env var protection for the server-side because we - // have a brand new API on the server-side and users explicitly need to use - // the new API to get security integration on the server. - XDSClientSideSecurity = boolFromEnv("GRPC_XDS_EXPERIMENTAL_SECURITY_SUPPORT", true) - // XDSAggregateAndDNS indicates whether processing of aggregated cluster and - // DNS cluster is enabled, which can be disabled by setting the environment - // variable "GRPC_XDS_EXPERIMENTAL_ENABLE_AGGREGATE_AND_LOGICAL_DNS_CLUSTER" - // to "false". - XDSAggregateAndDNS = boolFromEnv("GRPC_XDS_EXPERIMENTAL_ENABLE_AGGREGATE_AND_LOGICAL_DNS_CLUSTER", true) - - // XDSRBAC indicates whether xDS configured RBAC HTTP Filter is enabled, - // which can be disabled by setting the environment variable - // "GRPC_XDS_EXPERIMENTAL_RBAC" to "false". - XDSRBAC = boolFromEnv("GRPC_XDS_EXPERIMENTAL_RBAC", true) - // XDSOutlierDetection indicates whether outlier detection support is - // enabled, which can be disabled by setting the environment variable - // "GRPC_EXPERIMENTAL_ENABLE_OUTLIER_DETECTION" to "false". - XDSOutlierDetection = boolFromEnv("GRPC_EXPERIMENTAL_ENABLE_OUTLIER_DETECTION", true) - // XDSFederation indicates whether federation support is enabled, which can - // be enabled by setting the environment variable - // "GRPC_EXPERIMENTAL_XDS_FEDERATION" to "true". - XDSFederation = boolFromEnv("GRPC_EXPERIMENTAL_XDS_FEDERATION", true) - - // XDSRLS indicates whether processing of Cluster Specifier plugins and - // support for the RLS CLuster Specifier is enabled, which can be disabled by - // setting the environment variable "GRPC_EXPERIMENTAL_XDS_RLS_LB" to - // "false". - XDSRLS = boolFromEnv("GRPC_EXPERIMENTAL_XDS_RLS_LB", true) // C2PResolverTestOnlyTrafficDirectorURI is the TD URI for testing. C2PResolverTestOnlyTrafficDirectorURI = os.Getenv("GRPC_TEST_ONLY_GOOGLE_C2P_RESOLVER_TRAFFIC_DIRECTOR_URI") - // XDSCustomLBPolicy indicates whether Custom LB Policies are enabled, which - // can be disabled by setting the environment variable - // "GRPC_EXPERIMENTAL_XDS_CUSTOM_LB_CONFIG" to "false". - XDSCustomLBPolicy = boolFromEnv("GRPC_EXPERIMENTAL_XDS_CUSTOM_LB_CONFIG", true) ) diff --git a/vendor/google.golang.org/grpc/internal/experimental.go b/vendor/google.golang.org/grpc/internal/experimental.go new file mode 100644 index 000000000..7f7044e17 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/experimental.go @@ -0,0 +1,28 @@ +/* + * Copyright 2023 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package internal + +var ( + // WithRecvBufferPool is implemented by the grpc package and returns a dial + // option to configure a shared buffer pool for a grpc.ClientConn. + WithRecvBufferPool any // func (grpc.SharedBufferPool) grpc.DialOption + + // RecvBufferPool is implemented by the grpc package and returns a server + // option to configure a shared buffer pool for a grpc.Server. + RecvBufferPool any // func (grpc.SharedBufferPool) grpc.ServerOption +) diff --git a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go index aa97273e7..0126d6b51 100644 --- a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go +++ b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand.go @@ -1,3 +1,8 @@ +//go:build !go1.21 + +// TODO: when this file is deleted (after Go 1.20 support is dropped), delete +// all of grpcrand and call the rand package directly. + /* * * Copyright 2018 gRPC authors. diff --git a/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand_go1.21.go b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand_go1.21.go new file mode 100644 index 000000000..c37299af1 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/grpcrand/grpcrand_go1.21.go @@ -0,0 +1,73 @@ +//go:build go1.21 + +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package grpcrand implements math/rand functions in a concurrent-safe way +// with a global random source, independent of math/rand's global source. +package grpcrand + +import "math/rand" + +// This implementation will be used for Go version 1.21 or newer. +// For older versions, the original implementation with mutex will be used. + +// Int implements rand.Int on the grpcrand global source. +func Int() int { + return rand.Int() +} + +// Int63n implements rand.Int63n on the grpcrand global source. +func Int63n(n int64) int64 { + return rand.Int63n(n) +} + +// Intn implements rand.Intn on the grpcrand global source. +func Intn(n int) int { + return rand.Intn(n) +} + +// Int31n implements rand.Int31n on the grpcrand global source. +func Int31n(n int32) int32 { + return rand.Int31n(n) +} + +// Float64 implements rand.Float64 on the grpcrand global source. +func Float64() float64 { + return rand.Float64() +} + +// Uint64 implements rand.Uint64 on the grpcrand global source. +func Uint64() uint64 { + return rand.Uint64() +} + +// Uint32 implements rand.Uint32 on the grpcrand global source. +func Uint32() uint32 { + return rand.Uint32() +} + +// ExpFloat64 implements rand.ExpFloat64 on the grpcrand global source. +func ExpFloat64() float64 { + return rand.ExpFloat64() +} + +// Shuffle implements rand.Shuffle on the grpcrand global source. +var Shuffle = func(n int, f func(int, int)) { + rand.Shuffle(n, f) +} diff --git a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go index 900917dbe..f7f40a16a 100644 --- a/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go +++ b/vendor/google.golang.org/grpc/internal/grpcsync/callback_serializer.go @@ -20,7 +20,6 @@ package grpcsync import ( "context" - "sync" "google.golang.org/grpc/internal/buffer" ) @@ -38,8 +37,6 @@ type CallbackSerializer struct { done chan struct{} callbacks *buffer.Unbounded - closedMu sync.Mutex - closed bool } // NewCallbackSerializer returns a new CallbackSerializer instance. The provided @@ -65,56 +62,34 @@ func NewCallbackSerializer(ctx context.Context) *CallbackSerializer { // callbacks to be executed by the serializer. It is not possible to add // callbacks once the context passed to NewCallbackSerializer is cancelled. func (cs *CallbackSerializer) Schedule(f func(ctx context.Context)) bool { - cs.closedMu.Lock() - defer cs.closedMu.Unlock() - - if cs.closed { - return false - } - cs.callbacks.Put(f) - return true + return cs.callbacks.Put(f) == nil } func (cs *CallbackSerializer) run(ctx context.Context) { - var backlog []func(context.Context) - defer close(cs.done) + + // TODO: when Go 1.21 is the oldest supported version, this loop and Close + // can be replaced with: + // + // context.AfterFunc(ctx, cs.callbacks.Close) for ctx.Err() == nil { select { case <-ctx.Done(): // Do nothing here. Next iteration of the for loop will not happen, // since ctx.Err() would be non-nil. - case callback, ok := <-cs.callbacks.Get(): - if !ok { - return - } + case cb := <-cs.callbacks.Get(): cs.callbacks.Load() - callback.(func(ctx context.Context))(ctx) + cb.(func(context.Context))(ctx) } } - // Fetch pending callbacks if any, and execute them before returning from - // this method and closing cs.done. - cs.closedMu.Lock() - cs.closed = true - backlog = cs.fetchPendingCallbacks() + // Close the buffer to prevent new callbacks from being added. cs.callbacks.Close() - cs.closedMu.Unlock() - for _, b := range backlog { - b(ctx) - } -} -func (cs *CallbackSerializer) fetchPendingCallbacks() []func(context.Context) { - var backlog []func(context.Context) - for { - select { - case b := <-cs.callbacks.Get(): - backlog = append(backlog, b.(func(context.Context))) - cs.callbacks.Load() - default: - return backlog - } + // Run all pending callbacks. + for cb := range cs.callbacks.Get() { + cs.callbacks.Load() + cb.(func(context.Context))(ctx) } } diff --git a/vendor/google.golang.org/grpc/internal/grpcutil/compressor.go b/vendor/google.golang.org/grpc/internal/grpcutil/compressor.go index 9f4090967..e8d866984 100644 --- a/vendor/google.golang.org/grpc/internal/grpcutil/compressor.go +++ b/vendor/google.golang.org/grpc/internal/grpcutil/compressor.go @@ -20,8 +20,6 @@ package grpcutil import ( "strings" - - "google.golang.org/grpc/internal/envconfig" ) // RegisteredCompressorNames holds names of the registered compressors. @@ -40,8 +38,5 @@ func IsCompressorNameRegistered(name string) bool { // RegisteredCompressors returns a string of registered compressor names // separated by comma. func RegisteredCompressors() string { - if !envconfig.AdvertiseCompressors { - return "" - } return strings.Join(RegisteredCompressorNames, ",") } diff --git a/vendor/google.golang.org/grpc/internal/idle/idle.go b/vendor/google.golang.org/grpc/internal/idle/idle.go index 6c272476e..fe49cb74c 100644 --- a/vendor/google.golang.org/grpc/internal/idle/idle.go +++ b/vendor/google.golang.org/grpc/internal/idle/idle.go @@ -26,8 +26,6 @@ import ( "sync" "sync/atomic" "time" - - "google.golang.org/grpc/grpclog" ) // For overriding in unit tests. @@ -39,27 +37,12 @@ var timeAfterFunc = func(d time.Duration, f func()) *time.Timer { // and exit from idle mode. type Enforcer interface { ExitIdleMode() error - EnterIdleMode() error -} - -// Manager defines the functionality required to track RPC activity on a -// channel. -type Manager interface { - OnCallBegin() error - OnCallEnd() - Close() + EnterIdleMode() } -type noopManager struct{} - -func (noopManager) OnCallBegin() error { return nil } -func (noopManager) OnCallEnd() {} -func (noopManager) Close() {} - -// manager implements the Manager interface. It uses atomic operations to -// synchronize access to shared state and a mutex to guarantee mutual exclusion -// in a critical section. -type manager struct { +// Manager implements idleness detection and calls the configured Enforcer to +// enter/exit idle mode when appropriate. Must be created by NewManager. +type Manager struct { // State accessed atomically. lastCallEndTime int64 // Unix timestamp in nanos; time when the most recent RPC completed. activeCallsCount int32 // Count of active RPCs; -math.MaxInt32 means channel is idle or is trying to get there. @@ -69,8 +52,7 @@ type manager struct { // Can be accessed without atomics or mutex since these are set at creation // time and read-only after that. enforcer Enforcer // Functionality provided by grpc.ClientConn. - timeout int64 // Idle timeout duration nanos stored as an int64. - logger grpclog.LoggerV2 + timeout time.Duration // idleMu is used to guarantee mutual exclusion in two scenarios: // - Opposing intentions: @@ -88,57 +70,48 @@ type manager struct { timer *time.Timer } -// ManagerOptions is a collection of options used by -// NewManager. -type ManagerOptions struct { - Enforcer Enforcer - Timeout time.Duration - Logger grpclog.LoggerV2 +// NewManager creates a new idleness manager implementation for the +// given idle timeout. It begins in idle mode. +func NewManager(enforcer Enforcer, timeout time.Duration) *Manager { + return &Manager{ + enforcer: enforcer, + timeout: timeout, + actuallyIdle: true, + activeCallsCount: -math.MaxInt32, + } } -// NewManager creates a new idleness manager implementation for the -// given idle timeout. -func NewManager(opts ManagerOptions) Manager { - if opts.Timeout == 0 { - return noopManager{} +// resetIdleTimerLocked resets the idle timer to the given duration. Called +// when exiting idle mode or when the timer fires and we need to reset it. +func (m *Manager) resetIdleTimerLocked(d time.Duration) { + if m.isClosed() || m.timeout == 0 || m.actuallyIdle { + return } - m := &manager{ - enforcer: opts.Enforcer, - timeout: int64(opts.Timeout), - logger: opts.Logger, + // It is safe to ignore the return value from Reset() because this method is + // only ever called from the timer callback or when exiting idle mode. + if m.timer != nil { + m.timer.Stop() } - m.timer = timeAfterFunc(opts.Timeout, m.handleIdleTimeout) - return m + m.timer = timeAfterFunc(d, m.handleIdleTimeout) } -// resetIdleTimer resets the idle timer to the given duration. This method -// should only be called from the timer callback. -func (m *manager) resetIdleTimer(d time.Duration) { +func (m *Manager) resetIdleTimer(d time.Duration) { m.idleMu.Lock() defer m.idleMu.Unlock() - - if m.timer == nil { - // Only close sets timer to nil. We are done. - return - } - - // It is safe to ignore the return value from Reset() because this method is - // only ever called from the timer callback, which means the timer has - // already fired. - m.timer.Reset(d) + m.resetIdleTimerLocked(d) } // handleIdleTimeout is the timer callback that is invoked upon expiry of the // configured idle timeout. The channel is considered inactive if there are no // ongoing calls and no RPC activity since the last time the timer fired. -func (m *manager) handleIdleTimeout() { +func (m *Manager) handleIdleTimeout() { if m.isClosed() { return } if atomic.LoadInt32(&m.activeCallsCount) > 0 { - m.resetIdleTimer(time.Duration(m.timeout)) + m.resetIdleTimer(m.timeout) return } @@ -148,24 +121,12 @@ func (m *manager) handleIdleTimeout() { // Set the timer to fire after a duration of idle timeout, calculated // from the time the most recent RPC completed. atomic.StoreInt32(&m.activeSinceLastTimerCheck, 0) - m.resetIdleTimer(time.Duration(atomic.LoadInt64(&m.lastCallEndTime) + m.timeout - time.Now().UnixNano())) + m.resetIdleTimer(time.Duration(atomic.LoadInt64(&m.lastCallEndTime)-time.Now().UnixNano()) + m.timeout) return } - // This CAS operation is extremely likely to succeed given that there has - // been no activity since the last time we were here. Setting the - // activeCallsCount to -math.MaxInt32 indicates to OnCallBegin() that the - // channel is either in idle mode or is trying to get there. - if !atomic.CompareAndSwapInt32(&m.activeCallsCount, 0, -math.MaxInt32) { - // This CAS operation can fail if an RPC started after we checked for - // activity at the top of this method, or one was ongoing from before - // the last time we were here. In both case, reset the timer and return. - m.resetIdleTimer(time.Duration(m.timeout)) - return - } - - // Now that we've set the active calls count to -math.MaxInt32, it's time to - // actually move to idle mode. + // Now that we've checked that there has been no activity, attempt to enter + // idle mode, which is very likely to succeed. if m.tryEnterIdleMode() { // Successfully entered idle mode. No timer needed until we exit idle. return @@ -174,8 +135,7 @@ func (m *manager) handleIdleTimeout() { // Failed to enter idle mode due to a concurrent RPC that kept the channel // active, or because of an error from the channel. Undo the attempt to // enter idle, and reset the timer to try again later. - atomic.AddInt32(&m.activeCallsCount, math.MaxInt32) - m.resetIdleTimer(time.Duration(m.timeout)) + m.resetIdleTimer(m.timeout) } // tryEnterIdleMode instructs the channel to enter idle mode. But before @@ -185,36 +145,49 @@ func (m *manager) handleIdleTimeout() { // Return value indicates whether or not the channel moved to idle mode. // // Holds idleMu which ensures mutual exclusion with exitIdleMode. -func (m *manager) tryEnterIdleMode() bool { +func (m *Manager) tryEnterIdleMode() bool { + // Setting the activeCallsCount to -math.MaxInt32 indicates to OnCallBegin() + // that the channel is either in idle mode or is trying to get there. + if !atomic.CompareAndSwapInt32(&m.activeCallsCount, 0, -math.MaxInt32) { + // This CAS operation can fail if an RPC started after we checked for + // activity in the timer handler, or one was ongoing from before the + // last time the timer fired, or if a test is attempting to enter idle + // mode without checking. In all cases, abort going into idle mode. + return false + } + // N.B. if we fail to enter idle mode after this, we must re-add + // math.MaxInt32 to m.activeCallsCount. + m.idleMu.Lock() defer m.idleMu.Unlock() if atomic.LoadInt32(&m.activeCallsCount) != -math.MaxInt32 { // We raced and lost to a new RPC. Very rare, but stop entering idle. + atomic.AddInt32(&m.activeCallsCount, math.MaxInt32) return false } if atomic.LoadInt32(&m.activeSinceLastTimerCheck) == 1 { - // An very short RPC could have come in (and also finished) after we + // A very short RPC could have come in (and also finished) after we // checked for calls count and activity in handleIdleTimeout(), but // before the CAS operation. So, we need to check for activity again. + atomic.AddInt32(&m.activeCallsCount, math.MaxInt32) return false } - // No new RPCs have come in since we last set the active calls count value - // -math.MaxInt32 in the timer callback. And since we have the lock, it is - // safe to enter idle mode now. - if err := m.enforcer.EnterIdleMode(); err != nil { - m.logger.Errorf("Failed to enter idle mode: %v", err) - return false - } - - // Successfully entered idle mode. + // No new RPCs have come in since we set the active calls count value to + // -math.MaxInt32. And since we have the lock, it is safe to enter idle mode + // unconditionally now. + m.enforcer.EnterIdleMode() m.actuallyIdle = true return true } +func (m *Manager) EnterIdleModeForTesting() { + m.tryEnterIdleMode() +} + // OnCallBegin is invoked at the start of every RPC. -func (m *manager) OnCallBegin() error { +func (m *Manager) OnCallBegin() error { if m.isClosed() { return nil } @@ -227,7 +200,7 @@ func (m *manager) OnCallBegin() error { // Channel is either in idle mode or is in the process of moving to idle // mode. Attempt to exit idle mode to allow this RPC. - if err := m.exitIdleMode(); err != nil { + if err := m.ExitIdleMode(); err != nil { // Undo the increment to calls count, and return an error causing the // RPC to fail. atomic.AddInt32(&m.activeCallsCount, -1) @@ -238,28 +211,30 @@ func (m *manager) OnCallBegin() error { return nil } -// exitIdleMode instructs the channel to exit idle mode. -// -// Holds idleMu which ensures mutual exclusion with tryEnterIdleMode. -func (m *manager) exitIdleMode() error { +// ExitIdleMode instructs m to call the enforcer's ExitIdleMode and update m's +// internal state. +func (m *Manager) ExitIdleMode() error { + // Holds idleMu which ensures mutual exclusion with tryEnterIdleMode. m.idleMu.Lock() defer m.idleMu.Unlock() - if !m.actuallyIdle { - // This can happen in two scenarios: + if m.isClosed() || !m.actuallyIdle { + // This can happen in three scenarios: // - handleIdleTimeout() set the calls count to -math.MaxInt32 and called // tryEnterIdleMode(). But before the latter could grab the lock, an RPC // came in and OnCallBegin() noticed that the calls count is negative. // - Channel is in idle mode, and multiple new RPCs come in at the same // time, all of them notice a negative calls count in OnCallBegin and get // here. The first one to get the lock would got the channel to exit idle. + // - Channel is not in idle mode, and the user calls Connect which calls + // m.ExitIdleMode. // - // Either way, nothing to do here. + // In any case, there is nothing to do here. return nil } if err := m.enforcer.ExitIdleMode(); err != nil { - return fmt.Errorf("channel failed to exit idle mode: %v", err) + return fmt.Errorf("failed to exit idle mode: %w", err) } // Undo the idle entry process. This also respects any new RPC attempts. @@ -267,12 +242,12 @@ func (m *manager) exitIdleMode() error { m.actuallyIdle = false // Start a new timer to fire after the configured idle timeout. - m.timer = timeAfterFunc(time.Duration(m.timeout), m.handleIdleTimeout) + m.resetIdleTimerLocked(m.timeout) return nil } // OnCallEnd is invoked at the end of every RPC. -func (m *manager) OnCallEnd() { +func (m *Manager) OnCallEnd() { if m.isClosed() { return } @@ -287,15 +262,17 @@ func (m *manager) OnCallEnd() { atomic.AddInt32(&m.activeCallsCount, -1) } -func (m *manager) isClosed() bool { +func (m *Manager) isClosed() bool { return atomic.LoadInt32(&m.closed) == 1 } -func (m *manager) Close() { +func (m *Manager) Close() { atomic.StoreInt32(&m.closed, 1) m.idleMu.Lock() - m.timer.Stop() - m.timer = nil + if m.timer != nil { + m.timer.Stop() + m.timer = nil + } m.idleMu.Unlock() } diff --git a/vendor/google.golang.org/grpc/internal/internal.go b/vendor/google.golang.org/grpc/internal/internal.go index 0d94c63e0..48d24bdb4 100644 --- a/vendor/google.golang.org/grpc/internal/internal.go +++ b/vendor/google.golang.org/grpc/internal/internal.go @@ -57,7 +57,7 @@ var ( // GetXDSHandshakeInfoForTesting returns a pointer to the xds.HandshakeInfo // stored in the passed in attributes. This is set by // credentials/xds/xds.go. - GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *xds.HandshakeInfo + GetXDSHandshakeInfoForTesting any // func (*attributes.Attributes) *unsafe.Pointer // GetServerCredentials returns the transport credentials configured on a // gRPC server. An xDS-enabled server needs to know what type of credentials // is configured on the underlying gRPC server. This is set by server.go. @@ -68,11 +68,11 @@ var ( // This is used in the 1.0 release of gcp/observability, and thus must not be // deleted or changed. CanonicalString any // func (codes.Code) string - // DrainServerTransports initiates a graceful close of existing connections - // on a gRPC server accepted on the provided listener address. An - // xDS-enabled server invokes this method on a grpc.Server when a particular - // listener moves to "not-serving" mode. - DrainServerTransports any // func(*grpc.Server, string) + // IsRegisteredMethod returns whether the passed in method is registered as + // a method on the server. + IsRegisteredMethod any // func(*grpc.Server, string) bool + // ServerFromContext returns the server from the context. + ServerFromContext any // func(context.Context) *grpc.Server // AddGlobalServerOptions adds an array of ServerOption that will be // effective globally for newly created servers. The priority will be: 1. // user-provided; 2. this method; 3. default values. @@ -177,10 +177,29 @@ var ( GRPCResolverSchemeExtraMetadata string = "xds" // EnterIdleModeForTesting gets the ClientConn to enter IDLE mode. - EnterIdleModeForTesting any // func(*grpc.ClientConn) error + EnterIdleModeForTesting any // func(*grpc.ClientConn) // ExitIdleModeForTesting gets the ClientConn to exit IDLE mode. ExitIdleModeForTesting any // func(*grpc.ClientConn) error + + ChannelzTurnOffForTesting func() + + // TriggerXDSResourceNameNotFoundForTesting triggers the resource-not-found + // error for a given resource type and name. This is usually triggered when + // the associated watch timer fires. For testing purposes, having this + // function makes events more predictable than relying on timer events. + TriggerXDSResourceNameNotFoundForTesting any // func(func(xdsresource.Type, string), string, string) error + + // TriggerXDSResourceNameNotFoundClient invokes the testing xDS Client + // singleton to invoke resource not found for a resource type name and + // resource name. + TriggerXDSResourceNameNotFoundClient any // func(string, string) error + + // FromOutgoingContextRaw returns the un-merged, intermediary contents of metadata.rawMD. + FromOutgoingContextRaw any // func(context.Context) (metadata.MD, [][]string, bool) + + // UserSetDefaultScheme is set to true if the user has overridden the default resolver scheme. + UserSetDefaultScheme bool = false ) // HealthChecker defines the signature of the client-side LB channel health checking function. diff --git a/vendor/google.golang.org/grpc/internal/pretty/pretty.go b/vendor/google.golang.org/grpc/internal/pretty/pretty.go index 703319137..dbee7a60d 100644 --- a/vendor/google.golang.org/grpc/internal/pretty/pretty.go +++ b/vendor/google.golang.org/grpc/internal/pretty/pretty.go @@ -24,10 +24,8 @@ import ( "encoding/json" "fmt" - "github.com/golang/protobuf/jsonpb" - protov1 "github.com/golang/protobuf/proto" "google.golang.org/protobuf/encoding/protojson" - protov2 "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/protoadapt" ) const jsonIndent = " " @@ -36,21 +34,14 @@ const jsonIndent = " " // // If marshal fails, it falls back to fmt.Sprintf("%+v"). func ToJSON(e any) string { - switch ee := e.(type) { - case protov1.Message: - mm := jsonpb.Marshaler{Indent: jsonIndent} - ret, err := mm.MarshalToString(ee) - if err != nil { - // This may fail for proto.Anys, e.g. for xDS v2, LDS, the v2 - // messages are not imported, and this will fail because the message - // is not found. - return fmt.Sprintf("%+v", ee) - } - return ret - case protov2.Message: + if ee, ok := e.(protoadapt.MessageV1); ok { + e = protoadapt.MessageV2Of(ee) + } + + if ee, ok := e.(protoadapt.MessageV2); ok { mm := protojson.MarshalOptions{ - Multiline: true, Indent: jsonIndent, + Multiline: true, } ret, err := mm.Marshal(ee) if err != nil { @@ -60,13 +51,13 @@ func ToJSON(e any) string { return fmt.Sprintf("%+v", ee) } return string(ret) - default: - ret, err := json.MarshalIndent(ee, "", jsonIndent) - if err != nil { - return fmt.Sprintf("%+v", ee) - } - return string(ret) } + + ret, err := json.MarshalIndent(e, "", jsonIndent) + if err != nil { + return fmt.Sprintf("%+v", e) + } + return string(ret) } // FormatJSON formats the input json bytes with indentation. diff --git a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go index 99e1e5b36..f3f52a59a 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go +++ b/vendor/google.golang.org/grpc/internal/resolver/dns/dns_resolver.go @@ -23,7 +23,6 @@ package dns import ( "context" "encoding/json" - "errors" "fmt" "net" "os" @@ -37,25 +36,35 @@ import ( "google.golang.org/grpc/internal/backoff" "google.golang.org/grpc/internal/envconfig" "google.golang.org/grpc/internal/grpcrand" + "google.golang.org/grpc/internal/resolver/dns/internal" "google.golang.org/grpc/resolver" "google.golang.org/grpc/serviceconfig" ) -// EnableSRVLookups controls whether the DNS resolver attempts to fetch gRPCLB -// addresses from SRV records. Must not be changed after init time. -var EnableSRVLookups = false - -var logger = grpclog.Component("dns") - -// Globals to stub out in tests. TODO: Perhaps these two can be combined into a -// single variable for testing the resolver? var ( - newTimer = time.NewTimer - newTimerDNSResRate = time.NewTimer + // EnableSRVLookups controls whether the DNS resolver attempts to fetch gRPCLB + // addresses from SRV records. Must not be changed after init time. + EnableSRVLookups = false + + // MinResolutionInterval is the minimum interval at which re-resolutions are + // allowed. This helps to prevent excessive re-resolution. + MinResolutionInterval = 30 * time.Second + + // ResolvingTimeout specifies the maximum duration for a DNS resolution request. + // If the timeout expires before a response is received, the request will be canceled. + // + // It is recommended to set this value at application startup. Avoid modifying this variable + // after initialization as it's not thread-safe for concurrent modification. + ResolvingTimeout = 30 * time.Second + + logger = grpclog.Component("dns") ) func init() { resolver.Register(NewBuilder()) + internal.TimeAfterFunc = time.After + internal.NewNetResolver = newNetResolver + internal.AddressDialer = addressDialer } const ( @@ -70,23 +79,6 @@ const ( txtAttribute = "grpc_config=" ) -var ( - errMissingAddr = errors.New("dns resolver: missing address") - - // Addresses ending with a colon that is supposed to be the separator - // between host and port is not allowed. E.g. "::" is a valid address as - // it is an IPv6 address (host only) and "[::]:" is invalid as it ends with - // a colon as the host and port separator - errEndsWithColon = errors.New("dns resolver: missing port after port-separator colon") -) - -var ( - defaultResolver netResolver = net.DefaultResolver - // To prevent excessive re-resolution, we enforce a rate limit on DNS - // resolution requests. - minDNSResRate = 30 * time.Second -) - var addressDialer = func(address string) func(context.Context, string, string) (net.Conn, error) { return func(ctx context.Context, network, _ string) (net.Conn, error) { var dialer net.Dialer @@ -94,7 +86,11 @@ var addressDialer = func(address string) func(context.Context, string, string) ( } } -var newNetResolver = func(authority string) (netResolver, error) { +var newNetResolver = func(authority string) (internal.NetResolver, error) { + if authority == "" { + return net.DefaultResolver, nil + } + host, port, err := parseTarget(authority, defaultDNSSvrPort) if err != nil { return nil, err @@ -104,7 +100,7 @@ var newNetResolver = func(authority string) (netResolver, error) { return &net.Resolver{ PreferGo: true, - Dial: addressDialer(authorityWithPort), + Dial: internal.AddressDialer(authorityWithPort), }, nil } @@ -142,13 +138,9 @@ func (b *dnsBuilder) Build(target resolver.Target, cc resolver.ClientConn, opts disableServiceConfig: opts.DisableServiceConfig, } - if target.URL.Host == "" { - d.resolver = defaultResolver - } else { - d.resolver, err = newNetResolver(target.URL.Host) - if err != nil { - return nil, err - } + d.resolver, err = internal.NewNetResolver(target.URL.Host) + if err != nil { + return nil, err } d.wg.Add(1) @@ -161,12 +153,6 @@ func (b *dnsBuilder) Scheme() string { return "dns" } -type netResolver interface { - LookupHost(ctx context.Context, host string) (addrs []string, err error) - LookupSRV(ctx context.Context, service, proto, name string) (cname string, addrs []*net.SRV, err error) - LookupTXT(ctx context.Context, name string) (txts []string, err error) -} - // deadResolver is a resolver that does nothing. type deadResolver struct{} @@ -178,7 +164,7 @@ func (deadResolver) Close() {} type dnsResolver struct { host string port string - resolver netResolver + resolver internal.NetResolver ctx context.Context cancel context.CancelFunc cc resolver.ClientConn @@ -223,45 +209,43 @@ func (d *dnsResolver) watcher() { err = d.cc.UpdateState(*state) } - var timer *time.Timer + var waitTime time.Duration if err == nil { // Success resolving, wait for the next ResolveNow. However, also wait 30 // seconds at the very least to prevent constantly re-resolving. backoffIndex = 1 - timer = newTimerDNSResRate(minDNSResRate) + waitTime = MinResolutionInterval select { case <-d.ctx.Done(): - timer.Stop() return case <-d.rn: } } else { // Poll on an error found in DNS Resolver or an error received from // ClientConn. - timer = newTimer(backoff.DefaultExponential.Backoff(backoffIndex)) + waitTime = backoff.DefaultExponential.Backoff(backoffIndex) backoffIndex++ } select { case <-d.ctx.Done(): - timer.Stop() return - case <-timer.C: + case <-internal.TimeAfterFunc(waitTime): } } } -func (d *dnsResolver) lookupSRV() ([]resolver.Address, error) { +func (d *dnsResolver) lookupSRV(ctx context.Context) ([]resolver.Address, error) { if !EnableSRVLookups { return nil, nil } var newAddrs []resolver.Address - _, srvs, err := d.resolver.LookupSRV(d.ctx, "grpclb", "tcp", d.host) + _, srvs, err := d.resolver.LookupSRV(ctx, "grpclb", "tcp", d.host) if err != nil { err = handleDNSError(err, "SRV") // may become nil return nil, err } for _, s := range srvs { - lbAddrs, err := d.resolver.LookupHost(d.ctx, s.Target) + lbAddrs, err := d.resolver.LookupHost(ctx, s.Target) if err != nil { err = handleDNSError(err, "A") // may become nil if err == nil { @@ -298,8 +282,8 @@ func handleDNSError(err error, lookupType string) error { return err } -func (d *dnsResolver) lookupTXT() *serviceconfig.ParseResult { - ss, err := d.resolver.LookupTXT(d.ctx, txtPrefix+d.host) +func (d *dnsResolver) lookupTXT(ctx context.Context) *serviceconfig.ParseResult { + ss, err := d.resolver.LookupTXT(ctx, txtPrefix+d.host) if err != nil { if envconfig.TXTErrIgnore { return nil @@ -326,8 +310,8 @@ func (d *dnsResolver) lookupTXT() *serviceconfig.ParseResult { return d.cc.ParseServiceConfig(sc) } -func (d *dnsResolver) lookupHost() ([]resolver.Address, error) { - addrs, err := d.resolver.LookupHost(d.ctx, d.host) +func (d *dnsResolver) lookupHost(ctx context.Context) ([]resolver.Address, error) { + addrs, err := d.resolver.LookupHost(ctx, d.host) if err != nil { err = handleDNSError(err, "A") return nil, err @@ -345,8 +329,10 @@ func (d *dnsResolver) lookupHost() ([]resolver.Address, error) { } func (d *dnsResolver) lookup() (*resolver.State, error) { - srv, srvErr := d.lookupSRV() - addrs, hostErr := d.lookupHost() + ctx, cancel := context.WithTimeout(d.ctx, ResolvingTimeout) + defer cancel() + srv, srvErr := d.lookupSRV(ctx) + addrs, hostErr := d.lookupHost(ctx) if hostErr != nil && (srvErr != nil || len(srv) == 0) { return nil, hostErr } @@ -356,7 +342,7 @@ func (d *dnsResolver) lookup() (*resolver.State, error) { state = grpclbstate.Set(state, &grpclbstate.State{BalancerAddresses: srv}) } if !d.disableServiceConfig { - state.ServiceConfig = d.lookupTXT() + state.ServiceConfig = d.lookupTXT(ctx) } return &state, nil } @@ -387,7 +373,7 @@ func formatIP(addr string) (addrIP string, ok bool) { // target: ":80" defaultPort: "443" returns host: "localhost", port: "80" func parseTarget(target, defaultPort string) (host, port string, err error) { if target == "" { - return "", "", errMissingAddr + return "", "", internal.ErrMissingAddr } if ip := net.ParseIP(target); ip != nil { // target is an IPv4 or IPv6(without brackets) address @@ -397,7 +383,7 @@ func parseTarget(target, defaultPort string) (host, port string, err error) { if port == "" { // If the port field is empty (target ends with colon), e.g. "[::1]:", // this is an error. - return "", "", errEndsWithColon + return "", "", internal.ErrEndsWithColon } // target has port, i.e ipv4-host:port, [ipv6-host]:port, host-name:port if host == "" { diff --git a/vendor/google.golang.org/grpc/internal/resolver/dns/internal/internal.go b/vendor/google.golang.org/grpc/internal/resolver/dns/internal/internal.go new file mode 100644 index 000000000..a7ecaf8d5 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/resolver/dns/internal/internal.go @@ -0,0 +1,66 @@ +/* + * + * Copyright 2023 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package internal contains functionality internal to the dns resolver package. +package internal + +import ( + "context" + "errors" + "net" + "time" +) + +// NetResolver groups the methods on net.Resolver that are used by the DNS +// resolver implementation. This allows the default net.Resolver instance to be +// overridden from tests. +type NetResolver interface { + LookupHost(ctx context.Context, host string) (addrs []string, err error) + LookupSRV(ctx context.Context, service, proto, name string) (cname string, addrs []*net.SRV, err error) + LookupTXT(ctx context.Context, name string) (txts []string, err error) +} + +var ( + // ErrMissingAddr is the error returned when building a DNS resolver when + // the provided target name is empty. + ErrMissingAddr = errors.New("dns resolver: missing address") + + // ErrEndsWithColon is the error returned when building a DNS resolver when + // the provided target name ends with a colon that is supposed to be the + // separator between host and port. E.g. "::" is a valid address as it is + // an IPv6 address (host only) and "[::]:" is invalid as it ends with a + // colon as the host and port separator + ErrEndsWithColon = errors.New("dns resolver: missing port after port-separator colon") +) + +// The following vars are overridden from tests. +var ( + // TimeAfterFunc is used by the DNS resolver to wait for the given duration + // to elapse. In non-test code, this is implemented by time.After. In test + // code, this can be used to control the amount of time the resolver is + // blocked waiting for the duration to elapse. + TimeAfterFunc func(time.Duration) <-chan time.Time + + // NewNetResolver returns the net.Resolver instance for the given target. + NewNetResolver func(string) (NetResolver, error) + + // AddressDialer is the dialer used to dial the DNS server. It accepts the + // Host portion of the URL corresponding to the user's dial target and + // returns a dial function. + AddressDialer func(address string) func(context.Context, string, string) (net.Conn, error) +) diff --git a/vendor/google.golang.org/grpc/internal/resolver/unix/unix.go b/vendor/google.golang.org/grpc/internal/resolver/unix/unix.go index 160911687..27cd81af9 100644 --- a/vendor/google.golang.org/grpc/internal/resolver/unix/unix.go +++ b/vendor/google.golang.org/grpc/internal/resolver/unix/unix.go @@ -61,6 +61,10 @@ func (b *builder) Scheme() string { return b.scheme } +func (b *builder) OverrideAuthority(resolver.Target) string { + return "localhost" +} + type nopResolver struct { } diff --git a/vendor/google.golang.org/grpc/internal/status/status.go b/vendor/google.golang.org/grpc/internal/status/status.go index 03ef2fedd..c7dbc8205 100644 --- a/vendor/google.golang.org/grpc/internal/status/status.go +++ b/vendor/google.golang.org/grpc/internal/status/status.go @@ -31,10 +31,11 @@ import ( "errors" "fmt" - "github.com/golang/protobuf/proto" - "github.com/golang/protobuf/ptypes" spb "google.golang.org/genproto/googleapis/rpc/status" "google.golang.org/grpc/codes" + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/protoadapt" + "google.golang.org/protobuf/types/known/anypb" ) // Status represents an RPC status code, message, and details. It is immutable @@ -130,14 +131,14 @@ func (s *Status) Err() error { // WithDetails returns a new status with the provided details messages appended to the status. // If any errors are encountered, it returns nil and the first error encountered. -func (s *Status) WithDetails(details ...proto.Message) (*Status, error) { +func (s *Status) WithDetails(details ...protoadapt.MessageV1) (*Status, error) { if s.Code() == codes.OK { return nil, errors.New("no error details for status with code OK") } // s.Code() != OK implies that s.Proto() != nil. p := s.Proto() for _, detail := range details { - any, err := ptypes.MarshalAny(detail) + any, err := anypb.New(protoadapt.MessageV2Of(detail)) if err != nil { return nil, err } @@ -154,12 +155,12 @@ func (s *Status) Details() []any { } details := make([]any, 0, len(s.s.Details)) for _, any := range s.s.Details { - detail := &ptypes.DynamicAny{} - if err := ptypes.UnmarshalAny(any, detail); err != nil { + detail, err := any.UnmarshalNew() + if err != nil { details = append(details, err) continue } - details = append(details, detail.Message) + details = append(details, detail) } return details } diff --git a/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go b/vendor/google.golang.org/grpc/internal/tcp_keepalive_others.go similarity index 69% rename from vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go rename to vendor/google.golang.org/grpc/internal/tcp_keepalive_others.go index b5568b22e..4f347edd4 100644 --- a/vendor/google.golang.org/grpc/internal/channelz/util_nonlinux.go +++ b/vendor/google.golang.org/grpc/internal/tcp_keepalive_others.go @@ -1,9 +1,7 @@ -//go:build !linux -// +build !linux +//go:build !unix && !windows /* - * - * Copyright 2018 gRPC authors. + * Copyright 2023 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -19,9 +17,13 @@ * */ -package channelz +package internal + +import ( + "net" +) -// GetSocketOption gets the socket option info of the conn. -func GetSocketOption(c any) *SocketOptionData { - return nil +// NetDialerWithTCPKeepalive returns a vanilla net.Dialer on non-unix platforms. +func NetDialerWithTCPKeepalive() *net.Dialer { + return &net.Dialer{} } diff --git a/vendor/google.golang.org/grpc/internal/tcp_keepalive_unix.go b/vendor/google.golang.org/grpc/internal/tcp_keepalive_unix.go new file mode 100644 index 000000000..078137b7f --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/tcp_keepalive_unix.go @@ -0,0 +1,54 @@ +//go:build unix + +/* + * Copyright 2023 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package internal + +import ( + "net" + "syscall" + "time" + + "golang.org/x/sys/unix" +) + +// NetDialerWithTCPKeepalive returns a net.Dialer that enables TCP keepalives on +// the underlying connection with OS default values for keepalive parameters. +// +// TODO: Once https://github.com/golang/go/issues/62254 lands, and the +// appropriate Go version becomes less than our least supported Go version, we +// should look into using the new API to make things more straightforward. +func NetDialerWithTCPKeepalive() *net.Dialer { + return &net.Dialer{ + // Setting a negative value here prevents the Go stdlib from overriding + // the values of TCP keepalive time and interval. It also prevents the + // Go stdlib from enabling TCP keepalives by default. + KeepAlive: time.Duration(-1), + // This method is called after the underlying network socket is created, + // but before dialing the socket (or calling its connect() method). The + // combination of unconditionally enabling TCP keepalives here, and + // disabling the overriding of TCP keepalive parameters by setting the + // KeepAlive field to a negative value above, results in OS defaults for + // the TCP keealive interval and time parameters. + Control: func(_, _ string, c syscall.RawConn) error { + return c.Control(func(fd uintptr) { + unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_KEEPALIVE, 1) + }) + }, + } +} diff --git a/vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go b/vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go new file mode 100644 index 000000000..fd7d43a89 --- /dev/null +++ b/vendor/google.golang.org/grpc/internal/tcp_keepalive_windows.go @@ -0,0 +1,54 @@ +//go:build windows + +/* + * Copyright 2023 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package internal + +import ( + "net" + "syscall" + "time" + + "golang.org/x/sys/windows" +) + +// NetDialerWithTCPKeepalive returns a net.Dialer that enables TCP keepalives on +// the underlying connection with OS default values for keepalive parameters. +// +// TODO: Once https://github.com/golang/go/issues/62254 lands, and the +// appropriate Go version becomes less than our least supported Go version, we +// should look into using the new API to make things more straightforward. +func NetDialerWithTCPKeepalive() *net.Dialer { + return &net.Dialer{ + // Setting a negative value here prevents the Go stdlib from overriding + // the values of TCP keepalive time and interval. It also prevents the + // Go stdlib from enabling TCP keepalives by default. + KeepAlive: time.Duration(-1), + // This method is called after the underlying network socket is created, + // but before dialing the socket (or calling its connect() method). The + // combination of unconditionally enabling TCP keepalives here, and + // disabling the overriding of TCP keepalive parameters by setting the + // KeepAlive field to a negative value above, results in OS defaults for + // the TCP keealive interval and time parameters. + Control: func(_, _ string, c syscall.RawConn) error { + return c.Control(func(fd uintptr) { + windows.SetsockoptInt(windows.Handle(fd), windows.SOL_SOCKET, windows.SO_KEEPALIVE, 1) + }) + }, + } +} diff --git a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go index b330ccedc..3deadfb4a 100644 --- a/vendor/google.golang.org/grpc/internal/transport/controlbuf.go +++ b/vendor/google.golang.org/grpc/internal/transport/controlbuf.go @@ -193,7 +193,7 @@ type goAway struct { code http2.ErrCode debugData []byte headsUp bool - closeConn error // if set, loopyWriter will exit, resulting in conn closure + closeConn error // if set, loopyWriter will exit with this error } func (*goAway) isTransportResponseFrame() bool { return false } @@ -336,7 +336,7 @@ func (c *controlBuffer) put(it cbItem) error { return err } -func (c *controlBuffer) executeAndPut(f func(it any) bool, it cbItem) (bool, error) { +func (c *controlBuffer) executeAndPut(f func() bool, it cbItem) (bool, error) { var wakeUp bool c.mu.Lock() if c.err != nil { @@ -344,7 +344,7 @@ func (c *controlBuffer) executeAndPut(f func(it any) bool, it cbItem) (bool, err return false, c.err } if f != nil { - if !f(it) { // f wasn't successful + if !f() { // f wasn't successful c.mu.Unlock() return false, nil } @@ -495,21 +495,22 @@ type loopyWriter struct { ssGoAwayHandler func(*goAway) (bool, error) } -func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator, conn net.Conn, logger *grpclog.PrefixLogger) *loopyWriter { +func newLoopyWriter(s side, fr *framer, cbuf *controlBuffer, bdpEst *bdpEstimator, conn net.Conn, logger *grpclog.PrefixLogger, goAwayHandler func(*goAway) (bool, error)) *loopyWriter { var buf bytes.Buffer l := &loopyWriter{ - side: s, - cbuf: cbuf, - sendQuota: defaultWindowSize, - oiws: defaultWindowSize, - estdStreams: make(map[uint32]*outStream), - activeStreams: newOutStreamList(), - framer: fr, - hBuf: &buf, - hEnc: hpack.NewEncoder(&buf), - bdpEst: bdpEst, - conn: conn, - logger: logger, + side: s, + cbuf: cbuf, + sendQuota: defaultWindowSize, + oiws: defaultWindowSize, + estdStreams: make(map[uint32]*outStream), + activeStreams: newOutStreamList(), + framer: fr, + hBuf: &buf, + hEnc: hpack.NewEncoder(&buf), + bdpEst: bdpEst, + conn: conn, + logger: logger, + ssGoAwayHandler: goAwayHandler, } return l } @@ -535,8 +536,8 @@ const minBatchSize = 1000 // size is too low to give stream goroutines a chance to fill it up. // // Upon exiting, if the error causing the exit is not an I/O error, run() -// flushes and closes the underlying connection. Otherwise, the connection is -// left open to allow the I/O error to be encountered by the reader instead. +// flushes the underlying connection. The connection is always left open to +// allow different closing behavior on the client and server. func (l *loopyWriter) run() (err error) { defer func() { if l.logger.V(logLevel) { @@ -544,7 +545,6 @@ func (l *loopyWriter) run() (err error) { } if !isIOError(err) { l.framer.writer.Flush() - l.conn.Close() } l.cbuf.finish() }() diff --git a/vendor/google.golang.org/grpc/internal/transport/handler_server.go b/vendor/google.golang.org/grpc/internal/transport/handler_server.go index 17f7a21b5..4a3ddce29 100644 --- a/vendor/google.golang.org/grpc/internal/transport/handler_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/handler_server.go @@ -35,7 +35,6 @@ import ( "sync" "time" - "github.com/golang/protobuf/proto" "golang.org/x/net/http2" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" @@ -45,20 +44,17 @@ import ( "google.golang.org/grpc/peer" "google.golang.org/grpc/stats" "google.golang.org/grpc/status" + "google.golang.org/protobuf/proto" ) // NewServerHandlerTransport returns a ServerTransport handling gRPC from // inside an http.Handler, or writes an HTTP error to w and returns an error. // It requires that the http Server supports HTTP/2. func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats []stats.Handler) (ServerTransport, error) { - if r.ProtoMajor != 2 { - msg := "gRPC requires HTTP/2" - http.Error(w, msg, http.StatusBadRequest) - return nil, errors.New(msg) - } - if r.Method != "POST" { + if r.Method != http.MethodPost { + w.Header().Set("Allow", http.MethodPost) msg := fmt.Sprintf("invalid gRPC request method %q", r.Method) - http.Error(w, msg, http.StatusBadRequest) + http.Error(w, msg, http.StatusMethodNotAllowed) return nil, errors.New(msg) } contentType := r.Header.Get("Content-Type") @@ -69,17 +65,36 @@ func NewServerHandlerTransport(w http.ResponseWriter, r *http.Request, stats []s http.Error(w, msg, http.StatusUnsupportedMediaType) return nil, errors.New(msg) } + if r.ProtoMajor != 2 { + msg := "gRPC requires HTTP/2" + http.Error(w, msg, http.StatusHTTPVersionNotSupported) + return nil, errors.New(msg) + } if _, ok := w.(http.Flusher); !ok { msg := "gRPC requires a ResponseWriter supporting http.Flusher" http.Error(w, msg, http.StatusInternalServerError) return nil, errors.New(msg) } + var localAddr net.Addr + if la := r.Context().Value(http.LocalAddrContextKey); la != nil { + localAddr, _ = la.(net.Addr) + } + var authInfo credentials.AuthInfo + if r.TLS != nil { + authInfo = credentials.TLSInfo{State: *r.TLS, CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}} + } + p := peer.Peer{ + Addr: strAddr(r.RemoteAddr), + LocalAddr: localAddr, + AuthInfo: authInfo, + } st := &serverHandlerTransport{ rw: w, req: r, closedCh: make(chan struct{}), writes: make(chan func()), + peer: p, contentType: contentType, contentSubtype: contentSubtype, stats: stats, @@ -134,6 +149,8 @@ type serverHandlerTransport struct { headerMD metadata.MD + peer peer.Peer + closeOnce sync.Once closedCh chan struct{} // closed on Close @@ -165,7 +182,13 @@ func (ht *serverHandlerTransport) Close(err error) { }) } -func (ht *serverHandlerTransport) RemoteAddr() net.Addr { return strAddr(ht.req.RemoteAddr) } +func (ht *serverHandlerTransport) Peer() *peer.Peer { + return &peer.Peer{ + Addr: ht.peer.Addr, + LocalAddr: ht.peer.LocalAddr, + AuthInfo: ht.peer.AuthInfo, + } +} // strAddr is a net.Addr backed by either a TCP "ip:port" string, or // the empty string if unknown. @@ -347,10 +370,8 @@ func (ht *serverHandlerTransport) WriteHeader(s *Stream, md metadata.MD) error { return err } -func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream)) { +func (ht *serverHandlerTransport) HandleStreams(ctx context.Context, startStream func(*Stream)) { // With this transport type there will be exactly 1 stream: this HTTP request. - - ctx := ht.req.Context() var cancel context.CancelFunc if ht.timeoutSet { ctx, cancel = context.WithTimeout(ctx, ht.timeout) @@ -370,34 +391,19 @@ func (ht *serverHandlerTransport) HandleStreams(startStream func(*Stream)) { ht.Close(errors.New("request is done processing")) }() + ctx = metadata.NewIncomingContext(ctx, ht.headerMD) req := ht.req - s := &Stream{ - id: 0, // irrelevant - requestRead: func(int) {}, - cancel: cancel, - buf: newRecvBuffer(), - st: ht, - method: req.URL.Path, - recvCompress: req.Header.Get("grpc-encoding"), - contentSubtype: ht.contentSubtype, - } - pr := &peer.Peer{ - Addr: ht.RemoteAddr(), - } - if req.TLS != nil { - pr.AuthInfo = credentials.TLSInfo{State: *req.TLS, CommonAuthInfo: credentials.CommonAuthInfo{SecurityLevel: credentials.PrivacyAndIntegrity}} - } - ctx = metadata.NewIncomingContext(ctx, ht.headerMD) - s.ctx = peer.NewContext(ctx, pr) - for _, sh := range ht.stats { - s.ctx = sh.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method}) - inHeader := &stats.InHeader{ - FullMethod: s.method, - RemoteAddr: ht.RemoteAddr(), - Compression: s.recvCompress, - } - sh.HandleRPC(s.ctx, inHeader) + id: 0, // irrelevant + ctx: ctx, + requestRead: func(int) {}, + cancel: cancel, + buf: newRecvBuffer(), + st: ht, + method: req.URL.Path, + recvCompress: req.Header.Get("grpc-encoding"), + contentSubtype: ht.contentSubtype, + headerWireLength: 0, // won't have access to header wire length until golang/go#18997. } s.trReader = &transportReader{ reader: &recvBufferReader{ctx: s.ctx, ctxDone: s.ctx.Done(), recv: s.buf, freeBuffer: func(*bytes.Buffer) {}}, diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_client.go b/vendor/google.golang.org/grpc/internal/transport/http2_client.go index d6f5c4935..3c63c7069 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_client.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_client.go @@ -36,6 +36,7 @@ import ( "golang.org/x/net/http2/hpack" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" + "google.golang.org/grpc/internal" "google.golang.org/grpc/internal/channelz" icredentials "google.golang.org/grpc/internal/credentials" "google.golang.org/grpc/internal/grpclog" @@ -43,7 +44,7 @@ import ( "google.golang.org/grpc/internal/grpcutil" imetadata "google.golang.org/grpc/internal/metadata" istatus "google.golang.org/grpc/internal/status" - "google.golang.org/grpc/internal/syscall" + isyscall "google.golang.org/grpc/internal/syscall" "google.golang.org/grpc/internal/transport/networktype" "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" @@ -58,6 +59,8 @@ import ( // atomically. var clientConnectionCounter uint64 +var metadataFromOutgoingContextRaw = internal.FromOutgoingContextRaw.(func(context.Context) (metadata.MD, [][]string, bool)) + // http2Client implements the ClientTransport interface with HTTP2. type http2Client struct { lastRead int64 // Keep this field 64-bit aligned. Accessed atomically. @@ -111,11 +114,11 @@ type http2Client struct { streamQuota int64 streamsQuotaAvailable chan struct{} waitingStreams uint32 - nextID uint32 registeredCompressors string // Do not access controlBuf with mu held. mu sync.Mutex // guard the following variables + nextID uint32 state transportState activeStreams map[uint32]*Stream // prevGoAway ID records the Last-Stream-ID in the previous GOAway frame. @@ -137,9 +140,7 @@ type http2Client struct { // variable. kpDormant bool - // Fields below are for channelz metric collection. - channelzID *channelz.Identifier - czData *channelzData + channelz *channelz.Socket onClose func(GoAwayReason) @@ -176,7 +177,7 @@ func dial(ctx context.Context, fn func(context.Context, string) (net.Conn, error if networkType == "tcp" && useProxy { return proxyDial(ctx, address, grpcUA) } - return (&net.Dialer{}).DialContext(ctx, networkType, address) + return internal.NetDialerWithTCPKeepalive().DialContext(ctx, networkType, address) } func isTemporary(err error) bool { @@ -262,7 +263,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts } keepaliveEnabled := false if kp.Time != infinity { - if err = syscall.SetTCPUserTimeout(conn, kp.Timeout); err != nil { + if err = isyscall.SetTCPUserTimeout(conn, kp.Timeout); err != nil { return nil, connectionErrorf(false, err, "transport: failed to set TCP_USER_TIMEOUT: %v", err) } keepaliveEnabled = true @@ -316,6 +317,7 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts if opts.MaxHeaderListSize != nil { maxHeaderListSize = *opts.MaxHeaderListSize } + t := &http2Client{ ctx: ctx, ctxDone: ctx.Done(), // Cache Done chan. @@ -343,11 +345,25 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts maxConcurrentStreams: defaultMaxStreamsClient, streamQuota: defaultMaxStreamsClient, streamsQuotaAvailable: make(chan struct{}, 1), - czData: new(channelzData), keepaliveEnabled: keepaliveEnabled, bufferPool: newBufferPool(), onClose: onClose, } + var czSecurity credentials.ChannelzSecurityValue + if au, ok := authInfo.(credentials.ChannelzSecurityInfo); ok { + czSecurity = au.GetSecurityValue() + } + t.channelz = channelz.RegisterSocket( + &channelz.Socket{ + SocketType: channelz.SocketTypeNormal, + Parent: opts.ChannelzParent, + SocketMetrics: channelz.SocketMetrics{}, + EphemeralMetrics: t.socketMetrics, + LocalAddr: t.localAddr, + RemoteAddr: t.remoteAddr, + SocketOptions: channelz.GetSocketOption(t.conn), + Security: czSecurity, + }) t.logger = prefixLoggerForClientTransport(t) // Add peer information to the http2client context. t.ctx = peer.NewContext(t.ctx, t.getPeer()) @@ -378,10 +394,6 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts } sh.HandleConn(t.ctx, connBegin) } - t.channelzID, err = channelz.RegisterNormalSocket(t, opts.ChannelzParentID, fmt.Sprintf("%s -> %s", t.localAddr, t.remoteAddr)) - if err != nil { - return nil, err - } if t.keepaliveEnabled { t.kpDormancyCond = sync.NewCond(&t.mu) go t.keepalive() @@ -396,10 +408,10 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts readerErrCh := make(chan error, 1) go t.reader(readerErrCh) defer func() { - if err == nil { - err = <-readerErrCh - } if err != nil { + // writerDone should be closed since the loopy goroutine + // wouldn't have started in the case this function returns an error. + close(t.writerDone) t.Close(err) } }() @@ -446,9 +458,19 @@ func newHTTP2Client(connectCtx, ctx context.Context, addr resolver.Address, opts if err := t.framer.writer.Flush(); err != nil { return nil, err } + // Block until the server preface is received successfully or an error occurs. + if err = <-readerErrCh; err != nil { + return nil, err + } go func() { - t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger) - t.loopy.run() + t.loopy = newLoopyWriter(clientSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger, t.outgoingGoAwayHandler) + if err := t.loopy.run(); !isIOError(err) { + // Immediately close the connection, as the loopy writer returns + // when there are no more active streams and we were draining (the + // server sent a GOAWAY). For I/O errors, the reader will hit it + // after draining any remaining incoming data. + t.conn.Close() + } close(t.writerDone) }() return t, nil @@ -493,9 +515,21 @@ func (t *http2Client) newStream(ctx context.Context, callHdr *CallHdr) *Stream { func (t *http2Client) getPeer() *peer.Peer { return &peer.Peer{ - Addr: t.remoteAddr, - AuthInfo: t.authInfo, // Can be nil + Addr: t.remoteAddr, + AuthInfo: t.authInfo, // Can be nil + LocalAddr: t.localAddr, + } +} + +// OutgoingGoAwayHandler writes a GOAWAY to the connection. Always returns (false, err) as we want the GoAway +// to be the last frame loopy writes to the transport. +func (t *http2Client) outgoingGoAwayHandler(g *goAway) (bool, error) { + t.mu.Lock() + defer t.mu.Unlock() + if err := t.framer.fr.WriteGoAway(t.nextID-2, http2.ErrCodeNo, g.debugData); err != nil { + return false, err } + return false, g.closeConn } func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) ([]hpack.HeaderField, error) { @@ -566,7 +600,7 @@ func (t *http2Client) createHeaderFields(ctx context.Context, callHdr *CallHdr) headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-trace-bin", Value: encodeBinHeader(b)}) } - if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok { + if md, added, ok := metadataFromOutgoingContextRaw(ctx); ok { var k string for k, vv := range md { // HTTP doesn't allow you to set pseudoheaders after non pseudoheaders were set. @@ -746,8 +780,8 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, return ErrConnClosing } if channelz.IsOn() { - atomic.AddInt64(&t.czData.streamsStarted, 1) - atomic.StoreInt64(&t.czData.lastStreamCreatedTime, time.Now().UnixNano()) + t.channelz.SocketMetrics.StreamsStarted.Add(1) + t.channelz.SocketMetrics.LastLocalStreamCreatedTimestamp.Store(time.Now().UnixNano()) } // If the keepalive goroutine has gone dormant, wake it up. if t.kpDormant { @@ -762,7 +796,7 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, firstTry := true var ch chan struct{} transportDrainRequired := false - checkForStreamQuota := func(it any) bool { + checkForStreamQuota := func() bool { if t.streamQuota <= 0 { // Can go negative if server decreases it. if firstTry { t.waitingStreams++ @@ -774,23 +808,24 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, t.waitingStreams-- } t.streamQuota-- - h := it.(*headerFrame) - h.streamID = t.nextID - t.nextID += 2 - // Drain client transport if nextID > MaxStreamID which signals gRPC that - // the connection is closed and a new one must be created for subsequent RPCs. - transportDrainRequired = t.nextID > MaxStreamID - - s.id = h.streamID - s.fc = &inFlow{limit: uint32(t.initialWindowSize)} t.mu.Lock() if t.state == draining || t.activeStreams == nil { // Can be niled from Close(). t.mu.Unlock() return false // Don't create a stream if the transport is already closed. } + + hdr.streamID = t.nextID + t.nextID += 2 + // Drain client transport if nextID > MaxStreamID which signals gRPC that + // the connection is closed and a new one must be created for subsequent RPCs. + transportDrainRequired = t.nextID > MaxStreamID + + s.id = hdr.streamID + s.fc = &inFlow{limit: uint32(t.initialWindowSize)} t.activeStreams[s.id] = s t.mu.Unlock() + if t.streamQuota > 0 && t.waitingStreams > 0 { select { case t.streamsQuotaAvailable <- struct{}{}: @@ -800,13 +835,12 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, return true } var hdrListSizeErr error - checkForHeaderListSize := func(it any) bool { + checkForHeaderListSize := func() bool { if t.maxSendHeaderListSize == nil { return true } - hdrFrame := it.(*headerFrame) var sz int64 - for _, f := range hdrFrame.hf { + for _, f := range hdr.hf { if sz += int64(f.Size()); sz > int64(*t.maxSendHeaderListSize) { hdrListSizeErr = status.Errorf(codes.Internal, "header list size to send violates the maximum size (%d bytes) set by server", *t.maxSendHeaderListSize) return false @@ -815,8 +849,8 @@ func (t *http2Client) NewStream(ctx context.Context, callHdr *CallHdr) (*Stream, return true } for { - success, err := t.controlBuf.executeAndPut(func(it any) bool { - return checkForHeaderListSize(it) && checkForStreamQuota(it) + success, err := t.controlBuf.executeAndPut(func() bool { + return checkForHeaderListSize() && checkForStreamQuota() }, hdr) if err != nil { // Connection closed. @@ -918,16 +952,16 @@ func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2. t.mu.Unlock() if channelz.IsOn() { if eosReceived { - atomic.AddInt64(&t.czData.streamsSucceeded, 1) + t.channelz.SocketMetrics.StreamsSucceeded.Add(1) } else { - atomic.AddInt64(&t.czData.streamsFailed, 1) + t.channelz.SocketMetrics.StreamsFailed.Add(1) } } }, rst: rst, rstCode: rstCode, } - addBackStreamQuota := func(any) bool { + addBackStreamQuota := func() bool { t.streamQuota++ if t.streamQuota > 0 && t.waitingStreams > 0 { select { @@ -947,7 +981,7 @@ func (t *http2Client) closeStream(s *Stream, err error, rst bool, rstCode http2. // Close kicks off the shutdown process of the transport. This should be called // only once on a transport. Once it is called, the transport should not be -// accessed any more. +// accessed anymore. func (t *http2Client) Close(err error) { t.mu.Lock() // Make sure we only close once. @@ -972,10 +1006,13 @@ func (t *http2Client) Close(err error) { t.kpDormancyCond.Signal() } t.mu.Unlock() - t.controlBuf.finish() + // Per HTTP/2 spec, a GOAWAY frame must be sent before closing the + // connection. See https://httpwg.org/specs/rfc7540.html#GOAWAY. + t.controlBuf.put(&goAway{code: http2.ErrCodeNo, debugData: []byte("client transport shutdown"), closeConn: err}) + <-t.writerDone t.cancel() t.conn.Close() - channelz.RemoveEntry(t.channelzID) + channelz.RemoveEntry(t.channelz.ID) // Append info about previous goaways if there were any, since this may be important // for understanding the root cause for this connection to be closed. _, goAwayDebugMessage := t.GetGoAwayReason() @@ -1080,7 +1117,7 @@ func (t *http2Client) updateWindow(s *Stream, n uint32) { // for the transport and the stream based on the current bdp // estimation. func (t *http2Client) updateFlowControl(n uint32) { - updateIWS := func(any) bool { + updateIWS := func() bool { t.initialWindowSize = int32(n) t.mu.Lock() for _, s := range t.activeStreams { @@ -1233,7 +1270,7 @@ func (t *http2Client) handleSettings(f *http2.SettingsFrame, isFirst bool) { } updateFuncs = append(updateFuncs, updateStreamQuota) } - t.controlBuf.executeAndPut(func(any) bool { + t.controlBuf.executeAndPut(func() bool { for _, f := range updateFuncs { f() } @@ -1321,10 +1358,8 @@ func (t *http2Client) handleGoAway(f *http2.GoAwayFrame) { for streamID, stream := range t.activeStreams { if streamID > id && streamID <= upperLimit { // The stream was unprocessed by the server. - if streamID > id && streamID <= upperLimit { - atomic.StoreUint32(&stream.unprocessed, 1) - streamsToClose = append(streamsToClose, stream) - } + atomic.StoreUint32(&stream.unprocessed, 1) + streamsToClose = append(streamsToClose, stream) } } t.mu.Unlock() @@ -1700,7 +1735,7 @@ func (t *http2Client) keepalive() { // keepalive timer expired. In both cases, we need to send a ping. if !outstandingPing { if channelz.IsOn() { - atomic.AddInt64(&t.czData.kpCount, 1) + t.channelz.SocketMetrics.KeepAlivesSent.Add(1) } t.controlBuf.put(p) timeoutLeft = t.kp.Timeout @@ -1730,40 +1765,23 @@ func (t *http2Client) GoAway() <-chan struct{} { return t.goAway } -func (t *http2Client) ChannelzMetric() *channelz.SocketInternalMetric { - s := channelz.SocketInternalMetric{ - StreamsStarted: atomic.LoadInt64(&t.czData.streamsStarted), - StreamsSucceeded: atomic.LoadInt64(&t.czData.streamsSucceeded), - StreamsFailed: atomic.LoadInt64(&t.czData.streamsFailed), - MessagesSent: atomic.LoadInt64(&t.czData.msgSent), - MessagesReceived: atomic.LoadInt64(&t.czData.msgRecv), - KeepAlivesSent: atomic.LoadInt64(&t.czData.kpCount), - LastLocalStreamCreatedTimestamp: time.Unix(0, atomic.LoadInt64(&t.czData.lastStreamCreatedTime)), - LastMessageSentTimestamp: time.Unix(0, atomic.LoadInt64(&t.czData.lastMsgSentTime)), - LastMessageReceivedTimestamp: time.Unix(0, atomic.LoadInt64(&t.czData.lastMsgRecvTime)), - LocalFlowControlWindow: int64(t.fc.getSize()), - SocketOptions: channelz.GetSocketOption(t.conn), - LocalAddr: t.localAddr, - RemoteAddr: t.remoteAddr, - // RemoteName : - } - if au, ok := t.authInfo.(credentials.ChannelzSecurityInfo); ok { - s.Security = au.GetSecurityValue() - } - s.RemoteFlowControlWindow = t.getOutFlowWindow() - return &s +func (t *http2Client) socketMetrics() *channelz.EphemeralSocketMetrics { + return &channelz.EphemeralSocketMetrics{ + LocalFlowControlWindow: int64(t.fc.getSize()), + RemoteFlowControlWindow: t.getOutFlowWindow(), + } } func (t *http2Client) RemoteAddr() net.Addr { return t.remoteAddr } func (t *http2Client) IncrMsgSent() { - atomic.AddInt64(&t.czData.msgSent, 1) - atomic.StoreInt64(&t.czData.lastMsgSentTime, time.Now().UnixNano()) + t.channelz.SocketMetrics.MessagesSent.Add(1) + t.channelz.SocketMetrics.LastMessageSentTimestamp.Store(time.Now().UnixNano()) } func (t *http2Client) IncrMsgRecv() { - atomic.AddInt64(&t.czData.msgRecv, 1) - atomic.StoreInt64(&t.czData.lastMsgRecvTime, time.Now().UnixNano()) + t.channelz.SocketMetrics.MessagesReceived.Add(1) + t.channelz.SocketMetrics.LastMessageReceivedTimestamp.Store(time.Now().UnixNano()) } func (t *http2Client) getOutFlowWindow() int64 { diff --git a/vendor/google.golang.org/grpc/internal/transport/http2_server.go b/vendor/google.golang.org/grpc/internal/transport/http2_server.go index 6fa1eb419..cab0e2d3d 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http2_server.go +++ b/vendor/google.golang.org/grpc/internal/transport/http2_server.go @@ -32,13 +32,13 @@ import ( "sync/atomic" "time" - "github.com/golang/protobuf/proto" "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" "google.golang.org/grpc/internal/grpclog" "google.golang.org/grpc/internal/grpcutil" "google.golang.org/grpc/internal/pretty" "google.golang.org/grpc/internal/syscall" + "google.golang.org/protobuf/proto" "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" @@ -68,18 +68,15 @@ var serverConnectionCounter uint64 // http2Server implements the ServerTransport interface with HTTP2. type http2Server struct { - lastRead int64 // Keep this field 64-bit aligned. Accessed atomically. - ctx context.Context - done chan struct{} - conn net.Conn - loopy *loopyWriter - readerDone chan struct{} // sync point to enable testing. - writerDone chan struct{} // sync point to enable testing. - remoteAddr net.Addr - localAddr net.Addr - authInfo credentials.AuthInfo // auth info about the connection - inTapHandle tap.ServerInHandle - framer *framer + lastRead int64 // Keep this field 64-bit aligned. Accessed atomically. + done chan struct{} + conn net.Conn + loopy *loopyWriter + readerDone chan struct{} // sync point to enable testing. + loopyWriterDone chan struct{} + peer peer.Peer + inTapHandle tap.ServerInHandle + framer *framer // The max number of concurrent streams. maxStreams uint32 // controlBuf delivers all the control related tasks (e.g., window @@ -121,8 +118,7 @@ type http2Server struct { idle time.Time // Fields below are for channelz metric collection. - channelzID *channelz.Identifier - czData *channelzData + channelz *channelz.Socket bufferPool *bufferPool connectionID uint64 @@ -243,16 +239,18 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, } done := make(chan struct{}) + peer := peer.Peer{ + Addr: conn.RemoteAddr(), + LocalAddr: conn.LocalAddr(), + AuthInfo: authInfo, + } t := &http2Server{ - ctx: setConnection(context.Background(), rawConn), done: done, conn: conn, - remoteAddr: conn.RemoteAddr(), - localAddr: conn.LocalAddr(), - authInfo: authInfo, + peer: peer, framer: framer, readerDone: make(chan struct{}), - writerDone: make(chan struct{}), + loopyWriterDone: make(chan struct{}), maxStreams: config.MaxStreams, inTapHandle: config.InTapHandle, fc: &trInFlow{limit: uint32(icwz)}, @@ -263,12 +261,25 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, idle: time.Now(), kep: kep, initialWindowSize: iwz, - czData: new(channelzData), bufferPool: newBufferPool(), } + var czSecurity credentials.ChannelzSecurityValue + if au, ok := authInfo.(credentials.ChannelzSecurityInfo); ok { + czSecurity = au.GetSecurityValue() + } + t.channelz = channelz.RegisterSocket( + &channelz.Socket{ + SocketType: channelz.SocketTypeNormal, + Parent: config.ChannelzParent, + SocketMetrics: channelz.SocketMetrics{}, + EphemeralMetrics: t.socketMetrics, + LocalAddr: t.peer.LocalAddr, + RemoteAddr: t.peer.Addr, + SocketOptions: channelz.GetSocketOption(t.conn), + Security: czSecurity, + }, + ) t.logger = prefixLoggerForServerTransport(t) - // Add peer information to the http2server context. - t.ctx = peer.NewContext(t.ctx, t.getPeer()) t.controlBuf = newControlBuffer(t.done) if dynamicWindow { @@ -277,18 +288,6 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, updateFlowControl: t.updateFlowControl, } } - for _, sh := range t.stats { - t.ctx = sh.TagConn(t.ctx, &stats.ConnTagInfo{ - RemoteAddr: t.remoteAddr, - LocalAddr: t.localAddr, - }) - connBegin := &stats.ConnBegin{} - sh.HandleConn(t.ctx, connBegin) - } - t.channelzID, err = channelz.RegisterNormalSocket(t, config.ChannelzParentID, fmt.Sprintf("%s -> %s", t.remoteAddr, t.localAddr)) - if err != nil { - return nil, err - } t.connectionID = atomic.AddUint64(&serverConnectionCounter, 1) t.framer.writer.Flush() @@ -331,10 +330,27 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, t.handleSettings(sf) go func() { - t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger) - t.loopy.ssGoAwayHandler = t.outgoingGoAwayHandler - t.loopy.run() - close(t.writerDone) + t.loopy = newLoopyWriter(serverSide, t.framer, t.controlBuf, t.bdpEst, t.conn, t.logger, t.outgoingGoAwayHandler) + err := t.loopy.run() + close(t.loopyWriterDone) + if !isIOError(err) { + // Close the connection if a non-I/O error occurs (for I/O errors + // the reader will also encounter the error and close). Wait 1 + // second before closing the connection, or when the reader is done + // (i.e. the client already closed the connection or a connection + // error occurred). This avoids the potential problem where there + // is unread data on the receive side of the connection, which, if + // closed, would lead to a TCP RST instead of FIN, and the client + // encountering errors. For more info: + // https://github.com/grpc/grpc-go/issues/5358 + timer := time.NewTimer(time.Second) + defer timer.Stop() + select { + case <-t.readerDone: + case <-timer.C: + } + t.conn.Close() + } }() go t.keepalive() return t, nil @@ -342,7 +358,7 @@ func NewServerTransport(conn net.Conn, config *ServerConfig) (_ ServerTransport, // operateHeaders takes action on the decoded headers. Returns an error if fatal // error encountered and transport needs to close, otherwise returns nil. -func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func(*Stream)) error { +func (t *http2Server) operateHeaders(ctx context.Context, frame *http2.MetaHeadersFrame, handle func(*Stream)) error { // Acquire max stream ID lock for entire duration t.maxStreamMu.Lock() defer t.maxStreamMu.Unlock() @@ -369,10 +385,11 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( buf := newRecvBuffer() s := &Stream{ - id: streamID, - st: t, - buf: buf, - fc: &inFlow{limit: uint32(t.initialWindowSize)}, + id: streamID, + st: t, + buf: buf, + fc: &inFlow{limit: uint32(t.initialWindowSize)}, + headerWireLength: int(frame.Header().Length), } var ( // if false, content-type was missing or invalid @@ -511,9 +528,9 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( s.state = streamReadDone } if timeoutSet { - s.ctx, s.cancel = context.WithTimeout(t.ctx, timeout) + s.ctx, s.cancel = context.WithTimeout(ctx, timeout) } else { - s.ctx, s.cancel = context.WithCancel(t.ctx) + s.ctx, s.cancel = context.WithCancel(ctx) } // Attach the received metadata to the context. @@ -586,24 +603,12 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( } t.mu.Unlock() if channelz.IsOn() { - atomic.AddInt64(&t.czData.streamsStarted, 1) - atomic.StoreInt64(&t.czData.lastStreamCreatedTime, time.Now().UnixNano()) + t.channelz.SocketMetrics.StreamsStarted.Add(1) + t.channelz.SocketMetrics.LastRemoteStreamCreatedTimestamp.Store(time.Now().UnixNano()) } s.requestRead = func(n int) { t.adjustWindow(s, uint32(n)) } - for _, sh := range t.stats { - s.ctx = sh.TagRPC(s.ctx, &stats.RPCTagInfo{FullMethodName: s.method}) - inHeader := &stats.InHeader{ - FullMethod: s.method, - RemoteAddr: t.remoteAddr, - LocalAddr: t.localAddr, - Compression: s.recvCompress, - WireLength: int(frame.Header().Length), - Header: mdata.Copy(), - } - sh.HandleRPC(s.ctx, inHeader) - } s.ctxDone = s.ctx.Done() s.wq = newWriteQuota(defaultWriteQuota, s.ctxDone) s.trReader = &transportReader{ @@ -629,8 +634,11 @@ func (t *http2Server) operateHeaders(frame *http2.MetaHeadersFrame, handle func( // HandleStreams receives incoming streams using the given handler. This is // typically run in a separate goroutine. // traceCtx attaches trace to ctx and returns the new context. -func (t *http2Server) HandleStreams(handle func(*Stream)) { - defer close(t.readerDone) +func (t *http2Server) HandleStreams(ctx context.Context, handle func(*Stream)) { + defer func() { + close(t.readerDone) + <-t.loopyWriterDone + }() for { t.controlBuf.throttle() frame, err := t.framer.fr.ReadFrame() @@ -655,18 +663,20 @@ func (t *http2Server) HandleStreams(handle func(*Stream)) { } continue } - if err == io.EOF || err == io.ErrUnexpectedEOF { - t.Close(err) - return - } t.Close(err) return } switch frame := frame.(type) { case *http2.MetaHeadersFrame: - if err := t.operateHeaders(frame, handle); err != nil { - t.Close(err) - break + if err := t.operateHeaders(ctx, frame, handle); err != nil { + // Any error processing client headers, e.g. invalid stream ID, + // is considered a protocol violation. + t.controlBuf.put(&goAway{ + code: http2.ErrCodeProtocol, + debugData: []byte(err.Error()), + closeConn: err, + }) + continue } case *http2.DataFrame: t.handleData(frame) @@ -849,7 +859,7 @@ func (t *http2Server) handleSettings(f *http2.SettingsFrame) { } return nil }) - t.controlBuf.executeAndPut(func(any) bool { + t.controlBuf.executeAndPut(func() bool { for _, f := range updateFuncs { f() } @@ -979,7 +989,12 @@ func (t *http2Server) WriteHeader(s *Stream, md metadata.MD) error { } } if err := t.writeHeaderLocked(s); err != nil { - return status.Convert(err).Err() + switch e := err.(type) { + case ConnectionError: + return status.Error(codes.Unavailable, e.Desc) + default: + return status.Convert(err).Err() + } } return nil } @@ -998,12 +1013,13 @@ func (t *http2Server) writeHeaderLocked(s *Stream) error { headerFields = append(headerFields, hpack.HeaderField{Name: "grpc-encoding", Value: s.sendCompress}) } headerFields = appendHeaderFieldsFromMD(headerFields, s.header) - success, err := t.controlBuf.executeAndPut(t.checkForHeaderListSize, &headerFrame{ + hf := &headerFrame{ streamID: s.id, hf: headerFields, endStream: false, onWrite: t.setResetPingStrikes, - }) + } + success, err := t.controlBuf.executeAndPut(func() bool { return t.checkForHeaderListSize(hf) }, hf) if !success { if err != nil { return err @@ -1192,12 +1208,12 @@ func (t *http2Server) keepalive() { continue } if outstandingPing && kpTimeoutLeft <= 0 { - t.Close(fmt.Errorf("keepalive ping not acked within timeout %s", t.kp.Time)) + t.Close(fmt.Errorf("keepalive ping not acked within timeout %s", t.kp.Timeout)) return } if !outstandingPing { if channelz.IsOn() { - atomic.AddInt64(&t.czData.kpCount, 1) + t.channelz.SocketMetrics.KeepAlivesSent.Add(1) } t.controlBuf.put(p) kpTimeoutLeft = t.kp.Timeout @@ -1237,15 +1253,11 @@ func (t *http2Server) Close(err error) { if err := t.conn.Close(); err != nil && t.logger.V(logLevel) { t.logger.Infof("Error closing underlying net.Conn during Close: %v", err) } - channelz.RemoveEntry(t.channelzID) + channelz.RemoveEntry(t.channelz.ID) // Cancel all active streams. for _, s := range streams { s.cancel() } - for _, sh := range t.stats { - connEnd := &stats.ConnEnd{} - sh.HandleConn(t.ctx, connEnd) - } } // deleteStream deletes the stream s from transport's active streams. @@ -1262,9 +1274,9 @@ func (t *http2Server) deleteStream(s *Stream, eosReceived bool) { if channelz.IsOn() { if eosReceived { - atomic.AddInt64(&t.czData.streamsSucceeded, 1) + t.channelz.SocketMetrics.StreamsSucceeded.Add(1) } else { - atomic.AddInt64(&t.czData.streamsFailed, 1) + t.channelz.SocketMetrics.StreamsFailed.Add(1) } } } @@ -1311,10 +1323,6 @@ func (t *http2Server) closeStream(s *Stream, rst bool, rstCode http2.ErrCode, eo }) } -func (t *http2Server) RemoteAddr() net.Addr { - return t.remoteAddr -} - func (t *http2Server) Drain(debugData string) { t.mu.Lock() defer t.mu.Unlock() @@ -1351,6 +1359,7 @@ func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) { if err := t.framer.fr.WriteGoAway(sid, g.code, g.debugData); err != nil { return false, err } + t.framer.writer.Flush() if retErr != nil { return false, retErr } @@ -1371,7 +1380,7 @@ func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) { return false, err } go func() { - timer := time.NewTimer(time.Minute) + timer := time.NewTimer(5 * time.Second) defer timer.Stop() select { case <-t.drainEvent.Done(): @@ -1384,38 +1393,21 @@ func (t *http2Server) outgoingGoAwayHandler(g *goAway) (bool, error) { return false, nil } -func (t *http2Server) ChannelzMetric() *channelz.SocketInternalMetric { - s := channelz.SocketInternalMetric{ - StreamsStarted: atomic.LoadInt64(&t.czData.streamsStarted), - StreamsSucceeded: atomic.LoadInt64(&t.czData.streamsSucceeded), - StreamsFailed: atomic.LoadInt64(&t.czData.streamsFailed), - MessagesSent: atomic.LoadInt64(&t.czData.msgSent), - MessagesReceived: atomic.LoadInt64(&t.czData.msgRecv), - KeepAlivesSent: atomic.LoadInt64(&t.czData.kpCount), - LastRemoteStreamCreatedTimestamp: time.Unix(0, atomic.LoadInt64(&t.czData.lastStreamCreatedTime)), - LastMessageSentTimestamp: time.Unix(0, atomic.LoadInt64(&t.czData.lastMsgSentTime)), - LastMessageReceivedTimestamp: time.Unix(0, atomic.LoadInt64(&t.czData.lastMsgRecvTime)), - LocalFlowControlWindow: int64(t.fc.getSize()), - SocketOptions: channelz.GetSocketOption(t.conn), - LocalAddr: t.localAddr, - RemoteAddr: t.remoteAddr, - // RemoteName : - } - if au, ok := t.authInfo.(credentials.ChannelzSecurityInfo); ok { - s.Security = au.GetSecurityValue() - } - s.RemoteFlowControlWindow = t.getOutFlowWindow() - return &s +func (t *http2Server) socketMetrics() *channelz.EphemeralSocketMetrics { + return &channelz.EphemeralSocketMetrics{ + LocalFlowControlWindow: int64(t.fc.getSize()), + RemoteFlowControlWindow: t.getOutFlowWindow(), + } } func (t *http2Server) IncrMsgSent() { - atomic.AddInt64(&t.czData.msgSent, 1) - atomic.StoreInt64(&t.czData.lastMsgSentTime, time.Now().UnixNano()) + t.channelz.SocketMetrics.MessagesSent.Add(1) + t.channelz.SocketMetrics.LastMessageSentTimestamp.Add(1) } func (t *http2Server) IncrMsgRecv() { - atomic.AddInt64(&t.czData.msgRecv, 1) - atomic.StoreInt64(&t.czData.lastMsgRecvTime, time.Now().UnixNano()) + t.channelz.SocketMetrics.MessagesReceived.Add(1) + t.channelz.SocketMetrics.LastMessageReceivedTimestamp.Add(1) } func (t *http2Server) getOutFlowWindow() int64 { @@ -1433,10 +1425,12 @@ func (t *http2Server) getOutFlowWindow() int64 { } } -func (t *http2Server) getPeer() *peer.Peer { +// Peer returns the peer of the transport. +func (t *http2Server) Peer() *peer.Peer { return &peer.Peer{ - Addr: t.remoteAddr, - AuthInfo: t.authInfo, // Can be nil + Addr: t.peer.Addr, + LocalAddr: t.peer.LocalAddr, + AuthInfo: t.peer.AuthInfo, // Can be nil } } @@ -1461,6 +1455,6 @@ func GetConnection(ctx context.Context) net.Conn { // SetConnection adds the connection to the context to be able to get // information about the destination ip and port for an incoming RPC. This also // allows any unary or streaming interceptors to see the connection. -func setConnection(ctx context.Context, conn net.Conn) context.Context { +func SetConnection(ctx context.Context, conn net.Conn) context.Context { return context.WithValue(ctx, connectionKey{}, conn) } diff --git a/vendor/google.golang.org/grpc/internal/transport/http_util.go b/vendor/google.golang.org/grpc/internal/transport/http_util.go index dc29d590e..39cef3bd4 100644 --- a/vendor/google.golang.org/grpc/internal/transport/http_util.go +++ b/vendor/google.golang.org/grpc/internal/transport/http_util.go @@ -418,10 +418,9 @@ func newFramer(conn net.Conn, writeBufferSize, readBufferSize int, sharedWriteBu return f } -func getWriteBufferPool(writeBufferSize int) *sync.Pool { +func getWriteBufferPool(size int) *sync.Pool { writeBufferMutex.Lock() defer writeBufferMutex.Unlock() - size := writeBufferSize * 2 pool, ok := writeBufferPoolMap[size] if ok { return pool diff --git a/vendor/google.golang.org/grpc/internal/transport/proxy.go b/vendor/google.golang.org/grpc/internal/transport/proxy.go index 415961987..24fa10325 100644 --- a/vendor/google.golang.org/grpc/internal/transport/proxy.go +++ b/vendor/google.golang.org/grpc/internal/transport/proxy.go @@ -28,6 +28,8 @@ import ( "net/http" "net/http/httputil" "net/url" + + "google.golang.org/grpc/internal" ) const proxyAuthHeaderKey = "Proxy-Authorization" @@ -112,7 +114,7 @@ func doHTTPConnectHandshake(ctx context.Context, conn net.Conn, backendAddr stri // proxyDial dials, connecting to a proxy first if necessary. Checks if a proxy // is necessary, dials, does the HTTP CONNECT handshake, and returns the // connection. -func proxyDial(ctx context.Context, addr string, grpcUA string) (conn net.Conn, err error) { +func proxyDial(ctx context.Context, addr string, grpcUA string) (net.Conn, error) { newAddr := addr proxyURL, err := mapAddress(addr) if err != nil { @@ -122,15 +124,15 @@ func proxyDial(ctx context.Context, addr string, grpcUA string) (conn net.Conn, newAddr = proxyURL.Host } - conn, err = (&net.Dialer{}).DialContext(ctx, "tcp", newAddr) + conn, err := internal.NetDialerWithTCPKeepalive().DialContext(ctx, "tcp", newAddr) if err != nil { - return + return nil, err } - if proxyURL != nil { + if proxyURL == nil { // proxy is disabled if proxyURL is nil. - conn, err = doHTTPConnectHandshake(ctx, conn, addr, proxyURL, grpcUA) + return conn, err } - return + return doHTTPConnectHandshake(ctx, conn, addr, proxyURL, grpcUA) } func sendHTTPRequest(ctx context.Context, req *http.Request, conn net.Conn) error { diff --git a/vendor/google.golang.org/grpc/internal/transport/transport.go b/vendor/google.golang.org/grpc/internal/transport/transport.go index aac056e72..4b39c0ade 100644 --- a/vendor/google.golang.org/grpc/internal/transport/transport.go +++ b/vendor/google.golang.org/grpc/internal/transport/transport.go @@ -28,6 +28,7 @@ import ( "fmt" "io" "net" + "strings" "sync" "sync/atomic" "time" @@ -37,6 +38,7 @@ import ( "google.golang.org/grpc/internal/channelz" "google.golang.org/grpc/keepalive" "google.golang.org/grpc/metadata" + "google.golang.org/grpc/peer" "google.golang.org/grpc/resolver" "google.golang.org/grpc/stats" "google.golang.org/grpc/status" @@ -265,7 +267,8 @@ type Stream struct { // headerValid indicates whether a valid header was received. Only // meaningful after headerChan is closed (always call waitOnHeader() before // reading its value). Not valid on server side. - headerValid bool + headerValid bool + headerWireLength int // Only set on server side. // hdrMu protects header and trailer metadata on the server-side. hdrMu sync.Mutex @@ -301,7 +304,7 @@ func (s *Stream) isHeaderSent() bool { } // updateHeaderSent updates headerSent and returns true -// if it was alreay set. It is valid only on server-side. +// if it was already set. It is valid only on server-side. func (s *Stream) updateHeaderSent() bool { return atomic.SwapUint32(&s.headerSent, 1) == 1 } @@ -360,8 +363,12 @@ func (s *Stream) SendCompress() string { // ClientAdvertisedCompressors returns the compressor names advertised by the // client via grpc-accept-encoding header. -func (s *Stream) ClientAdvertisedCompressors() string { - return s.clientAdvertisedCompressors +func (s *Stream) ClientAdvertisedCompressors() []string { + values := strings.Split(s.clientAdvertisedCompressors, ",") + for i, v := range values { + values[i] = strings.TrimSpace(v) + } + return values } // Done returns a channel which is closed when it receives the final status @@ -425,6 +432,12 @@ func (s *Stream) Context() context.Context { return s.ctx } +// SetContext sets the context of the stream. This will be deleted once the +// stats handler callouts all move to gRPC layer. +func (s *Stream) SetContext(ctx context.Context) { + s.ctx = ctx +} + // Method returns the method for the stream. func (s *Stream) Method() string { return s.method @@ -437,6 +450,12 @@ func (s *Stream) Status() *status.Status { return s.status } +// HeaderWireLength returns the size of the headers of the stream as received +// from the wire. Valid only on the server. +func (s *Stream) HeaderWireLength() int { + return s.headerWireLength +} + // SetHeader sets the header metadata. This can be called multiple times. // Server side only. // This should not be called in parallel to other data writes. @@ -552,7 +571,7 @@ type ServerConfig struct { WriteBufferSize int ReadBufferSize int SharedWriteBuffer bool - ChannelzParentID *channelz.Identifier + ChannelzParent *channelz.Server MaxHeaderListSize *uint32 HeaderTableSize *uint32 } @@ -587,8 +606,8 @@ type ConnectOptions struct { ReadBufferSize int // SharedWriteBuffer indicates whether connections should reuse write buffer SharedWriteBuffer bool - // ChannelzParentID sets the addrConn id which initiate the creation of this client transport. - ChannelzParentID *channelz.Identifier + // ChannelzParent sets the addrConn id which initiated the creation of this client transport. + ChannelzParent *channelz.SubChannel // MaxHeaderListSize sets the max (uncompressed) size of header list that is prepared to be received. MaxHeaderListSize *uint32 // UseProxy specifies if a proxy should be used. @@ -698,7 +717,7 @@ type ClientTransport interface { // Write methods for a given Stream will be called serially. type ServerTransport interface { // HandleStreams receives incoming streams using the given handler. - HandleStreams(func(*Stream)) + HandleStreams(context.Context, func(*Stream)) // WriteHeader sends the header metadata for the given stream. // WriteHeader may not be called on all streams. @@ -717,8 +736,8 @@ type ServerTransport interface { // handlers will be terminated asynchronously. Close(err error) - // RemoteAddr returns the remote network address. - RemoteAddr() net.Addr + // Peer returns the peer of the server transport. + Peer() *peer.Peer // Drain notifies the client this ServerTransport stops accepting new RPCs. Drain(debugData string) @@ -801,30 +820,6 @@ const ( GoAwayTooManyPings GoAwayReason = 2 ) -// channelzData is used to store channelz related data for http2Client and http2Server. -// These fields cannot be embedded in the original structs (e.g. http2Client), since to do atomic -// operation on int64 variable on 32-bit machine, user is responsible to enforce memory alignment. -// Here, by grouping those int64 fields inside a struct, we are enforcing the alignment. -type channelzData struct { - kpCount int64 - // The number of streams that have started, including already finished ones. - streamsStarted int64 - // Client side: The number of streams that have ended successfully by receiving - // EoS bit set frame from server. - // Server side: The number of streams that have ended successfully by sending - // frame with EoS bit set. - streamsSucceeded int64 - streamsFailed int64 - // lastStreamCreatedTime stores the timestamp that the last stream gets created. It is of int64 type - // instead of time.Time since it's more costly to atomically update time.Time variable than int64 - // variable. The same goes for lastMsgSentTime and lastMsgRecvTime. - lastStreamCreatedTime int64 - msgSent int64 - msgRecv int64 - lastMsgSentTime int64 - lastMsgRecvTime int64 -} - // ContextErr converts the error from context package into a status error. func ContextErr(err error) error { switch err { diff --git a/vendor/google.golang.org/grpc/internal/xds_handshake_cluster.go b/vendor/google.golang.org/grpc/internal/xds/xds.go similarity index 89% rename from vendor/google.golang.org/grpc/internal/xds_handshake_cluster.go rename to vendor/google.golang.org/grpc/internal/xds/xds.go index e8b492774..024c388b7 100644 --- a/vendor/google.golang.org/grpc/internal/xds_handshake_cluster.go +++ b/vendor/google.golang.org/grpc/internal/xds/xds.go @@ -14,7 +14,9 @@ * limitations under the License. */ -package internal +// Package xds contains methods to Get/Set handshake cluster names. It is separated +// out from the top level /internal package to avoid circular dependencies. +package xds import ( "google.golang.org/grpc/attributes" diff --git a/vendor/google.golang.org/grpc/metadata/metadata.go b/vendor/google.golang.org/grpc/metadata/metadata.go index a2cdcaf12..1e9485fd6 100644 --- a/vendor/google.golang.org/grpc/metadata/metadata.go +++ b/vendor/google.golang.org/grpc/metadata/metadata.go @@ -25,8 +25,14 @@ import ( "context" "fmt" "strings" + + "google.golang.org/grpc/internal" ) +func init() { + internal.FromOutgoingContextRaw = fromOutgoingContextRaw +} + // DecodeKeyValue returns k, v, nil. // // Deprecated: use k and v directly instead. @@ -153,14 +159,16 @@ func Join(mds ...MD) MD { type mdIncomingKey struct{} type mdOutgoingKey struct{} -// NewIncomingContext creates a new context with incoming md attached. +// NewIncomingContext creates a new context with incoming md attached. md must +// not be modified after calling this function. func NewIncomingContext(ctx context.Context, md MD) context.Context { return context.WithValue(ctx, mdIncomingKey{}, md) } // NewOutgoingContext creates a new context with outgoing md attached. If used // in conjunction with AppendToOutgoingContext, NewOutgoingContext will -// overwrite any previously-appended metadata. +// overwrite any previously-appended metadata. md must not be modified after +// calling this function. func NewOutgoingContext(ctx context.Context, md MD) context.Context { return context.WithValue(ctx, mdOutgoingKey{}, rawMD{md: md}) } @@ -203,7 +211,8 @@ func FromIncomingContext(ctx context.Context) (MD, bool) { } // ValueFromIncomingContext returns the metadata value corresponding to the metadata -// key from the incoming metadata if it exists. Key must be lower-case. +// key from the incoming metadata if it exists. Keys are matched in a case insensitive +// manner. // // # Experimental // @@ -219,33 +228,29 @@ func ValueFromIncomingContext(ctx context.Context, key string) []string { return copyOf(v) } for k, v := range md { - // We need to manually convert all keys to lower case, because MD is a - // map, and there's no guarantee that the MD attached to the context is - // created using our helper functions. - if strings.ToLower(k) == key { + // Case insenitive comparison: MD is a map, and there's no guarantee + // that the MD attached to the context is created using our helper + // functions. + if strings.EqualFold(k, key) { return copyOf(v) } } return nil } -// the returned slice must not be modified in place func copyOf(v []string) []string { vals := make([]string, len(v)) copy(vals, v) return vals } -// FromOutgoingContextRaw returns the un-merged, intermediary contents of rawMD. +// fromOutgoingContextRaw returns the un-merged, intermediary contents of rawMD. // // Remember to perform strings.ToLower on the keys, for both the returned MD (MD // is a map, there's no guarantee it's created using our helper functions) and // the extra kv pairs (AppendToOutgoingContext doesn't turn them into // lowercase). -// -// This is intended for gRPC-internal use ONLY. Users should use -// FromOutgoingContext instead. -func FromOutgoingContextRaw(ctx context.Context) (MD, [][]string, bool) { +func fromOutgoingContextRaw(ctx context.Context) (MD, [][]string, bool) { raw, ok := ctx.Value(mdOutgoingKey{}).(rawMD) if !ok { return nil, nil, false diff --git a/vendor/google.golang.org/grpc/peer/peer.go b/vendor/google.golang.org/grpc/peer/peer.go index e01d219ff..499a49c8c 100644 --- a/vendor/google.golang.org/grpc/peer/peer.go +++ b/vendor/google.golang.org/grpc/peer/peer.go @@ -22,7 +22,9 @@ package peer import ( "context" + "fmt" "net" + "strings" "google.golang.org/grpc/credentials" ) @@ -32,11 +34,41 @@ import ( type Peer struct { // Addr is the peer address. Addr net.Addr + // LocalAddr is the local address. + LocalAddr net.Addr // AuthInfo is the authentication information of the transport. // It is nil if there is no transport security being used. AuthInfo credentials.AuthInfo } +// String ensures the Peer types implements the Stringer interface in order to +// allow to print a context with a peerKey value effectively. +func (p *Peer) String() string { + if p == nil { + return "Peer" + } + sb := &strings.Builder{} + sb.WriteString("Peer{") + if p.Addr != nil { + fmt.Fprintf(sb, "Addr: '%s', ", p.Addr.String()) + } else { + fmt.Fprintf(sb, "Addr: , ") + } + if p.LocalAddr != nil { + fmt.Fprintf(sb, "LocalAddr: '%s', ", p.LocalAddr.String()) + } else { + fmt.Fprintf(sb, "LocalAddr: , ") + } + if p.AuthInfo != nil { + fmt.Fprintf(sb, "AuthInfo: '%s'", p.AuthInfo.AuthType()) + } else { + fmt.Fprintf(sb, "AuthInfo: ") + } + sb.WriteString("}") + + return sb.String() +} + type peerKey struct{} // NewContext creates a new context with peer information attached. diff --git a/vendor/google.golang.org/grpc/picker_wrapper.go b/vendor/google.golang.org/grpc/picker_wrapper.go index 236837f41..56e8aba78 100644 --- a/vendor/google.golang.org/grpc/picker_wrapper.go +++ b/vendor/google.golang.org/grpc/picker_wrapper.go @@ -20,6 +20,7 @@ package grpc import ( "context" + "fmt" "io" "sync" @@ -37,7 +38,6 @@ import ( type pickerWrapper struct { mu sync.Mutex done bool - idle bool blockingCh chan struct{} picker balancer.Picker statsHandlers []stats.Handler // to record blocking picker calls @@ -53,11 +53,7 @@ func newPickerWrapper(statsHandlers []stats.Handler) *pickerWrapper { // updatePicker is called by UpdateBalancerState. It unblocks all blocked pick. func (pw *pickerWrapper) updatePicker(p balancer.Picker) { pw.mu.Lock() - if pw.done || pw.idle { - // There is a small window where a picker update from the LB policy can - // race with the channel going to idle mode. If the picker is idle here, - // it is because the channel asked it to do so, and therefore it is sage - // to ignore the update from the LB policy. + if pw.done { pw.mu.Unlock() return } @@ -122,7 +118,7 @@ func (pw *pickerWrapper) pick(ctx context.Context, failfast bool, info balancer. if lastPickErr != nil { errStr = "latest balancer error: " + lastPickErr.Error() } else { - errStr = ctx.Err().Error() + errStr = fmt.Sprintf("received context error while waiting for new LB policy update: %s", ctx.Err().Error()) } switch ctx.Err() { case context.DeadlineExceeded: @@ -210,23 +206,15 @@ func (pw *pickerWrapper) close() { close(pw.blockingCh) } -func (pw *pickerWrapper) enterIdleMode() { - pw.mu.Lock() - defer pw.mu.Unlock() - if pw.done { - return - } - pw.idle = true -} - -func (pw *pickerWrapper) exitIdleMode() { +// reset clears the pickerWrapper and prepares it for being used again when idle +// mode is exited. +func (pw *pickerWrapper) reset() { pw.mu.Lock() defer pw.mu.Unlock() if pw.done { return } pw.blockingCh = make(chan struct{}) - pw.idle = false } // dropError is a wrapper error that indicates the LB policy wishes to drop the diff --git a/vendor/google.golang.org/grpc/pickfirst.go b/vendor/google.golang.org/grpc/pickfirst.go index 2e9cf66b4..885362661 100644 --- a/vendor/google.golang.org/grpc/pickfirst.go +++ b/vendor/google.golang.org/grpc/pickfirst.go @@ -25,7 +25,6 @@ import ( "google.golang.org/grpc/balancer" "google.golang.org/grpc/connectivity" - "google.golang.org/grpc/internal/envconfig" internalgrpclog "google.golang.org/grpc/internal/grpclog" "google.golang.org/grpc/internal/grpcrand" "google.golang.org/grpc/internal/pretty" @@ -39,19 +38,15 @@ const ( logPrefix = "[pick-first-lb %p] " ) -func newPickfirstBuilder() balancer.Builder { - return &pickfirstBuilder{} -} - type pickfirstBuilder struct{} -func (*pickfirstBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) balancer.Balancer { +func (pickfirstBuilder) Build(cc balancer.ClientConn, opt balancer.BuildOptions) balancer.Balancer { b := &pickfirstBalancer{cc: cc} b.logger = internalgrpclog.NewPrefixLogger(logger, fmt.Sprintf(logPrefix, b)) return b } -func (*pickfirstBuilder) Name() string { +func (pickfirstBuilder) Name() string { return PickFirstBalancerName } @@ -59,25 +54,12 @@ type pfConfig struct { serviceconfig.LoadBalancingConfig `json:"-"` // If set to true, instructs the LB policy to shuffle the order of the list - // of addresses received from the name resolver before attempting to + // of endpoints received from the name resolver before attempting to // connect to them. ShuffleAddressList bool `json:"shuffleAddressList"` } -func (*pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) { - if !envconfig.PickFirstLBConfig { - // Prior to supporting loadbalancing configuration, the pick_first LB - // policy did not implement the balancer.ConfigParser interface. This - // meant that if a non-empty configuration was passed to it, the service - // config unmarshaling code would throw a warning log, but would - // continue using the pick_first LB policy. The code below ensures the - // same behavior is retained if the env var is not set. - if string(js) != "{}" { - logger.Warningf("Ignoring non-empty balancer configuration %q for the pick_first LB policy", string(js)) - } - return nil, nil - } - +func (pickfirstBuilder) ParseConfig(js json.RawMessage) (serviceconfig.LoadBalancingConfig, error) { var cfg pfConfig if err := json.Unmarshal(js, &cfg); err != nil { return nil, fmt.Errorf("pickfirst: unable to unmarshal LB policy config: %s, error: %v", string(js), err) @@ -112,8 +94,7 @@ func (b *pickfirstBalancer) ResolverError(err error) { } func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState) error { - addrs := state.ResolverState.Addresses - if len(addrs) == 0 { + if len(state.ResolverState.Addresses) == 0 && len(state.ResolverState.Endpoints) == 0 { // The resolver reported an empty address list. Treat it like an error by // calling b.ResolverError. if b.subConn != nil { @@ -125,22 +106,49 @@ func (b *pickfirstBalancer) UpdateClientConnState(state balancer.ClientConnState b.ResolverError(errors.New("produced zero addresses")) return balancer.ErrBadResolverState } - // We don't have to guard this block with the env var because ParseConfig // already does so. cfg, ok := state.BalancerConfig.(pfConfig) if state.BalancerConfig != nil && !ok { return fmt.Errorf("pickfirst: received illegal BalancerConfig (type %T): %v", state.BalancerConfig, state.BalancerConfig) } - if cfg.ShuffleAddressList { - addrs = append([]resolver.Address{}, addrs...) - grpcrand.Shuffle(len(addrs), func(i, j int) { addrs[i], addrs[j] = addrs[j], addrs[i] }) - } if b.logger.V(2) { b.logger.Infof("Received new config %s, resolver state %s", pretty.ToJSON(cfg), pretty.ToJSON(state.ResolverState)) } + var addrs []resolver.Address + if endpoints := state.ResolverState.Endpoints; len(endpoints) != 0 { + // Perform the optional shuffling described in gRFC A62. The shuffling will + // change the order of endpoints but not touch the order of the addresses + // within each endpoint. - A61 + if cfg.ShuffleAddressList { + endpoints = append([]resolver.Endpoint{}, endpoints...) + grpcrand.Shuffle(len(endpoints), func(i, j int) { endpoints[i], endpoints[j] = endpoints[j], endpoints[i] }) + } + + // "Flatten the list by concatenating the ordered list of addresses for each + // of the endpoints, in order." - A61 + for _, endpoint := range endpoints { + // "In the flattened list, interleave addresses from the two address + // families, as per RFC-8304 section 4." - A61 + // TODO: support the above language. + addrs = append(addrs, endpoint.Addresses...) + } + } else { + // Endpoints not set, process addresses until we migrate resolver + // emissions fully to Endpoints. The top channel does wrap emitted + // addresses with endpoints, however some balancers such as weighted + // target do not forwarrd the corresponding correct endpoints down/split + // endpoints properly. Once all balancers correctly forward endpoints + // down, can delete this else conditional. + addrs = state.ResolverState.Addresses + if cfg.ShuffleAddressList { + addrs = append([]resolver.Address{}, addrs...) + grpcrand.Shuffle(len(addrs), func(i, j int) { addrs[i], addrs[j] = addrs[j], addrs[i] }) + } + } + if b.subConn != nil { b.cc.UpdateAddresses(b.subConn, addrs) return nil @@ -257,7 +265,3 @@ func (i *idlePicker) Pick(balancer.PickInfo) (balancer.PickResult, error) { i.subConn.Connect() return balancer.PickResult{}, balancer.ErrNoSubConnAvailable } - -func init() { - balancer.Register(newPickfirstBuilder()) -} diff --git a/vendor/google.golang.org/grpc/regenerate.sh b/vendor/google.golang.org/grpc/regenerate.sh index a6f26c8ab..3edca296c 100644 --- a/vendor/google.golang.org/grpc/regenerate.sh +++ b/vendor/google.golang.org/grpc/regenerate.sh @@ -63,7 +63,7 @@ LEGACY_SOURCES=( # Generates only the new gRPC Service symbols SOURCES=( - $(git ls-files --exclude-standard --cached --others "*.proto" | grep -v '^\(profiling/proto/service.proto\|reflection/grpc_reflection_v1alpha/reflection.proto\)$') + $(git ls-files --exclude-standard --cached --others "*.proto" | grep -v '^profiling/proto/service.proto$') ${WORKDIR}/grpc-proto/grpc/gcp/altscontext.proto ${WORKDIR}/grpc-proto/grpc/gcp/handshaker.proto ${WORKDIR}/grpc-proto/grpc/gcp/transport_security_common.proto @@ -93,7 +93,7 @@ Mgrpc/testing/empty.proto=google.golang.org/grpc/interop/grpc_testing for src in ${SOURCES[@]}; do echo "protoc ${src}" - protoc --go_out=${OPTS}:${WORKDIR}/out --go-grpc_out=${OPTS}:${WORKDIR}/out \ + protoc --go_out=${OPTS}:${WORKDIR}/out --go-grpc_out=${OPTS},use_generic_streams_experimental=true:${WORKDIR}/out \ -I"." \ -I${WORKDIR}/grpc-proto \ -I${WORKDIR}/googleapis \ @@ -118,6 +118,6 @@ mv ${WORKDIR}/out/google.golang.org/grpc/lookup/grpc_lookup_v1/* ${WORKDIR}/out/ # grpc_testing_not_regenerate/*.pb.go are not re-generated, # see grpc_testing_not_regenerate/README.md for details. -rm ${WORKDIR}/out/google.golang.org/grpc/reflection/grpc_testing_not_regenerate/*.pb.go +rm ${WORKDIR}/out/google.golang.org/grpc/reflection/test/grpc_testing_not_regenerate/*.pb.go cp -R ${WORKDIR}/out/google.golang.org/grpc/* . diff --git a/vendor/google.golang.org/grpc/resolver/dns/dns_resolver.go b/vendor/google.golang.org/grpc/resolver/dns/dns_resolver.go new file mode 100644 index 000000000..ef3d6ed6c --- /dev/null +++ b/vendor/google.golang.org/grpc/resolver/dns/dns_resolver.go @@ -0,0 +1,60 @@ +/* + * + * Copyright 2018 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +// Package dns implements a dns resolver to be installed as the default resolver +// in grpc. +package dns + +import ( + "time" + + "google.golang.org/grpc/internal/resolver/dns" + "google.golang.org/grpc/resolver" +) + +// SetResolvingTimeout sets the maximum duration for DNS resolution requests. +// +// This function affects the global timeout used by all channels using the DNS +// name resolver scheme. +// +// It must be called only at application startup, before any gRPC calls are +// made. Modifying this value after initialization is not thread-safe. +// +// The default value is 30 seconds. Setting the timeout too low may result in +// premature timeouts during resolution, while setting it too high may lead to +// unnecessary delays in service discovery. Choose a value appropriate for your +// specific needs and network environment. +func SetResolvingTimeout(timeout time.Duration) { + dns.ResolvingTimeout = timeout +} + +// NewBuilder creates a dnsBuilder which is used to factory DNS resolvers. +// +// Deprecated: import grpc and use resolver.Get("dns") instead. +func NewBuilder() resolver.Builder { + return dns.NewBuilder() +} + +// SetMinResolutionInterval sets the default minimum interval at which DNS +// re-resolutions are allowed. This helps to prevent excessive re-resolution. +// +// It must be called only at application startup, before any gRPC calls are +// made. Modifying this value after initialization is not thread-safe. +func SetMinResolutionInterval(d time.Duration) { + dns.MinResolutionInterval = d +} diff --git a/vendor/google.golang.org/grpc/resolver/manual/manual.go b/vendor/google.golang.org/grpc/resolver/manual/manual.go index 0a4262342..f2efa2a2c 100644 --- a/vendor/google.golang.org/grpc/resolver/manual/manual.go +++ b/vendor/google.golang.org/grpc/resolver/manual/manual.go @@ -78,12 +78,12 @@ func (r *Resolver) InitialState(s resolver.State) { func (r *Resolver) Build(target resolver.Target, cc resolver.ClientConn, opts resolver.BuildOptions) (resolver.Resolver, error) { r.BuildCallback(target, cc, opts) r.mu.Lock() + defer r.mu.Unlock() r.CC = cc if r.lastSeenState != nil { err := r.CC.UpdateState(*r.lastSeenState) go r.UpdateStateCallback(err) } - r.mu.Unlock() return r, nil } @@ -105,15 +105,22 @@ func (r *Resolver) Close() { // UpdateState calls CC.UpdateState. func (r *Resolver) UpdateState(s resolver.State) { r.mu.Lock() - err := r.CC.UpdateState(s) + defer r.mu.Unlock() + var err error + if r.CC == nil { + panic("cannot update state as grpc.Dial with resolver has not been called") + } + err = r.CC.UpdateState(s) r.lastSeenState = &s - r.mu.Unlock() r.UpdateStateCallback(err) } // ReportError calls CC.ReportError. func (r *Resolver) ReportError(err error) { r.mu.Lock() + defer r.mu.Unlock() + if r.CC == nil { + panic("cannot report error as grpc.Dial with resolver has not been called") + } r.CC.ReportError(err) - r.mu.Unlock() } diff --git a/vendor/google.golang.org/grpc/resolver/map.go b/vendor/google.golang.org/grpc/resolver/map.go index 804be887d..ada5b9bb7 100644 --- a/vendor/google.golang.org/grpc/resolver/map.go +++ b/vendor/google.golang.org/grpc/resolver/map.go @@ -136,3 +136,116 @@ func (a *AddressMap) Values() []any { } return ret } + +type endpointNode struct { + addrs map[string]struct{} +} + +// Equal returns whether the unordered set of addrs are the same between the +// endpoint nodes. +func (en *endpointNode) Equal(en2 *endpointNode) bool { + if len(en.addrs) != len(en2.addrs) { + return false + } + for addr := range en.addrs { + if _, ok := en2.addrs[addr]; !ok { + return false + } + } + return true +} + +func toEndpointNode(endpoint Endpoint) endpointNode { + en := make(map[string]struct{}) + for _, addr := range endpoint.Addresses { + en[addr.Addr] = struct{}{} + } + return endpointNode{ + addrs: en, + } +} + +// EndpointMap is a map of endpoints to arbitrary values keyed on only the +// unordered set of address strings within an endpoint. This map is not thread +// safe, thus it is unsafe to access concurrently. Must be created via +// NewEndpointMap; do not construct directly. +type EndpointMap struct { + endpoints map[*endpointNode]any +} + +// NewEndpointMap creates a new EndpointMap. +func NewEndpointMap() *EndpointMap { + return &EndpointMap{ + endpoints: make(map[*endpointNode]any), + } +} + +// Get returns the value for the address in the map, if present. +func (em *EndpointMap) Get(e Endpoint) (value any, ok bool) { + en := toEndpointNode(e) + if endpoint := em.find(en); endpoint != nil { + return em.endpoints[endpoint], true + } + return nil, false +} + +// Set updates or adds the value to the address in the map. +func (em *EndpointMap) Set(e Endpoint, value any) { + en := toEndpointNode(e) + if endpoint := em.find(en); endpoint != nil { + em.endpoints[endpoint] = value + return + } + em.endpoints[&en] = value +} + +// Len returns the number of entries in the map. +func (em *EndpointMap) Len() int { + return len(em.endpoints) +} + +// Keys returns a slice of all current map keys, as endpoints specifying the +// addresses present in the endpoint keys, in which uniqueness is determined by +// the unordered set of addresses. Thus, endpoint information returned is not +// the full endpoint data (drops duplicated addresses and attributes) but can be +// used for EndpointMap accesses. +func (em *EndpointMap) Keys() []Endpoint { + ret := make([]Endpoint, 0, len(em.endpoints)) + for en := range em.endpoints { + var endpoint Endpoint + for addr := range en.addrs { + endpoint.Addresses = append(endpoint.Addresses, Address{Addr: addr}) + } + ret = append(ret, endpoint) + } + return ret +} + +// Values returns a slice of all current map values. +func (em *EndpointMap) Values() []any { + ret := make([]any, 0, len(em.endpoints)) + for _, val := range em.endpoints { + ret = append(ret, val) + } + return ret +} + +// find returns a pointer to the endpoint node in em if the endpoint node is +// already present. If not found, nil is returned. The comparisons are done on +// the unordered set of addresses within an endpoint. +func (em EndpointMap) find(e endpointNode) *endpointNode { + for endpoint := range em.endpoints { + if e.Equal(endpoint) { + return endpoint + } + } + return nil +} + +// Delete removes the specified endpoint from the map. +func (em *EndpointMap) Delete(e Endpoint) { + en := toEndpointNode(e) + if entry := em.find(en); entry != nil { + delete(em.endpoints, entry) + } +} diff --git a/vendor/google.golang.org/grpc/resolver/resolver.go b/vendor/google.golang.org/grpc/resolver/resolver.go index 11384e228..202854511 100644 --- a/vendor/google.golang.org/grpc/resolver/resolver.go +++ b/vendor/google.golang.org/grpc/resolver/resolver.go @@ -29,6 +29,7 @@ import ( "google.golang.org/grpc/attributes" "google.golang.org/grpc/credentials" + "google.golang.org/grpc/internal" "google.golang.org/grpc/serviceconfig" ) @@ -63,16 +64,18 @@ func Get(scheme string) Builder { } // SetDefaultScheme sets the default scheme that will be used. The default -// default scheme is "passthrough". +// scheme is initially set to "passthrough". // // NOTE: this function must only be called during initialization time (i.e. in // an init() function), and is not thread-safe. The scheme set last overrides // previously set values. func SetDefaultScheme(scheme string) { defaultScheme = scheme + internal.UserSetDefaultScheme = true } -// GetDefaultScheme gets the default scheme that will be used. +// GetDefaultScheme gets the default scheme that will be used by grpc.Dial. If +// SetDefaultScheme is never called, the default scheme used by grpc.NewClient is "dns" instead. func GetDefaultScheme() string { return defaultScheme } @@ -168,6 +171,9 @@ type BuildOptions struct { // field. In most cases though, it is not appropriate, and this field may // be ignored. Dialer func(context.Context, string) (net.Conn, error) + // Authority is the effective authority of the clientconn for which the + // resolver is built. + Authority string } // An Endpoint is one network endpoint, or server, which may have multiple @@ -240,11 +246,6 @@ type ClientConn interface { // // Deprecated: Use UpdateState instead. NewAddress(addresses []Address) - // NewServiceConfig is called by resolver to notify ClientConn a new - // service config. The service config should be provided as a json string. - // - // Deprecated: Use UpdateState instead. - NewServiceConfig(serviceConfig string) // ParseServiceConfig parses the provided service config and returns an // object that provides the parsed config. ParseServiceConfig(serviceConfigJSON string) *serviceconfig.ParseResult @@ -286,6 +287,11 @@ func (t Target) Endpoint() string { return strings.TrimPrefix(endpoint, "/") } +// String returns the canonical string representation of Target. +func (t Target) String() string { + return t.URL.Scheme + "://" + t.URL.Host + "/" + t.Endpoint() +} + // Builder creates a resolver that will be used to watch name resolution updates. type Builder interface { // Build creates a new resolver for the given target. @@ -314,3 +320,13 @@ type Resolver interface { // Close closes the resolver. Close() } + +// AuthorityOverrider is implemented by Builders that wish to override the +// default authority for the ClientConn. +// By default, the authority used is target.Endpoint(). +type AuthorityOverrider interface { + // OverrideAuthority returns the authority to use for a ClientConn with the + // given target. The implementation must generate it without blocking, + // typically in line, and must keep it unchanged. + OverrideAuthority(Target) string +} diff --git a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go b/vendor/google.golang.org/grpc/resolver_conn_wrapper.go deleted file mode 100644 index d68330560..000000000 --- a/vendor/google.golang.org/grpc/resolver_conn_wrapper.go +++ /dev/null @@ -1,247 +0,0 @@ -/* - * - * Copyright 2017 gRPC authors. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - * - */ - -package grpc - -import ( - "context" - "strings" - "sync" - - "google.golang.org/grpc/balancer" - "google.golang.org/grpc/internal/channelz" - "google.golang.org/grpc/internal/grpcsync" - "google.golang.org/grpc/internal/pretty" - "google.golang.org/grpc/resolver" - "google.golang.org/grpc/serviceconfig" -) - -// resolverStateUpdater wraps the single method used by ccResolverWrapper to -// report a state update from the actual resolver implementation. -type resolverStateUpdater interface { - updateResolverState(s resolver.State, err error) error -} - -// ccResolverWrapper is a wrapper on top of cc for resolvers. -// It implements resolver.ClientConn interface. -type ccResolverWrapper struct { - // The following fields are initialized when the wrapper is created and are - // read-only afterwards, and therefore can be accessed without a mutex. - cc resolverStateUpdater - channelzID *channelz.Identifier - ignoreServiceConfig bool - opts ccResolverWrapperOpts - serializer *grpcsync.CallbackSerializer // To serialize all incoming calls. - serializerCancel context.CancelFunc // To close the serializer, accessed only from close(). - - // All incoming (resolver --> gRPC) calls are guaranteed to execute in a - // mutually exclusive manner as they are scheduled on the serializer. - // Fields accessed *only* in these serializer callbacks, can therefore be - // accessed without a mutex. - curState resolver.State - - // mu guards access to the below fields. - mu sync.Mutex - closed bool - resolver resolver.Resolver // Accessed only from outgoing calls. -} - -// ccResolverWrapperOpts wraps the arguments to be passed when creating a new -// ccResolverWrapper. -type ccResolverWrapperOpts struct { - target resolver.Target // User specified dial target to resolve. - builder resolver.Builder // Resolver builder to use. - bOpts resolver.BuildOptions // Resolver build options to use. - channelzID *channelz.Identifier // Channelz identifier for the channel. -} - -// newCCResolverWrapper uses the resolver.Builder to build a Resolver and -// returns a ccResolverWrapper object which wraps the newly built resolver. -func newCCResolverWrapper(cc resolverStateUpdater, opts ccResolverWrapperOpts) (*ccResolverWrapper, error) { - ctx, cancel := context.WithCancel(context.Background()) - ccr := &ccResolverWrapper{ - cc: cc, - channelzID: opts.channelzID, - ignoreServiceConfig: opts.bOpts.DisableServiceConfig, - opts: opts, - serializer: grpcsync.NewCallbackSerializer(ctx), - serializerCancel: cancel, - } - - // Cannot hold the lock at build time because the resolver can send an - // update or error inline and these incoming calls grab the lock to schedule - // a callback in the serializer. - r, err := opts.builder.Build(opts.target, ccr, opts.bOpts) - if err != nil { - cancel() - return nil, err - } - - // Any error reported by the resolver at build time that leads to a - // re-resolution request from the balancer is dropped by grpc until we - // return from this function. So, we don't have to handle pending resolveNow - // requests here. - ccr.mu.Lock() - ccr.resolver = r - ccr.mu.Unlock() - - return ccr, nil -} - -func (ccr *ccResolverWrapper) resolveNow(o resolver.ResolveNowOptions) { - ccr.mu.Lock() - defer ccr.mu.Unlock() - - // ccr.resolver field is set only after the call to Build() returns. But in - // the process of building, the resolver may send an error update which when - // propagated to the balancer may result in a re-resolution request. - if ccr.closed || ccr.resolver == nil { - return - } - ccr.resolver.ResolveNow(o) -} - -func (ccr *ccResolverWrapper) close() { - ccr.mu.Lock() - if ccr.closed { - ccr.mu.Unlock() - return - } - - channelz.Info(logger, ccr.channelzID, "Closing the name resolver") - - // Close the serializer to ensure that no more calls from the resolver are - // handled, before actually closing the resolver. - ccr.serializerCancel() - ccr.closed = true - r := ccr.resolver - ccr.mu.Unlock() - - // Give enqueued callbacks a chance to finish. - <-ccr.serializer.Done() - - // Spawn a goroutine to close the resolver (since it may block trying to - // cleanup all allocated resources) and return early. - go r.Close() -} - -// serializerScheduleLocked is a convenience method to schedule a function to be -// run on the serializer while holding ccr.mu. -func (ccr *ccResolverWrapper) serializerScheduleLocked(f func(context.Context)) { - ccr.mu.Lock() - ccr.serializer.Schedule(f) - ccr.mu.Unlock() -} - -// UpdateState is called by resolver implementations to report new state to gRPC -// which includes addresses and service config. -func (ccr *ccResolverWrapper) UpdateState(s resolver.State) error { - errCh := make(chan error, 1) - if s.Endpoints == nil { - s.Endpoints = make([]resolver.Endpoint, 0, len(s.Addresses)) - for _, a := range s.Addresses { - ep := resolver.Endpoint{Addresses: []resolver.Address{a}, Attributes: a.BalancerAttributes} - ep.Addresses[0].BalancerAttributes = nil - s.Endpoints = append(s.Endpoints, ep) - } - } - ok := ccr.serializer.Schedule(func(context.Context) { - ccr.addChannelzTraceEvent(s) - ccr.curState = s - if err := ccr.cc.updateResolverState(ccr.curState, nil); err == balancer.ErrBadResolverState { - errCh <- balancer.ErrBadResolverState - return - } - errCh <- nil - }) - if !ok { - // The only time when Schedule() fail to add the callback to the - // serializer is when the serializer is closed, and this happens only - // when the resolver wrapper is closed. - return nil - } - return <-errCh -} - -// ReportError is called by resolver implementations to report errors -// encountered during name resolution to gRPC. -func (ccr *ccResolverWrapper) ReportError(err error) { - ccr.serializerScheduleLocked(func(_ context.Context) { - channelz.Warningf(logger, ccr.channelzID, "ccResolverWrapper: reporting error to cc: %v", err) - ccr.cc.updateResolverState(resolver.State{}, err) - }) -} - -// NewAddress is called by the resolver implementation to send addresses to -// gRPC. -func (ccr *ccResolverWrapper) NewAddress(addrs []resolver.Address) { - ccr.serializerScheduleLocked(func(_ context.Context) { - ccr.addChannelzTraceEvent(resolver.State{Addresses: addrs, ServiceConfig: ccr.curState.ServiceConfig}) - ccr.curState.Addresses = addrs - ccr.cc.updateResolverState(ccr.curState, nil) - }) -} - -// NewServiceConfig is called by the resolver implementation to send service -// configs to gRPC. -func (ccr *ccResolverWrapper) NewServiceConfig(sc string) { - ccr.serializerScheduleLocked(func(_ context.Context) { - channelz.Infof(logger, ccr.channelzID, "ccResolverWrapper: got new service config: %s", sc) - if ccr.ignoreServiceConfig { - channelz.Info(logger, ccr.channelzID, "Service config lookups disabled; ignoring config") - return - } - scpr := parseServiceConfig(sc) - if scpr.Err != nil { - channelz.Warningf(logger, ccr.channelzID, "ccResolverWrapper: error parsing service config: %v", scpr.Err) - return - } - ccr.addChannelzTraceEvent(resolver.State{Addresses: ccr.curState.Addresses, ServiceConfig: scpr}) - ccr.curState.ServiceConfig = scpr - ccr.cc.updateResolverState(ccr.curState, nil) - }) -} - -// ParseServiceConfig is called by resolver implementations to parse a JSON -// representation of the service config. -func (ccr *ccResolverWrapper) ParseServiceConfig(scJSON string) *serviceconfig.ParseResult { - return parseServiceConfig(scJSON) -} - -// addChannelzTraceEvent adds a channelz trace event containing the new -// state received from resolver implementations. -func (ccr *ccResolverWrapper) addChannelzTraceEvent(s resolver.State) { - var updates []string - var oldSC, newSC *ServiceConfig - var oldOK, newOK bool - if ccr.curState.ServiceConfig != nil { - oldSC, oldOK = ccr.curState.ServiceConfig.Config.(*ServiceConfig) - } - if s.ServiceConfig != nil { - newSC, newOK = s.ServiceConfig.Config.(*ServiceConfig) - } - if oldOK != newOK || (oldOK && newOK && oldSC.rawJSONString != newSC.rawJSONString) { - updates = append(updates, "service config updated") - } - if len(ccr.curState.Addresses) > 0 && len(s.Addresses) == 0 { - updates = append(updates, "resolver returned an empty address list") - } else if len(ccr.curState.Addresses) == 0 && len(s.Addresses) > 0 { - updates = append(updates, "resolver returned new addresses") - } - channelz.Infof(logger, ccr.channelzID, "Resolver state updated: %s (%v)", pretty.ToJSON(s), strings.Join(updates, "; ")) -} diff --git a/vendor/google.golang.org/grpc/resolver_wrapper.go b/vendor/google.golang.org/grpc/resolver_wrapper.go new file mode 100644 index 000000000..9dcc9780f --- /dev/null +++ b/vendor/google.golang.org/grpc/resolver_wrapper.go @@ -0,0 +1,198 @@ +/* + * + * Copyright 2017 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package grpc + +import ( + "context" + "strings" + "sync" + + "google.golang.org/grpc/internal/channelz" + "google.golang.org/grpc/internal/grpcsync" + "google.golang.org/grpc/internal/pretty" + "google.golang.org/grpc/resolver" + "google.golang.org/grpc/serviceconfig" +) + +// ccResolverWrapper is a wrapper on top of cc for resolvers. +// It implements resolver.ClientConn interface. +type ccResolverWrapper struct { + // The following fields are initialized when the wrapper is created and are + // read-only afterwards, and therefore can be accessed without a mutex. + cc *ClientConn + ignoreServiceConfig bool + serializer *grpcsync.CallbackSerializer + serializerCancel context.CancelFunc + + resolver resolver.Resolver // only accessed within the serializer + + // The following fields are protected by mu. Caller must take cc.mu before + // taking mu. + mu sync.Mutex + curState resolver.State + closed bool +} + +// newCCResolverWrapper initializes the ccResolverWrapper. It can only be used +// after calling start, which builds the resolver. +func newCCResolverWrapper(cc *ClientConn) *ccResolverWrapper { + ctx, cancel := context.WithCancel(cc.ctx) + return &ccResolverWrapper{ + cc: cc, + ignoreServiceConfig: cc.dopts.disableServiceConfig, + serializer: grpcsync.NewCallbackSerializer(ctx), + serializerCancel: cancel, + } +} + +// start builds the name resolver using the resolver.Builder in cc and returns +// any error encountered. It must always be the first operation performed on +// any newly created ccResolverWrapper, except that close may be called instead. +func (ccr *ccResolverWrapper) start() error { + errCh := make(chan error) + ccr.serializer.Schedule(func(ctx context.Context) { + if ctx.Err() != nil { + return + } + opts := resolver.BuildOptions{ + DisableServiceConfig: ccr.cc.dopts.disableServiceConfig, + DialCreds: ccr.cc.dopts.copts.TransportCredentials, + CredsBundle: ccr.cc.dopts.copts.CredsBundle, + Dialer: ccr.cc.dopts.copts.Dialer, + Authority: ccr.cc.authority, + } + var err error + ccr.resolver, err = ccr.cc.resolverBuilder.Build(ccr.cc.parsedTarget, ccr, opts) + errCh <- err + }) + return <-errCh +} + +func (ccr *ccResolverWrapper) resolveNow(o resolver.ResolveNowOptions) { + ccr.serializer.Schedule(func(ctx context.Context) { + if ctx.Err() != nil || ccr.resolver == nil { + return + } + ccr.resolver.ResolveNow(o) + }) +} + +// close initiates async shutdown of the wrapper. To determine the wrapper has +// finished shutting down, the channel should block on ccr.serializer.Done() +// without cc.mu held. +func (ccr *ccResolverWrapper) close() { + channelz.Info(logger, ccr.cc.channelz, "Closing the name resolver") + ccr.mu.Lock() + ccr.closed = true + ccr.mu.Unlock() + + ccr.serializer.Schedule(func(context.Context) { + if ccr.resolver == nil { + return + } + ccr.resolver.Close() + ccr.resolver = nil + }) + ccr.serializerCancel() +} + +// UpdateState is called by resolver implementations to report new state to gRPC +// which includes addresses and service config. +func (ccr *ccResolverWrapper) UpdateState(s resolver.State) error { + ccr.cc.mu.Lock() + ccr.mu.Lock() + if ccr.closed { + ccr.mu.Unlock() + ccr.cc.mu.Unlock() + return nil + } + if s.Endpoints == nil { + s.Endpoints = make([]resolver.Endpoint, 0, len(s.Addresses)) + for _, a := range s.Addresses { + ep := resolver.Endpoint{Addresses: []resolver.Address{a}, Attributes: a.BalancerAttributes} + ep.Addresses[0].BalancerAttributes = nil + s.Endpoints = append(s.Endpoints, ep) + } + } + ccr.addChannelzTraceEvent(s) + ccr.curState = s + ccr.mu.Unlock() + return ccr.cc.updateResolverStateAndUnlock(s, nil) +} + +// ReportError is called by resolver implementations to report errors +// encountered during name resolution to gRPC. +func (ccr *ccResolverWrapper) ReportError(err error) { + ccr.cc.mu.Lock() + ccr.mu.Lock() + if ccr.closed { + ccr.mu.Unlock() + ccr.cc.mu.Unlock() + return + } + ccr.mu.Unlock() + channelz.Warningf(logger, ccr.cc.channelz, "ccResolverWrapper: reporting error to cc: %v", err) + ccr.cc.updateResolverStateAndUnlock(resolver.State{}, err) +} + +// NewAddress is called by the resolver implementation to send addresses to +// gRPC. +func (ccr *ccResolverWrapper) NewAddress(addrs []resolver.Address) { + ccr.cc.mu.Lock() + ccr.mu.Lock() + if ccr.closed { + ccr.mu.Unlock() + ccr.cc.mu.Unlock() + return + } + s := resolver.State{Addresses: addrs, ServiceConfig: ccr.curState.ServiceConfig} + ccr.addChannelzTraceEvent(s) + ccr.curState = s + ccr.mu.Unlock() + ccr.cc.updateResolverStateAndUnlock(s, nil) +} + +// ParseServiceConfig is called by resolver implementations to parse a JSON +// representation of the service config. +func (ccr *ccResolverWrapper) ParseServiceConfig(scJSON string) *serviceconfig.ParseResult { + return parseServiceConfig(scJSON) +} + +// addChannelzTraceEvent adds a channelz trace event containing the new +// state received from resolver implementations. +func (ccr *ccResolverWrapper) addChannelzTraceEvent(s resolver.State) { + var updates []string + var oldSC, newSC *ServiceConfig + var oldOK, newOK bool + if ccr.curState.ServiceConfig != nil { + oldSC, oldOK = ccr.curState.ServiceConfig.Config.(*ServiceConfig) + } + if s.ServiceConfig != nil { + newSC, newOK = s.ServiceConfig.Config.(*ServiceConfig) + } + if oldOK != newOK || (oldOK && newOK && oldSC.rawJSONString != newSC.rawJSONString) { + updates = append(updates, "service config updated") + } + if len(ccr.curState.Addresses) > 0 && len(s.Addresses) == 0 { + updates = append(updates, "resolver returned an empty address list") + } else if len(ccr.curState.Addresses) == 0 && len(s.Addresses) > 0 { + updates = append(updates, "resolver returned new addresses") + } + channelz.Infof(logger, ccr.cc.channelz, "Resolver state updated: %s (%v)", pretty.ToJSON(s), strings.Join(updates, "; ")) +} diff --git a/vendor/google.golang.org/grpc/rpc_util.go b/vendor/google.golang.org/grpc/rpc_util.go index b7723aa09..fdd49e6e9 100644 --- a/vendor/google.golang.org/grpc/rpc_util.go +++ b/vendor/google.golang.org/grpc/rpc_util.go @@ -189,6 +189,20 @@ type EmptyCallOption struct{} func (EmptyCallOption) before(*callInfo) error { return nil } func (EmptyCallOption) after(*callInfo, *csAttempt) {} +// StaticMethod returns a CallOption which specifies that a call is being made +// to a method that is static, which means the method is known at compile time +// and doesn't change at runtime. This can be used as a signal to stats plugins +// that this method is safe to include as a key to a measurement. +func StaticMethod() CallOption { + return StaticMethodCallOption{} +} + +// StaticMethodCallOption is a CallOption that specifies that a call comes +// from a static method. +type StaticMethodCallOption struct { + EmptyCallOption +} + // Header returns a CallOptions that retrieves the header metadata // for a unary RPC. func Header(md *metadata.MD) CallOption { @@ -640,14 +654,18 @@ func encode(c baseCodec, msg any) ([]byte, error) { return b, nil } -// compress returns the input bytes compressed by compressor or cp. If both -// compressors are nil, returns nil. +// compress returns the input bytes compressed by compressor or cp. +// If both compressors are nil, or if the message has zero length, returns nil, +// indicating no compression was done. // // TODO(dfawley): eliminate cp parameter by wrapping Compressor in an encoding.Compressor. func compress(in []byte, cp Compressor, compressor encoding.Compressor) ([]byte, error) { if compressor == nil && cp == nil { return nil, nil } + if len(in) == 0 { + return nil, nil + } wrapErr := func(err error) error { return status.Errorf(codes.Internal, "grpc: error while compressing: %v", err.Error()) } @@ -726,17 +744,19 @@ type payloadInfo struct { uncompressedBytes []byte } -func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) ([]byte, error) { - pf, buf, err := p.recvMsg(maxReceiveMessageSize) +// recvAndDecompress reads a message from the stream, decompressing it if necessary. +// +// Cancelling the returned cancel function releases the buffer back to the pool. So the caller should cancel as soon as +// the buffer is no longer needed. +func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor, +) (uncompressedBuf []byte, cancel func(), err error) { + pf, compressedBuf, err := p.recvMsg(maxReceiveMessageSize) if err != nil { - return nil, err - } - if payInfo != nil { - payInfo.compressedLength = len(buf) + return nil, nil, err } if st := checkRecvPayload(pf, s.RecvCompress(), compressor != nil || dc != nil); st != nil { - return nil, st.Err() + return nil, nil, st.Err() } var size int @@ -744,21 +764,35 @@ func recvAndDecompress(p *parser, s *transport.Stream, dc Decompressor, maxRecei // To match legacy behavior, if the decompressor is set by WithDecompressor or RPCDecompressor, // use this decompressor as the default. if dc != nil { - buf, err = dc.Do(bytes.NewReader(buf)) - size = len(buf) + uncompressedBuf, err = dc.Do(bytes.NewReader(compressedBuf)) + size = len(uncompressedBuf) } else { - buf, size, err = decompress(compressor, buf, maxReceiveMessageSize) + uncompressedBuf, size, err = decompress(compressor, compressedBuf, maxReceiveMessageSize) } if err != nil { - return nil, status.Errorf(codes.Internal, "grpc: failed to decompress the received message: %v", err) + return nil, nil, status.Errorf(codes.Internal, "grpc: failed to decompress the received message: %v", err) } if size > maxReceiveMessageSize { // TODO: Revisit the error code. Currently keep it consistent with java // implementation. - return nil, status.Errorf(codes.ResourceExhausted, "grpc: received message after decompression larger than max (%d vs. %d)", size, maxReceiveMessageSize) + return nil, nil, status.Errorf(codes.ResourceExhausted, "grpc: received message after decompression larger than max (%d vs. %d)", size, maxReceiveMessageSize) } + } else { + uncompressedBuf = compressedBuf } - return buf, nil + + if payInfo != nil { + payInfo.compressedLength = len(compressedBuf) + payInfo.uncompressedBytes = uncompressedBuf + + cancel = func() {} + } else { + cancel = func() { + p.recvBufferPool.Put(&compressedBuf) + } + } + + return uncompressedBuf, cancel, nil } // Using compressor, decompress d, returning data and size. @@ -778,6 +812,9 @@ func decompress(compressor encoding.Compressor, d []byte, maxReceiveMessageSize // size is used as an estimate to size the buffer, but we // will read more data if available. // +MinRead so ReadFrom will not reallocate if size is correct. + // + // TODO: If we ensure that the buffer size is the same as the DecompressedSize, + // we can also utilize the recv buffer pool here. buf := bytes.NewBuffer(make([]byte, 0, size+bytes.MinRead)) bytesRead, err := buf.ReadFrom(io.LimitReader(dcReader, int64(maxReceiveMessageSize)+1)) return buf.Bytes(), int(bytesRead), err @@ -793,18 +830,15 @@ func decompress(compressor encoding.Compressor, d []byte, maxReceiveMessageSize // dc takes precedence over compressor. // TODO(dfawley): wrap the old compressor/decompressor using the new API? func recv(p *parser, c baseCodec, s *transport.Stream, dc Decompressor, m any, maxReceiveMessageSize int, payInfo *payloadInfo, compressor encoding.Compressor) error { - buf, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor) + buf, cancel, err := recvAndDecompress(p, s, dc, maxReceiveMessageSize, payInfo, compressor) if err != nil { return err } + defer cancel() + if err := c.Unmarshal(buf, m); err != nil { return status.Errorf(codes.Internal, "grpc: failed to unmarshal the received message: %v", err) } - if payInfo != nil { - payInfo.uncompressedBytes = buf - } else { - p.recvBufferPool.Put(&buf) - } return nil } @@ -928,22 +962,9 @@ func setCallInfoCodec(c *callInfo) error { return nil } -// channelzData is used to store channelz related data for ClientConn, addrConn and Server. -// These fields cannot be embedded in the original structs (e.g. ClientConn), since to do atomic -// operation on int64 variable on 32-bit machine, user is responsible to enforce memory alignment. -// Here, by grouping those int64 fields inside a struct, we are enforcing the alignment. -type channelzData struct { - callsStarted int64 - callsFailed int64 - callsSucceeded int64 - // lastCallStartedTime stores the timestamp that last call starts. It is of int64 type instead of - // time.Time since it's more costly to atomically update time.Time variable than int64 variable. - lastCallStartedTime int64 -} - // The SupportPackageIsVersion variables are referenced from generated protocol // buffer files to ensure compatibility with the gRPC version used. The latest -// support package version is 7. +// support package version is 9. // // Older versions are kept for compatibility. // @@ -954,6 +975,8 @@ const ( SupportPackageIsVersion5 = true SupportPackageIsVersion6 = true SupportPackageIsVersion7 = true + SupportPackageIsVersion8 = true + SupportPackageIsVersion9 = true ) const grpcUA = "grpc-go/" + Version diff --git a/vendor/google.golang.org/grpc/server.go b/vendor/google.golang.org/grpc/server.go index 8f60d4214..89f8e4792 100644 --- a/vendor/google.golang.org/grpc/server.go +++ b/vendor/google.golang.org/grpc/server.go @@ -33,8 +33,6 @@ import ( "sync/atomic" "time" - "golang.org/x/net/trace" - "google.golang.org/grpc/codes" "google.golang.org/grpc/credentials" "google.golang.org/grpc/encoding" @@ -70,9 +68,10 @@ func init() { internal.GetServerCredentials = func(srv *Server) credentials.TransportCredentials { return srv.opts.creds } - internal.DrainServerTransports = func(srv *Server, addr string) { - srv.drainServerTransports(addr) + internal.IsRegisteredMethod = func(srv *Server, method string) bool { + return srv.isRegisteredMethod(method) } + internal.ServerFromContext = serverFromContext internal.AddGlobalServerOptions = func(opt ...ServerOption) { globalServerOptions = append(globalServerOptions, opt...) } @@ -81,6 +80,7 @@ func init() { } internal.BinaryLogger = binaryLogger internal.JoinServerOptions = newJoinServerOption + internal.RecvBufferPool = recvBufferPool } var statusOK = status.New(codes.OK, "") @@ -129,17 +129,18 @@ type Server struct { drain bool cv *sync.Cond // signaled when connections close for GracefulStop services map[string]*serviceInfo // service name -> service info - events trace.EventLog + events traceEventLog quit *grpcsync.Event done *grpcsync.Event channelzRemoveOnce sync.Once - serveWG sync.WaitGroup // counts active Serve goroutines for GracefulStop + serveWG sync.WaitGroup // counts active Serve goroutines for Stop/GracefulStop + handlersWG sync.WaitGroup // counts active method handler goroutines - channelzID *channelz.Identifier - czData *channelzData + channelz *channelz.Server - serverWorkerChannel chan func() + serverWorkerChannel chan func() + serverWorkerChannelClose func() } type serverOptions struct { @@ -170,6 +171,7 @@ type serverOptions struct { headerTableSize *uint32 numServerWorkers uint32 recvBufferPool SharedBufferPool + waitForHandlers bool } var defaultServerOptions = serverOptions{ @@ -246,11 +248,9 @@ func SharedWriteBuffer(val bool) ServerOption { } // WriteBufferSize determines how much data can be batched before doing a write -// on the wire. The corresponding memory allocation for this buffer will be -// twice the size to keep syscalls low. The default value for this buffer is -// 32KB. Zero or negative values will disable the write buffer such that each -// write will be on underlying connection. -// Note: A Send call may not directly translate to a write. +// on the wire. The default value for this buffer is 32KB. Zero or negative +// values will disable the write buffer such that each write will be on underlying +// connection. Note: A Send call may not directly translate to a write. func WriteBufferSize(s int) ServerOption { return newFuncServerOption(func(o *serverOptions) { o.writeBufferSize = s @@ -527,12 +527,22 @@ func ConnectionTimeout(d time.Duration) ServerOption { }) } +// MaxHeaderListSizeServerOption is a ServerOption that sets the max +// (uncompressed) size of header list that the server is prepared to accept. +type MaxHeaderListSizeServerOption struct { + MaxHeaderListSize uint32 +} + +func (o MaxHeaderListSizeServerOption) apply(so *serverOptions) { + so.maxHeaderListSize = &o.MaxHeaderListSize +} + // MaxHeaderListSize returns a ServerOption that sets the max (uncompressed) size // of header list that the server is prepared to accept. func MaxHeaderListSize(s uint32) ServerOption { - return newFuncServerOption(func(o *serverOptions) { - o.maxHeaderListSize = &s - }) + return MaxHeaderListSizeServerOption{ + MaxHeaderListSize: s, + } } // HeaderTableSize returns a ServerOption that sets the size of dynamic @@ -567,6 +577,21 @@ func NumStreamWorkers(numServerWorkers uint32) ServerOption { }) } +// WaitForHandlers cause Stop to wait until all outstanding method handlers have +// exited before returning. If false, Stop will return as soon as all +// connections have closed, but method handlers may still be running. By +// default, Stop does not wait for method handlers to return. +// +// # Experimental +// +// Notice: This API is EXPERIMENTAL and may be changed or removed in a +// later release. +func WaitForHandlers(w bool) ServerOption { + return newFuncServerOption(func(o *serverOptions) { + o.waitForHandlers = w + }) +} + // RecvBufferPool returns a ServerOption that configures the server // to use the provided shared buffer pool for parsing incoming messages. Depending // on the application's workload, this could result in reduced memory allocation. @@ -578,11 +603,13 @@ func NumStreamWorkers(numServerWorkers uint32) ServerOption { // options are used: StatsHandler, EnableTracing, or binary logging. In such // cases, the shared buffer pool will be ignored. // -// # Experimental -// -// Notice: This API is EXPERIMENTAL and may be changed or removed in a -// later release. +// Deprecated: use experimental.WithRecvBufferPool instead. Will be deleted in +// v1.60.0 or later. func RecvBufferPool(bufferPool SharedBufferPool) ServerOption { + return recvBufferPool(bufferPool) +} + +func recvBufferPool(bufferPool SharedBufferPool) ServerOption { return newFuncServerOption(func(o *serverOptions) { o.recvBufferPool = bufferPool }) @@ -616,15 +643,14 @@ func (s *Server) serverWorker() { // connections to reduce the time spent overall on runtime.morestack. func (s *Server) initServerWorkers() { s.serverWorkerChannel = make(chan func()) + s.serverWorkerChannelClose = grpcsync.OnceFunc(func() { + close(s.serverWorkerChannel) + }) for i := uint32(0); i < s.opts.numServerWorkers; i++ { go s.serverWorker() } } -func (s *Server) stopServerWorkers() { - close(s.serverWorkerChannel) -} - // NewServer creates a gRPC server which has no service registered and has not // started to accept requests yet. func NewServer(opt ...ServerOption) *Server { @@ -642,22 +668,21 @@ func NewServer(opt ...ServerOption) *Server { services: make(map[string]*serviceInfo), quit: grpcsync.NewEvent(), done: grpcsync.NewEvent(), - czData: new(channelzData), + channelz: channelz.RegisterServer(""), } chainUnaryServerInterceptors(s) chainStreamServerInterceptors(s) s.cv = sync.NewCond(&s.mu) if EnableTracing { _, file, line, _ := runtime.Caller(1) - s.events = trace.NewEventLog("grpc.Server", fmt.Sprintf("%s:%d", file, line)) + s.events = newTraceEventLog("grpc.Server", fmt.Sprintf("%s:%d", file, line)) } if s.opts.numServerWorkers > 0 { s.initServerWorkers() } - s.channelzID = channelz.RegisterServer(&channelzServer{s}, "") - channelz.Info(logger, s.channelzID, "Server created") + channelz.Info(logger, s.channelz, "Server created") return s } @@ -783,20 +808,13 @@ var ErrServerStopped = errors.New("grpc: the server has been stopped") type listenSocket struct { net.Listener - channelzID *channelz.Identifier -} - -func (l *listenSocket) ChannelzMetric() *channelz.SocketInternalMetric { - return &channelz.SocketInternalMetric{ - SocketOptions: channelz.GetSocketOption(l.Listener), - LocalAddr: l.Listener.Addr(), - } + channelz *channelz.Socket } func (l *listenSocket) Close() error { err := l.Listener.Close() - channelz.RemoveEntry(l.channelzID) - channelz.Info(logger, l.channelzID, "ListenSocket deleted") + channelz.RemoveEntry(l.channelz.ID) + channelz.Info(logger, l.channelz, "ListenSocket deleted") return err } @@ -806,6 +824,18 @@ func (l *listenSocket) Close() error { // Serve returns when lis.Accept fails with fatal errors. lis will be closed when // this method returns. // Serve will return a non-nil error unless Stop or GracefulStop is called. +// +// Note: All supported releases of Go (as of December 2023) override the OS +// defaults for TCP keepalive time and interval to 15s. To enable TCP keepalive +// with OS defaults for keepalive time and interval, callers need to do the +// following two things: +// - pass a net.Listener created by calling the Listen method on a +// net.ListenConfig with the `KeepAlive` field set to a negative value. This +// will result in the Go standard library not overriding OS defaults for TCP +// keepalive interval and time. But this will also result in the Go standard +// library not enabling TCP keepalives by default. +// - override the Accept method on the passed in net.Listener and set the +// SO_KEEPALIVE socket option to enable TCP keepalives, with OS defaults. func (s *Server) Serve(lis net.Listener) error { s.mu.Lock() s.printf("serving") @@ -826,7 +856,16 @@ func (s *Server) Serve(lis net.Listener) error { } }() - ls := &listenSocket{Listener: lis} + ls := &listenSocket{ + Listener: lis, + channelz: channelz.RegisterSocket(&channelz.Socket{ + SocketType: channelz.SocketTypeListen, + Parent: s.channelz, + RefName: lis.Addr().String(), + LocalAddr: lis.Addr(), + SocketOptions: channelz.GetSocketOption(lis)}, + ), + } s.lis[ls] = true defer func() { @@ -838,14 +877,8 @@ func (s *Server) Serve(lis net.Listener) error { s.mu.Unlock() }() - var err error - ls.channelzID, err = channelz.RegisterListenSocket(ls, s.channelzID, lis.Addr().String()) - if err != nil { - s.mu.Unlock() - return err - } s.mu.Unlock() - channelz.Info(logger, ls.channelzID, "ListenSocket created") + channelz.Info(logger, ls.channelz, "ListenSocket created") var tempDelay time.Duration // how long to sleep on accept failure for { @@ -913,24 +946,21 @@ func (s *Server) handleRawConn(lisAddr string, rawConn net.Conn) { return } + if cc, ok := rawConn.(interface { + PassServerTransport(transport.ServerTransport) + }); ok { + cc.PassServerTransport(st) + } + if !s.addConn(lisAddr, st) { return } go func() { - s.serveStreams(st) + s.serveStreams(context.Background(), st, rawConn) s.removeConn(lisAddr, st) }() } -func (s *Server) drainServerTransports(addr string) { - s.mu.Lock() - conns := s.conns[addr] - for st := range conns { - st.Drain("") - } - s.mu.Unlock() -} - // newHTTP2Transport sets up a http/2 transport (using the // gRPC http2 server transport in transport/http2_server.go). func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport { @@ -947,7 +977,7 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport { WriteBufferSize: s.opts.writeBufferSize, ReadBufferSize: s.opts.readBufferSize, SharedWriteBuffer: s.opts.sharedWriteBuffer, - ChannelzParentID: s.channelzID, + ChannelzParent: s.channelz, MaxHeaderListSize: s.opts.maxHeaderListSize, HeaderTableSize: s.opts.headerTableSize, } @@ -961,7 +991,7 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport { if err != credentials.ErrConnDispatched { // Don't log on ErrConnDispatched and io.EOF to prevent log spam. if err != io.EOF { - channelz.Info(logger, s.channelzID, "grpc: Server.Serve failed to create ServerTransport: ", err) + channelz.Info(logger, s.channelz, "grpc: Server.Serve failed to create ServerTransport: ", err) } c.Close() } @@ -971,18 +1001,31 @@ func (s *Server) newHTTP2Transport(c net.Conn) transport.ServerTransport { return st } -func (s *Server) serveStreams(st transport.ServerTransport) { - defer st.Close(errors.New("finished serving streams for the server transport")) - var wg sync.WaitGroup +func (s *Server) serveStreams(ctx context.Context, st transport.ServerTransport, rawConn net.Conn) { + ctx = transport.SetConnection(ctx, rawConn) + ctx = peer.NewContext(ctx, st.Peer()) + for _, sh := range s.opts.statsHandlers { + ctx = sh.TagConn(ctx, &stats.ConnTagInfo{ + RemoteAddr: st.Peer().Addr, + LocalAddr: st.Peer().LocalAddr, + }) + sh.HandleConn(ctx, &stats.ConnBegin{}) + } - streamQuota := newHandlerQuota(s.opts.maxConcurrentStreams) - st.HandleStreams(func(stream *transport.Stream) { - wg.Add(1) + defer func() { + st.Close(errors.New("finished serving streams for the server transport")) + for _, sh := range s.opts.statsHandlers { + sh.HandleConn(ctx, &stats.ConnEnd{}) + } + }() + streamQuota := newHandlerQuota(s.opts.maxConcurrentStreams) + st.HandleStreams(ctx, func(stream *transport.Stream) { + s.handlersWG.Add(1) streamQuota.acquire() f := func() { defer streamQuota.release() - defer wg.Done() + defer s.handlersWG.Done() s.handleStream(st, stream) } @@ -996,7 +1039,6 @@ func (s *Server) serveStreams(st transport.ServerTransport) { } go f() }) - wg.Wait() } var _ http.Handler = (*Server)(nil) @@ -1040,7 +1082,7 @@ func (s *Server) ServeHTTP(w http.ResponseWriter, r *http.Request) { return } defer s.removeConn(listenerAddressForServeHTTP, st) - s.serveStreams(st) + s.serveStreams(r.Context(), st, nil) } func (s *Server) addConn(addr string, st transport.ServerTransport) bool { @@ -1081,37 +1123,28 @@ func (s *Server) removeConn(addr string, st transport.ServerTransport) { } } -func (s *Server) channelzMetric() *channelz.ServerInternalMetric { - return &channelz.ServerInternalMetric{ - CallsStarted: atomic.LoadInt64(&s.czData.callsStarted), - CallsSucceeded: atomic.LoadInt64(&s.czData.callsSucceeded), - CallsFailed: atomic.LoadInt64(&s.czData.callsFailed), - LastCallStartedTimestamp: time.Unix(0, atomic.LoadInt64(&s.czData.lastCallStartedTime)), - } -} - func (s *Server) incrCallsStarted() { - atomic.AddInt64(&s.czData.callsStarted, 1) - atomic.StoreInt64(&s.czData.lastCallStartedTime, time.Now().UnixNano()) + s.channelz.ServerMetrics.CallsStarted.Add(1) + s.channelz.ServerMetrics.LastCallStartedTimestamp.Store(time.Now().UnixNano()) } func (s *Server) incrCallsSucceeded() { - atomic.AddInt64(&s.czData.callsSucceeded, 1) + s.channelz.ServerMetrics.CallsSucceeded.Add(1) } func (s *Server) incrCallsFailed() { - atomic.AddInt64(&s.czData.callsFailed, 1) + s.channelz.ServerMetrics.CallsFailed.Add(1) } func (s *Server) sendResponse(ctx context.Context, t transport.ServerTransport, stream *transport.Stream, msg any, cp Compressor, opts *transport.Options, comp encoding.Compressor) error { data, err := encode(s.getCodec(stream.ContentSubtype()), msg) if err != nil { - channelz.Error(logger, s.channelzID, "grpc: server failed to encode response: ", err) + channelz.Error(logger, s.channelz, "grpc: server failed to encode response: ", err) return err } compData, err := compress(data, cp, comp) if err != nil { - channelz.Error(logger, s.channelzID, "grpc: server failed to compress response: ", err) + channelz.Error(logger, s.channelz, "grpc: server failed to compress response: ", err) return err } hdr, payload := msgHeader(data, compData) @@ -1302,10 +1335,11 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor if len(shs) != 0 || len(binlogs) != 0 { payInfo = &payloadInfo{} } - d, err := recvAndDecompress(&parser{r: stream, recvBufferPool: s.opts.recvBufferPool}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp) + + d, cancel, err := recvAndDecompress(&parser{r: stream, recvBufferPool: s.opts.recvBufferPool}, stream, dc, s.opts.maxReceiveMessageSize, payInfo, decomp) if err != nil { if e := t.WriteStatus(stream, status.Convert(err)); e != nil { - channelz.Warningf(logger, s.channelzID, "grpc: Server.processUnaryRPC failed to write status: %v", e) + channelz.Warningf(logger, s.channelz, "grpc: Server.processUnaryRPC failed to write status: %v", e) } return err } @@ -1313,6 +1347,8 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor t.IncrMsgRecv() } df := func(v any) error { + defer cancel() + if err := s.getCodec(stream.ContentSubtype()).Unmarshal(d, v); err != nil { return status.Errorf(codes.Internal, "grpc: error unmarshalling request: %v", err) } @@ -1354,7 +1390,7 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor trInfo.tr.SetError() } if e := t.WriteStatus(stream, appStatus); e != nil { - channelz.Warningf(logger, s.channelzID, "grpc: Server.processUnaryRPC failed to write status: %v", e) + channelz.Warningf(logger, s.channelz, "grpc: Server.processUnaryRPC failed to write status: %v", e) } if len(binlogs) != 0 { if h, _ := stream.Header(); h.Len() > 0 { @@ -1394,7 +1430,7 @@ func (s *Server) processUnaryRPC(ctx context.Context, t transport.ServerTranspor } if sts, ok := status.FromError(err); ok { if e := t.WriteStatus(stream, sts); e != nil { - channelz.Warningf(logger, s.channelzID, "grpc: Server.processUnaryRPC failed to write status: %v", e) + channelz.Warningf(logger, s.channelz, "grpc: Server.processUnaryRPC failed to write status: %v", e) } } else { switch st := err.(type) { @@ -1689,15 +1725,16 @@ func (s *Server) processStreamingRPC(ctx context.Context, t transport.ServerTran func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Stream) { ctx := stream.Context() + ctx = contextWithServer(ctx, s) var ti *traceInfo if EnableTracing { - tr := trace.New("grpc.Recv."+methodFamily(stream.Method()), stream.Method()) - ctx = trace.NewContext(ctx, tr) + tr := newTrace("grpc.Recv."+methodFamily(stream.Method()), stream.Method()) + ctx = newTraceContext(ctx, tr) ti = &traceInfo{ tr: tr, firstLine: firstLine{ client: false, - remoteAddr: t.RemoteAddr(), + remoteAddr: t.Peer().Addr, }, } if dl, ok := ctx.Deadline(); ok { @@ -1721,7 +1758,7 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) ti.tr.SetError() } - channelz.Warningf(logger, s.channelzID, "grpc: Server.handleStream failed to write status: %v", err) + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream failed to write status: %v", err) } if ti != nil { ti.tr.Finish() @@ -1731,6 +1768,22 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str service := sm[:pos] method := sm[pos+1:] + md, _ := metadata.FromIncomingContext(ctx) + for _, sh := range s.opts.statsHandlers { + ctx = sh.TagRPC(ctx, &stats.RPCTagInfo{FullMethodName: stream.Method()}) + sh.HandleRPC(ctx, &stats.InHeader{ + FullMethod: stream.Method(), + RemoteAddr: t.Peer().Addr, + LocalAddr: t.Peer().LocalAddr, + Compression: stream.RecvCompress(), + WireLength: stream.HeaderWireLength(), + Header: md, + }) + } + // To have calls in stream callouts work. Will delete once all stats handler + // calls come from the gRPC layer. + stream.SetContext(ctx) + srv, knownService := s.services[service] if knownService { if md, ok := srv.methods[method]; ok { @@ -1762,7 +1815,7 @@ func (s *Server) handleStream(t transport.ServerTransport, stream *transport.Str ti.tr.LazyLog(&fmtStringer{"%v", []any{err}}, true) ti.tr.SetError() } - channelz.Warningf(logger, s.channelzID, "grpc: Server.handleStream failed to write status: %v", err) + channelz.Warningf(logger, s.channelz, "grpc: Server.handleStream failed to write status: %v", err) } if ti != nil { ti.tr.Finish() @@ -1820,62 +1873,71 @@ func ServerTransportStreamFromContext(ctx context.Context) ServerTransportStream // pending RPCs on the client side will get notified by connection // errors. func (s *Server) Stop() { - s.quit.Fire() + s.stop(false) +} - defer func() { - s.serveWG.Wait() - s.done.Fire() - }() +// GracefulStop stops the gRPC server gracefully. It stops the server from +// accepting new connections and RPCs and blocks until all the pending RPCs are +// finished. +func (s *Server) GracefulStop() { + s.stop(true) +} - s.channelzRemoveOnce.Do(func() { channelz.RemoveEntry(s.channelzID) }) +func (s *Server) stop(graceful bool) { + s.quit.Fire() + defer s.done.Fire() + s.channelzRemoveOnce.Do(func() { channelz.RemoveEntry(s.channelz.ID) }) s.mu.Lock() - listeners := s.lis - s.lis = nil - conns := s.conns - s.conns = nil - // interrupt GracefulStop if Stop and GracefulStop are called concurrently. - s.cv.Broadcast() + s.closeListenersLocked() + // Wait for serving threads to be ready to exit. Only then can we be sure no + // new conns will be created. s.mu.Unlock() + s.serveWG.Wait() - for lis := range listeners { - lis.Close() + s.mu.Lock() + defer s.mu.Unlock() + + if graceful { + s.drainAllServerTransportsLocked() + } else { + s.closeServerTransportsLocked() } - for _, cs := range conns { - for st := range cs { - st.Close(errors.New("Server.Stop called")) - } + + for len(s.conns) != 0 { + s.cv.Wait() } + s.conns = nil + if s.opts.numServerWorkers > 0 { - s.stopServerWorkers() + // Closing the channel (only once, via grpcsync.OnceFunc) after all the + // connections have been closed above ensures that there are no + // goroutines executing the callback passed to st.HandleStreams (where + // the channel is written to). + s.serverWorkerChannelClose() + } + + if graceful || s.opts.waitForHandlers { + s.handlersWG.Wait() } - s.mu.Lock() if s.events != nil { s.events.Finish() s.events = nil } - s.mu.Unlock() } -// GracefulStop stops the gRPC server gracefully. It stops the server from -// accepting new connections and RPCs and blocks until all the pending RPCs are -// finished. -func (s *Server) GracefulStop() { - s.quit.Fire() - defer s.done.Fire() - - s.channelzRemoveOnce.Do(func() { channelz.RemoveEntry(s.channelzID) }) - s.mu.Lock() - if s.conns == nil { - s.mu.Unlock() - return +// s.mu must be held by the caller. +func (s *Server) closeServerTransportsLocked() { + for _, conns := range s.conns { + for st := range conns { + st.Close(errors.New("Server.Stop called")) + } } +} - for lis := range s.lis { - lis.Close() - } - s.lis = nil +// s.mu must be held by the caller. +func (s *Server) drainAllServerTransportsLocked() { if !s.drain { for _, conns := range s.conns { for st := range conns { @@ -1884,22 +1946,14 @@ func (s *Server) GracefulStop() { } s.drain = true } +} - // Wait for serving threads to be ready to exit. Only then can we be sure no - // new conns will be created. - s.mu.Unlock() - s.serveWG.Wait() - s.mu.Lock() - - for len(s.conns) != 0 { - s.cv.Wait() - } - s.conns = nil - if s.events != nil { - s.events.Finish() - s.events = nil +// s.mu must be held by the caller. +func (s *Server) closeListenersLocked() { + for lis := range s.lis { + lis.Close() } - s.mu.Unlock() + s.lis = nil } // contentSubtype must be lowercase @@ -1913,11 +1967,50 @@ func (s *Server) getCodec(contentSubtype string) baseCodec { } codec := encoding.GetCodec(contentSubtype) if codec == nil { + logger.Warningf("Unsupported codec %q. Defaulting to %q for now. This will start to fail in future releases.", contentSubtype, proto.Name) return encoding.GetCodec(proto.Name) } return codec } +type serverKey struct{} + +// serverFromContext gets the Server from the context. +func serverFromContext(ctx context.Context) *Server { + s, _ := ctx.Value(serverKey{}).(*Server) + return s +} + +// contextWithServer sets the Server in the context. +func contextWithServer(ctx context.Context, server *Server) context.Context { + return context.WithValue(ctx, serverKey{}, server) +} + +// isRegisteredMethod returns whether the passed in method is registered as a +// method on the server. /service/method and service/method will match if the +// service and method are registered on the server. +func (s *Server) isRegisteredMethod(serviceMethod string) bool { + if serviceMethod != "" && serviceMethod[0] == '/' { + serviceMethod = serviceMethod[1:] + } + pos := strings.LastIndex(serviceMethod, "/") + if pos == -1 { // Invalid method name syntax. + return false + } + service := serviceMethod[:pos] + method := serviceMethod[pos+1:] + srv, knownService := s.services[service] + if knownService { + if _, ok := srv.methods[method]; ok { + return true + } + if _, ok := srv.streams[method]; ok { + return true + } + } + return false +} + // SetHeader sets the header metadata to be sent from the server to the client. // The context provided must be the context passed to the server's handler. // @@ -2019,7 +2112,7 @@ func ClientSupportedCompressors(ctx context.Context) ([]string, error) { return nil, fmt.Errorf("failed to fetch the stream from the given context %v", ctx) } - return strings.Split(stream.ClientAdvertisedCompressors(), ","), nil + return stream.ClientAdvertisedCompressors(), nil } // SetTrailer sets the trailer metadata that will be sent when an RPC returns. @@ -2049,17 +2142,9 @@ func Method(ctx context.Context) (string, bool) { return s.Method(), true } -type channelzServer struct { - s *Server -} - -func (c *channelzServer) ChannelzMetric() *channelz.ServerInternalMetric { - return c.s.channelzMetric() -} - // validateSendCompressor returns an error when given compressor name cannot be // handled by the server or the client based on the advertised compressors. -func validateSendCompressor(name, clientCompressors string) error { +func validateSendCompressor(name string, clientCompressors []string) error { if name == encoding.Identity { return nil } @@ -2068,7 +2153,7 @@ func validateSendCompressor(name, clientCompressors string) error { return fmt.Errorf("compressor not registered %q", name) } - for _, c := range strings.Split(clientCompressors, ",") { + for _, c := range clientCompressors { if c == name { return nil // found match } diff --git a/vendor/google.golang.org/grpc/service_config.go b/vendor/google.golang.org/grpc/service_config.go index 0df11fc09..9da8fc802 100644 --- a/vendor/google.golang.org/grpc/service_config.go +++ b/vendor/google.golang.org/grpc/service_config.go @@ -25,8 +25,10 @@ import ( "reflect" "time" + "google.golang.org/grpc/balancer" "google.golang.org/grpc/codes" "google.golang.org/grpc/internal" + "google.golang.org/grpc/internal/balancer/gracefulswitch" internalserviceconfig "google.golang.org/grpc/internal/serviceconfig" "google.golang.org/grpc/serviceconfig" ) @@ -41,11 +43,6 @@ const maxInt = int(^uint(0) >> 1) // https://github.com/grpc/grpc/blob/master/doc/service_config.md type MethodConfig = internalserviceconfig.MethodConfig -type lbConfig struct { - name string - cfg serviceconfig.LoadBalancingConfig -} - // ServiceConfig is provided by the service provider and contains parameters for how // clients that connect to the service should behave. // @@ -55,14 +52,9 @@ type lbConfig struct { type ServiceConfig struct { serviceconfig.Config - // LB is the load balancer the service providers recommends. This is - // deprecated; lbConfigs is preferred. If lbConfig and LB are both present, - // lbConfig will be used. - LB *string - // lbConfig is the service config's load balancing configuration. If // lbConfig and LB are both present, lbConfig will be used. - lbConfig *lbConfig + lbConfig serviceconfig.LoadBalancingConfig // Methods contains a map for the methods in this service. If there is an // exact match for a method (i.e. /service/method) in the map, use the @@ -164,7 +156,7 @@ type jsonMC struct { // TODO(lyuxuan): delete this struct after cleaning up old service config implementation. type jsonSC struct { LoadBalancingPolicy *string - LoadBalancingConfig *internalserviceconfig.BalancerConfig + LoadBalancingConfig *json.RawMessage MethodConfig *[]jsonMC RetryThrottling *retryThrottlingPolicy HealthCheckConfig *healthCheckConfig @@ -180,22 +172,37 @@ func parseServiceConfig(js string) *serviceconfig.ParseResult { var rsc jsonSC err := json.Unmarshal([]byte(js), &rsc) if err != nil { - logger.Warningf("grpc: unmarshaling service config %s: %v", js, err) + logger.Warningf("grpc: unmarshalling service config %s: %v", js, err) return &serviceconfig.ParseResult{Err: err} } sc := ServiceConfig{ - LB: rsc.LoadBalancingPolicy, Methods: make(map[string]MethodConfig), retryThrottling: rsc.RetryThrottling, healthCheckConfig: rsc.HealthCheckConfig, rawJSONString: js, } - if c := rsc.LoadBalancingConfig; c != nil { - sc.lbConfig = &lbConfig{ - name: c.Name, - cfg: c.Config, + c := rsc.LoadBalancingConfig + if c == nil { + name := PickFirstBalancerName + if rsc.LoadBalancingPolicy != nil { + name = *rsc.LoadBalancingPolicy + } + if balancer.Get(name) == nil { + name = PickFirstBalancerName } + cfg := []map[string]any{{name: struct{}{}}} + strCfg, err := json.Marshal(cfg) + if err != nil { + return &serviceconfig.ParseResult{Err: fmt.Errorf("unexpected error marshaling simple LB config: %w", err)} + } + r := json.RawMessage(strCfg) + c = &r + } + cfg, err := gracefulswitch.ParseConfig(*c) + if err != nil { + return &serviceconfig.ParseResult{Err: err} } + sc.lbConfig = cfg if rsc.MethodConfig == nil { return &serviceconfig.ParseResult{Config: &sc} @@ -212,7 +219,7 @@ func parseServiceConfig(js string) *serviceconfig.ParseResult { Timeout: (*time.Duration)(m.Timeout), } if mc.RetryPolicy, err = convertRetryPolicy(m.RetryPolicy); err != nil { - logger.Warningf("grpc: unmarshaling service config %s: %v", js, err) + logger.Warningf("grpc: unmarshalling service config %s: %v", js, err) return &serviceconfig.ParseResult{Err: err} } if m.MaxRequestMessageBytes != nil { @@ -232,13 +239,13 @@ func parseServiceConfig(js string) *serviceconfig.ParseResult { for i, n := range *m.Name { path, err := n.generatePath() if err != nil { - logger.Warningf("grpc: error unmarshaling service config %s due to methodConfig[%d]: %v", js, i, err) + logger.Warningf("grpc: error unmarshalling service config %s due to methodConfig[%d]: %v", js, i, err) return &serviceconfig.ParseResult{Err: err} } if _, ok := paths[path]; ok { err = errDuplicatedName - logger.Warningf("grpc: error unmarshaling service config %s due to methodConfig[%d]: %v", js, i, err) + logger.Warningf("grpc: error unmarshalling service config %s due to methodConfig[%d]: %v", js, i, err) return &serviceconfig.ParseResult{Err: err} } paths[path] = struct{}{} diff --git a/vendor/google.golang.org/grpc/stats/stats.go b/vendor/google.golang.org/grpc/stats/stats.go index 4ab70e2d4..fdb0bd651 100644 --- a/vendor/google.golang.org/grpc/stats/stats.go +++ b/vendor/google.golang.org/grpc/stats/stats.go @@ -73,9 +73,12 @@ func (*PickerUpdated) isRPCStats() {} type InPayload struct { // Client is true if this InPayload is from client side. Client bool - // Payload is the payload with original type. + // Payload is the payload with original type. This may be modified after + // the call to HandleRPC which provides the InPayload returns and must be + // copied if needed later. Payload any // Data is the serialized message payload. + // Deprecated: Data will be removed in the next release. Data []byte // Length is the size of the uncompressed payload data. Does not include any @@ -143,9 +146,12 @@ func (s *InTrailer) isRPCStats() {} type OutPayload struct { // Client is true if this OutPayload is from client side. Client bool - // Payload is the payload with original type. + // Payload is the payload with original type. This may be modified after + // the call to HandleRPC which provides the OutPayload returns and must be + // copied if needed later. Payload any // Data is the serialized message payload. + // Deprecated: Data will be removed in the next release. Data []byte // Length is the size of the uncompressed payload data. Does not include any // framing (gRPC or HTTP/2). diff --git a/vendor/google.golang.org/grpc/stream.go b/vendor/google.golang.org/grpc/stream.go index b14b2fbea..b54563e81 100644 --- a/vendor/google.golang.org/grpc/stream.go +++ b/vendor/google.golang.org/grpc/stream.go @@ -27,7 +27,6 @@ import ( "sync" "time" - "golang.org/x/net/trace" "google.golang.org/grpc/balancer" "google.golang.org/grpc/codes" "google.golang.org/grpc/encoding" @@ -48,6 +47,8 @@ import ( "google.golang.org/grpc/status" ) +var metadataFromOutgoingContextRaw = internal.FromOutgoingContextRaw.(func(context.Context) (metadata.MD, [][]string, bool)) + // StreamHandler defines the handler called by gRPC server to complete the // execution of a streaming RPC. // @@ -184,7 +185,7 @@ func newClientStream(ctx context.Context, desc *StreamDesc, cc *ClientConn, meth // when the RPC completes. opts = append([]CallOption{OnFinish(func(error) { cc.idlenessMgr.OnCallEnd() })}, opts...) - if md, added, ok := metadata.FromOutgoingContextRaw(ctx); ok { + if md, added, ok := metadataFromOutgoingContextRaw(ctx); ok { // validate md if err := imetadata.Validate(md); err != nil { return nil, status.Error(codes.Internal, err.Error()) @@ -429,7 +430,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error) var trInfo *traceInfo if EnableTracing { trInfo = &traceInfo{ - tr: trace.New("grpc.Sent."+methodFamily(method), method), + tr: newTrace("grpc.Sent."+methodFamily(method), method), firstLine: firstLine{ client: true, }, @@ -438,7 +439,7 @@ func (cs *clientStream) newAttemptLocked(isTransparent bool) (*csAttempt, error) trInfo.firstLine.deadline = time.Until(deadline) } trInfo.tr.LazyLog(&trInfo.firstLine, false) - ctx = trace.NewContext(ctx, trInfo.tr) + ctx = newTraceContext(ctx, trInfo.tr) } if cs.cc.parsedTarget.URL.Scheme == internal.GRPCResolverSchemeExtraMetadata { @@ -515,6 +516,7 @@ func (a *csAttempt) newStream() error { return toRPCErr(nse.Err) } a.s = s + a.ctx = s.Context() a.p = &parser{r: s, recvBufferPool: a.cs.cc.dopts.recvBufferPool} return nil } @@ -654,13 +656,13 @@ func (a *csAttempt) shouldRetry(err error) (bool, error) { if len(sps) == 1 { var e error if pushback, e = strconv.Atoi(sps[0]); e != nil || pushback < 0 { - channelz.Infof(logger, cs.cc.channelzID, "Server retry pushback specified to abort (%q).", sps[0]) + channelz.Infof(logger, cs.cc.channelz, "Server retry pushback specified to abort (%q).", sps[0]) cs.retryThrottler.throttle() // This counts as a failure for throttling. return false, err } hasPushback = true } else if len(sps) > 1 { - channelz.Warningf(logger, cs.cc.channelzID, "Server retry pushback specified multiple values (%q); not retrying.", sps) + channelz.Warningf(logger, cs.cc.channelz, "Server retry pushback specified multiple values (%q); not retrying.", sps) cs.retryThrottler.throttle() // This counts as a failure for throttling. return false, err } diff --git a/vendor/google.golang.org/grpc/stream_interfaces.go b/vendor/google.golang.org/grpc/stream_interfaces.go new file mode 100644 index 000000000..8b813529c --- /dev/null +++ b/vendor/google.golang.org/grpc/stream_interfaces.go @@ -0,0 +1,152 @@ +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package grpc + +// ServerStreamingClient represents the client side of a server-streaming (one +// request, many responses) RPC. It is generic over the type of the response +// message. It is used in generated code. +type ServerStreamingClient[Res any] interface { + Recv() (*Res, error) + ClientStream +} + +// ServerStreamingServer represents the server side of a server-streaming (one +// request, many responses) RPC. It is generic over the type of the response +// message. It is used in generated code. +type ServerStreamingServer[Res any] interface { + Send(*Res) error + ServerStream +} + +// ClientStreamingClient represents the client side of a client-streaming (many +// requests, one response) RPC. It is generic over both the type of the request +// message stream and the type of the unary response message. It is used in +// generated code. +type ClientStreamingClient[Req any, Res any] interface { + Send(*Req) error + CloseAndRecv() (*Res, error) + ClientStream +} + +// ClientStreamingServer represents the server side of a client-streaming (many +// requests, one response) RPC. It is generic over both the type of the request +// message stream and the type of the unary response message. It is used in +// generated code. +type ClientStreamingServer[Req any, Res any] interface { + Recv() (*Req, error) + SendAndClose(*Res) error + ServerStream +} + +// BidiStreamingClient represents the client side of a bidirectional-streaming +// (many requests, many responses) RPC. It is generic over both the type of the +// request message stream and the type of the response message stream. It is +// used in generated code. +type BidiStreamingClient[Req any, Res any] interface { + Send(*Req) error + Recv() (*Res, error) + ClientStream +} + +// BidiStreamingServer represents the server side of a bidirectional-streaming +// (many requests, many responses) RPC. It is generic over both the type of the +// request message stream and the type of the response message stream. It is +// used in generated code. +type BidiStreamingServer[Req any, Res any] interface { + Recv() (*Req, error) + Send(*Res) error + ServerStream +} + +// GenericClientStream implements the ServerStreamingClient, ClientStreamingClient, +// and BidiStreamingClient interfaces. It is used in generated code. +type GenericClientStream[Req any, Res any] struct { + ClientStream +} + +var _ ServerStreamingClient[string] = (*GenericClientStream[int, string])(nil) +var _ ClientStreamingClient[int, string] = (*GenericClientStream[int, string])(nil) +var _ BidiStreamingClient[int, string] = (*GenericClientStream[int, string])(nil) + +// Send pushes one message into the stream of requests to be consumed by the +// server. The type of message which can be sent is determined by the Req type +// parameter of the GenericClientStream receiver. +func (x *GenericClientStream[Req, Res]) Send(m *Req) error { + return x.ClientStream.SendMsg(m) +} + +// Recv reads one message from the stream of responses generated by the server. +// The type of the message returned is determined by the Res type parameter +// of the GenericClientStream receiver. +func (x *GenericClientStream[Req, Res]) Recv() (*Res, error) { + m := new(Res) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// CloseAndRecv closes the sending side of the stream, then receives the unary +// response from the server. The type of message which it returns is determined +// by the Res type parameter of the GenericClientStream receiver. +func (x *GenericClientStream[Req, Res]) CloseAndRecv() (*Res, error) { + if err := x.ClientStream.CloseSend(); err != nil { + return nil, err + } + m := new(Res) + if err := x.ClientStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} + +// GenericServerStream implements the ServerStreamingServer, ClientStreamingServer, +// and BidiStreamingServer interfaces. It is used in generated code. +type GenericServerStream[Req any, Res any] struct { + ServerStream +} + +var _ ServerStreamingServer[string] = (*GenericServerStream[int, string])(nil) +var _ ClientStreamingServer[int, string] = (*GenericServerStream[int, string])(nil) +var _ BidiStreamingServer[int, string] = (*GenericServerStream[int, string])(nil) + +// Send pushes one message into the stream of responses to be consumed by the +// client. The type of message which can be sent is determined by the Res +// type parameter of the serverStreamServer receiver. +func (x *GenericServerStream[Req, Res]) Send(m *Res) error { + return x.ServerStream.SendMsg(m) +} + +// SendAndClose pushes the unary response to the client. The type of message +// which can be sent is determined by the Res type parameter of the +// clientStreamServer receiver. +func (x *GenericServerStream[Req, Res]) SendAndClose(m *Res) error { + return x.ServerStream.SendMsg(m) +} + +// Recv reads one message from the stream of requests generated by the client. +// The type of the message returned is determined by the Req type parameter +// of the clientStreamServer receiver. +func (x *GenericServerStream[Req, Res]) Recv() (*Req, error) { + m := new(Req) + if err := x.ServerStream.RecvMsg(m); err != nil { + return nil, err + } + return m, nil +} diff --git a/vendor/google.golang.org/grpc/trace.go b/vendor/google.golang.org/grpc/trace.go index 9ded79321..10f4f798f 100644 --- a/vendor/google.golang.org/grpc/trace.go +++ b/vendor/google.golang.org/grpc/trace.go @@ -26,8 +26,6 @@ import ( "strings" "sync" "time" - - "golang.org/x/net/trace" ) // EnableTracing controls whether to trace RPCs using the golang.org/x/net/trace package. @@ -44,9 +42,31 @@ func methodFamily(m string) string { return m } +// traceEventLog mirrors golang.org/x/net/trace.EventLog. +// +// It exists in order to avoid importing x/net/trace on grpcnotrace builds. +type traceEventLog interface { + Printf(format string, a ...any) + Errorf(format string, a ...any) + Finish() +} + +// traceLog mirrors golang.org/x/net/trace.Trace. +// +// It exists in order to avoid importing x/net/trace on grpcnotrace builds. +type traceLog interface { + LazyLog(x fmt.Stringer, sensitive bool) + LazyPrintf(format string, a ...any) + SetError() + SetRecycler(f func(any)) + SetTraceInfo(traceID, spanID uint64) + SetMaxEvents(m int) + Finish() +} + // traceInfo contains tracing information for an RPC. type traceInfo struct { - tr trace.Trace + tr traceLog firstLine firstLine } diff --git a/vendor/google.golang.org/grpc/trace_notrace.go b/vendor/google.golang.org/grpc/trace_notrace.go new file mode 100644 index 000000000..1da3a2308 --- /dev/null +++ b/vendor/google.golang.org/grpc/trace_notrace.go @@ -0,0 +1,52 @@ +//go:build grpcnotrace + +/* + * + * Copyright 2024 gRPC authors. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + */ + +package grpc + +// grpcnotrace can be used to avoid importing golang.org/x/net/trace, which in +// turn enables binaries using gRPC-Go for dead code elimination, which can +// yield 10-15% improvements in binary size when tracing is not needed. + +import ( + "context" + "fmt" +) + +type notrace struct{} + +func (notrace) LazyLog(x fmt.Stringer, sensitive bool) {} +func (notrace) LazyPrintf(format string, a ...any) {} +func (notrace) SetError() {} +func (notrace) SetRecycler(f func(any)) {} +func (notrace) SetTraceInfo(traceID, spanID uint64) {} +func (notrace) SetMaxEvents(m int) {} +func (notrace) Finish() {} + +func newTrace(family, title string) traceLog { + return notrace{} +} + +func newTraceContext(ctx context.Context, tr traceLog) context.Context { + return ctx +} + +func newTraceEventLog(family, title string) traceEventLog { + return nil +} diff --git a/vendor/google.golang.org/grpc/internal/channelz/util_linux.go b/vendor/google.golang.org/grpc/trace_withtrace.go similarity index 59% rename from vendor/google.golang.org/grpc/internal/channelz/util_linux.go rename to vendor/google.golang.org/grpc/trace_withtrace.go index 98288c3f8..88d6e8571 100644 --- a/vendor/google.golang.org/grpc/internal/channelz/util_linux.go +++ b/vendor/google.golang.org/grpc/trace_withtrace.go @@ -1,6 +1,8 @@ +//go:build !grpcnotrace + /* * - * Copyright 2018 gRPC authors. + * Copyright 2024 gRPC authors. * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -16,22 +18,22 @@ * */ -package channelz +package grpc import ( - "syscall" + "context" + + t "golang.org/x/net/trace" ) -// GetSocketOption gets the socket option info of the conn. -func GetSocketOption(socket any) *SocketOptionData { - c, ok := socket.(syscall.Conn) - if !ok { - return nil - } - data := &SocketOptionData{} - if rawConn, err := c.SyscallConn(); err == nil { - rawConn.Control(data.Getsockopt) - return data - } - return nil +func newTrace(family, title string) traceLog { + return t.New(family, title) +} + +func newTraceContext(ctx context.Context, tr traceLog) context.Context { + return t.NewContext(ctx, tr) +} + +func newTraceEventLog(family, title string) traceEventLog { + return t.NewEventLog(family, title) } diff --git a/vendor/google.golang.org/grpc/version.go b/vendor/google.golang.org/grpc/version.go index 6d2cadd79..a0b782890 100644 --- a/vendor/google.golang.org/grpc/version.go +++ b/vendor/google.golang.org/grpc/version.go @@ -19,4 +19,4 @@ package grpc // Version is the current grpc version. -const Version = "1.59.0" +const Version = "1.64.1" diff --git a/vendor/google.golang.org/grpc/vet.sh b/vendor/google.golang.org/grpc/vet.sh deleted file mode 100644 index bb480f1f9..000000000 --- a/vendor/google.golang.org/grpc/vet.sh +++ /dev/null @@ -1,212 +0,0 @@ -#!/bin/bash - -set -ex # Exit on error; debugging enabled. -set -o pipefail # Fail a pipe if any sub-command fails. - -# not makes sure the command passed to it does not exit with a return code of 0. -not() { - # This is required instead of the earlier (! $COMMAND) because subshells and - # pipefail don't work the same on Darwin as in Linux. - ! "$@" -} - -die() { - echo "$@" >&2 - exit 1 -} - -fail_on_output() { - tee /dev/stderr | not read -} - -# Check to make sure it's safe to modify the user's git repo. -git status --porcelain | fail_on_output - -# Undo any edits made by this script. -cleanup() { - git reset --hard HEAD -} -trap cleanup EXIT - -PATH="${HOME}/go/bin:${GOROOT}/bin:${PATH}" -go version - -if [[ "$1" = "-install" ]]; then - # Install the pinned versions as defined in module tools. - pushd ./test/tools - go install \ - golang.org/x/lint/golint \ - golang.org/x/tools/cmd/goimports \ - honnef.co/go/tools/cmd/staticcheck \ - github.com/client9/misspell/cmd/misspell - popd - if [[ -z "${VET_SKIP_PROTO}" ]]; then - if [[ "${GITHUB_ACTIONS}" = "true" ]]; then - PROTOBUF_VERSION=22.0 # a.k.a v4.22.0 in pb.go files. - PROTOC_FILENAME=protoc-${PROTOBUF_VERSION}-linux-x86_64.zip - pushd /home/runner/go - wget https://github.com/google/protobuf/releases/download/v${PROTOBUF_VERSION}/${PROTOC_FILENAME} - unzip ${PROTOC_FILENAME} - bin/protoc --version - popd - elif not which protoc > /dev/null; then - die "Please install protoc into your path" - fi - fi - exit 0 -elif [[ "$#" -ne 0 ]]; then - die "Unknown argument(s): $*" -fi - -# - Check that generated proto files are up to date. -if [[ -z "${VET_SKIP_PROTO}" ]]; then - make proto && git status --porcelain 2>&1 | fail_on_output || \ - (git status; git --no-pager diff; exit 1) -fi - -if [[ -n "${VET_ONLY_PROTO}" ]]; then - exit 0 -fi - -# - Ensure all source files contain a copyright message. -# (Done in two parts because Darwin "git grep" has broken support for compound -# exclusion matches.) -(grep -L "DO NOT EDIT" $(git grep -L "\(Copyright [0-9]\{4,\} gRPC authors\)" -- '*.go') || true) | fail_on_output - -# - Make sure all tests in grpc and grpc/test use leakcheck via Teardown. -not grep 'func Test[^(]' *_test.go -not grep 'func Test[^(]' test/*.go - -# - Do not import x/net/context. -not git grep -l 'x/net/context' -- "*.go" - -# - Do not import math/rand for real library code. Use internal/grpcrand for -# thread safety. -git grep -l '"math/rand"' -- "*.go" 2>&1 | not grep -v '^examples\|^stress\|grpcrand\|^benchmark\|wrr_test' - -# - Do not use "interface{}"; use "any" instead. -git grep -l 'interface{}' -- "*.go" 2>&1 | not grep -v '\.pb\.go\|protoc-gen-go-grpc' - -# - Do not call grpclog directly. Use grpclog.Component instead. -git grep -l -e 'grpclog.I' --or -e 'grpclog.W' --or -e 'grpclog.E' --or -e 'grpclog.F' --or -e 'grpclog.V' -- "*.go" | not grep -v '^grpclog/component.go\|^internal/grpctest/tlogger_test.go' - -# - Ensure all ptypes proto packages are renamed when importing. -not git grep "\(import \|^\s*\)\"github.com/golang/protobuf/ptypes/" -- "*.go" - -# - Ensure all usages of grpc_testing package are renamed when importing. -not git grep "\(import \|^\s*\)\"google.golang.org/grpc/interop/grpc_testing" -- "*.go" - -# - Ensure all xds proto imports are renamed to *pb or *grpc. -git grep '"github.com/envoyproxy/go-control-plane/envoy' -- '*.go' ':(exclude)*.pb.go' | not grep -v 'pb "\|grpc "' - -misspell -error . - -# - gofmt, goimports, golint (with exceptions for generated code), go vet, -# go mod tidy. -# Perform these checks on each module inside gRPC. -for MOD_FILE in $(find . -name 'go.mod'); do - MOD_DIR=$(dirname ${MOD_FILE}) - pushd ${MOD_DIR} - go vet -all ./... | fail_on_output - gofmt -s -d -l . 2>&1 | fail_on_output - goimports -l . 2>&1 | not grep -vE "\.pb\.go" - golint ./... 2>&1 | not grep -vE "/grpc_testing_not_regenerate/.*\.pb\.go:" - - go mod tidy -compat=1.19 - git status --porcelain 2>&1 | fail_on_output || \ - (git status; git --no-pager diff; exit 1) - popd -done - -# - Collection of static analysis checks -# -# TODO(dfawley): don't use deprecated functions in examples or first-party -# plugins. -# TODO(dfawley): enable ST1019 (duplicate imports) but allow for protobufs. -SC_OUT="$(mktemp)" -staticcheck -go 1.19 -checks 'inherit,-ST1015,-ST1019,-SA1019' ./... > "${SC_OUT}" || true -# Error if anything other than deprecation warnings are printed. -not grep -v "is deprecated:.*SA1019" "${SC_OUT}" -# Only ignore the following deprecated types/fields/functions. -not grep -Fv '.CredsBundle -.HeaderMap -.Metadata is deprecated: use Attributes -.NewAddress -.NewServiceConfig -.Type is deprecated: use Attributes -BuildVersion is deprecated -balancer.ErrTransientFailure -balancer.Picker -extDesc.Filename is deprecated -github.com/golang/protobuf/jsonpb is deprecated -grpc.CallCustomCodec -grpc.Code -grpc.Compressor -grpc.CustomCodec -grpc.Decompressor -grpc.MaxMsgSize -grpc.MethodConfig -grpc.NewGZIPCompressor -grpc.NewGZIPDecompressor -grpc.RPCCompressor -grpc.RPCDecompressor -grpc.ServiceConfig -grpc.WithCompressor -grpc.WithDecompressor -grpc.WithDialer -grpc.WithMaxMsgSize -grpc.WithServiceConfig -grpc.WithTimeout -http.CloseNotifier -info.SecurityVersion -proto is deprecated -proto.InternalMessageInfo is deprecated -proto.EnumName is deprecated -proto.ErrInternalBadWireType is deprecated -proto.FileDescriptor is deprecated -proto.Marshaler is deprecated -proto.MessageType is deprecated -proto.RegisterEnum is deprecated -proto.RegisterFile is deprecated -proto.RegisterType is deprecated -proto.RegisterExtension is deprecated -proto.RegisteredExtension is deprecated -proto.RegisteredExtensions is deprecated -proto.RegisterMapType is deprecated -proto.Unmarshaler is deprecated -Target is deprecated: Use the Target field in the BuildOptions instead. -xxx_messageInfo_ -' "${SC_OUT}" - -# - special golint on package comments. -lint_package_comment_per_package() { - # Number of files in this go package. - fileCount=$(go list -f '{{len .GoFiles}}' $1) - if [ ${fileCount} -eq 0 ]; then - return 0 - fi - # Number of package errors generated by golint. - lintPackageCommentErrorsCount=$(golint --min_confidence 0 $1 | grep -c "should have a package comment") - # golint complains about every file that's missing the package comment. If the - # number of files for this package is greater than the number of errors, there's - # at least one file with package comment, good. Otherwise, fail. - if [ ${fileCount} -le ${lintPackageCommentErrorsCount} ]; then - echo "Package $1 (with ${fileCount} files) is missing package comment" - return 1 - fi -} -lint_package_comment() { - set +ex - - count=0 - for i in $(go list ./...); do - lint_package_comment_per_package "$i" - ((count += $?)) - done - - set -ex - return $count -} -lint_package_comment - -echo SUCCESS diff --git a/vendor/google.golang.org/protobuf/protoadapt/convert.go b/vendor/google.golang.org/protobuf/protoadapt/convert.go new file mode 100644 index 000000000..ea276d15a --- /dev/null +++ b/vendor/google.golang.org/protobuf/protoadapt/convert.go @@ -0,0 +1,31 @@ +// Copyright 2023 The Go Authors. All rights reserved. +// Use of this source code is governed by a BSD-style +// license that can be found in the LICENSE file. + +// Package protoadapt bridges the original and new proto APIs. +package protoadapt + +import ( + "google.golang.org/protobuf/proto" + "google.golang.org/protobuf/runtime/protoiface" + "google.golang.org/protobuf/runtime/protoimpl" +) + +// MessageV1 is the original [github.com/golang/protobuf/proto.Message] type. +type MessageV1 = protoiface.MessageV1 + +// MessageV2 is the [google.golang.org/protobuf/proto.Message] type used by the +// current [google.golang.org/protobuf] module, adding support for reflection. +type MessageV2 = proto.Message + +// MessageV1Of converts a v2 message to a v1 message. +// It returns nil if m is nil. +func MessageV1Of(m MessageV2) MessageV1 { + return protoimpl.X.ProtoMessageV1Of(m) +} + +// MessageV2Of converts a v1 message to a v2 message. +// It returns nil if m is nil. +func MessageV2Of(m MessageV1) MessageV2 { + return protoimpl.X.ProtoMessageV2Of(m) +} diff --git a/vendor/istio.io/api/LICENSE b/vendor/istio.io/api/LICENSE index bb7b19dec..75bfd113b 100644 --- a/vendor/istio.io/api/LICENSE +++ b/vendor/istio.io/api/LICENSE @@ -187,7 +187,7 @@ same "printed page" as the copyright notice for easier identification within third-party archives. - Copyright 2016-2022 Istio Authors + Copyright {yyyy} {name of copyright owner} Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. diff --git a/vendor/istio.io/api/analysis/v1alpha1/message.pb.go b/vendor/istio.io/api/analysis/v1alpha1/message.pb.go new file mode 100644 index 000000000..eaa3ae903 --- /dev/null +++ b/vendor/istio.io/api/analysis/v1alpha1/message.pb.go @@ -0,0 +1,635 @@ +// Copyright 2019 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.1 +// protoc (unknown) +// source: analysis/v1alpha1/message.proto + +// $title: Analysis Messages +// $description: Describes the structure of messages generated by Istio analyzers. +// $location: https://istio.io/docs/reference/config/istio.analysis.v1alpha1.html +// $weight: 20 + +// Describes the structure of messages generated by Istio analyzers. + +package v1alpha1 + +import ( + _struct "github.com/golang/protobuf/ptypes/struct" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +// The values here are chosen so that more severe messages get sorted higher, +// as well as leaving space in between to add more later +type AnalysisMessageBase_Level int32 + +const ( + AnalysisMessageBase_UNKNOWN AnalysisMessageBase_Level = 0 // invalid, but included for proto compatibility for 0 values + AnalysisMessageBase_ERROR AnalysisMessageBase_Level = 3 + AnalysisMessageBase_WARNING AnalysisMessageBase_Level = 8 + AnalysisMessageBase_INFO AnalysisMessageBase_Level = 12 +) + +// Enum value maps for AnalysisMessageBase_Level. +var ( + AnalysisMessageBase_Level_name = map[int32]string{ + 0: "UNKNOWN", + 3: "ERROR", + 8: "WARNING", + 12: "INFO", + } + AnalysisMessageBase_Level_value = map[string]int32{ + "UNKNOWN": 0, + "ERROR": 3, + "WARNING": 8, + "INFO": 12, + } +) + +func (x AnalysisMessageBase_Level) Enum() *AnalysisMessageBase_Level { + p := new(AnalysisMessageBase_Level) + *p = x + return p +} + +func (x AnalysisMessageBase_Level) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (AnalysisMessageBase_Level) Descriptor() protoreflect.EnumDescriptor { + return file_analysis_v1alpha1_message_proto_enumTypes[0].Descriptor() +} + +func (AnalysisMessageBase_Level) Type() protoreflect.EnumType { + return &file_analysis_v1alpha1_message_proto_enumTypes[0] +} + +func (x AnalysisMessageBase_Level) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use AnalysisMessageBase_Level.Descriptor instead. +func (AnalysisMessageBase_Level) EnumDescriptor() ([]byte, []int) { + return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{0, 0} +} + +// AnalysisMessageBase describes some common information that is needed for all +// messages. All information should be static with respect to the error code. +type AnalysisMessageBase struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + Type *AnalysisMessageBase_Type `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + // Represents how severe a message is. Required. + Level AnalysisMessageBase_Level `protobuf:"varint,2,opt,name=level,proto3,enum=istio.analysis.v1alpha1.AnalysisMessageBase_Level" json:"level,omitempty"` + // A url pointing to the Istio documentation for this specific error type. + // Should be of the form + // `^http(s)?://(preliminary\.)?istio.io/docs/reference/config/analysis/` + // Required. + DocumentationUrl string `protobuf:"bytes,3,opt,name=documentation_url,json=documentationUrl,proto3" json:"documentation_url,omitempty"` +} + +func (x *AnalysisMessageBase) Reset() { + *x = AnalysisMessageBase{} + mi := &file_analysis_v1alpha1_message_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AnalysisMessageBase) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AnalysisMessageBase) ProtoMessage() {} + +func (x *AnalysisMessageBase) ProtoReflect() protoreflect.Message { + mi := &file_analysis_v1alpha1_message_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AnalysisMessageBase.ProtoReflect.Descriptor instead. +func (*AnalysisMessageBase) Descriptor() ([]byte, []int) { + return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{0} +} + +func (x *AnalysisMessageBase) GetType() *AnalysisMessageBase_Type { + if x != nil { + return x.Type + } + return nil +} + +func (x *AnalysisMessageBase) GetLevel() AnalysisMessageBase_Level { + if x != nil { + return x.Level + } + return AnalysisMessageBase_UNKNOWN +} + +func (x *AnalysisMessageBase) GetDocumentationUrl() string { + if x != nil { + return x.DocumentationUrl + } + return "" +} + +// AnalysisMessageWeakSchema is the set of information that's needed to define a +// weakly-typed schema. The purpose of this proto is to provide a mechanism for +// validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make +// sure that we don't allow committing underspecified types. +type AnalysisMessageWeakSchema struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required + MessageBase *AnalysisMessageBase `protobuf:"bytes,1,opt,name=message_base,json=messageBase,proto3" json:"message_base,omitempty"` + // A human readable description of what the error means. Required. + Description string `protobuf:"bytes,2,opt,name=description,proto3" json:"description,omitempty"` + // A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing) + // defining how to combine the args for a particular message into a log line. + // Required. + Template string `protobuf:"bytes,3,opt,name=template,proto3" json:"template,omitempty"` + // A description of the arguments for a particular message type + Args []*AnalysisMessageWeakSchema_ArgType `protobuf:"bytes,4,rep,name=args,proto3" json:"args,omitempty"` +} + +func (x *AnalysisMessageWeakSchema) Reset() { + *x = AnalysisMessageWeakSchema{} + mi := &file_analysis_v1alpha1_message_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AnalysisMessageWeakSchema) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AnalysisMessageWeakSchema) ProtoMessage() {} + +func (x *AnalysisMessageWeakSchema) ProtoReflect() protoreflect.Message { + mi := &file_analysis_v1alpha1_message_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AnalysisMessageWeakSchema.ProtoReflect.Descriptor instead. +func (*AnalysisMessageWeakSchema) Descriptor() ([]byte, []int) { + return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{1} +} + +func (x *AnalysisMessageWeakSchema) GetMessageBase() *AnalysisMessageBase { + if x != nil { + return x.MessageBase + } + return nil +} + +func (x *AnalysisMessageWeakSchema) GetDescription() string { + if x != nil { + return x.Description + } + return "" +} + +func (x *AnalysisMessageWeakSchema) GetTemplate() string { + if x != nil { + return x.Template + } + return "" +} + +func (x *AnalysisMessageWeakSchema) GetArgs() []*AnalysisMessageWeakSchema_ArgType { + if x != nil { + return x.Args + } + return nil +} + +// GenericAnalysisMessage is an instance of an AnalysisMessage defined by a +// schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code +// should be able to perform validation of arguments as needed by using the +// message type information to look at the AnalysisMessageWeakSchema and examine the +// list of args at runtime. Developers can also create stronger-typed versions +// of GenericAnalysisMessage for well-known and stable message types. +type GenericAnalysisMessage struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required + MessageBase *AnalysisMessageBase `protobuf:"bytes,1,opt,name=message_base,json=messageBase,proto3" json:"message_base,omitempty"` + // Any message-type specific arguments that need to get codified. Optional. + Args *_struct.Struct `protobuf:"bytes,2,opt,name=args,proto3" json:"args,omitempty"` + // A list of strings specifying the resource identifiers that were the cause + // of message generation. A "path" here is a (NAMESPACE\/)?RESOURCETYPE/NAME + // tuple that uniquely identifies a particular resource. There doesn't seem to + // be a single concept for this, but this is intuitively taken from + // https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology + // At least one is required. + ResourcePaths []string `protobuf:"bytes,3,rep,name=resource_paths,json=resourcePaths,proto3" json:"resource_paths,omitempty"` +} + +func (x *GenericAnalysisMessage) Reset() { + *x = GenericAnalysisMessage{} + mi := &file_analysis_v1alpha1_message_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *GenericAnalysisMessage) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*GenericAnalysisMessage) ProtoMessage() {} + +func (x *GenericAnalysisMessage) ProtoReflect() protoreflect.Message { + mi := &file_analysis_v1alpha1_message_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use GenericAnalysisMessage.ProtoReflect.Descriptor instead. +func (*GenericAnalysisMessage) Descriptor() ([]byte, []int) { + return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{2} +} + +func (x *GenericAnalysisMessage) GetMessageBase() *AnalysisMessageBase { + if x != nil { + return x.MessageBase + } + return nil +} + +func (x *GenericAnalysisMessage) GetArgs() *_struct.Struct { + if x != nil { + return x.Args + } + return nil +} + +func (x *GenericAnalysisMessage) GetResourcePaths() []string { + if x != nil { + return x.ResourcePaths + } + return nil +} + +// InternalErrorAnalysisMessage is a strongly-typed message representing some +// error in Istio code that prevented us from performing analysis at all. +type InternalErrorAnalysisMessage struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required + MessageBase *AnalysisMessageBase `protobuf:"bytes,1,opt,name=message_base,json=messageBase,proto3" json:"message_base,omitempty"` + // Any detail regarding specifics of the error. Should be human-readable. + Detail string `protobuf:"bytes,2,opt,name=detail,proto3" json:"detail,omitempty"` +} + +func (x *InternalErrorAnalysisMessage) Reset() { + *x = InternalErrorAnalysisMessage{} + mi := &file_analysis_v1alpha1_message_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *InternalErrorAnalysisMessage) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*InternalErrorAnalysisMessage) ProtoMessage() {} + +func (x *InternalErrorAnalysisMessage) ProtoReflect() protoreflect.Message { + mi := &file_analysis_v1alpha1_message_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use InternalErrorAnalysisMessage.ProtoReflect.Descriptor instead. +func (*InternalErrorAnalysisMessage) Descriptor() ([]byte, []int) { + return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{3} +} + +func (x *InternalErrorAnalysisMessage) GetMessageBase() *AnalysisMessageBase { + if x != nil { + return x.MessageBase + } + return nil +} + +func (x *InternalErrorAnalysisMessage) GetDetail() string { + if x != nil { + return x.Detail + } + return "" +} + +// A unique identifier for the type of message. Name is intended to be +// human-readable, code is intended to be machine readable. There should be a +// one-to-one mapping between name and code. (i.e. do not re-use names or +// codes between message types.) +type AnalysisMessageBase_Type struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A human-readable name for the message type. e.g. "InternalError", + // "PodMissingProxy". This should be the same for all messages of the same type. + // Required. + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify + // the message type. (e.g. "IST0001" is mapped to the "InternalError" message + // type.) 0000-0100 are reserved. Required. + Code string `protobuf:"bytes,2,opt,name=code,proto3" json:"code,omitempty"` +} + +func (x *AnalysisMessageBase_Type) Reset() { + *x = AnalysisMessageBase_Type{} + mi := &file_analysis_v1alpha1_message_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AnalysisMessageBase_Type) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AnalysisMessageBase_Type) ProtoMessage() {} + +func (x *AnalysisMessageBase_Type) ProtoReflect() protoreflect.Message { + mi := &file_analysis_v1alpha1_message_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AnalysisMessageBase_Type.ProtoReflect.Descriptor instead. +func (*AnalysisMessageBase_Type) Descriptor() ([]byte, []int) { + return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{0, 0} +} + +func (x *AnalysisMessageBase_Type) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *AnalysisMessageBase_Type) GetCode() string { + if x != nil { + return x.Code + } + return "" +} + +type AnalysisMessageWeakSchema_ArgType struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Required + Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` + // Required. Should be a golang type, used in code generation. + // Ideally this will change to a less language-pinned type before this gets + // out of alpha, but for compatibility with current istio/istio code it's + // go_type for now. + GoType string `protobuf:"bytes,2,opt,name=go_type,json=goType,proto3" json:"go_type,omitempty"` +} + +func (x *AnalysisMessageWeakSchema_ArgType) Reset() { + *x = AnalysisMessageWeakSchema_ArgType{} + mi := &file_analysis_v1alpha1_message_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *AnalysisMessageWeakSchema_ArgType) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*AnalysisMessageWeakSchema_ArgType) ProtoMessage() {} + +func (x *AnalysisMessageWeakSchema_ArgType) ProtoReflect() protoreflect.Message { + mi := &file_analysis_v1alpha1_message_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use AnalysisMessageWeakSchema_ArgType.ProtoReflect.Descriptor instead. +func (*AnalysisMessageWeakSchema_ArgType) Descriptor() ([]byte, []int) { + return file_analysis_v1alpha1_message_proto_rawDescGZIP(), []int{1, 0} +} + +func (x *AnalysisMessageWeakSchema_ArgType) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *AnalysisMessageWeakSchema_ArgType) GetGoType() string { + if x != nil { + return x.GoType + } + return "" +} + +var File_analysis_v1alpha1_message_proto protoreflect.FileDescriptor + +var file_analysis_v1alpha1_message_proto_rawDesc = []byte{ + 0x0a, 0x1f, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x12, 0x17, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, + 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, + 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xbb, 0x02, 0x0a, 0x13, 0x41, 0x6e, 0x61, + 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x61, 0x73, 0x65, + 0x12, 0x45, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, + 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x61, 0x73, 0x65, 0x2e, 0x54, 0x79, 0x70, + 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x48, 0x0a, 0x05, 0x6c, 0x65, 0x76, 0x65, 0x6c, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x61, + 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, + 0x2e, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x42, 0x61, 0x73, 0x65, 0x2e, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x52, 0x05, 0x6c, 0x65, 0x76, 0x65, + 0x6c, 0x12, 0x2b, 0x0a, 0x11, 0x64, 0x6f, 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x75, 0x72, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x10, 0x64, 0x6f, + 0x63, 0x75, 0x6d, 0x65, 0x6e, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x55, 0x72, 0x6c, 0x1a, 0x2e, + 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x63, 0x6f, + 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x63, 0x6f, 0x64, 0x65, 0x22, 0x36, + 0x0a, 0x05, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x4e, 0x4b, 0x4e, 0x4f, + 0x57, 0x4e, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x45, 0x52, 0x52, 0x4f, 0x52, 0x10, 0x03, 0x12, + 0x0b, 0x0a, 0x07, 0x57, 0x41, 0x52, 0x4e, 0x49, 0x4e, 0x47, 0x10, 0x08, 0x12, 0x08, 0x0a, 0x04, + 0x49, 0x4e, 0x46, 0x4f, 0x10, 0x0c, 0x22, 0xb2, 0x02, 0x0a, 0x19, 0x41, 0x6e, 0x61, 0x6c, 0x79, + 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x57, 0x65, 0x61, 0x6b, 0x53, 0x63, + 0x68, 0x65, 0x6d, 0x61, 0x12, 0x4f, 0x0a, 0x0c, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, + 0x62, 0x61, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x2e, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, + 0x73, 0x61, 0x67, 0x65, 0x42, 0x61, 0x73, 0x65, 0x52, 0x0b, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x42, 0x61, 0x73, 0x65, 0x12, 0x20, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x63, 0x72, 0x69, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x63, + 0x72, 0x69, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1a, 0x0a, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, + 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, + 0x61, 0x74, 0x65, 0x12, 0x4e, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, + 0x69, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x41, 0x6e, 0x61, 0x6c, + 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x57, 0x65, 0x61, 0x6b, 0x53, + 0x63, 0x68, 0x65, 0x6d, 0x61, 0x2e, 0x41, 0x72, 0x67, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x61, + 0x72, 0x67, 0x73, 0x1a, 0x36, 0x0a, 0x07, 0x41, 0x72, 0x67, 0x54, 0x79, 0x70, 0x65, 0x12, 0x12, + 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x17, 0x0a, 0x07, 0x67, 0x6f, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x06, 0x67, 0x6f, 0x54, 0x79, 0x70, 0x65, 0x22, 0xbd, 0x01, 0x0a, 0x16, + 0x47, 0x65, 0x6e, 0x65, 0x72, 0x69, 0x63, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x4f, 0x0a, 0x0c, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x61, 0x73, 0x65, 0x52, 0x0b, 0x6d, 0x65, 0x73, 0x73, + 0x61, 0x67, 0x65, 0x42, 0x61, 0x73, 0x65, 0x12, 0x2b, 0x0a, 0x04, 0x61, 0x72, 0x67, 0x73, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x04, + 0x61, 0x72, 0x67, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x72, 0x65, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, + 0x5f, 0x70, 0x61, 0x74, 0x68, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x72, 0x65, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x50, 0x61, 0x74, 0x68, 0x73, 0x22, 0x87, 0x01, 0x0a, 0x1c, + 0x49, 0x6e, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x41, 0x6e, 0x61, + 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x12, 0x4f, 0x0a, 0x0c, + 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x5f, 0x62, 0x61, 0x73, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x61, 0x6e, 0x61, 0x6c, 0x79, + 0x73, 0x69, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x41, 0x6e, 0x61, + 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x61, 0x73, 0x65, + 0x52, 0x0b, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x61, 0x73, 0x65, 0x12, 0x16, 0x0a, + 0x06, 0x64, 0x65, 0x74, 0x61, 0x69, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x64, + 0x65, 0x74, 0x61, 0x69, 0x6c, 0x42, 0x20, 0x5a, 0x1e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2f, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, +} + +var ( + file_analysis_v1alpha1_message_proto_rawDescOnce sync.Once + file_analysis_v1alpha1_message_proto_rawDescData = file_analysis_v1alpha1_message_proto_rawDesc +) + +func file_analysis_v1alpha1_message_proto_rawDescGZIP() []byte { + file_analysis_v1alpha1_message_proto_rawDescOnce.Do(func() { + file_analysis_v1alpha1_message_proto_rawDescData = protoimpl.X.CompressGZIP(file_analysis_v1alpha1_message_proto_rawDescData) + }) + return file_analysis_v1alpha1_message_proto_rawDescData +} + +var file_analysis_v1alpha1_message_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_analysis_v1alpha1_message_proto_msgTypes = make([]protoimpl.MessageInfo, 6) +var file_analysis_v1alpha1_message_proto_goTypes = []any{ + (AnalysisMessageBase_Level)(0), // 0: istio.analysis.v1alpha1.AnalysisMessageBase.Level + (*AnalysisMessageBase)(nil), // 1: istio.analysis.v1alpha1.AnalysisMessageBase + (*AnalysisMessageWeakSchema)(nil), // 2: istio.analysis.v1alpha1.AnalysisMessageWeakSchema + (*GenericAnalysisMessage)(nil), // 3: istio.analysis.v1alpha1.GenericAnalysisMessage + (*InternalErrorAnalysisMessage)(nil), // 4: istio.analysis.v1alpha1.InternalErrorAnalysisMessage + (*AnalysisMessageBase_Type)(nil), // 5: istio.analysis.v1alpha1.AnalysisMessageBase.Type + (*AnalysisMessageWeakSchema_ArgType)(nil), // 6: istio.analysis.v1alpha1.AnalysisMessageWeakSchema.ArgType + (*_struct.Struct)(nil), // 7: google.protobuf.Struct +} +var file_analysis_v1alpha1_message_proto_depIdxs = []int32{ + 5, // 0: istio.analysis.v1alpha1.AnalysisMessageBase.type:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase.Type + 0, // 1: istio.analysis.v1alpha1.AnalysisMessageBase.level:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase.Level + 1, // 2: istio.analysis.v1alpha1.AnalysisMessageWeakSchema.message_base:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase + 6, // 3: istio.analysis.v1alpha1.AnalysisMessageWeakSchema.args:type_name -> istio.analysis.v1alpha1.AnalysisMessageWeakSchema.ArgType + 1, // 4: istio.analysis.v1alpha1.GenericAnalysisMessage.message_base:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase + 7, // 5: istio.analysis.v1alpha1.GenericAnalysisMessage.args:type_name -> google.protobuf.Struct + 1, // 6: istio.analysis.v1alpha1.InternalErrorAnalysisMessage.message_base:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase + 7, // [7:7] is the sub-list for method output_type + 7, // [7:7] is the sub-list for method input_type + 7, // [7:7] is the sub-list for extension type_name + 7, // [7:7] is the sub-list for extension extendee + 0, // [0:7] is the sub-list for field type_name +} + +func init() { file_analysis_v1alpha1_message_proto_init() } +func file_analysis_v1alpha1_message_proto_init() { + if File_analysis_v1alpha1_message_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_analysis_v1alpha1_message_proto_rawDesc, + NumEnums: 1, + NumMessages: 6, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_analysis_v1alpha1_message_proto_goTypes, + DependencyIndexes: file_analysis_v1alpha1_message_proto_depIdxs, + EnumInfos: file_analysis_v1alpha1_message_proto_enumTypes, + MessageInfos: file_analysis_v1alpha1_message_proto_msgTypes, + }.Build() + File_analysis_v1alpha1_message_proto = out.File + file_analysis_v1alpha1_message_proto_rawDesc = nil + file_analysis_v1alpha1_message_proto_goTypes = nil + file_analysis_v1alpha1_message_proto_depIdxs = nil +} diff --git a/vendor/istio.io/api/analysis/v1alpha1/message.pb.html b/vendor/istio.io/api/analysis/v1alpha1/message.pb.html new file mode 100644 index 000000000..2c14e38e3 --- /dev/null +++ b/vendor/istio.io/api/analysis/v1alpha1/message.pb.html @@ -0,0 +1,353 @@ +--- +title: Analysis Messages +description: Describes the structure of messages generated by Istio analyzers. +location: https://istio.io/docs/reference/config/istio.analysis.v1alpha1.html +layout: protoc-gen-docs +generator: protoc-gen-docs +weight: 20 +number_of_entries: 7 +--- +

Describes the structure of messages generated by Istio analyzers.

+ +

AnalysisMessageBase

+
+

AnalysisMessageBase describes some common information that is needed for all +messages. All information should be static with respect to the error code.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
typeType + +No +
levelLevel +

Represents how severe a message is. Required.

+ +
+No +
documentationUrlstring +

A url pointing to the Istio documentation for this specific error type. +Should be of the form +^http(s)?://(preliminary\.)?istio.io/docs/reference/config/analysis/ +Required.

+ +
+No +
+
+

AnalysisMessageWeakSchema

+
+

AnalysisMessageWeakSchema is the set of information that’s needed to define a +weakly-typed schema. The purpose of this proto is to provide a mechanism for +validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make +sure that we don’t allow committing underspecified types.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
messageBaseAnalysisMessageBase +

Required

+ +
+No +
descriptionstring +

A human readable description of what the error means. Required.

+ +
+No +
templatestring +

A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing) +defining how to combine the args for a particular message into a log line. +Required.

+ +
+No +
argsArgType[] +

A description of the arguments for a particular message type

+ +
+No +
+
+

GenericAnalysisMessage

+
+

GenericAnalysisMessage is an instance of an AnalysisMessage defined by a +schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code +should be able to perform validation of arguments as needed by using the +message type information to look at the AnalysisMessageWeakSchema and examine the +list of args at runtime. Developers can also create stronger-typed versions +of GenericAnalysisMessage for well-known and stable message types.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
messageBaseAnalysisMessageBase +

Required

+ +
+No +
argsStruct +

Any message-type specific arguments that need to get codified. Optional.

+ +
+No +
resourcePathsstring[] +

A list of strings specifying the resource identifiers that were the cause +of message generation. A “path” here is a (NAMESPACE/)?RESOURCETYPE/NAME +tuple that uniquely identifies a particular resource. There doesn’t seem to +be a single concept for this, but this is intuitively taken from +https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology +At least one is required.

+ +
+No +
+
+

InternalErrorAnalysisMessage

+
+

InternalErrorAnalysisMessage is a strongly-typed message representing some +error in Istio code that prevented us from performing analysis at all.

+ + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
messageBaseAnalysisMessageBase +

Required

+ +
+No +
detailstring +

Any detail regarding specifics of the error. Should be human-readable.

+ +
+No +
+
+

AnalysisMessageBase.Type

+
+

A unique identifier for the type of message. Name is intended to be +human-readable, code is intended to be machine readable. There should be a +one-to-one mapping between name and code. (i.e. do not re-use names or +codes between message types.)

+ + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
namestring +

A human-readable name for the message type. e.g. “InternalError”, +“PodMissingProxy”. This should be the same for all messages of the same type. +Required.

+ +
+No +
codestring +

A 7 character code matching ^IST[0-9]{4}$ intended to uniquely identify +the message type. (e.g. “IST0001” is mapped to the “InternalError” message +type.) 0000-0100 are reserved. Required.

+ +
+No +
+
+

AnalysisMessageWeakSchema.ArgType

+
+ + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
namestring +

Required

+ +
+No +
goTypestring +

Required. Should be a golang type, used in code generation. +Ideally this will change to a less language-pinned type before this gets +out of alpha, but for compatibility with current istio/istio code it’s +go_type for now.

+ +
+No +
+
+

AnalysisMessageBase.Level

+
+

The values here are chosen so that more severe messages get sorted higher, +as well as leaving space in between to add more later

+ + + + + + + + + + + + + + + + + + + + + + + + + + +
NameDescription
UNKNOWN +

invalid, but included for proto compatibility for 0 values

+ +
ERROR +
WARNING +
INFO +
+
diff --git a/vendor/istio.io/api/analysis/v1alpha1/message.proto b/vendor/istio.io/api/analysis/v1alpha1/message.proto new file mode 100644 index 000000000..60798f095 --- /dev/null +++ b/vendor/istio.io/api/analysis/v1alpha1/message.proto @@ -0,0 +1,144 @@ +// Copyright 2019 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +// $title: Analysis Messages +// $description: Describes the structure of messages generated by Istio analyzers. +// $location: https://istio.io/docs/reference/config/istio.analysis.v1alpha1.html +// $weight: 20 + +// Describes the structure of messages generated by Istio analyzers. +package istio.analysis.v1alpha1; + +import "google/protobuf/struct.proto"; + +option go_package="istio.io/api/analysis/v1alpha1"; + +// There are four messages described in this file. One of them is a struct +// common to the other three: AnalysisMessageBase. Using this, we can construct +// one of three different structures. +// One is the AnalysisMessageWeakSchema, a YAML only description of a message +// type intended to be used where strong API guarantees are not necessary. +// One is the GenericAnalysisMessage, which is the struct that we guarantee that +// you can deserialize any analysis message to. Istio internally uses generated +// golang types from messages.yaml, so in order to reduce friction in creating +// new analyzers we offer a path that doesn't require committing to two +// different repos and solidifying the interface. +// Finally, we can create a new proto message of a specific message type and +// commit it to istio/api when we need a strong guarantee for cross platform +// communication. + +// AnalysisMessageBase describes some common information that is needed for all +// messages. All information should be static with respect to the error code. +message AnalysisMessageBase { + // A unique identifier for the type of message. Name is intended to be + // human-readable, code is intended to be machine readable. There should be a + // one-to-one mapping between name and code. (i.e. do not re-use names or + // codes between message types.) + message Type { + // A human-readable name for the message type. e.g. "InternalError", + // "PodMissingProxy". This should be the same for all messages of the same type. + // Required. + string name = 1; + + // A 7 character code matching `^IST[0-9]{4}$` intended to uniquely identify + // the message type. (e.g. "IST0001" is mapped to the "InternalError" message + // type.) 0000-0100 are reserved. Required. + string code = 2; + } + + Type type = 1; + + // The values here are chosen so that more severe messages get sorted higher, + // as well as leaving space in between to add more later + enum Level { + UNKNOWN = 0; // invalid, but included for proto compatibility for 0 values + ERROR = 3; + WARNING = 8; + INFO = 12; + } + + // Represents how severe a message is. Required. + Level level = 2; + + // A url pointing to the Istio documentation for this specific error type. + // Should be of the form + // `^http(s)?://(preliminary\.)?istio.io/docs/reference/config/analysis/` + // Required. + string documentation_url = 3; + +} + +// AnalysisMessageWeakSchema is the set of information that's needed to define a +// weakly-typed schema. The purpose of this proto is to provide a mechanism for +// validating istio/istio/galley/pkg/config/analysis/msg/messages.yaml to make +// sure that we don't allow committing underspecified types. +message AnalysisMessageWeakSchema { + // Required + AnalysisMessageBase message_base = 1; + + // A human readable description of what the error means. Required. + string description = 2; + + // A go-style template string (https://golang.org/pkg/fmt/#hdr-Printing) + // defining how to combine the args for a particular message into a log line. + // Required. + string template = 3; + + message ArgType { + // Required + string name = 1; + // Required. Should be a golang type, used in code generation. + // Ideally this will change to a less language-pinned type before this gets + // out of alpha, but for compatibility with current istio/istio code it's + // go_type for now. + string go_type = 2; + } + + // A description of the arguments for a particular message type + repeated ArgType args = 4; +} + +// GenericAnalysisMessage is an instance of an AnalysisMessage defined by a +// schema, whose metaschema is AnalysisMessageWeakSchema. (Names are hard.) Code +// should be able to perform validation of arguments as needed by using the +// message type information to look at the AnalysisMessageWeakSchema and examine the +// list of args at runtime. Developers can also create stronger-typed versions +// of GenericAnalysisMessage for well-known and stable message types. +message GenericAnalysisMessage { + // Required + AnalysisMessageBase message_base = 1; + + // Any message-type specific arguments that need to get codified. Optional. + google.protobuf.Struct args = 2; + + // A list of strings specifying the resource identifiers that were the cause + // of message generation. A "path" here is a (NAMESPACE\/)?RESOURCETYPE/NAME + // tuple that uniquely identifies a particular resource. There doesn't seem to + // be a single concept for this, but this is intuitively taken from + // https://kubernetes.io/docs/reference/using-api/api-concepts/#standard-api-terminology + // At least one is required. + repeated string resource_paths = 3; +} + +// InternalErrorAnalysisMessage is a strongly-typed message representing some +// error in Istio code that prevented us from performing analysis at all. +message InternalErrorAnalysisMessage { + // Required + AnalysisMessageBase message_base = 1; + + // Any detail regarding specifics of the error. Should be human-readable. + string detail = 2; +} diff --git a/vendor/istio.io/api/analysis/v1alpha1/message_deepcopy.gen.go b/vendor/istio.io/api/analysis/v1alpha1/message_deepcopy.gen.go new file mode 100644 index 000000000..5419f20bb --- /dev/null +++ b/vendor/istio.io/api/analysis/v1alpha1/message_deepcopy.gen.go @@ -0,0 +1,132 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1alpha1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using AnalysisMessageBase within kubernetes types, where deepcopy-gen is used. +func (in *AnalysisMessageBase) DeepCopyInto(out *AnalysisMessageBase) { + p := proto.Clone(in).(*AnalysisMessageBase) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageBase. Required by controller-gen. +func (in *AnalysisMessageBase) DeepCopy() *AnalysisMessageBase { + if in == nil { + return nil + } + out := new(AnalysisMessageBase) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageBase. Required by controller-gen. +func (in *AnalysisMessageBase) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using AnalysisMessageBase_Type within kubernetes types, where deepcopy-gen is used. +func (in *AnalysisMessageBase_Type) DeepCopyInto(out *AnalysisMessageBase_Type) { + p := proto.Clone(in).(*AnalysisMessageBase_Type) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageBase_Type. Required by controller-gen. +func (in *AnalysisMessageBase_Type) DeepCopy() *AnalysisMessageBase_Type { + if in == nil { + return nil + } + out := new(AnalysisMessageBase_Type) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageBase_Type. Required by controller-gen. +func (in *AnalysisMessageBase_Type) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using AnalysisMessageWeakSchema within kubernetes types, where deepcopy-gen is used. +func (in *AnalysisMessageWeakSchema) DeepCopyInto(out *AnalysisMessageWeakSchema) { + p := proto.Clone(in).(*AnalysisMessageWeakSchema) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageWeakSchema. Required by controller-gen. +func (in *AnalysisMessageWeakSchema) DeepCopy() *AnalysisMessageWeakSchema { + if in == nil { + return nil + } + out := new(AnalysisMessageWeakSchema) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageWeakSchema. Required by controller-gen. +func (in *AnalysisMessageWeakSchema) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using AnalysisMessageWeakSchema_ArgType within kubernetes types, where deepcopy-gen is used. +func (in *AnalysisMessageWeakSchema_ArgType) DeepCopyInto(out *AnalysisMessageWeakSchema_ArgType) { + p := proto.Clone(in).(*AnalysisMessageWeakSchema_ArgType) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageWeakSchema_ArgType. Required by controller-gen. +func (in *AnalysisMessageWeakSchema_ArgType) DeepCopy() *AnalysisMessageWeakSchema_ArgType { + if in == nil { + return nil + } + out := new(AnalysisMessageWeakSchema_ArgType) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AnalysisMessageWeakSchema_ArgType. Required by controller-gen. +func (in *AnalysisMessageWeakSchema_ArgType) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using GenericAnalysisMessage within kubernetes types, where deepcopy-gen is used. +func (in *GenericAnalysisMessage) DeepCopyInto(out *GenericAnalysisMessage) { + p := proto.Clone(in).(*GenericAnalysisMessage) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new GenericAnalysisMessage. Required by controller-gen. +func (in *GenericAnalysisMessage) DeepCopy() *GenericAnalysisMessage { + if in == nil { + return nil + } + out := new(GenericAnalysisMessage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new GenericAnalysisMessage. Required by controller-gen. +func (in *GenericAnalysisMessage) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using InternalErrorAnalysisMessage within kubernetes types, where deepcopy-gen is used. +func (in *InternalErrorAnalysisMessage) DeepCopyInto(out *InternalErrorAnalysisMessage) { + p := proto.Clone(in).(*InternalErrorAnalysisMessage) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new InternalErrorAnalysisMessage. Required by controller-gen. +func (in *InternalErrorAnalysisMessage) DeepCopy() *InternalErrorAnalysisMessage { + if in == nil { + return nil + } + out := new(InternalErrorAnalysisMessage) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new InternalErrorAnalysisMessage. Required by controller-gen. +func (in *InternalErrorAnalysisMessage) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/vendor/istio.io/api/analysis/v1alpha1/message_json.gen.go b/vendor/istio.io/api/analysis/v1alpha1/message_json.gen.go new file mode 100644 index 000000000..1bcf7887f --- /dev/null +++ b/vendor/istio.io/api/analysis/v1alpha1/message_json.gen.go @@ -0,0 +1,78 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1alpha1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for AnalysisMessageBase +func (this *AnalysisMessageBase) MarshalJSON() ([]byte, error) { + str, err := MessageMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for AnalysisMessageBase +func (this *AnalysisMessageBase) UnmarshalJSON(b []byte) error { + return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for AnalysisMessageBase_Type +func (this *AnalysisMessageBase_Type) MarshalJSON() ([]byte, error) { + str, err := MessageMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for AnalysisMessageBase_Type +func (this *AnalysisMessageBase_Type) UnmarshalJSON(b []byte) error { + return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for AnalysisMessageWeakSchema +func (this *AnalysisMessageWeakSchema) MarshalJSON() ([]byte, error) { + str, err := MessageMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for AnalysisMessageWeakSchema +func (this *AnalysisMessageWeakSchema) UnmarshalJSON(b []byte) error { + return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for AnalysisMessageWeakSchema_ArgType +func (this *AnalysisMessageWeakSchema_ArgType) MarshalJSON() ([]byte, error) { + str, err := MessageMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for AnalysisMessageWeakSchema_ArgType +func (this *AnalysisMessageWeakSchema_ArgType) UnmarshalJSON(b []byte) error { + return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for GenericAnalysisMessage +func (this *GenericAnalysisMessage) MarshalJSON() ([]byte, error) { + str, err := MessageMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for GenericAnalysisMessage +func (this *GenericAnalysisMessage) UnmarshalJSON(b []byte) error { + return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for InternalErrorAnalysisMessage +func (this *InternalErrorAnalysisMessage) MarshalJSON() ([]byte, error) { + str, err := MessageMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for InternalErrorAnalysisMessage +func (this *InternalErrorAnalysisMessage) UnmarshalJSON(b []byte) error { + return MessageUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + MessageMarshaler = &jsonpb.Marshaler{} + MessageUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/vendor/istio.io/api/meta/v1alpha1/status.pb.go b/vendor/istio.io/api/meta/v1alpha1/status.pb.go new file mode 100644 index 000000000..233d439b0 --- /dev/null +++ b/vendor/istio.io/api/meta/v1alpha1/status.pb.go @@ -0,0 +1,314 @@ +// Copyright 2019 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by protoc-gen-go. DO NOT EDIT. +// versions: +// protoc-gen-go v1.35.1 +// protoc (unknown) +// source: meta/v1alpha1/status.proto + +// $title: Istio Status +// $description: Common status field for all istio collections. +// $location: https://istio.io/docs/reference/config/meta/v1beta1/istio-status.html + +package v1alpha1 + +import ( + timestamp "github.com/golang/protobuf/ptypes/timestamp" + protoreflect "google.golang.org/protobuf/reflect/protoreflect" + protoimpl "google.golang.org/protobuf/runtime/protoimpl" + v1alpha1 "istio.io/api/analysis/v1alpha1" + reflect "reflect" + sync "sync" +) + +const ( + // Verify that this generated code is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(20 - protoimpl.MinVersion) + // Verify that runtime/protoimpl is sufficiently up-to-date. + _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) +) + +type IstioStatus struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Current service state of the resource. + // More info: https://istio.io/docs/reference/config/config-status/ + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + Conditions []*IstioCondition `protobuf:"bytes,1,rep,name=conditions,proto3" json:"conditions,omitempty"` + // Includes any errors or warnings detected by Istio's analyzers. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + ValidationMessages []*v1alpha1.AnalysisMessageBase `protobuf:"bytes,2,rep,name=validation_messages,json=validationMessages,proto3" json:"validation_messages,omitempty"` + // Resource Generation to which the Reconciled Condition refers. + // When this value is not equal to the object's metadata generation, reconciled condition calculation for the current + // generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. + // +optional + // +protoc-gen-crd:validation:XIntOrString + ObservedGeneration int64 `protobuf:"varint,3,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"` +} + +func (x *IstioStatus) Reset() { + *x = IstioStatus{} + mi := &file_meta_v1alpha1_status_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *IstioStatus) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IstioStatus) ProtoMessage() {} + +func (x *IstioStatus) ProtoReflect() protoreflect.Message { + mi := &file_meta_v1alpha1_status_proto_msgTypes[0] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IstioStatus.ProtoReflect.Descriptor instead. +func (*IstioStatus) Descriptor() ([]byte, []int) { + return file_meta_v1alpha1_status_proto_rawDescGZIP(), []int{0} +} + +func (x *IstioStatus) GetConditions() []*IstioCondition { + if x != nil { + return x.Conditions + } + return nil +} + +func (x *IstioStatus) GetValidationMessages() []*v1alpha1.AnalysisMessageBase { + if x != nil { + return x.ValidationMessages + } + return nil +} + +func (x *IstioStatus) GetObservedGeneration() int64 { + if x != nil { + return x.ObservedGeneration + } + return 0 +} + +type IstioCondition struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Type is the type of the condition. + Type string `protobuf:"bytes,1,opt,name=type,proto3" json:"type,omitempty"` + // Status is the status of the condition. + // Can be True, False, Unknown. + Status string `protobuf:"bytes,2,opt,name=status,proto3" json:"status,omitempty"` + // Last time we probed the condition. + // +optional + LastProbeTime *timestamp.Timestamp `protobuf:"bytes,3,opt,name=last_probe_time,json=lastProbeTime,proto3" json:"last_probe_time,omitempty"` + // Last time the condition transitioned from one status to another. + // +optional + LastTransitionTime *timestamp.Timestamp `protobuf:"bytes,4,opt,name=last_transition_time,json=lastTransitionTime,proto3" json:"last_transition_time,omitempty"` + // Unique, one-word, CamelCase reason for the condition's last transition. + // +optional + Reason string `protobuf:"bytes,5,opt,name=reason,proto3" json:"reason,omitempty"` + // Human-readable message indicating details about last transition. + // +optional + Message string `protobuf:"bytes,6,opt,name=message,proto3" json:"message,omitempty"` +} + +func (x *IstioCondition) Reset() { + *x = IstioCondition{} + mi := &file_meta_v1alpha1_status_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *IstioCondition) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*IstioCondition) ProtoMessage() {} + +func (x *IstioCondition) ProtoReflect() protoreflect.Message { + mi := &file_meta_v1alpha1_status_proto_msgTypes[1] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use IstioCondition.ProtoReflect.Descriptor instead. +func (*IstioCondition) Descriptor() ([]byte, []int) { + return file_meta_v1alpha1_status_proto_rawDescGZIP(), []int{1} +} + +func (x *IstioCondition) GetType() string { + if x != nil { + return x.Type + } + return "" +} + +func (x *IstioCondition) GetStatus() string { + if x != nil { + return x.Status + } + return "" +} + +func (x *IstioCondition) GetLastProbeTime() *timestamp.Timestamp { + if x != nil { + return x.LastProbeTime + } + return nil +} + +func (x *IstioCondition) GetLastTransitionTime() *timestamp.Timestamp { + if x != nil { + return x.LastTransitionTime + } + return nil +} + +func (x *IstioCondition) GetReason() string { + if x != nil { + return x.Reason + } + return "" +} + +func (x *IstioCondition) GetMessage() string { + if x != nil { + return x.Message + } + return "" +} + +var File_meta_v1alpha1_status_proto protoreflect.FileDescriptor + +var file_meta_v1alpha1_status_proto_rawDesc = []byte{ + 0x0a, 0x1a, 0x6d, 0x65, 0x74, 0x61, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, + 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x13, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6d, 0x65, 0x74, 0x61, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x1a, 0x1f, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x31, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x62, 0x75, 0x66, 0x2f, 0x74, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x22, 0xe2, 0x01, 0x0a, 0x0b, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x43, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6d, 0x65, 0x74, 0x61, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x49, 0x73, + 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, 0x63, 0x6f, + 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a, 0x13, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x18, + 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x61, 0x6e, + 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, + 0x61, 0x73, 0x65, 0x52, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, + 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x6f, 0x62, 0x73, 0x65, 0x72, + 0x76, 0x65, 0x64, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, 0x47, 0x65, + 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x80, 0x02, 0x0a, 0x0e, 0x49, 0x73, 0x74, + 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x12, 0x0a, 0x04, 0x74, + 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, + 0x16, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x42, 0x0a, 0x0f, 0x6c, 0x61, 0x73, 0x74, 0x5f, + 0x70, 0x72, 0x6f, 0x62, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x0d, 0x6c, 0x61, + 0x73, 0x74, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x4c, 0x0a, 0x14, 0x6c, + 0x61, 0x73, 0x74, 0x5f, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, + 0x69, 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x54, 0x69, 0x6d, 0x65, + 0x73, 0x74, 0x61, 0x6d, 0x70, 0x52, 0x12, 0x6c, 0x61, 0x73, 0x74, 0x54, 0x72, 0x61, 0x6e, 0x73, + 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, + 0x73, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, + 0x6e, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x42, 0x1c, 0x5a, 0x1a, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6d, 0x65, 0x74, 0x61, + 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, +} + +var ( + file_meta_v1alpha1_status_proto_rawDescOnce sync.Once + file_meta_v1alpha1_status_proto_rawDescData = file_meta_v1alpha1_status_proto_rawDesc +) + +func file_meta_v1alpha1_status_proto_rawDescGZIP() []byte { + file_meta_v1alpha1_status_proto_rawDescOnce.Do(func() { + file_meta_v1alpha1_status_proto_rawDescData = protoimpl.X.CompressGZIP(file_meta_v1alpha1_status_proto_rawDescData) + }) + return file_meta_v1alpha1_status_proto_rawDescData +} + +var file_meta_v1alpha1_status_proto_msgTypes = make([]protoimpl.MessageInfo, 2) +var file_meta_v1alpha1_status_proto_goTypes = []any{ + (*IstioStatus)(nil), // 0: istio.meta.v1alpha1.IstioStatus + (*IstioCondition)(nil), // 1: istio.meta.v1alpha1.IstioCondition + (*v1alpha1.AnalysisMessageBase)(nil), // 2: istio.analysis.v1alpha1.AnalysisMessageBase + (*timestamp.Timestamp)(nil), // 3: google.protobuf.Timestamp +} +var file_meta_v1alpha1_status_proto_depIdxs = []int32{ + 1, // 0: istio.meta.v1alpha1.IstioStatus.conditions:type_name -> istio.meta.v1alpha1.IstioCondition + 2, // 1: istio.meta.v1alpha1.IstioStatus.validation_messages:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase + 3, // 2: istio.meta.v1alpha1.IstioCondition.last_probe_time:type_name -> google.protobuf.Timestamp + 3, // 3: istio.meta.v1alpha1.IstioCondition.last_transition_time:type_name -> google.protobuf.Timestamp + 4, // [4:4] is the sub-list for method output_type + 4, // [4:4] is the sub-list for method input_type + 4, // [4:4] is the sub-list for extension type_name + 4, // [4:4] is the sub-list for extension extendee + 0, // [0:4] is the sub-list for field type_name +} + +func init() { file_meta_v1alpha1_status_proto_init() } +func file_meta_v1alpha1_status_proto_init() { + if File_meta_v1alpha1_status_proto != nil { + return + } + type x struct{} + out := protoimpl.TypeBuilder{ + File: protoimpl.DescBuilder{ + GoPackagePath: reflect.TypeOf(x{}).PkgPath(), + RawDescriptor: file_meta_v1alpha1_status_proto_rawDesc, + NumEnums: 0, + NumMessages: 2, + NumExtensions: 0, + NumServices: 0, + }, + GoTypes: file_meta_v1alpha1_status_proto_goTypes, + DependencyIndexes: file_meta_v1alpha1_status_proto_depIdxs, + MessageInfos: file_meta_v1alpha1_status_proto_msgTypes, + }.Build() + File_meta_v1alpha1_status_proto = out.File + file_meta_v1alpha1_status_proto_rawDesc = nil + file_meta_v1alpha1_status_proto_goTypes = nil + file_meta_v1alpha1_status_proto_depIdxs = nil +} diff --git a/vendor/istio.io/api/meta/v1alpha1/status.pb.html b/vendor/istio.io/api/meta/v1alpha1/status.pb.html new file mode 100644 index 000000000..24d7cde8d --- /dev/null +++ b/vendor/istio.io/api/meta/v1alpha1/status.pb.html @@ -0,0 +1,141 @@ +--- +title: Istio Status +description: Common status field for all istio collections. +location: https://istio.io/docs/reference/config/meta/v1beta1/istio-status.html +layout: protoc-gen-docs +generator: protoc-gen-docs +number_of_entries: 2 +--- +

IstioStatus

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
conditionsIstioCondition[] +

Current service state of the resource. +More info: https://istio.io/docs/reference/config/config-status/

+ +
+No +
validationMessagesAnalysisMessageBase[] +

Includes any errors or warnings detected by Istio’s analyzers.

+ +
+No +
observedGenerationint64 +

Resource Generation to which the Reconciled Condition refers. +When this value is not equal to the object’s metadata generation, reconciled condition calculation for the current +generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info.

+ +
+No +
+
+

IstioCondition

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
typestring +

Type is the type of the condition.

+ +
+No +
statusstring +

Status is the status of the condition. +Can be True, False, Unknown.

+ +
+No +
lastProbeTimeTimestamp +

Last time we probed the condition.

+ +
+No +
lastTransitionTimeTimestamp +

Last time the condition transitioned from one status to another.

+ +
+No +
reasonstring +

Unique, one-word, CamelCase reason for the condition’s last transition.

+ +
+No +
messagestring +

Human-readable message indicating details about last transition.

+ +
+No +
+
diff --git a/vendor/istio.io/api/meta/v1alpha1/status.proto b/vendor/istio.io/api/meta/v1alpha1/status.proto new file mode 100644 index 000000000..0cf3cc3bc --- /dev/null +++ b/vendor/istio.io/api/meta/v1alpha1/status.proto @@ -0,0 +1,73 @@ +// Copyright 2019 Istio Authors +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. +syntax = "proto3"; + +import "analysis/v1alpha1/message.proto"; + +import "google/protobuf/timestamp.proto"; + +// $title: Istio Status +// $description: Common status field for all istio collections. +// $location: https://istio.io/docs/reference/config/meta/v1beta1/istio-status.html + +package istio.meta.v1alpha1; + +option go_package="istio.io/api/meta/v1alpha1"; + +message IstioStatus { + // Current service state of the resource. + // More info: https://istio.io/docs/reference/config/config-status/ + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + repeated IstioCondition conditions = 1; + + // Includes any errors or warnings detected by Istio's analyzers. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + repeated analysis.v1alpha1.AnalysisMessageBase validation_messages = 2; + + // Resource Generation to which the Reconciled Condition refers. + // When this value is not equal to the object's metadata generation, reconciled condition calculation for the current + // generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. + // +optional + // +protoc-gen-crd:validation:XIntOrString + int64 observed_generation = 3; +} + +message IstioCondition { + // Type is the type of the condition. + string type = 1; + + // Status is the status of the condition. + // Can be True, False, Unknown. + string status = 2; + + // Last time we probed the condition. + // +optional + google.protobuf.Timestamp last_probe_time = 3; + + // Last time the condition transitioned from one status to another. + // +optional + google.protobuf.Timestamp last_transition_time = 4; + + // Unique, one-word, CamelCase reason for the condition's last transition. + // +optional + string reason = 5; + + // Human-readable message indicating details about last transition. + // +optional + string message = 6; +} diff --git a/vendor/istio.io/api/meta/v1alpha1/status_deepcopy.gen.go b/vendor/istio.io/api/meta/v1alpha1/status_deepcopy.gen.go new file mode 100644 index 000000000..9b850cca9 --- /dev/null +++ b/vendor/istio.io/api/meta/v1alpha1/status_deepcopy.gen.go @@ -0,0 +1,48 @@ +// Code generated by protoc-gen-deepcopy. DO NOT EDIT. +package v1alpha1 + +import ( + proto "google.golang.org/protobuf/proto" +) + +// DeepCopyInto supports using IstioStatus within kubernetes types, where deepcopy-gen is used. +func (in *IstioStatus) DeepCopyInto(out *IstioStatus) { + p := proto.Clone(in).(*IstioStatus) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioStatus. Required by controller-gen. +func (in *IstioStatus) DeepCopy() *IstioStatus { + if in == nil { + return nil + } + out := new(IstioStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioStatus. Required by controller-gen. +func (in *IstioStatus) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using IstioCondition within kubernetes types, where deepcopy-gen is used. +func (in *IstioCondition) DeepCopyInto(out *IstioCondition) { + p := proto.Clone(in).(*IstioCondition) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCondition. Required by controller-gen. +func (in *IstioCondition) DeepCopy() *IstioCondition { + if in == nil { + return nil + } + out := new(IstioCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioCondition. Required by controller-gen. +func (in *IstioCondition) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/vendor/istio.io/api/meta/v1alpha1/status_json.gen.go b/vendor/istio.io/api/meta/v1alpha1/status_json.gen.go new file mode 100644 index 000000000..6fdfea552 --- /dev/null +++ b/vendor/istio.io/api/meta/v1alpha1/status_json.gen.go @@ -0,0 +1,34 @@ +// Code generated by protoc-gen-jsonshim. DO NOT EDIT. +package v1alpha1 + +import ( + bytes "bytes" + jsonpb "github.com/golang/protobuf/jsonpb" +) + +// MarshalJSON is a custom marshaler for IstioStatus +func (this *IstioStatus) MarshalJSON() ([]byte, error) { + str, err := StatusMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for IstioStatus +func (this *IstioStatus) UnmarshalJSON(b []byte) error { + return StatusUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for IstioCondition +func (this *IstioCondition) MarshalJSON() ([]byte, error) { + str, err := StatusMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for IstioCondition +func (this *IstioCondition) UnmarshalJSON(b []byte) error { + return StatusUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +var ( + StatusMarshaler = &jsonpb.Marshaler{} + StatusUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} +) diff --git a/vendor/istio.io/api/networking/v1alpha3/destination_rule.gen.json b/vendor/istio.io/api/networking/v1alpha3/destination_rule.gen.json deleted file mode 100644 index 1ece1c856..000000000 --- a/vendor/istio.io/api/networking/v1alpha3/destination_rule.gen.json +++ /dev/null @@ -1,679 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Configuration affecting load balancing, outlier detection, etc.", - "version": "v1alpha3" - }, - "components": { - "schemas": { - "istio.networking.v1alpha3.ClientTLSSettings": { - "description": "SSL/TLS related settings for upstream connections. See Envoy's [TLS context](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto.html#common-tls-configuration) for more details. These settings are common to both HTTP and TCP upstreams.", - "type": "object", - "properties": { - "mode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings.TLSmode" - }, - "clientCertificate": { - "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client-side TLS certificate to use. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "privateKey": { - "description": "REQUIRED if mode is `MUTUAL`. The path to the file holding the client's private key. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "caCertificates": { - "description": "OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If omitted, the proxy will not verify the server's certificate. Should be empty if mode is `ISTIO_MUTUAL`.", - "type": "string" - }, - "credentialName": { - "description": "The name of the secret that holds the TLS certs for the client including the CA certificates. This secret must exist in the namespace of the proxy using the certificates. An Opaque secret should contain the following keys and values: `key: \u003cprivateKey\u003e`, `cert: \u003cclientCert\u003e`, `cacert: \u003cCACertificate\u003e`, `crl: \u003ccertificateRevocationList\u003e` Here CACertificate is used to verify the server certificate. For mutual TLS, `cacert: \u003cCACertificate\u003e` can be provided in the same secret or a separate secret named `\u003csecret\u003e-cacert`. A TLS secret for client certificates with an additional `ca.crt` key for CA certificates and `ca.crl` key for certificate revocation list(CRL) is also supported. Only one of client certificates and CA certificate or credentialName can be specified.", - "type": "string" - }, - "subjectAltNames": { - "description": "A list of alternate names to verify the subject identity in the certificate. If specified, the proxy will verify that the server certificate's subject alt name matches one of the specified values. If specified, this list overrides the value of subject_alt_names from the ServiceEntry. If unspecified, automatic validation of upstream presented certificate for new upstream connections will be done based on the downstream HTTP host/authority header, provided `VERIFY_CERTIFICATE_AT_CLIENT` and `ENABLE_AUTO_SNI` environmental variables are set to `true`.", - "type": "array", - "items": { - "type": "string" - } - }, - "sni": { - "description": "SNI string to present to the server during TLS handshake. If unspecified, SNI will be automatically set based on downstream HTTP host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` environmental variable is set to `true`.", - "type": "string" - }, - "insecureSkipVerify": { - "description": "InsecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host. This flag should only be set if global CA signature verification is enabled, `VerifyCertAtClient` environmental variable is set to `true`, but no verification is desired for a specific host. If enabled with or without `VerifyCertAtClient` enabled, verification of the CA signature and SAN will be skipped.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.ClientTLSSettings.TLSmode": { - "description": "TLS connection mode", - "type": "string", - "enum": [ - "DISABLE", - "SIMPLE", - "MUTUAL", - "ISTIO_MUTUAL" - ] - }, - "istio.networking.v1alpha3.ConnectionPoolSettings": { - "description": "Connection pool settings for an upstream host. The settings apply to each individual host in the upstream service. See Envoy's [circuit breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) for more details. Connection pool settings can be applied at the TCP level as well as at HTTP level.", - "type": "object", - "properties": { - "tcp": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings" - }, - "http": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings" - } - } - }, - "istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings": { - "description": "Settings applicable to HTTP1.1/HTTP2/GRPC connections.", - "type": "object", - "properties": { - "http1MaxPendingRequests": { - "description": "Maximum number of requests that will be queued while waiting for a ready connection pool connection. Default 2^32-1. Refer to https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking under which conditions a new connection is created for HTTP2. Please note that this is applicable to both HTTP/1.1 and HTTP2.", - "type": "integer", - "format": "int32" - }, - "http2MaxRequests": { - "description": "Maximum number of active requests to a destination. Default 2^32-1. Please note that this is applicable to both HTTP/1.1 and HTTP2.", - "type": "integer", - "format": "int32" - }, - "maxRequestsPerConnection": { - "description": "Maximum number of requests per connection to a backend. Setting this parameter to 1 disables keep alive. Default 0, meaning \"unlimited\", up to 2^29.", - "type": "integer", - "format": "int32" - }, - "maxRetries": { - "description": "Maximum number of retries that can be outstanding to all hosts in a cluster at a given time. Defaults to 2^32-1.", - "type": "integer", - "format": "int32" - }, - "idleTimeout": { - "description": "The idle timeout for upstream connection pool connections. The idle timeout is defined as the period in which there are no active requests. If not set, the default is 1 hour. When the idle timeout is reached, the connection will be closed. If the connection is an HTTP/2 connection a drain sequence will occur prior to closing the connection. Note that request based timeouts mean that HTTP/2 PINGs will not keep the connection alive. Applies to both HTTP1.1 and HTTP2 connections.", - "type": "string" - }, - "h2UpgradePolicy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy" - }, - "useClientProtocol": { - "description": "If set to true, client protocol will be preserved while initiating connection to backend. Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client connections will not be upgraded to http2.", - "type": "boolean" - } - } - }, - "istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy": { - "description": "Policy for upgrading http1.1 connections to http2.", - "type": "string", - "enum": [ - "DEFAULT", - "DO_NOT_UPGRADE", - "UPGRADE" - ] - }, - "istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings": { - "description": "Settings common to both HTTP and TCP upstream connections.", - "type": "object", - "properties": { - "maxConnections": { - "description": "Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1.", - "type": "integer", - "format": "int32" - }, - "connectTimeout": { - "description": "TCP connection timeout. format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is 10s.", - "type": "string" - }, - "tcpKeepalive": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive" - }, - "maxConnectionDuration": { - "description": "The maximum duration of a connection. The duration is defined as the period since a connection was established. If not set, there is no max duration. When max_connection_duration is reached the connection will be closed. Duration must be at least 1ms.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive": { - "description": "TCP keepalive.", - "type": "object", - "properties": { - "probes": { - "description": "Maximum number of keepalive probes to send without response before deciding the connection is dead. Default is to use the OS level configuration (unless overridden, Linux defaults to 9.)", - "type": "integer" - }, - "time": { - "description": "The time duration a connection needs to be idle before keep-alive probes start being sent. Default is to use the OS level configuration (unless overridden, Linux defaults to 7200s (ie 2 hours.)", - "type": "string" - }, - "interval": { - "description": "The time duration between keep-alive probes. Default is to use the OS level configuration (unless overridden, Linux defaults to 75s.)", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.DestinationRule": { - "description": "DestinationRule defines policies that apply to traffic intended for a service after routing has occurred.", - "type": "object", - "properties": { - "host": { - "description": "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntries](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Rules defined for services that do not exist in the service registry will be ignored.", - "type": "string" - }, - "trafficPolicy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TrafficPolicy" - }, - "subsets": { - "description": "One or more named sets that represent individual versions of a service. Traffic policies can be overridden at subset level.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Subset" - } - }, - "exportTo": { - "description": "A list of namespaces to which this destination rule is exported. The resolution of a destination rule to apply to a service occurs in the context of a hierarchy of namespaces. Exporting a destination rule allows it to be included in the resolution hierarchy for services in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of destination rules across namespace boundaries.", - "type": "array", - "items": { - "type": "string" - } - }, - "workloadSelector": { - "$ref": "#/components/schemas/istio.type.v1beta1.WorkloadSelector" - } - } - }, - "istio.networking.v1alpha3.LoadBalancerSettings": { - "description": "Load balancing policies to apply for a specific destination. See Envoy's load balancing [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/load_balancing) for more details.", - "type": "object", - "properties": { - "localityLbSetting": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting" - }, - "warmupDurationSecs": { - "description": "Represents the warmup duration of Service. If set, the newly created endpoint of service remains in warmup mode starting from its creation time for the duration of this window and Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. This should be enabled for services that require warm up time to serve full production load with reasonable latency. Please note that this is most effective when few new endpoints come up like scale event in Kubernetes. When all the endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same amount of requests. Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers.", - "type": "string" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "simple" - ], - "properties": { - "simple": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB" - } - } - }, - { - "required": [ - "consistentHash" - ], - "properties": { - "consistentHash": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB" - } - } - } - ] - } - }, - { - "required": [ - "simple" - ], - "properties": { - "simple": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB" - } - } - }, - { - "required": [ - "consistentHash" - ], - "properties": { - "consistentHash": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB" - } - } - } - ] - }, - "istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB": { - "description": "Consistent Hash-based load balancing can be used to provide soft session affinity based on HTTP headers, cookies or other properties. The affinity to a particular destination host may be lost when one or more hosts are added/removed from the destination service.", - "type": "object", - "properties": { - "minimumRingSize": { - "description": "Deprecated. Use RingHash instead.", - "type": "integer", - "deprecated": true - } - }, - "allOf": [ - { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpHeaderName" - ], - "properties": { - "httpHeaderName": { - "description": "Hash based on a specific HTTP header.", - "type": "string" - } - } - }, - { - "required": [ - "httpCookie" - ], - "properties": { - "httpCookie": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie" - } - } - }, - { - "required": [ - "useSourceIp" - ], - "properties": { - "useSourceIp": { - "description": "Hash based on the source IP address. This is applicable for both TCP and HTTP connections.", - "type": "boolean" - } - } - }, - { - "required": [ - "httpQueryParameterName" - ], - "properties": { - "httpQueryParameterName": { - "description": "Hash based on a specific HTTP query parameter.", - "type": "string" - } - } - } - ] - } - }, - { - "required": [ - "httpHeaderName" - ], - "properties": { - "httpHeaderName": { - "description": "Hash based on a specific HTTP header.", - "type": "string" - } - } - }, - { - "required": [ - "httpCookie" - ], - "properties": { - "httpCookie": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie" - } - } - }, - { - "required": [ - "useSourceIp" - ], - "properties": { - "useSourceIp": { - "description": "Hash based on the source IP address. This is applicable for both TCP and HTTP connections.", - "type": "boolean" - } - } - }, - { - "required": [ - "httpQueryParameterName" - ], - "properties": { - "httpQueryParameterName": { - "description": "Hash based on a specific HTTP query parameter.", - "type": "string" - } - } - } - ] - }, - { - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "ringHash" - ], - "properties": { - "ringHash": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash" - } - } - }, - { - "required": [ - "maglev" - ], - "properties": { - "maglev": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev" - } - } - } - ] - } - }, - { - "required": [ - "ringHash" - ], - "properties": { - "ringHash": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash" - } - } - }, - { - "required": [ - "maglev" - ], - "properties": { - "maglev": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev" - } - } - } - ] - } - ] - }, - "istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie": { - "description": "Describes a HTTP cookie that will be used as the hash key for the Consistent Hash load balancer. If the cookie is not present, it will be generated.", - "type": "object", - "properties": { - "name": { - "description": "Name of the cookie.", - "type": "string" - }, - "path": { - "description": "Path to set for the cookie.", - "type": "string" - }, - "ttl": { - "description": "Lifetime of the cookie.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev": { - "type": "object", - "properties": { - "tableSize": { - "description": "The table size for Maglev hashing. This helps in controlling the disruption when the backend hosts change. Increasing the table size reduces the amount of disruption.", - "type": "integer" - } - } - }, - "istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash": { - "type": "object", - "properties": { - "minimumRingSize": { - "description": "The minimum number of virtual nodes to use for the hash ring. Defaults to 1024. Larger ring sizes result in more granular load distributions. If the number of hosts in the load balancing pool is larger than the ring size, each host will be assigned a single virtual node.", - "type": "integer" - } - } - }, - "istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB": { - "description": "Standard load balancing algorithms that require no tuning.", - "type": "string", - "enum": [ - "UNSPECIFIED", - "LEAST_CONN", - "RANDOM", - "PASSTHROUGH", - "ROUND_ROBIN", - "LEAST_REQUEST" - ] - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting": { - "description": "Locality-weighted load balancing allows administrators to control the distribution of traffic to endpoints based on the localities of where the traffic originates and where it will terminate. These localities are specified using arbitrary labels that designate a hierarchy of localities in {region}/{zone}/{sub-zone} form. For additional detail refer to [Locality Weight](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) The following example shows how to setup locality weights mesh-wide.", - "type": "object", - "properties": { - "distribute": { - "description": "Optional: only one of distribute, failover or failoverPriority can be set. Explicitly specify loadbalancing weight across different zones and geographical locations. Refer to [Locality weighted load balancing](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/locality_weight) If empty, the locality weight is set according to the endpoints number within it.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute" - } - }, - "failover": { - "description": "Optional: only one of distribute, failover or failoverPriority can be set. Explicitly specify the region traffic will land on when endpoints in local region becomes unhealthy. Should be used together with OutlierDetection to detect unhealthy endpoints. Note: if no OutlierDetection specified, this will not take effect.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover" - } - }, - "failoverPriority": { - "description": "failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. This is to support traffic failover across different groups of endpoints. Two kinds of labels can be specified: - Specify only label keys `[key1, key2, key3]`, istio would compare the label values of client with endpoints. Suppose there are total N label keys `[key1, key2, key3, ...keyN]` specified: 1. Endpoints matching all N labels with the client proxy have priority P(0) i.e. the highest priority. 2. Endpoints matching the first N-1 labels with the client proxy have priority P(1) i.e. second highest priority. 3. By extension of this logic, endpoints matching only the first label with the client proxy has priority P(N-1) i.e. second lowest priority. 4. All the other endpoints have priority P(N) i.e. lowest priority.", - "type": "array", - "items": { - "type": "string" - } - }, - "enabled": { - "description": "enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. e.g. true means that turn on locality load balancing for this DestinationRule no matter what mesh wide settings is.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute": { - "description": "Describes how traffic originating in the 'from' zone or sub-zone is distributed over a set of 'to' zones. Syntax for specifying a zone is {region}/{zone}/{sub-zone} and terminal wildcards are allowed on any segment of the specification. Examples: `*` - matches all localities", - "type": "object", - "properties": { - "from": { - "description": "Originating locality, '/' separated, e.g. 'region/zone/sub_zone'.", - "type": "string" - }, - "to": { - "description": "Map of upstream localities to traffic distribution weights. The sum of all weights should be 100. Any locality not present will receive no traffic.", - "type": "object", - "additionalProperties": { - "type": "integer" - } - } - } - }, - "istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover": { - "description": "Specify the traffic failover policy across regions. Since zone and sub-zone failover is supported by default this only needs to be specified for regions when the operator needs to constrain traffic failover so that the default behavior of failing over to any endpoint globally does not apply. This is useful when failing over traffic across regions would not improve service health or may need to be restricted for other reasons like regulatory controls.", - "type": "object", - "properties": { - "from": { - "description": "Originating region.", - "type": "string" - }, - "to": { - "description": "Destination region the traffic will fail over to when endpoints in the 'from' region becomes unhealthy.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.OutlierDetection": { - "description": "A Circuit breaker implementation that tracks the status of each individual host in the upstream service. Applicable to both HTTP and TCP services. For HTTP services, hosts that continually return 5xx errors for API calls are ejected from the pool for a pre-defined period of time. For TCP services, connection timeouts or connection failures to a given host counts as an error when measuring the consecutive errors metric. See Envoy's [outlier detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) for more details.", - "type": "object", - "properties": { - "consecutiveErrors": { - "description": "Number of errors before a host is ejected from the connection pool. Defaults to 5. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as an error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as an error. $hide_from_docs", - "type": "integer", - "format": "int32", - "deprecated": true - }, - "splitExternalLocalOriginErrors": { - "description": "Determines whether to distinguish local origin failures from external errors. If set to true consecutive_local_origin_failure is taken into account for outlier detection calculations. This should be used when you want to derive the outlier detection status based on the errors seen locally such as failure to connect, timeout while connecting etc. rather than the status code returned by upstream service. This is especially useful when the upstream service explicitly returns a 5xx for some requests and you want to ignore those responses from upstream service while determining the outlier detection status of a host. Defaults to false.", - "type": "boolean" - }, - "consecutiveLocalOriginFailures": { - "description": "The number of consecutive locally originated failures before ejection occurs. Defaults to 5. Parameter takes effect only when split_external_local_origin_errors is set to true.", - "type": "integer", - "nullable": true - }, - "consecutiveGatewayErrors": { - "description": "Number of gateway errors before a host is ejected from the connection pool. When the upstream host is accessed over HTTP, a 502, 503, or 504 return code qualifies as a gateway error. When the upstream host is accessed over an opaque TCP connection, connect timeouts and connection error/failure events qualify as a gateway error. This feature is disabled by default or when set to the value 0.", - "type": "integer", - "nullable": true - }, - "consecutive5xxErrors": { - "description": "Number of 5xx errors before a host is ejected from the connection pool. When the upstream host is accessed over an opaque TCP connection, connect timeouts, connection error/failure and request failure events qualify as a 5xx error. This feature defaults to 5 but can be disabled by setting the value to 0.", - "type": "integer", - "nullable": true - }, - "interval": { - "description": "Time interval between ejection sweep analysis. format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is 10s.", - "type": "string" - }, - "baseEjectionTime": { - "description": "Minimum ejection duration. A host will remain ejected for a period equal to the product of minimum ejection duration and the number of times the host has been ejected. This technique allows the system to automatically increase the ejection period for unhealthy upstream servers. format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is 30s.", - "type": "string" - }, - "maxEjectionPercent": { - "description": "Maximum % of hosts in the load balancing pool for the upstream service that can be ejected. Defaults to 10%.", - "type": "integer", - "format": "int32" - }, - "minHealthPercent": { - "description": "Outlier detection will be enabled as long as the associated load balancing pool has at least min_health_percent hosts in healthy mode. When the percentage of healthy hosts in the load balancing pool drops below this threshold, outlier detection will be disabled and the proxy will load balance across all hosts in the pool (healthy and unhealthy). The threshold can be disabled by setting it to 0%. The default is 0% as it's not typically applicable in k8s environments with few pods per service.", - "type": "integer", - "format": "int32" - } - } - }, - "istio.networking.v1alpha3.PortSelector": { - "description": "PortSelector specifies the number of a port to be used for matching or selection for final routing.", - "type": "object", - "properties": { - "number": { - "description": "Valid port number", - "type": "integer" - } - } - }, - "istio.networking.v1alpha3.Subset": { - "description": "A subset of endpoints of a service. Subsets can be used for scenarios like A/B testing, or routing to a specific version of a service. Refer to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using subsets in these scenarios. In addition, traffic policies defined at the service-level can be overridden at a subset-level. The following rule uses a round robin load balancing policy for all traffic going to a subset named testversion that is composed of endpoints (e.g., pods) with labels (version:v3).", - "type": "object", - "properties": { - "name": { - "description": "Name of the subset. The service name and the subset name can be used for traffic splitting in a route rule.", - "type": "string" - }, - "labels": { - "description": "Labels apply a filter over the endpoints of a service in the service registry. See route rules for examples of usage.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "trafficPolicy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TrafficPolicy" - } - } - }, - "istio.networking.v1alpha3.TrafficPolicy": { - "description": "Traffic policies to apply for a specific destination, across all destination ports. See DestinationRule for examples.", - "type": "object", - "properties": { - "loadBalancer": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings" - }, - "connectionPool": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings" - }, - "outlierDetection": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.OutlierDetection" - }, - "tls": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - }, - "portLevelSettings": { - "description": "Traffic policies specific to individual ports. Note that port level settings will override the destination-level settings. Traffic settings specified at the destination-level will not be inherited when overridden by port-level settings, i.e. default values will be applied to fields omitted in port-level traffic policies.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy" - } - }, - "tunnel": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TrafficPolicy.TunnelSettings" - } - } - }, - "istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy": { - "description": "Traffic policies that apply to specific ports of the service", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.PortSelector" - }, - "loadBalancer": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.LoadBalancerSettings" - }, - "connectionPool": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ConnectionPoolSettings" - }, - "outlierDetection": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.OutlierDetection" - }, - "tls": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ClientTLSSettings" - } - } - }, - "istio.networking.v1alpha3.TrafficPolicy.TunnelSettings": { - "type": "object", - "properties": { - "protocol": { - "description": "Specifies which protocol to use for tunneling the downstream connection. Supported protocols are: CONNECT - uses HTTP CONNECT; POST - uses HTTP POST. CONNECT is used by default if not specified. HTTP version for upstream requests is determined by the service protocol defined for the proxy.", - "type": "string" - }, - "targetHost": { - "description": "Specifies a host to which the downstream connection is tunneled. Target host must be an FQDN or IP address.", - "type": "string" - }, - "targetPort": { - "description": "Specifies a port to which the downstream connection is tunneled.", - "type": "integer" - } - } - }, - "istio.type.v1beta1.WorkloadSelector": { - "description": "WorkloadSelector specifies the criteria used to determine if a policy can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.", - "type": "object", - "properties": { - "matchLabels": { - "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. The scope of label search is restricted to the configuration namespace in which the resource is present.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.go b/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.go index 672cc9088..276ce9223 100644 --- a/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: networking/v1alpha3/destination_rule.proto @@ -31,10 +31,8 @@ // balancing pool. For example, a simple load balancing policy for the // ratings service would look as follows: // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -44,22 +42,6 @@ // loadBalancer: // simple: LEAST_REQUEST // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// ``` -// {{}} -// {{}} // // Version specific policies can be specified by defining a named // `subset` and overriding the settings specified at the service level. The @@ -67,10 +49,8 @@ // going to a subset named testversion that is composed of endpoints (e.g., // pods) with labels (version:v3). // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -87,29 +67,6 @@ // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// {{}} // // **Note:** Policies specified for subsets will not take effect until // a route rule explicitly sends traffic to this subset. @@ -119,31 +76,8 @@ // traffic to port 80, while uses a round robin load balancing setting for // traffic to the port 9080. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings-port -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports -// portLevelSettings: -// - port: -// number: 80 -// loadBalancer: -// simple: LEAST_REQUEST -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings-port @@ -160,17 +94,13 @@ // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// {{}} // // Destination Rules can be customized to specific workloads as well. // The following example shows how a destination rule can be applied to a // specific workload using the workloadSelector configuration. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: configure-client-mtls-dr-with-workloadselector @@ -189,31 +119,6 @@ // credentialName: client-credential // mode: MUTUAL // ``` -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: configure-client-mtls-dr-with-workloadselector -// spec: -// host: example.com -// workloadSelector: -// matchLabels: -// app: ratings -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// portLevelSettings: -// - port: -// number: 31443 -// tls: -// credentialName: client-credential -// mode: MUTUAL -// ``` -// {{}} -// {{}} -// package v1alpha3 @@ -235,6 +140,55 @@ const ( _ = protoimpl.EnforceVersion(protoimpl.MaxVersion - 20) ) +type TrafficPolicy_ProxyProtocol_VERSION int32 + +const ( + // ⁣PROXY protocol version 1. Human readable format. + TrafficPolicy_ProxyProtocol_V1 TrafficPolicy_ProxyProtocol_VERSION = 0 + // ⁣PROXY protocol version 2. Binary format. + TrafficPolicy_ProxyProtocol_V2 TrafficPolicy_ProxyProtocol_VERSION = 1 +) + +// Enum value maps for TrafficPolicy_ProxyProtocol_VERSION. +var ( + TrafficPolicy_ProxyProtocol_VERSION_name = map[int32]string{ + 0: "V1", + 1: "V2", + } + TrafficPolicy_ProxyProtocol_VERSION_value = map[string]int32{ + "V1": 0, + "V2": 1, + } +) + +func (x TrafficPolicy_ProxyProtocol_VERSION) Enum() *TrafficPolicy_ProxyProtocol_VERSION { + p := new(TrafficPolicy_ProxyProtocol_VERSION) + *p = x + return p +} + +func (x TrafficPolicy_ProxyProtocol_VERSION) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (TrafficPolicy_ProxyProtocol_VERSION) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_destination_rule_proto_enumTypes[0].Descriptor() +} + +func (TrafficPolicy_ProxyProtocol_VERSION) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_destination_rule_proto_enumTypes[0] +} + +func (x TrafficPolicy_ProxyProtocol_VERSION) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use TrafficPolicy_ProxyProtocol_VERSION.Descriptor instead. +func (TrafficPolicy_ProxyProtocol_VERSION) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{1, 2, 0} +} + +// +kubebuilder:validation:XValidation:message="only one of warmupDurationSecs or warmup can be set",rule="(has(self.warmupDurationSecs)?1:0)+(has(self.warmup)?1:0)<=1" // Standard load balancing algorithms that require no tuning. type LoadBalancerSettings_SimpleLB int32 @@ -299,11 +253,11 @@ func (x LoadBalancerSettings_SimpleLB) String() string { } func (LoadBalancerSettings_SimpleLB) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1alpha3_destination_rule_proto_enumTypes[0].Descriptor() + return file_networking_v1alpha3_destination_rule_proto_enumTypes[1].Descriptor() } func (LoadBalancerSettings_SimpleLB) Type() protoreflect.EnumType { - return &file_networking_v1alpha3_destination_rule_proto_enumTypes[0] + return &file_networking_v1alpha3_destination_rule_proto_enumTypes[1] } func (x LoadBalancerSettings_SimpleLB) Number() protoreflect.EnumNumber { @@ -354,11 +308,11 @@ func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) String() string { } func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1alpha3_destination_rule_proto_enumTypes[1].Descriptor() + return file_networking_v1alpha3_destination_rule_proto_enumTypes[2].Descriptor() } func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Type() protoreflect.EnumType { - return &file_networking_v1alpha3_destination_rule_proto_enumTypes[1] + return &file_networking_v1alpha3_destination_rule_proto_enumTypes[2] } func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Number() protoreflect.EnumNumber { @@ -367,7 +321,7 @@ func (x ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) Number() protorefle // Deprecated: Use ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy.Descriptor instead. func (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy) EnumDescriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{4, 1, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5, 1, 0} } // TLS connection mode @@ -416,11 +370,11 @@ func (x ClientTLSSettings_TLSmode) String() string { } func (ClientTLSSettings_TLSmode) Descriptor() protoreflect.EnumDescriptor { - return file_networking_v1alpha3_destination_rule_proto_enumTypes[2].Descriptor() + return file_networking_v1alpha3_destination_rule_proto_enumTypes[3].Descriptor() } func (ClientTLSSettings_TLSmode) Type() protoreflect.EnumType { - return &file_networking_v1alpha3_destination_rule_proto_enumTypes[2] + return &file_networking_v1alpha3_destination_rule_proto_enumTypes[3] } func (x ClientTLSSettings_TLSmode) Number() protoreflect.EnumNumber { @@ -429,7 +383,7 @@ func (x ClientTLSSettings_TLSmode) Number() protoreflect.EnumNumber { // Deprecated: Use ClientTLSSettings_TLSmode.Descriptor instead. func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{6, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{7, 0} } // DestinationRule defines policies that apply to traffic intended for a service @@ -437,8 +391,7 @@ func (ClientTLSSettings_TLSmode) EnumDescriptor() ([]byte, []int) { // // -// type DestinationRule struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -517,11 +467,9 @@ type DestinationRule struct { func (x *DestinationRule) Reset() { *x = DestinationRule{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *DestinationRule) String() string { @@ -532,7 +480,7 @@ func (*DestinationRule) ProtoMessage() {} func (x *DestinationRule) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -602,20 +550,21 @@ type TrafficPolicy struct { // settings specified at the destination-level will not be inherited when // overridden by port-level settings, i.e. default values will be applied // to fields omitted in port-level traffic policies. + // +kubebuilder:validation:MaxItems=4096 PortLevelSettings []*TrafficPolicy_PortTrafficPolicy `protobuf:"bytes,5,rep,name=port_level_settings,json=portLevelSettings,proto3" json:"port_level_settings,omitempty"` // Configuration of tunneling TCP over other transport or application layers // for the host configured in the DestinationRule. // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. Tunnel *TrafficPolicy_TunnelSettings `protobuf:"bytes,6,opt,name=tunnel,proto3" json:"tunnel,omitempty"` + // The upstream PROXY protocol settings. + ProxyProtocol *TrafficPolicy_ProxyProtocol `protobuf:"bytes,7,opt,name=proxy_protocol,json=proxyProtocol,proto3" json:"proxy_protocol,omitempty"` } func (x *TrafficPolicy) Reset() { *x = TrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TrafficPolicy) String() string { @@ -626,7 +575,7 @@ func (*TrafficPolicy) ProtoMessage() {} func (x *TrafficPolicy) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -683,6 +632,13 @@ func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { return nil } +func (x *TrafficPolicy) GetProxyProtocol() *TrafficPolicy_ProxyProtocol { + if x != nil { + return x.ProxyProtocol + } + return nil +} + // A subset of endpoints of a service. Subsets can be used for scenarios // like A/B testing, or routing to a specific version of a service. Refer // to [VirtualService](https://istio.io/docs/reference/config/networking/virtual-service/#VirtualService) documentation for examples of using @@ -692,35 +648,8 @@ func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { // subset named testversion that is composed of endpoints (e.g., pods) with // labels (version:v3). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -741,8 +670,6 @@ func (x *TrafficPolicy) GetTunnel() *TrafficPolicy_TunnelSettings { // simple: ROUND_ROBIN // // ``` -// {{}} -// {{}} // // **Note:** Policies specified for subsets will not take effect until // a route rule explicitly sends traffic to this subset. @@ -772,11 +699,9 @@ type Subset struct { func (x *Subset) Reset() { *x = Subset{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Subset) String() string { @@ -787,7 +712,7 @@ func (*Subset) ProtoMessage() {} func (x *Subset) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -831,10 +756,8 @@ func (x *Subset) GetTrafficPolicy() *TrafficPolicy { // For example, the following rule uses a round robin load balancing policy // for all traffic going to the ratings service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -848,35 +771,13 @@ func (x *Subset) GetTrafficPolicy() *TrafficPolicy { // simple: ROUND_ROBIN // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// -// ``` -// {{}} -// {{}} // // The following example sets up sticky sessions for the ratings service // hashing-based load balancer for the same ratings service using the // the User cookie as the hash key. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -893,29 +794,6 @@ func (x *Subset) GetTrafficPolicy() *TrafficPolicy { // ttl: 0s // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-ratings -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// -// ``` -// {{}} -// {{}} type LoadBalancerSettings struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -931,7 +809,9 @@ type LoadBalancerSettings struct { // Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed // between this object and the object one in MeshConfig LocalityLbSetting *LocalityLoadBalancerSetting `protobuf:"bytes,3,opt,name=locality_lb_setting,json=localityLbSetting,proto3" json:"locality_lb_setting,omitempty"` - // Represents the warmup duration of Service. If set, the newly created endpoint of service + // Deprecated: use `warmup` instead. + WarmupDurationSecs *duration.Duration `protobuf:"bytes,4,opt,name=warmup_duration_secs,json=warmupDurationSecs,proto3" json:"warmup_duration_secs,omitempty"` + // Represents the warmup configuration of Service. If set, the newly created endpoint of service // remains in warmup mode starting from its creation time for the duration of this window and // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. // This should be enabled for services that require warm up time to serve full production load with reasonable latency. @@ -939,16 +819,14 @@ type LoadBalancerSettings struct { // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same // amount of requests. // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. - WarmupDurationSecs *duration.Duration `protobuf:"bytes,4,opt,name=warmup_duration_secs,json=warmupDurationSecs,proto3" json:"warmup_duration_secs,omitempty"` + Warmup *WarmupConfiguration `protobuf:"bytes,5,opt,name=warmup,proto3" json:"warmup,omitempty"` } func (x *LoadBalancerSettings) Reset() { *x = LoadBalancerSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings) String() string { @@ -959,7 +837,7 @@ func (*LoadBalancerSettings) ProtoMessage() {} func (x *LoadBalancerSettings) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1009,6 +887,13 @@ func (x *LoadBalancerSettings) GetWarmupDurationSecs() *duration.Duration { return nil } +func (x *LoadBalancerSettings) GetWarmup() *WarmupConfiguration { + if x != nil { + return x.Warmup + } + return nil +} + type isLoadBalancerSettings_LbPolicy interface { isLoadBalancerSettings_LbPolicy() } @@ -1025,6 +910,76 @@ func (*LoadBalancerSettings_Simple) isLoadBalancerSettings_LbPolicy() {} func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} +type WarmupConfiguration struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Duration of warmup mode + Duration *duration.Duration `protobuf:"bytes,1,opt,name=duration,proto3" json:"duration,omitempty"` + // Configures the minimum percentage of origin weight + // If unspecified, defaults to 10 + // +kubebuilder:validation:Maximum=100 + // +kubebuilder:validation:Minimum=0 + MinimumPercent *wrappers.DoubleValue `protobuf:"bytes,2,opt,name=minimum_percent,json=minimumPercent,proto3" json:"minimum_percent,omitempty"` + // This parameter controls the speed of traffic increase over the warmup duration. Defaults to 1.0, so that endpoints would + // get linearly increasing amount of traffic. When increasing the value for this parameter, + // the speed of traffic ramp-up increases non-linearly. + // +kubebuilder:validation:Minimum=1 + Aggression *wrappers.DoubleValue `protobuf:"bytes,3,opt,name=aggression,proto3" json:"aggression,omitempty"` +} + +func (x *WarmupConfiguration) Reset() { + *x = WarmupConfiguration{} + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *WarmupConfiguration) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*WarmupConfiguration) ProtoMessage() {} + +func (x *WarmupConfiguration) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[4] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use WarmupConfiguration.ProtoReflect.Descriptor instead. +func (*WarmupConfiguration) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{4} +} + +func (x *WarmupConfiguration) GetDuration() *duration.Duration { + if x != nil { + return x.Duration + } + return nil +} + +func (x *WarmupConfiguration) GetMinimumPercent() *wrappers.DoubleValue { + if x != nil { + return x.MinimumPercent + } + return nil +} + +func (x *WarmupConfiguration) GetAggression() *wrappers.DoubleValue { + if x != nil { + return x.Aggression + } + return nil +} + // Connection pool settings for an upstream host. The settings apply to // each individual host in the upstream service. See Envoy's [circuit // breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) @@ -1034,10 +989,8 @@ func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} // For example, the following rule sets a limit of 100 connections to redis // service called myredissrv with a connect timeout of 30ms // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1056,31 +1009,6 @@ func (*LoadBalancerSettings_ConsistentHash) isLoadBalancerSettings_LbPolicy() {} // interval: 75s // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// -// name: bookinfo-redis -// -// spec: -// -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// -// ``` -// {{}} -// {{}} type ConnectionPoolSettings struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1094,11 +1022,9 @@ type ConnectionPoolSettings struct { func (x *ConnectionPoolSettings) Reset() { *x = ConnectionPoolSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConnectionPoolSettings) String() string { @@ -1108,8 +1034,8 @@ func (x *ConnectionPoolSettings) String() string { func (*ConnectionPoolSettings) ProtoMessage() {} func (x *ConnectionPoolSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[5] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1121,7 +1047,7 @@ func (x *ConnectionPoolSettings) ProtoReflect() protoreflect.Message { // Deprecated: Use ConnectionPoolSettings.ProtoReflect.Descriptor instead. func (*ConnectionPoolSettings) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{4} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5} } func (x *ConnectionPoolSettings) GetTcp() *ConnectionPoolSettings_TCPSettings { @@ -1138,52 +1064,24 @@ func (x *ConnectionPoolSettings) GetHttp() *ConnectionPoolSettings_HTTPSettings return nil } -// A Circuit breaker implementation that tracks the status of each -// individual host in the upstream service. Applicable to both HTTP and -// TCP services. For HTTP services, hosts that continually return 5xx -// errors for API calls are ejected from the pool for a pre-defined period -// of time. For TCP services, connection timeouts or connection -// failures to a given host counts as an error when measuring the -// consecutive errors metric. See Envoy's [outlier -// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) -// for more details. -// -// The following rule sets a connection pool size of 100 HTTP1 connections -// with no more than 10 req/connection to the "reviews" service. In addition, -// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream -// hosts to be scanned every 5 mins so that any host that fails 7 consecutive -// times with a 502, 503, or 504 error code will be ejected for 15 minutes. -// -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: reviews-cb-policy -// -// spec: -// -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutive5xxErrors: 7 -// interval: 5m -// baseEjectionTime: 15m +// A Circuit breaker implementation that tracks the status of each +// individual host in the upstream service. Applicable to both HTTP and +// TCP services. For HTTP services, hosts that continually return 5xx +// errors for API calls are ejected from the pool for a pre-defined period +// of time. For TCP services, connection timeouts or connection +// failures to a given host counts as an error when measuring the +// consecutive errors metric. See Envoy's [outlier +// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier) +// for more details. // -// ``` -// {{}} +// The following rule sets a connection pool size of 100 HTTP1 connections +// with no more than 10 req/connection to the "reviews" service. In addition, +// it sets a limit of 1000 concurrent HTTP2 requests and configures upstream +// hosts to be scanned every 5 mins so that any host that fails 7 consecutive +// times with a 502, 503, or 504 error code will be ejected for 15 minutes. // -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1205,8 +1103,6 @@ func (x *ConnectionPoolSettings) GetHttp() *ConnectionPoolSettings_HTTPSettings // baseEjectionTime: 15m // // ``` -// {{}} -// {{}} type OutlierDetection struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1285,11 +1181,9 @@ type OutlierDetection struct { func (x *OutlierDetection) Reset() { *x = OutlierDetection{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *OutlierDetection) String() string { @@ -1299,8 +1193,8 @@ func (x *OutlierDetection) String() string { func (*OutlierDetection) ProtoMessage() {} func (x *OutlierDetection) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[6] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1312,7 +1206,7 @@ func (x *OutlierDetection) ProtoReflect() protoreflect.Message { // Deprecated: Use OutlierDetection.ProtoReflect.Descriptor instead. func (*OutlierDetection) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{6} } // Deprecated: Marked as deprecated in networking/v1alpha3/destination_rule.proto. @@ -1386,31 +1280,8 @@ func (x *OutlierDetection) GetMinHealthPercent() int32 { // For example, the following rule configures a client to use mutual TLS // for connections to upstream database cluster. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: db-mtls -// -// spec: -// -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1427,34 +1298,12 @@ func (x *OutlierDetection) GetMinHealthPercent() int32 { // caCertificates: /etc/certs/rootcacerts.pem // // ``` -// {{}} -// {{}} // // The following rule configures a client to use TLS when talking to a // foreign service whose domain matches *.foo.com. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: tls-foo -// -// spec: -// -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1468,34 +1317,12 @@ func (x *OutlierDetection) GetMinHealthPercent() int32 { // mode: SIMPLE // // ``` -// {{}} -// {{}} // // The following rule configures a client to use Istio mutual TLS when talking // to rating services. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: ratings-istio-mtls -// -// spec: -// -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1509,8 +1336,6 @@ func (x *OutlierDetection) GetMinHealthPercent() int32 { // mode: ISTIO_MUTUAL // // ``` -// {{}} -// {{}} type ClientTLSSettings struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1529,7 +1354,8 @@ type ClientTLSSettings struct { PrivateKey string `protobuf:"bytes,3,opt,name=private_key,json=privateKey,proto3" json:"private_key,omitempty"` // OPTIONAL: The path to the file containing certificate authority // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will not verify the server's certificate. + // omitted, the proxy will verify the server's certificate using + // the OS CA certificates. // Should be empty if mode is `ISTIO_MUTUAL`. CaCertificates string `protobuf:"bytes,4,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` // The name of the secret that holds the TLS certs for the @@ -1558,36 +1384,30 @@ type ClientTLSSettings struct { // If specified, this list overrides the value of subject_alt_names // from the ServiceEntry. If unspecified, automatic validation of upstream // presented certificate for new upstream connections will be done based on the - // downstream HTTP host/authority header, provided `VERIFY_CERTIFICATE_AT_CLIENT` - // and `ENABLE_AUTO_SNI` environmental variables are set to `true`. + // downstream HTTP host/authority header. SubjectAltNames []string `protobuf:"bytes,5,rep,name=subject_alt_names,json=subjectAltNames,proto3" json:"subject_alt_names,omitempty"` // SNI string to present to the server during TLS handshake. // If unspecified, SNI will be automatically set based on downstream HTTP - // host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` - // environmental variable is set to `true`. + // host/authority header for SIMPLE and MUTUAL TLS modes. Sni string `protobuf:"bytes,6,opt,name=sni,proto3" json:"sni,omitempty"` - // InsecureSkipVerify specifies whether the proxy should skip verifying the + // `insecureSkipVerify` specifies whether the proxy should skip verifying the // CA signature and SAN for the server certificate corresponding to the host. - // This flag should only be set if global CA signature verification is - // enabled, `VerifyCertAtClient` environmental variable is set to `true`, - // but no verification is desired for a specific host. If enabled with or - // without `VerifyCertAtClient` enabled, verification of the CA signature and - // SAN will be skipped. - // - // `InsecureSkipVerify` is `false` by default. - // `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will - // be `true` by default in a later version where, going forward, it will be - // enabled by default. + // The default value of this field is false. InsecureSkipVerify *wrappers.BoolValue `protobuf:"bytes,8,opt,name=insecure_skip_verify,json=insecureSkipVerify,proto3" json:"insecure_skip_verify,omitempty"` + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented server certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. Note that if `credentialName` is set, + // `CRL` cannot be specified using `caCrl`, rather it has to be specified inside the credential. + CaCrl string `protobuf:"bytes,9,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` } func (x *ClientTLSSettings) Reset() { *x = ClientTLSSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ClientTLSSettings) String() string { @@ -1597,8 +1417,8 @@ func (x *ClientTLSSettings) String() string { func (*ClientTLSSettings) ProtoMessage() {} func (x *ClientTLSSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[7] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1610,7 +1430,7 @@ func (x *ClientTLSSettings) ProtoReflect() protoreflect.Message { // Deprecated: Use ClientTLSSettings.ProtoReflect.Descriptor instead. func (*ClientTLSSettings) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{6} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{7} } func (x *ClientTLSSettings) GetMode() ClientTLSSettings_TLSmode { @@ -1669,6 +1489,13 @@ func (x *ClientTLSSettings) GetInsecureSkipVerify() *wrappers.BoolValue { return nil } +func (x *ClientTLSSettings) GetCaCrl() string { + if x != nil { + return x.CaCrl + } + return "" +} + // Locality-weighted load balancing allows administrators to control the // distribution of traffic to endpoints based on the localities of where the // traffic originates and where it will terminate. These localities are @@ -1765,6 +1592,7 @@ type LocalityLoadBalancerSetting struct { // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. // // The below topology config indicates the following priority levels: // @@ -1803,11 +1631,9 @@ type LocalityLoadBalancerSetting struct { func (x *LocalityLoadBalancerSetting) Reset() { *x = LocalityLoadBalancerSetting{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LocalityLoadBalancerSetting) String() string { @@ -1817,8 +1643,8 @@ func (x *LocalityLoadBalancerSetting) String() string { func (*LocalityLoadBalancerSetting) ProtoMessage() {} func (x *LocalityLoadBalancerSetting) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[8] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1830,7 +1656,7 @@ func (x *LocalityLoadBalancerSetting) ProtoReflect() protoreflect.Message { // Deprecated: Use LocalityLoadBalancerSetting.ProtoReflect.Descriptor instead. func (*LocalityLoadBalancerSetting) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{7} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{8} } func (x *LocalityLoadBalancerSetting) GetDistribute() []*LocalityLoadBalancerSetting_Distribute { @@ -1882,11 +1708,9 @@ type TrafficPolicy_PortTrafficPolicy struct { func (x *TrafficPolicy_PortTrafficPolicy) Reset() { *x = TrafficPolicy_PortTrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TrafficPolicy_PortTrafficPolicy) String() string { @@ -1896,8 +1720,8 @@ func (x *TrafficPolicy_PortTrafficPolicy) String() string { func (*TrafficPolicy_PortTrafficPolicy) ProtoMessage() {} func (x *TrafficPolicy_PortTrafficPolicy) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[9] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1970,11 +1794,9 @@ type TrafficPolicy_TunnelSettings struct { func (x *TrafficPolicy_TunnelSettings) Reset() { *x = TrafficPolicy_TunnelSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TrafficPolicy_TunnelSettings) String() string { @@ -1984,8 +1806,8 @@ func (x *TrafficPolicy_TunnelSettings) String() string { func (*TrafficPolicy_TunnelSettings) ProtoMessage() {} func (x *TrafficPolicy_TunnelSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[10] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2021,6 +1843,53 @@ func (x *TrafficPolicy_TunnelSettings) GetTargetPort() uint32 { return 0 } +type TrafficPolicy_ProxyProtocol struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. + // By default it is `V1`. + Version TrafficPolicy_ProxyProtocol_VERSION `protobuf:"varint,1,opt,name=version,proto3,enum=istio.networking.v1alpha3.TrafficPolicy_ProxyProtocol_VERSION" json:"version,omitempty"` +} + +func (x *TrafficPolicy_ProxyProtocol) Reset() { + *x = TrafficPolicy_ProxyProtocol{} + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *TrafficPolicy_ProxyProtocol) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*TrafficPolicy_ProxyProtocol) ProtoMessage() {} + +func (x *TrafficPolicy_ProxyProtocol) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[11] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use TrafficPolicy_ProxyProtocol.ProtoReflect.Descriptor instead. +func (*TrafficPolicy_ProxyProtocol) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{1, 2} +} + +func (x *TrafficPolicy_ProxyProtocol) GetVersion() TrafficPolicy_ProxyProtocol_VERSION { + if x != nil { + return x.Version + } + return TrafficPolicy_ProxyProtocol_V1 +} + // Consistent Hash-based load balancing can be used to provide soft // session affinity based on HTTP headers, cookies or other // properties. The affinity to a particular destination host may be @@ -2070,11 +1939,9 @@ type LoadBalancerSettings_ConsistentHashLB struct { func (x *LoadBalancerSettings_ConsistentHashLB) Reset() { *x = LoadBalancerSettings_ConsistentHashLB{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings_ConsistentHashLB) String() string { @@ -2084,8 +1951,8 @@ func (x *LoadBalancerSettings_ConsistentHashLB) String() string { func (*LoadBalancerSettings_ConsistentHashLB) ProtoMessage() {} func (x *LoadBalancerSettings_ConsistentHashLB) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[13] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2236,11 +2103,9 @@ type LoadBalancerSettings_ConsistentHashLB_RingHash struct { func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) Reset() { *x = LoadBalancerSettings_ConsistentHashLB_RingHash{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) String() string { @@ -2250,8 +2115,8 @@ func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) String() string { func (*LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoMessage() {} func (x *LoadBalancerSettings_ConsistentHashLB_RingHash) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[14] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2281,16 +2146,16 @@ type LoadBalancerSettings_ConsistentHashLB_MagLev struct { // The table size for Maglev hashing. This helps in controlling the // disruption when the backend hosts change. // Increasing the table size reduces the amount of disruption. + // The table size must be prime number less than 5000011. + // If it is not specified, the default is 65537. TableSize uint64 `protobuf:"varint,1,opt,name=table_size,json=tableSize,proto3" json:"table_size,omitempty"` } func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) Reset() { *x = LoadBalancerSettings_ConsistentHashLB_MagLev{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) String() string { @@ -2300,8 +2165,8 @@ func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) String() string { func (*LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoMessage() {} func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[15] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2324,8 +2189,7 @@ func (x *LoadBalancerSettings_ConsistentHashLB_MagLev) GetTableSize() uint64 { } // Describes a HTTP cookie that will be used as the hash key for the -// Consistent Hash load balancer. If the cookie is not present, it will -// be generated. +// Consistent Hash load balancer. type LoadBalancerSettings_ConsistentHashLB_HTTPCookie struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2335,17 +2199,18 @@ type LoadBalancerSettings_ConsistentHashLB_HTTPCookie struct { Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // Path to set for the cookie. Path string `protobuf:"bytes,2,opt,name=path,proto3" json:"path,omitempty"` - // Lifetime of the cookie. + // Lifetime of the cookie. If specified, a cookie with the TTL will be + // generated if the cookie is not present. If the TTL is present and zero, + // the generated cookie will be a session cookie. + // +protoc-gen-crd:duration-validation:none Ttl *duration.Duration `protobuf:"bytes,3,opt,name=ttl,proto3" json:"ttl,omitempty"` } func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) Reset() { *x = LoadBalancerSettings_ConsistentHashLB_HTTPCookie{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) String() string { @@ -2355,8 +2220,8 @@ func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) String() string { func (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoMessage() {} func (x *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[16] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2409,15 +2274,22 @@ type ConnectionPoolSettings_TCPSettings struct { // was established. If not set, there is no max duration. When max_connection_duration // is reached the connection will be closed. Duration must be at least 1ms. MaxConnectionDuration *duration.Duration `protobuf:"bytes,4,opt,name=max_connection_duration,json=maxConnectionDuration,proto3" json:"max_connection_duration,omitempty"` + // The idle timeout for TCP connections. + // The idle timeout is defined as the period in which there are no bytes sent or received on either + // the upstream or downstream connection. + // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. + // Idle timeout is not configured per each cluster individually when weighted destinations are used, + // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout + // specified in a destination rule for the first weighted route is configured in the listener, + // which means also for all weighted routes. + IdleTimeout *duration.Duration `protobuf:"bytes,5,opt,name=idle_timeout,json=idleTimeout,proto3" json:"idle_timeout,omitempty"` } func (x *ConnectionPoolSettings_TCPSettings) Reset() { *x = ConnectionPoolSettings_TCPSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConnectionPoolSettings_TCPSettings) String() string { @@ -2427,8 +2299,8 @@ func (x *ConnectionPoolSettings_TCPSettings) String() string { func (*ConnectionPoolSettings_TCPSettings) ProtoMessage() {} func (x *ConnectionPoolSettings_TCPSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[17] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2440,7 +2312,7 @@ func (x *ConnectionPoolSettings_TCPSettings) ProtoReflect() protoreflect.Message // Deprecated: Use ConnectionPoolSettings_TCPSettings.ProtoReflect.Descriptor instead. func (*ConnectionPoolSettings_TCPSettings) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{4, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5, 0} } func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnections() int32 { @@ -2471,6 +2343,13 @@ func (x *ConnectionPoolSettings_TCPSettings) GetMaxConnectionDuration() *duratio return nil } +func (x *ConnectionPoolSettings_TCPSettings) GetIdleTimeout() *duration.Duration { + if x != nil { + return x.IdleTimeout + } + return nil +} + // Settings applicable to HTTP1.1/HTTP2/GRPC connections. type ConnectionPoolSettings_HTTPSettings struct { state protoimpl.MessageState @@ -2507,15 +2386,16 @@ type ConnectionPoolSettings_HTTPSettings struct { // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client // connections will not be upgraded to http2. UseClientProtocol bool `protobuf:"varint,7,opt,name=use_client_protocol,json=useClientProtocol,proto3" json:"use_client_protocol,omitempty"` + // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. + // Defaults to 2^31-1. + MaxConcurrentStreams int32 `protobuf:"varint,8,opt,name=max_concurrent_streams,json=maxConcurrentStreams,proto3" json:"max_concurrent_streams,omitempty"` } func (x *ConnectionPoolSettings_HTTPSettings) Reset() { *x = ConnectionPoolSettings_HTTPSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConnectionPoolSettings_HTTPSettings) String() string { @@ -2525,8 +2405,8 @@ func (x *ConnectionPoolSettings_HTTPSettings) String() string { func (*ConnectionPoolSettings_HTTPSettings) ProtoMessage() {} func (x *ConnectionPoolSettings_HTTPSettings) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[18] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2538,7 +2418,7 @@ func (x *ConnectionPoolSettings_HTTPSettings) ProtoReflect() protoreflect.Messag // Deprecated: Use ConnectionPoolSettings_HTTPSettings.ProtoReflect.Descriptor instead. func (*ConnectionPoolSettings_HTTPSettings) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{4, 1} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5, 1} } func (x *ConnectionPoolSettings_HTTPSettings) GetHttp1MaxPendingRequests() int32 { @@ -2590,6 +2470,13 @@ func (x *ConnectionPoolSettings_HTTPSettings) GetUseClientProtocol() bool { return false } +func (x *ConnectionPoolSettings_HTTPSettings) GetMaxConcurrentStreams() int32 { + if x != nil { + return x.MaxConcurrentStreams + } + return 0 +} + // TCP keepalive. type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct { state protoimpl.MessageState @@ -2612,11 +2499,9 @@ type ConnectionPoolSettings_TCPSettings_TcpKeepalive struct { func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) Reset() { *x = ConnectionPoolSettings_TCPSettings_TcpKeepalive{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) String() string { @@ -2626,8 +2511,8 @@ func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) String() string { func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoMessage() {} func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[19] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2639,7 +2524,7 @@ func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) ProtoReflect() protore // Deprecated: Use ConnectionPoolSettings_TCPSettings_TcpKeepalive.ProtoReflect.Descriptor instead. func (*ConnectionPoolSettings_TCPSettings_TcpKeepalive) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{4, 0, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{5, 0, 0} } func (x *ConnectionPoolSettings_TCPSettings_TcpKeepalive) GetProbes() uint32 { @@ -2688,11 +2573,9 @@ type LocalityLoadBalancerSetting_Distribute struct { func (x *LocalityLoadBalancerSetting_Distribute) Reset() { *x = LocalityLoadBalancerSetting_Distribute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LocalityLoadBalancerSetting_Distribute) String() string { @@ -2702,8 +2585,8 @@ func (x *LocalityLoadBalancerSetting_Distribute) String() string { func (*LocalityLoadBalancerSetting_Distribute) ProtoMessage() {} func (x *LocalityLoadBalancerSetting_Distribute) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[20] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2715,7 +2598,7 @@ func (x *LocalityLoadBalancerSetting_Distribute) ProtoReflect() protoreflect.Mes // Deprecated: Use LocalityLoadBalancerSetting_Distribute.ProtoReflect.Descriptor instead. func (*LocalityLoadBalancerSetting_Distribute) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{7, 0} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{8, 0} } func (x *LocalityLoadBalancerSetting_Distribute) GetFrom() string { @@ -2753,11 +2636,9 @@ type LocalityLoadBalancerSetting_Failover struct { func (x *LocalityLoadBalancerSetting_Failover) Reset() { *x = LocalityLoadBalancerSetting_Failover{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *LocalityLoadBalancerSetting_Failover) String() string { @@ -2767,8 +2648,8 @@ func (x *LocalityLoadBalancerSetting_Failover) String() string { func (*LocalityLoadBalancerSetting_Failover) ProtoMessage() {} func (x *LocalityLoadBalancerSetting_Failover) ProtoReflect() protoreflect.Message { - mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { + mi := &file_networking_v1alpha3_destination_rule_proto_msgTypes[21] + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2780,7 +2661,7 @@ func (x *LocalityLoadBalancerSetting_Failover) ProtoReflect() protoreflect.Messa // Deprecated: Use LocalityLoadBalancerSetting_Failover.ProtoReflect.Descriptor instead. func (*LocalityLoadBalancerSetting_Failover) Descriptor() ([]byte, []int) { - return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{7, 1} + return file_networking_v1alpha3_destination_rule_proto_rawDescGZIP(), []int{8, 1} } func (x *LocalityLoadBalancerSetting_Failover) GetFrom() string { @@ -2815,59 +2696,65 @@ var file_networking_v1alpha3_destination_rule_proto_rawDesc = []byte{ 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0xa8, 0x02, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x75, 0x6c, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x4f, 0x0a, - 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, - 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3b, - 0x0a, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x75, 0x62, 0x73, - 0x65, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, 0x65, - 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, - 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x51, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, - 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, - 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x22, 0xb1, 0x08, 0x0a, 0x0d, - 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x54, 0x0a, - 0x0d, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, - 0x63, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, - 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, - 0x58, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, 0x63, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, - 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, - 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, 0x73, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x6a, 0x0a, 0x13, 0x70, 0x6f, 0x72, - 0x74, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x22, 0xa9, 0x02, 0x0a, 0x0f, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x52, 0x75, 0x6c, 0x65, 0x12, 0x18, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x4f, + 0x0a, 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x52, 0x11, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4f, 0x0a, 0x06, 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x52, 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, + 0x3b, 0x0a, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x75, 0x62, + 0x73, 0x65, 0x74, 0x52, 0x07, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x73, 0x12, 0x1b, 0x0a, 0x09, + 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x51, 0x0a, 0x11, 0x77, 0x6f, 0x72, + 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, + 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x22, 0x99, 0x0a, 0x0a, + 0x0d, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x54, + 0x0a, 0x0d, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x62, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, - 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x06, - 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x1a, 0x9c, 0x03, 0x0a, 0x11, 0x50, 0x6f, 0x72, 0x74, 0x54, + 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x0c, 0x6c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, + 0x6e, 0x63, 0x65, 0x72, 0x12, 0x5a, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, + 0x12, 0x58, 0x0a, 0x11, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x5f, 0x64, 0x65, 0x74, 0x65, + 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, 0x44, + 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x6f, 0x75, 0x74, 0x6c, 0x69, 0x65, + 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, + 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, + 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x6a, 0x0a, 0x13, 0x70, 0x6f, + 0x72, 0x74, 0x5f, 0x6c, 0x65, 0x76, 0x65, 0x6c, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, + 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, + 0x79, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x52, 0x11, 0x70, 0x6f, 0x72, 0x74, 0x4c, 0x65, 0x76, 0x65, 0x6c, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4f, 0x0a, 0x06, 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, + 0x2e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, + 0x06, 0x74, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x12, 0x5d, 0x0a, 0x0e, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, + 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, + 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x0d, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, + 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x1a, 0x9c, 0x03, 0x0a, 0x11, 0x50, 0x6f, 0x72, 0x74, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3b, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, @@ -2893,291 +2780,326 @@ var file_networking_v1alpha3_destination_rule_proto_rawDesc = []byte{ 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x52, 0x03, 0x74, 0x6c, 0x73, 0x1a, 0x78, 0x0a, 0x0e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, + 0x52, 0x03, 0x74, 0x6c, 0x73, 0x1a, 0x7a, 0x0a, 0x0e, 0x54, 0x75, 0x6e, 0x6e, 0x65, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x12, 0x24, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x68, 0x6f, - 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x74, - 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x24, 0x0a, 0x0b, 0x74, 0x61, 0x72, - 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, - 0xf4, 0x01, 0x0a, 0x06, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, - 0x61, 0x6d, 0x65, 0x12, 0x45, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x02, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, - 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x4f, 0x0a, 0x0e, 0x74, 0x72, - 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, - 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, - 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x88, 0x0a, 0x0a, 0x14, 0x4c, 0x6f, 0x61, 0x64, 0x42, - 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, - 0x52, 0x0a, 0x06, 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, - 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, - 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, - 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4c, 0x42, 0x48, 0x00, 0x52, 0x06, 0x73, 0x69, 0x6d, - 0x70, 0x6c, 0x65, 0x12, 0x6b, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, - 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, - 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x48, 0x00, - 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, - 0x12, 0x66, 0x0a, 0x13, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x62, 0x5f, - 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, + 0x63, 0x6f, 0x6c, 0x12, 0x25, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x68, 0x6f, + 0x73, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0a, + 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x48, 0x6f, 0x73, 0x74, 0x12, 0x25, 0x0a, 0x0b, 0x74, 0x61, + 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, + 0x74, 0x1a, 0x84, 0x01, 0x0a, 0x0d, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x12, 0x58, 0x0a, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, + 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x50, + 0x72, 0x6f, 0x78, 0x79, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x2e, 0x56, 0x45, 0x52, + 0x53, 0x49, 0x4f, 0x4e, 0x52, 0x07, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x19, 0x0a, + 0x07, 0x56, 0x45, 0x52, 0x53, 0x49, 0x4f, 0x4e, 0x12, 0x06, 0x0a, 0x02, 0x56, 0x31, 0x10, 0x00, + 0x12, 0x06, 0x0a, 0x02, 0x56, 0x32, 0x10, 0x01, 0x22, 0xf5, 0x01, 0x0a, 0x06, 0x53, 0x75, 0x62, + 0x73, 0x65, 0x74, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x45, 0x0a, + 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, - 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x52, 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, - 0x62, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x4b, 0x0a, 0x14, 0x77, 0x61, 0x72, 0x6d, - 0x75, 0x70, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x73, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x52, 0x12, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x53, 0x65, 0x63, 0x73, 0x1a, 0xfa, 0x05, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x12, 0x2a, 0x0a, 0x10, 0x68, 0x74, - 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x6e, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x63, - 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4b, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, - 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, - 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x48, 0x54, - 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, - 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x75, 0x73, 0x65, 0x5f, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, 0x00, 0x52, - 0x0b, 0x75, 0x73, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x3b, 0x0a, 0x19, - 0x68, 0x74, 0x74, 0x70, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, 0x6d, - 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x16, 0x68, 0x74, 0x74, 0x70, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, - 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x68, 0x0a, 0x09, 0x72, 0x69, 0x6e, - 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x75, 0x62, 0x73, 0x65, 0x74, + 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x06, 0x6c, 0x61, + 0x62, 0x65, 0x6c, 0x73, 0x12, 0x4f, 0x0a, 0x0e, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, - 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, - 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x52, - 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x01, 0x52, 0x08, 0x72, 0x69, 0x6e, 0x67, 0x48, - 0x61, 0x73, 0x68, 0x12, 0x61, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, 0x07, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, - 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, - 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, - 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x4d, 0x61, 0x67, 0x4c, 0x65, 0x76, 0x48, 0x01, 0x52, 0x06, - 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x2e, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, - 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x04, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, - 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, - 0x73, 0x68, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, - 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x0f, 0x6d, - 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x27, - 0x0a, 0x06, 0x4d, 0x61, 0x67, 0x4c, 0x65, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x61, 0x62, 0x6c, - 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, 0x74, 0x61, - 0x62, 0x6c, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x6b, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, 0x43, - 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, - 0x74, 0x68, 0x12, 0x30, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, - 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, - 0x03, 0x74, 0x74, 0x6c, 0x42, 0x0a, 0x0a, 0x08, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x6b, 0x65, 0x79, - 0x42, 0x10, 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, - 0x68, 0x6d, 0x22, 0x70, 0x0a, 0x08, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4c, 0x42, 0x12, 0x0f, - 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, - 0x12, 0x0a, 0x0a, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x10, 0x01, 0x1a, - 0x02, 0x08, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x41, 0x4e, 0x44, 0x4f, 0x4d, 0x10, 0x02, 0x12, - 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x03, - 0x12, 0x0f, 0x0a, 0x0b, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, 0x42, 0x49, 0x4e, 0x10, - 0x04, 0x12, 0x11, 0x0a, 0x0d, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, - 0x53, 0x54, 0x10, 0x05, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x22, 0x94, 0x09, 0x0a, 0x16, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4f, 0x0a, 0x03, - 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0d, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x22, 0xcc, 0x0a, 0x0a, 0x14, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, + 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x52, 0x0a, 0x06, 0x73, 0x69, 0x6d, + 0x70, 0x6c, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x52, 0x0a, - 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, - 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, - 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x04, 0x68, 0x74, 0x74, - 0x70, 0x1a, 0xcd, 0x03, 0x0a, 0x0b, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, - 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, - 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, - 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, - 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x6f, - 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, + 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x53, 0x69, 0x6d, 0x70, 0x6c, + 0x65, 0x4c, 0x42, 0x48, 0x00, 0x52, 0x06, 0x73, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x12, 0x6b, 0x0a, + 0x0f, 0x63, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x5f, 0x68, 0x61, 0x73, 0x68, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x48, 0x00, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x73, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x12, 0x66, 0x0a, 0x13, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x5f, 0x6c, 0x62, 0x5f, 0x73, 0x65, 0x74, 0x74, 0x69, 0x6e, + 0x67, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, + 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x52, + 0x11, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x62, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x12, 0x4b, 0x0a, 0x14, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x5f, 0x64, 0x75, 0x72, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x63, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, + 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x12, 0x77, 0x61, 0x72, + 0x6d, 0x75, 0x70, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x63, 0x73, 0x12, + 0x46, 0x0a, 0x06, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x61, 0x72, 0x6d, + 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x06, 0x77, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x1a, 0xf6, 0x05, 0x0a, 0x10, 0x43, 0x6f, 0x6e, 0x73, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x12, 0x2a, 0x0a, 0x10, + 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x6e, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, + 0x5f, 0x63, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4b, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, + 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, + 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, + 0x48, 0x54, 0x54, 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, + 0x74, 0x70, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x75, 0x73, 0x65, 0x5f, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x69, 0x70, 0x18, 0x03, 0x20, 0x01, 0x28, 0x08, 0x48, + 0x00, 0x52, 0x0b, 0x75, 0x73, 0x65, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x49, 0x70, 0x12, 0x3b, + 0x0a, 0x19, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, + 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, + 0x09, 0x48, 0x00, 0x52, 0x16, 0x68, 0x74, 0x74, 0x70, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, + 0x72, 0x61, 0x6d, 0x65, 0x74, 0x65, 0x72, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x68, 0x0a, 0x09, 0x72, + 0x69, 0x6e, 0x67, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x49, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, + 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, + 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, + 0x2e, 0x52, 0x69, 0x6e, 0x67, 0x48, 0x61, 0x73, 0x68, 0x48, 0x01, 0x52, 0x08, 0x72, 0x69, 0x6e, + 0x67, 0x48, 0x61, 0x73, 0x68, 0x12, 0x61, 0x0a, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x18, + 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x47, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, - 0x65, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, - 0x51, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x33, 0x2e, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x43, 0x6f, 0x6e, 0x73, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x74, 0x48, 0x61, 0x73, 0x68, 0x4c, 0x42, 0x2e, 0x4d, 0x61, 0x67, 0x4c, 0x65, 0x76, 0x48, 0x01, + 0x52, 0x06, 0x6d, 0x61, 0x67, 0x6c, 0x65, 0x76, 0x12, 0x2e, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, + 0x6d, 0x75, 0x6d, 0x5f, 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x04, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, + 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x52, 0x69, 0x6e, 0x67, + 0x48, 0x61, 0x73, 0x68, 0x12, 0x2a, 0x0a, 0x11, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, + 0x72, 0x69, 0x6e, 0x67, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, + 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x52, 0x69, 0x6e, 0x67, 0x53, 0x69, 0x7a, 0x65, + 0x1a, 0x27, 0x0a, 0x06, 0x4d, 0x61, 0x67, 0x4c, 0x65, 0x76, 0x12, 0x1d, 0x0a, 0x0a, 0x74, 0x61, + 0x62, 0x6c, 0x65, 0x5f, 0x73, 0x69, 0x7a, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x04, 0x52, 0x09, + 0x74, 0x61, 0x62, 0x6c, 0x65, 0x53, 0x69, 0x7a, 0x65, 0x1a, 0x67, 0x0a, 0x0a, 0x48, 0x54, 0x54, + 0x50, 0x43, 0x6f, 0x6f, 0x6b, 0x69, 0x65, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x2b, 0x0a, 0x03, 0x74, 0x74, 0x6c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x03, 0x74, + 0x74, 0x6c, 0x42, 0x0a, 0x0a, 0x08, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x6b, 0x65, 0x79, 0x42, 0x10, + 0x0a, 0x0e, 0x68, 0x61, 0x73, 0x68, 0x5f, 0x61, 0x6c, 0x67, 0x6f, 0x72, 0x69, 0x74, 0x68, 0x6d, + 0x22, 0x70, 0x0a, 0x08, 0x53, 0x69, 0x6d, 0x70, 0x6c, 0x65, 0x4c, 0x42, 0x12, 0x0f, 0x0a, 0x0b, + 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x12, 0x0a, + 0x0a, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x43, 0x4f, 0x4e, 0x4e, 0x10, 0x01, 0x1a, 0x02, 0x08, + 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x41, 0x4e, 0x44, 0x4f, 0x4d, 0x10, 0x02, 0x12, 0x0f, 0x0a, + 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, 0x03, 0x12, 0x0f, + 0x0a, 0x0b, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, 0x42, 0x49, 0x4e, 0x10, 0x04, 0x12, + 0x11, 0x0a, 0x0d, 0x4c, 0x45, 0x41, 0x53, 0x54, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, + 0x10, 0x05, 0x42, 0x0b, 0x0a, 0x09, 0x6c, 0x62, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x22, + 0xd7, 0x01, 0x0a, 0x13, 0x57, 0x61, 0x72, 0x6d, 0x75, 0x70, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3b, 0x0a, 0x08, 0x64, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x64, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x45, 0x0a, 0x0f, 0x6d, 0x69, 0x6e, 0x69, 0x6d, 0x75, 0x6d, 0x5f, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0e, 0x6d, 0x69, 0x6e, + 0x69, 0x6d, 0x75, 0x6d, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x0a, 0x61, + 0x67, 0x67, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x44, 0x6f, 0x75, 0x62, 0x6c, 0x65, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0a, 0x61, + 0x67, 0x67, 0x72, 0x65, 0x73, 0x73, 0x69, 0x6f, 0x6e, 0x22, 0x88, 0x0a, 0x0a, 0x16, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4f, 0x0a, 0x03, 0x74, 0x63, 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x52, 0x0a, 0x04, 0x68, 0x74, 0x74, 0x70, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x52, 0x04, 0x68, 0x74, 0x74, 0x70, 0x1a, 0x8b, 0x04, 0x0a, 0x0b, 0x54, 0x43, + 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x6d, 0x61, 0x78, + 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x05, 0x52, 0x0e, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x73, 0x12, 0x42, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x69, + 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, + 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x54, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x6f, 0x0a, 0x0d, 0x74, 0x63, 0x70, 0x5f, 0x6b, 0x65, + 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4a, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, + 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, + 0x2e, 0x54, 0x43, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x63, 0x70, + 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x52, 0x0c, 0x74, 0x63, 0x70, 0x4b, 0x65, + 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x51, 0x0a, 0x17, 0x6d, 0x61, 0x78, 0x5f, 0x63, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x64, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, + 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x52, 0x15, 0x6d, 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, + 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, - 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x15, 0x6d, 0x61, 0x78, - 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x1a, 0x8c, 0x01, 0x0a, 0x0c, 0x54, 0x63, 0x70, 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, - 0x69, 0x76, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x74, - 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, + 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, + 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x1a, 0x8c, 0x01, 0x0a, 0x0c, 0x54, 0x63, 0x70, + 0x4b, 0x65, 0x65, 0x70, 0x61, 0x6c, 0x69, 0x76, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x70, 0x72, 0x6f, + 0x62, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x70, 0x72, 0x6f, 0x62, 0x65, + 0x73, 0x12, 0x2d, 0x0a, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, + 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, + 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x1a, 0xba, 0x04, 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x1a, 0x68, 0x74, 0x74, 0x70, + 0x31, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x17, 0x68, 0x74, + 0x74, 0x70, 0x31, 0x4d, 0x61, 0x78, 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x2c, 0x0a, 0x12, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x6d, + 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x05, 0x52, 0x10, 0x68, 0x74, 0x74, 0x70, 0x32, 0x4d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x12, 0x3d, 0x0a, 0x1b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x73, 0x5f, 0x70, 0x65, 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x18, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x71, + 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, + 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x74, 0x72, + 0x69, 0x65, 0x73, 0x12, 0x3c, 0x0a, 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, + 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x04, 0x74, 0x69, 0x6d, 0x65, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, - 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, - 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, - 0x6c, 0x1a, 0x84, 0x04, 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x12, 0x3b, 0x0a, 0x1a, 0x68, 0x74, 0x74, 0x70, 0x31, 0x5f, 0x6d, 0x61, 0x78, 0x5f, - 0x70, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x52, 0x17, 0x68, 0x74, 0x74, 0x70, 0x31, 0x4d, 0x61, 0x78, - 0x50, 0x65, 0x6e, 0x64, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, - 0x2c, 0x0a, 0x12, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x68, 0x74, 0x74, - 0x70, 0x32, 0x4d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x12, 0x3d, 0x0a, - 0x1b, 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x5f, 0x70, 0x65, - 0x72, 0x5f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x18, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x73, 0x50, - 0x65, 0x72, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x1f, 0x0a, 0x0b, - 0x6d, 0x61, 0x78, 0x5f, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x0a, 0x6d, 0x61, 0x78, 0x52, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, 0x3c, 0x0a, - 0x0c, 0x69, 0x64, 0x6c, 0x65, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x05, 0x20, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, + 0x74, 0x12, 0x7a, 0x0a, 0x11, 0x68, 0x32, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x5f, + 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x4e, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, + 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x32, 0x55, + 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0f, 0x68, 0x32, + 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2e, 0x0a, + 0x13, 0x75, 0x73, 0x65, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x75, 0x73, 0x65, 0x43, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x34, 0x0a, + 0x16, 0x6d, 0x61, 0x78, 0x5f, 0x63, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x5f, + 0x73, 0x74, 0x72, 0x65, 0x61, 0x6d, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x05, 0x52, 0x14, 0x6d, + 0x61, 0x78, 0x43, 0x6f, 0x6e, 0x63, 0x75, 0x72, 0x72, 0x65, 0x6e, 0x74, 0x53, 0x74, 0x72, 0x65, + 0x61, 0x6d, 0x73, 0x22, 0x3f, 0x0a, 0x0f, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, + 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, + 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x4f, 0x5f, 0x4e, 0x4f, 0x54, 0x5f, 0x55, 0x50, + 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, 0x50, 0x47, 0x52, 0x41, + 0x44, 0x45, 0x10, 0x02, 0x22, 0x8a, 0x05, 0x0a, 0x10, 0x4f, 0x75, 0x74, 0x6c, 0x69, 0x65, 0x72, + 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x31, 0x0a, 0x12, 0x63, 0x6f, 0x6e, + 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x63, 0x6f, 0x6e, 0x73, 0x65, + 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x4a, 0x0a, 0x22, + 0x73, 0x70, 0x6c, 0x69, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x5f, 0x6c, + 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x65, 0x72, 0x72, 0x6f, + 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1e, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x45, + 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, + 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x67, 0x0a, 0x21, 0x63, 0x6f, 0x6e, 0x73, + 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, + 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x73, 0x18, 0x09, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, + 0x65, 0x52, 0x1e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x4c, 0x6f, + 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x46, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, + 0x73, 0x12, 0x5a, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, + 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, + 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, + 0x6c, 0x75, 0x65, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, + 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x52, 0x0a, + 0x16, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x35, 0x78, 0x78, + 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14, 0x63, 0x6f, 0x6e, + 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x73, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, - 0x69, 0x64, 0x6c, 0x65, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, 0x7a, 0x0a, 0x11, 0x68, - 0x32, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x18, 0x06, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x4e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, - 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x48, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x0f, 0x68, 0x32, 0x55, 0x70, 0x67, 0x72, 0x61, 0x64, - 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x2e, 0x0a, 0x13, 0x75, 0x73, 0x65, 0x5f, 0x63, - 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x07, - 0x20, 0x01, 0x28, 0x08, 0x52, 0x11, 0x75, 0x73, 0x65, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x22, 0x3f, 0x0a, 0x0f, 0x48, 0x32, 0x55, 0x70, 0x67, - 0x72, 0x61, 0x64, 0x65, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, - 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x12, 0x0a, 0x0e, 0x44, 0x4f, 0x5f, 0x4e, 0x4f, - 0x54, 0x5f, 0x55, 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x55, - 0x50, 0x47, 0x52, 0x41, 0x44, 0x45, 0x10, 0x02, 0x22, 0x8a, 0x05, 0x0a, 0x10, 0x4f, 0x75, 0x74, - 0x6c, 0x69, 0x65, 0x72, 0x44, 0x65, 0x74, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x31, 0x0a, - 0x12, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x65, 0x72, 0x72, - 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x11, 0x63, - 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, - 0x12, 0x4a, 0x0a, 0x22, 0x73, 0x70, 0x6c, 0x69, 0x74, 0x5f, 0x65, 0x78, 0x74, 0x65, 0x72, 0x6e, - 0x61, 0x6c, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x08, 0x52, 0x1e, 0x73, 0x70, - 0x6c, 0x69, 0x74, 0x45, 0x78, 0x74, 0x65, 0x72, 0x6e, 0x61, 0x6c, 0x4c, 0x6f, 0x63, 0x61, 0x6c, - 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x67, 0x0a, 0x21, - 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, - 0x6c, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x5f, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, - 0x73, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, - 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x1e, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, - 0x76, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x46, 0x61, 0x69, - 0x6c, 0x75, 0x72, 0x65, 0x73, 0x12, 0x5a, 0x0a, 0x1a, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, - 0x74, 0x69, 0x76, 0x65, 0x5f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x5f, 0x65, 0x72, 0x72, - 0x6f, 0x72, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, - 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, - 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x18, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, - 0x74, 0x69, 0x76, 0x65, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x45, 0x72, 0x72, 0x6f, 0x72, - 0x73, 0x12, 0x52, 0x0a, 0x16, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, - 0x5f, 0x35, 0x78, 0x78, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, - 0x14, 0x63, 0x6f, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x74, 0x69, 0x76, 0x65, 0x35, 0x78, 0x78, 0x45, - 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x35, 0x0a, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, - 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x52, 0x08, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x47, 0x0a, 0x12, - 0x62, 0x61, 0x73, 0x65, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, - 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x54, 0x69, 0x6d, 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, - 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, - 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x5f, 0x68, - 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x05, 0x52, 0x10, 0x6d, 0x69, 0x6e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x65, - 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0xd2, 0x03, 0x0a, 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, - 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x4d, 0x0a, 0x04, 0x6d, - 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x6c, - 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, - 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, - 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, - 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, - 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, - 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x72, - 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x11, - 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, - 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x4c, 0x0a, 0x14, 0x69, 0x6e, - 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x6b, 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, - 0x66, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, 0x6b, - 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x22, 0x40, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, - 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x00, - 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, - 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, - 0x4f, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x03, 0x22, 0xa5, 0x04, 0x0a, 0x1b, 0x4c, - 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, - 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x61, 0x0a, 0x0a, 0x64, 0x69, - 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x41, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, - 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, - 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, - 0x65, 0x52, 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x5b, 0x0a, - 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, - 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, - 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, - 0x52, 0x08, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, - 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, - 0x04, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, - 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, - 0x65, 0x64, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, - 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, - 0x61, 0x6c, 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0xb2, 0x01, - 0x0a, 0x0a, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, - 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, - 0x12, 0x59, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, + 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, + 0x69, 0x6e, 0x74, 0x65, 0x72, 0x76, 0x61, 0x6c, 0x12, 0x47, 0x0a, 0x12, 0x62, 0x61, 0x73, 0x65, + 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x10, 0x62, 0x61, 0x73, 0x65, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x54, 0x69, 0x6d, + 0x65, 0x12, 0x30, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x12, 0x6d, 0x61, 0x78, 0x45, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x65, 0x72, 0x63, + 0x65, 0x6e, 0x74, 0x12, 0x2c, 0x0a, 0x12, 0x6d, 0x69, 0x6e, 0x5f, 0x68, 0x65, 0x61, 0x6c, 0x74, + 0x68, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, + 0x10, 0x6d, 0x69, 0x6e, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, + 0x74, 0x22, 0xe4, 0x03, 0x0a, 0x11, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, + 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x48, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x43, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, + 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x63, 0x65, 0x72, 0x74, + 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x63, + 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, + 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, + 0x61, 0x74, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, + 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, + 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, + 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, + 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, + 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x73, 0x6e, + 0x69, 0x12, 0x4c, 0x0a, 0x14, 0x69, 0x6e, 0x73, 0x65, 0x63, 0x75, 0x72, 0x65, 0x5f, 0x73, 0x6b, + 0x69, 0x70, 0x5f, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, + 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x69, 0x6e, 0x73, + 0x65, 0x63, 0x75, 0x72, 0x65, 0x53, 0x6b, 0x69, 0x70, 0x56, 0x65, 0x72, 0x69, 0x66, 0x79, 0x12, + 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x09, 0x20, 0x01, 0x28, 0x09, 0x52, + 0x05, 0x63, 0x61, 0x43, 0x72, 0x6c, 0x22, 0x40, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, + 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x49, 0x53, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x00, 0x12, 0x0a, + 0x0a, 0x06, 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, + 0x54, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, + 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x03, 0x22, 0xa5, 0x04, 0x0a, 0x1b, 0x4c, 0x6f, 0x63, + 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, + 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x12, 0x61, 0x0a, 0x0a, 0x64, 0x69, 0x73, 0x74, + 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x41, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, - 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x2e, - 0x54, 0x6f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x74, 0x6f, 0x1a, 0x35, 0x0a, 0x07, 0x54, - 0x6f, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x1a, 0x2e, 0x0a, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x12, - 0x0a, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, - 0x6f, 0x6d, 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, - 0x74, 0x6f, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, - 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x52, + 0x0a, 0x64, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x5b, 0x0a, 0x08, 0x66, + 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, + 0x74, 0x79, 0x4c, 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x2e, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x52, 0x08, + 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x2b, 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, + 0x6f, 0x76, 0x65, 0x72, 0x5f, 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, + 0x03, 0x28, 0x09, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x50, 0x72, 0x69, + 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x34, 0x0a, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x52, 0x07, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x1a, 0xb2, 0x01, 0x0a, 0x0a, + 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x66, 0x72, + 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, 0x12, 0x59, + 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x79, 0x4c, + 0x6f, 0x61, 0x64, 0x42, 0x61, 0x6c, 0x61, 0x6e, 0x63, 0x65, 0x72, 0x53, 0x65, 0x74, 0x74, 0x69, + 0x6e, 0x67, 0x2e, 0x44, 0x69, 0x73, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x2e, 0x54, 0x6f, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x02, 0x74, 0x6f, 0x1a, 0x35, 0x0a, 0x07, 0x54, 0x6f, 0x45, + 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0x2e, 0x0a, 0x08, 0x46, 0x61, 0x69, 0x6c, 0x6f, 0x76, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, + 0x66, 0x72, 0x6f, 0x6d, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x66, 0x72, 0x6f, 0x6d, + 0x12, 0x0e, 0x0a, 0x02, 0x74, 0x6f, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x02, 0x74, 0x6f, + 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, + 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -3192,89 +3114,100 @@ func file_networking_v1alpha3_destination_rule_proto_rawDescGZIP() []byte { return file_networking_v1alpha3_destination_rule_proto_rawDescData } -var file_networking_v1alpha3_destination_rule_proto_enumTypes = make([]protoimpl.EnumInfo, 3) -var file_networking_v1alpha3_destination_rule_proto_msgTypes = make([]protoimpl.MessageInfo, 21) -var file_networking_v1alpha3_destination_rule_proto_goTypes = []interface{}{ - (LoadBalancerSettings_SimpleLB)(0), // 0: istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB - (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy)(0), // 1: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy - (ClientTLSSettings_TLSmode)(0), // 2: istio.networking.v1alpha3.ClientTLSSettings.TLSmode - (*DestinationRule)(nil), // 3: istio.networking.v1alpha3.DestinationRule - (*TrafficPolicy)(nil), // 4: istio.networking.v1alpha3.TrafficPolicy - (*Subset)(nil), // 5: istio.networking.v1alpha3.Subset - (*LoadBalancerSettings)(nil), // 6: istio.networking.v1alpha3.LoadBalancerSettings - (*ConnectionPoolSettings)(nil), // 7: istio.networking.v1alpha3.ConnectionPoolSettings - (*OutlierDetection)(nil), // 8: istio.networking.v1alpha3.OutlierDetection - (*ClientTLSSettings)(nil), // 9: istio.networking.v1alpha3.ClientTLSSettings - (*LocalityLoadBalancerSetting)(nil), // 10: istio.networking.v1alpha3.LocalityLoadBalancerSetting - (*TrafficPolicy_PortTrafficPolicy)(nil), // 11: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy - (*TrafficPolicy_TunnelSettings)(nil), // 12: istio.networking.v1alpha3.TrafficPolicy.TunnelSettings - nil, // 13: istio.networking.v1alpha3.Subset.LabelsEntry - (*LoadBalancerSettings_ConsistentHashLB)(nil), // 14: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB - (*LoadBalancerSettings_ConsistentHashLB_RingHash)(nil), // 15: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash - (*LoadBalancerSettings_ConsistentHashLB_MagLev)(nil), // 16: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev - (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie)(nil), // 17: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie - (*ConnectionPoolSettings_TCPSettings)(nil), // 18: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings - (*ConnectionPoolSettings_HTTPSettings)(nil), // 19: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings - (*ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 20: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive - (*LocalityLoadBalancerSetting_Distribute)(nil), // 21: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute - (*LocalityLoadBalancerSetting_Failover)(nil), // 22: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover - nil, // 23: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.ToEntry - (*v1beta1.WorkloadSelector)(nil), // 24: istio.type.v1beta1.WorkloadSelector - (*duration.Duration)(nil), // 25: google.protobuf.Duration - (*wrappers.UInt32Value)(nil), // 26: google.protobuf.UInt32Value - (*wrappers.BoolValue)(nil), // 27: google.protobuf.BoolValue - (*PortSelector)(nil), // 28: istio.networking.v1alpha3.PortSelector +var file_networking_v1alpha3_destination_rule_proto_enumTypes = make([]protoimpl.EnumInfo, 4) +var file_networking_v1alpha3_destination_rule_proto_msgTypes = make([]protoimpl.MessageInfo, 23) +var file_networking_v1alpha3_destination_rule_proto_goTypes = []any{ + (TrafficPolicy_ProxyProtocol_VERSION)(0), // 0: istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol.VERSION + (LoadBalancerSettings_SimpleLB)(0), // 1: istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB + (ConnectionPoolSettings_HTTPSettings_H2UpgradePolicy)(0), // 2: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy + (ClientTLSSettings_TLSmode)(0), // 3: istio.networking.v1alpha3.ClientTLSSettings.TLSmode + (*DestinationRule)(nil), // 4: istio.networking.v1alpha3.DestinationRule + (*TrafficPolicy)(nil), // 5: istio.networking.v1alpha3.TrafficPolicy + (*Subset)(nil), // 6: istio.networking.v1alpha3.Subset + (*LoadBalancerSettings)(nil), // 7: istio.networking.v1alpha3.LoadBalancerSettings + (*WarmupConfiguration)(nil), // 8: istio.networking.v1alpha3.WarmupConfiguration + (*ConnectionPoolSettings)(nil), // 9: istio.networking.v1alpha3.ConnectionPoolSettings + (*OutlierDetection)(nil), // 10: istio.networking.v1alpha3.OutlierDetection + (*ClientTLSSettings)(nil), // 11: istio.networking.v1alpha3.ClientTLSSettings + (*LocalityLoadBalancerSetting)(nil), // 12: istio.networking.v1alpha3.LocalityLoadBalancerSetting + (*TrafficPolicy_PortTrafficPolicy)(nil), // 13: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy + (*TrafficPolicy_TunnelSettings)(nil), // 14: istio.networking.v1alpha3.TrafficPolicy.TunnelSettings + (*TrafficPolicy_ProxyProtocol)(nil), // 15: istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol + nil, // 16: istio.networking.v1alpha3.Subset.LabelsEntry + (*LoadBalancerSettings_ConsistentHashLB)(nil), // 17: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB + (*LoadBalancerSettings_ConsistentHashLB_RingHash)(nil), // 18: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash + (*LoadBalancerSettings_ConsistentHashLB_MagLev)(nil), // 19: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev + (*LoadBalancerSettings_ConsistentHashLB_HTTPCookie)(nil), // 20: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie + (*ConnectionPoolSettings_TCPSettings)(nil), // 21: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings + (*ConnectionPoolSettings_HTTPSettings)(nil), // 22: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings + (*ConnectionPoolSettings_TCPSettings_TcpKeepalive)(nil), // 23: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive + (*LocalityLoadBalancerSetting_Distribute)(nil), // 24: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute + (*LocalityLoadBalancerSetting_Failover)(nil), // 25: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover + nil, // 26: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.ToEntry + (*v1beta1.WorkloadSelector)(nil), // 27: istio.type.v1beta1.WorkloadSelector + (*duration.Duration)(nil), // 28: google.protobuf.Duration + (*wrappers.DoubleValue)(nil), // 29: google.protobuf.DoubleValue + (*wrappers.UInt32Value)(nil), // 30: google.protobuf.UInt32Value + (*wrappers.BoolValue)(nil), // 31: google.protobuf.BoolValue + (*PortSelector)(nil), // 32: istio.networking.v1alpha3.PortSelector } var file_networking_v1alpha3_destination_rule_proto_depIdxs = []int32{ - 4, // 0: istio.networking.v1alpha3.DestinationRule.traffic_policy:type_name -> istio.networking.v1alpha3.TrafficPolicy - 5, // 1: istio.networking.v1alpha3.DestinationRule.subsets:type_name -> istio.networking.v1alpha3.Subset - 24, // 2: istio.networking.v1alpha3.DestinationRule.workload_selector:type_name -> istio.type.v1beta1.WorkloadSelector - 6, // 3: istio.networking.v1alpha3.TrafficPolicy.load_balancer:type_name -> istio.networking.v1alpha3.LoadBalancerSettings - 7, // 4: istio.networking.v1alpha3.TrafficPolicy.connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings - 8, // 5: istio.networking.v1alpha3.TrafficPolicy.outlier_detection:type_name -> istio.networking.v1alpha3.OutlierDetection - 9, // 6: istio.networking.v1alpha3.TrafficPolicy.tls:type_name -> istio.networking.v1alpha3.ClientTLSSettings - 11, // 7: istio.networking.v1alpha3.TrafficPolicy.port_level_settings:type_name -> istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy - 12, // 8: istio.networking.v1alpha3.TrafficPolicy.tunnel:type_name -> istio.networking.v1alpha3.TrafficPolicy.TunnelSettings - 13, // 9: istio.networking.v1alpha3.Subset.labels:type_name -> istio.networking.v1alpha3.Subset.LabelsEntry - 4, // 10: istio.networking.v1alpha3.Subset.traffic_policy:type_name -> istio.networking.v1alpha3.TrafficPolicy - 0, // 11: istio.networking.v1alpha3.LoadBalancerSettings.simple:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB - 14, // 12: istio.networking.v1alpha3.LoadBalancerSettings.consistent_hash:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB - 10, // 13: istio.networking.v1alpha3.LoadBalancerSettings.locality_lb_setting:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting - 25, // 14: istio.networking.v1alpha3.LoadBalancerSettings.warmup_duration_secs:type_name -> google.protobuf.Duration - 18, // 15: istio.networking.v1alpha3.ConnectionPoolSettings.tcp:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings - 19, // 16: istio.networking.v1alpha3.ConnectionPoolSettings.http:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings - 26, // 17: istio.networking.v1alpha3.OutlierDetection.consecutive_local_origin_failures:type_name -> google.protobuf.UInt32Value - 26, // 18: istio.networking.v1alpha3.OutlierDetection.consecutive_gateway_errors:type_name -> google.protobuf.UInt32Value - 26, // 19: istio.networking.v1alpha3.OutlierDetection.consecutive_5xx_errors:type_name -> google.protobuf.UInt32Value - 25, // 20: istio.networking.v1alpha3.OutlierDetection.interval:type_name -> google.protobuf.Duration - 25, // 21: istio.networking.v1alpha3.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration - 2, // 22: istio.networking.v1alpha3.ClientTLSSettings.mode:type_name -> istio.networking.v1alpha3.ClientTLSSettings.TLSmode - 27, // 23: istio.networking.v1alpha3.ClientTLSSettings.insecure_skip_verify:type_name -> google.protobuf.BoolValue - 21, // 24: istio.networking.v1alpha3.LocalityLoadBalancerSetting.distribute:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute - 22, // 25: istio.networking.v1alpha3.LocalityLoadBalancerSetting.failover:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover - 27, // 26: istio.networking.v1alpha3.LocalityLoadBalancerSetting.enabled:type_name -> google.protobuf.BoolValue - 28, // 27: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.port:type_name -> istio.networking.v1alpha3.PortSelector - 6, // 28: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.load_balancer:type_name -> istio.networking.v1alpha3.LoadBalancerSettings - 7, // 29: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings - 8, // 30: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.outlier_detection:type_name -> istio.networking.v1alpha3.OutlierDetection - 9, // 31: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.tls:type_name -> istio.networking.v1alpha3.ClientTLSSettings - 17, // 32: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.http_cookie:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie - 15, // 33: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.ring_hash:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash - 16, // 34: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.maglev:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev - 25, // 35: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie.ttl:type_name -> google.protobuf.Duration - 25, // 36: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.connect_timeout:type_name -> google.protobuf.Duration - 20, // 37: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.tcp_keepalive:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive - 25, // 38: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.max_connection_duration:type_name -> google.protobuf.Duration - 25, // 39: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.idle_timeout:type_name -> google.protobuf.Duration - 1, // 40: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.h2_upgrade_policy:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy - 25, // 41: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive.time:type_name -> google.protobuf.Duration - 25, // 42: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive.interval:type_name -> google.protobuf.Duration - 23, // 43: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.to:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.ToEntry - 44, // [44:44] is the sub-list for method output_type - 44, // [44:44] is the sub-list for method input_type - 44, // [44:44] is the sub-list for extension type_name - 44, // [44:44] is the sub-list for extension extendee - 0, // [0:44] is the sub-list for field type_name + 5, // 0: istio.networking.v1alpha3.DestinationRule.traffic_policy:type_name -> istio.networking.v1alpha3.TrafficPolicy + 6, // 1: istio.networking.v1alpha3.DestinationRule.subsets:type_name -> istio.networking.v1alpha3.Subset + 27, // 2: istio.networking.v1alpha3.DestinationRule.workload_selector:type_name -> istio.type.v1beta1.WorkloadSelector + 7, // 3: istio.networking.v1alpha3.TrafficPolicy.load_balancer:type_name -> istio.networking.v1alpha3.LoadBalancerSettings + 9, // 4: istio.networking.v1alpha3.TrafficPolicy.connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings + 10, // 5: istio.networking.v1alpha3.TrafficPolicy.outlier_detection:type_name -> istio.networking.v1alpha3.OutlierDetection + 11, // 6: istio.networking.v1alpha3.TrafficPolicy.tls:type_name -> istio.networking.v1alpha3.ClientTLSSettings + 13, // 7: istio.networking.v1alpha3.TrafficPolicy.port_level_settings:type_name -> istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy + 14, // 8: istio.networking.v1alpha3.TrafficPolicy.tunnel:type_name -> istio.networking.v1alpha3.TrafficPolicy.TunnelSettings + 15, // 9: istio.networking.v1alpha3.TrafficPolicy.proxy_protocol:type_name -> istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol + 16, // 10: istio.networking.v1alpha3.Subset.labels:type_name -> istio.networking.v1alpha3.Subset.LabelsEntry + 5, // 11: istio.networking.v1alpha3.Subset.traffic_policy:type_name -> istio.networking.v1alpha3.TrafficPolicy + 1, // 12: istio.networking.v1alpha3.LoadBalancerSettings.simple:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.SimpleLB + 17, // 13: istio.networking.v1alpha3.LoadBalancerSettings.consistent_hash:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB + 12, // 14: istio.networking.v1alpha3.LoadBalancerSettings.locality_lb_setting:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting + 28, // 15: istio.networking.v1alpha3.LoadBalancerSettings.warmup_duration_secs:type_name -> google.protobuf.Duration + 8, // 16: istio.networking.v1alpha3.LoadBalancerSettings.warmup:type_name -> istio.networking.v1alpha3.WarmupConfiguration + 28, // 17: istio.networking.v1alpha3.WarmupConfiguration.duration:type_name -> google.protobuf.Duration + 29, // 18: istio.networking.v1alpha3.WarmupConfiguration.minimum_percent:type_name -> google.protobuf.DoubleValue + 29, // 19: istio.networking.v1alpha3.WarmupConfiguration.aggression:type_name -> google.protobuf.DoubleValue + 21, // 20: istio.networking.v1alpha3.ConnectionPoolSettings.tcp:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings + 22, // 21: istio.networking.v1alpha3.ConnectionPoolSettings.http:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings + 30, // 22: istio.networking.v1alpha3.OutlierDetection.consecutive_local_origin_failures:type_name -> google.protobuf.UInt32Value + 30, // 23: istio.networking.v1alpha3.OutlierDetection.consecutive_gateway_errors:type_name -> google.protobuf.UInt32Value + 30, // 24: istio.networking.v1alpha3.OutlierDetection.consecutive_5xx_errors:type_name -> google.protobuf.UInt32Value + 28, // 25: istio.networking.v1alpha3.OutlierDetection.interval:type_name -> google.protobuf.Duration + 28, // 26: istio.networking.v1alpha3.OutlierDetection.base_ejection_time:type_name -> google.protobuf.Duration + 3, // 27: istio.networking.v1alpha3.ClientTLSSettings.mode:type_name -> istio.networking.v1alpha3.ClientTLSSettings.TLSmode + 31, // 28: istio.networking.v1alpha3.ClientTLSSettings.insecure_skip_verify:type_name -> google.protobuf.BoolValue + 24, // 29: istio.networking.v1alpha3.LocalityLoadBalancerSetting.distribute:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute + 25, // 30: istio.networking.v1alpha3.LocalityLoadBalancerSetting.failover:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Failover + 31, // 31: istio.networking.v1alpha3.LocalityLoadBalancerSetting.enabled:type_name -> google.protobuf.BoolValue + 32, // 32: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.port:type_name -> istio.networking.v1alpha3.PortSelector + 7, // 33: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.load_balancer:type_name -> istio.networking.v1alpha3.LoadBalancerSettings + 9, // 34: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings + 10, // 35: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.outlier_detection:type_name -> istio.networking.v1alpha3.OutlierDetection + 11, // 36: istio.networking.v1alpha3.TrafficPolicy.PortTrafficPolicy.tls:type_name -> istio.networking.v1alpha3.ClientTLSSettings + 0, // 37: istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol.version:type_name -> istio.networking.v1alpha3.TrafficPolicy.ProxyProtocol.VERSION + 20, // 38: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.http_cookie:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie + 18, // 39: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.ring_hash:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.RingHash + 19, // 40: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.maglev:type_name -> istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.MagLev + 28, // 41: istio.networking.v1alpha3.LoadBalancerSettings.ConsistentHashLB.HTTPCookie.ttl:type_name -> google.protobuf.Duration + 28, // 42: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.connect_timeout:type_name -> google.protobuf.Duration + 23, // 43: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.tcp_keepalive:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive + 28, // 44: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.max_connection_duration:type_name -> google.protobuf.Duration + 28, // 45: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.idle_timeout:type_name -> google.protobuf.Duration + 28, // 46: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.idle_timeout:type_name -> google.protobuf.Duration + 2, // 47: istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.h2_upgrade_policy:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings.HTTPSettings.H2UpgradePolicy + 28, // 48: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive.time:type_name -> google.protobuf.Duration + 28, // 49: istio.networking.v1alpha3.ConnectionPoolSettings.TCPSettings.TcpKeepalive.interval:type_name -> google.protobuf.Duration + 26, // 50: istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.to:type_name -> istio.networking.v1alpha3.LocalityLoadBalancerSetting.Distribute.ToEntry + 51, // [51:51] is the sub-list for method output_type + 51, // [51:51] is the sub-list for method input_type + 51, // [51:51] is the sub-list for extension type_name + 51, // [51:51] is the sub-list for extension extendee + 0, // [0:51] is the sub-list for field type_name } func init() { file_networking_v1alpha3_destination_rule_proto_init() } @@ -3283,241 +3216,11 @@ func file_networking_v1alpha3_destination_rule_proto_init() { return } file_networking_v1alpha3_virtual_service_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1alpha3_destination_rule_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*DestinationRule); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Subset); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OutlierDetection); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ClientTLSSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_PortTrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TrafficPolicy_TunnelSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_RingHash); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_MagLev); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LoadBalancerSettings_ConsistentHashLB_HTTPCookie); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_TCPSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_HTTPSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ConnectionPoolSettings_TCPSettings_TcpKeepalive); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting_Distribute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*LocalityLoadBalancerSetting_Failover); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1alpha3_destination_rule_proto_msgTypes[3].OneofWrappers = []interface{}{ + file_networking_v1alpha3_destination_rule_proto_msgTypes[3].OneofWrappers = []any{ (*LoadBalancerSettings_Simple)(nil), (*LoadBalancerSettings_ConsistentHash)(nil), } - file_networking_v1alpha3_destination_rule_proto_msgTypes[11].OneofWrappers = []interface{}{ + file_networking_v1alpha3_destination_rule_proto_msgTypes[13].OneofWrappers = []any{ (*LoadBalancerSettings_ConsistentHashLB_HttpHeaderName)(nil), (*LoadBalancerSettings_ConsistentHashLB_HttpCookie)(nil), (*LoadBalancerSettings_ConsistentHashLB_UseSourceIp)(nil), @@ -3530,8 +3233,8 @@ func file_networking_v1alpha3_destination_rule_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_networking_v1alpha3_destination_rule_proto_rawDesc, - NumEnums: 3, - NumMessages: 21, + NumEnums: 4, + NumMessages: 23, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.html b/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.html index 69bd80882..5efb06160 100644 --- a/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule.pb.html @@ -6,7 +6,7 @@ generator: protoc-gen-docs schema: istio.networking.v1alpha3.DestinationRule aliases: [/docs/reference/config/networking/v1alpha3/destination-rule] -number_of_entries: 23 +number_of_entries: 26 ---

DestinationRule defines policies that apply to traffic intended for a service after routing has occurred. These rules specify configuration @@ -14,9 +14,7 @@ detection settings to detect and evict unhealthy hosts from the load balancing pool. For example, a simple load balancing policy for the ratings service would look as follows:

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: bookinfo-ratings
@@ -26,28 +24,12 @@
     loadBalancer:
       simple: LEAST_REQUEST
 
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: bookinfo-ratings
-spec:
-  host: ratings.prod.svc.cluster.local
-  trafficPolicy:
-    loadBalancer:
-      simple: LEAST_REQUEST
-
-

{{}} -{{}}

Version specific policies can be specified by defining a named subset and overriding the settings specified at the service level. The following rule uses a round robin load balancing policy for all traffic going to a subset named testversion that is composed of endpoints (e.g., pods) with labels (version:v3).

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: bookinfo-ratings
@@ -64,36 +46,13 @@
       loadBalancer:
         simple: ROUND_ROBIN
 
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: bookinfo-ratings
-spec:
-  host: ratings.prod.svc.cluster.local
-  trafficPolicy:
-    loadBalancer:
-      simple: LEAST_REQUEST
-  subsets:
-  - name: testversion
-    labels:
-      version: v3
-    trafficPolicy:
-      loadBalancer:
-        simple: ROUND_ROBIN
-
-

{{}} -{{}}

Note: Policies specified for subsets will not take effect until a route rule explicitly sends traffic to this subset.

Traffic policies can be customized to specific ports as well. The following rule uses the least connection load balancing policy for all traffic to port 80, while uses a round robin load balancing setting for traffic to the port 9080.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: bookinfo-ratings-port
@@ -110,54 +69,10 @@
       loadBalancer:
         simple: ROUND_ROBIN
 
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: bookinfo-ratings-port
-spec:
-  host: ratings.prod.svc.cluster.local
-  trafficPolicy: # Apply to all ports
-    portLevelSettings:
-    - port:
-        number: 80
-      loadBalancer:
-        simple: LEAST_REQUEST
-    - port:
-        number: 9080
-      loadBalancer:
-        simple: ROUND_ROBIN
-
-

{{}} -{{}}

Destination Rules can be customized to specific workloads as well. The following example shows how a destination rule can be applied to a specific workload using the workloadSelector configuration.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
-kind: DestinationRule
-metadata:
-  name: configure-client-mtls-dr-with-workloadselector
-spec:
-  host: example.com
-  workloadSelector:
-    matchLabels:
-      app: ratings
-  trafficPolicy:
-    loadBalancer:
-      simple: ROUND_ROBIN
-    portLevelSettings:
-    - port:
-        number: 31443
-      tls:
-        credentialName: client-credential
-        mode: MUTUAL
-
-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1beta1
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: configure-client-mtls-dr-with-workloadselector
@@ -176,8 +91,6 @@
         credentialName: client-credential
         mode: MUTUAL
 
-

{{}} -{{}}

DestinationRule

@@ -195,7 +108,7 @@

DestinationRule

-host +host string

The name of a service from the service registry. Service @@ -219,7 +132,7 @@

DestinationRule

-trafficPolicy +trafficPolicy TrafficPolicy

Traffic policies to apply (load balancing policy, connection pool @@ -231,7 +144,7 @@

DestinationRule

-subsets +subsets Subset[]

One or more named sets that represent individual versions of a @@ -243,7 +156,7 @@

DestinationRule

-exportTo +exportTo string[]

A list of namespaces to which this destination rule is exported. @@ -265,7 +178,7 @@

DestinationRule

-workloadSelector +workloadSelector WorkloadSelector

Criteria used to select the specific set of pods/VMs on which this @@ -301,7 +214,7 @@

TrafficPolicy

-loadBalancer +loadBalancer LoadBalancerSettings

Settings controlling the load balancer algorithms.

@@ -312,7 +225,7 @@

TrafficPolicy

-connectionPool +connectionPool ConnectionPoolSettings

Settings controlling the volume of connections to an upstream service

@@ -323,7 +236,7 @@

TrafficPolicy

-outlierDetection +outlierDetection OutlierDetection

Settings controlling eviction of unhealthy hosts from the load balancing pool

@@ -334,7 +247,7 @@

TrafficPolicy

-tls +tls ClientTLSSettings

TLS related settings for connections to the upstream service.

@@ -345,7 +258,7 @@

TrafficPolicy

-portLevelSettings +portLevelSettings PortTrafficPolicy[]

Traffic policies specific to individual ports. Note that port level @@ -360,13 +273,24 @@

TrafficPolicy

-tunnel +tunnel TunnelSettings

Configuration of tunneling TCP over other transport or application layers for the host configured in the DestinationRule. Tunnel settings can be applied to TCP or TLS routes and can’t be applied to HTTP routes.

+ + +No + + + +proxyProtocol +ProxyProtocol + +

The upstream PROXY protocol settings.

+ No @@ -385,28 +309,7 @@

Subset

uses a round robin load balancing policy for all traffic going to a subset named testversion that is composed of endpoints (e.g., pods) with labels (version:v3).

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
-kind: DestinationRule
-metadata:
-  name: bookinfo-ratings
-spec:
-  host: ratings.prod.svc.cluster.local
-  trafficPolicy:
-    loadBalancer:
-      simple: LEAST_REQUEST
-  subsets:
-  - name: testversion
-    labels:
-      version: v3
-    trafficPolicy:
-      loadBalancer:
-        simple: ROUND_ROBIN
-
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: bookinfo-ratings
@@ -423,8 +326,6 @@ 

Subset

loadBalancer: simple: ROUND_ROBIN
-

{{}} -{{}}

Note: Policies specified for subsets will not take effect until a route rule explicitly sends traffic to this subset.

One or more labels are typically required to identify the subset destination, @@ -444,7 +345,7 @@

Subset

-name +name string

Name of the subset. The service name and the subset name can @@ -456,7 +357,7 @@

Subset

-labels +labels map<string, string>

Labels apply a filter over the endpoints of a service in the @@ -468,7 +369,7 @@

Subset

-trafficPolicy +trafficPolicy TrafficPolicy

Traffic policies that apply to this subset. Subsets inherit the @@ -492,9 +393,7 @@

LoadBalancerSettings

for more details.

For example, the following rule uses a round robin load balancing policy for all traffic going to the ratings service.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: bookinfo-ratings
@@ -504,26 +403,10 @@ 

LoadBalancerSettings

loadBalancer: simple: ROUND_ROBIN
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: bookinfo-ratings
-spec:
-  host: ratings.prod.svc.cluster.local
-  trafficPolicy:
-    loadBalancer:
-      simple: ROUND_ROBIN
-
-

{{}} -{{}}

The following example sets up sticky sessions for the ratings service hashing-based load balancer for the same ratings service using the the User cookie as the hash key.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: bookinfo-ratings
@@ -536,23 +419,6 @@ 

LoadBalancerSettings

name: user ttl: 0s
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: bookinfo-ratings
-spec:
-  host: ratings.prod.svc.cluster.local
-  trafficPolicy:
-    loadBalancer:
-      consistentHash:
-        httpCookie:
-          name: user
-          ttl: 0s
-
-

{{}} -{{}}

@@ -565,7 +431,7 @@

LoadBalancerSettings

- + @@ -574,7 +440,7 @@

LoadBalancerSettings

- + @@ -583,7 +449,7 @@

LoadBalancerSettings

- + - + + + + + + + + + + +
simplesimple SimpleLB (oneof)
consistentHashconsistentHash ConsistentHashLB (oneof)
localityLbSettinglocalityLbSetting LocalityLoadBalancerSetting

Locality load balancer settings, this will override mesh wide settings in entirety, meaning no merging would be performed @@ -595,10 +461,21 @@

LoadBalancerSettings

warmupDurationSecswarmupDurationSecs Duration -

Represents the warmup duration of Service. If set, the newly created endpoint of service +

Deprecated: use warmup instead.

+ +
+No +
warmupWarmupConfiguration +

Represents the warmup configuration of Service. If set, the newly created endpoint of service remains in warmup mode starting from its creation time for the duration of this window and Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. This should be enabled for services that require warm up time to serve full production load with reasonable latency. @@ -607,6 +484,57 @@

LoadBalancerSettings

amount of requests. Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers.

+
+No +
+
+

WarmupConfiguration

+
+ + + + + + + + + + + + + + + + + + + + + + + + + +
FieldTypeDescriptionRequired
durationDuration +

Duration of warmup mode

+ +
+Yes +
minimumPercentDoubleValue +

Configures the minimum percentage of origin weight +If unspecified, defaults to 10

+ +
+No +
aggressionDoubleValue +

This parameter controls the speed of traffic increase over the warmup duration. Defaults to 1.0, so that endpoints would +get linearly increasing amount of traffic. When increasing the value for this parameter, +the speed of traffic ramp-up increases non-linearly.

+
No @@ -624,9 +552,7 @@

ConnectionPoolSettings

level as well as at HTTP level.

For example, the following rule sets a limit of 100 connections to redis service called myredissrv with a connect timeout of 30ms

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: bookinfo-redis
@@ -641,25 +567,6 @@ 

ConnectionPoolSettings

time: 7200s interval: 75s
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: bookinfo-redis
-spec:
-  host: myredissrv.prod.svc.cluster.local
-  trafficPolicy:
-    connectionPool:
-      tcp:
-        maxConnections: 100
-        connectTimeout: 30ms
-        tcpKeepalive:
-          time: 7200s
-          interval: 75s
-
-

{{}} -{{}}

@@ -672,7 +579,7 @@

ConnectionPoolSettings

- + - +
tcptcp TCPSettings

Settings common to both HTTP and TCP upstream connections.

@@ -683,7 +590,7 @@

ConnectionPoolSettings

httphttp HTTPSettings

HTTP connection pool settings.

@@ -712,9 +619,7 @@

OutlierDetection

it sets a limit of 1000 concurrent HTTP2 requests and configures upstream hosts to be scanned every 5 mins so that any host that fails 7 consecutive times with a 502, 503, or 504 error code will be ejected for 15 minutes.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: reviews-cb-policy
@@ -732,28 +637,6 @@ 

OutlierDetection

interval: 5m baseEjectionTime: 15m
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: reviews-cb-policy
-spec:
-  host: reviews.prod.svc.cluster.local
-  trafficPolicy:
-    connectionPool:
-      tcp:
-        maxConnections: 100
-      http:
-        http2MaxRequests: 1000
-        maxRequestsPerConnection: 10
-    outlierDetection:
-      consecutive5xxErrors: 7
-      interval: 5m
-      baseEjectionTime: 15m
-
-

{{}} -{{}}

@@ -766,7 +649,7 @@

OutlierDetection

- + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +
splitExternalLocalOriginErrorssplitExternalLocalOriginErrors bool

Determines whether to distinguish local origin failures from external errors. If set to true @@ -784,7 +667,7 @@

OutlierDetection

consecutiveLocalOriginFailuresconsecutiveLocalOriginFailures UInt32Value

The number of consecutive locally originated failures before ejection @@ -797,7 +680,7 @@

OutlierDetection

consecutiveGatewayErrorsconsecutiveGatewayErrors UInt32Value

Number of gateway errors before a host is ejected from the connection pool. @@ -819,7 +702,7 @@

OutlierDetection

consecutive5xxErrorsconsecutive5xxErrors UInt32Value

Number of 5xx errors before a host is ejected from the connection pool. @@ -840,7 +723,7 @@

OutlierDetection

intervalinterval Duration

Time interval between ejection sweep analysis. format: @@ -852,7 +735,7 @@

OutlierDetection

baseEjectionTimebaseEjectionTime Duration

Minimum ejection duration. A host will remain ejected for a period @@ -867,7 +750,7 @@

OutlierDetection

maxEjectionPercentmaxEjectionPercent int32

Maximum % of hosts in the load balancing pool for the upstream @@ -879,7 +762,7 @@

OutlierDetection

minHealthPercentminHealthPercent int32

Outlier detection will be enabled as long as the associated load balancing @@ -905,9 +788,7 @@

ClientTLSSettings

for more details. These settings are common to both HTTP and TCP upstreams.

For example, the following rule configures a client to use mutual TLS for connections to upstream database cluster.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: db-mtls
@@ -920,40 +801,9 @@ 

ClientTLSSettings

privateKey: /etc/certs/client_private_key.pem caCertificates: /etc/certs/rootcacerts.pem
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
-kind: DestinationRule
-metadata:
-  name: db-mtls
-spec:
-  host: mydbserver.prod.svc.cluster.local
-  trafficPolicy:
-    tls:
-      mode: MUTUAL
-      clientCertificate: /etc/certs/myclientcert.pem
-      privateKey: /etc/certs/client_private_key.pem
-      caCertificates: /etc/certs/rootcacerts.pem
-
-

{{}} -{{}}

The following rule configures a client to use TLS when talking to a foreign service whose domain matches *.foo.com.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
-kind: DestinationRule
-metadata:
-  name: tls-foo
-spec:
-  host: "*.foo.com"
-  trafficPolicy:
-    tls:
-      mode: SIMPLE
-
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: tls-foo
@@ -963,25 +813,9 @@ 

ClientTLSSettings

tls: mode: SIMPLE
-

{{}} -{{}}

The following rule configures a client to use Istio mutual TLS when talking to rating services.

-

{{}} -{{}}

-
apiVersion: networking.istio.io/v1alpha3
-kind: DestinationRule
-metadata:
-  name: ratings-istio-mtls
-spec:
-  host: ratings.prod.svc.cluster.local
-  trafficPolicy:
-    tls:
-      mode: ISTIO_MUTUAL
-
-

{{}}

-

{{}}

-
apiVersion: networking.istio.io/v1beta1
+
apiVersion: networking.istio.io/v1
 kind: DestinationRule
 metadata:
   name: ratings-istio-mtls
@@ -991,8 +825,6 @@ 

ClientTLSSettings

tls: mode: ISTIO_MUTUAL
-

{{}} -{{}}

@@ -1005,7 +837,7 @@

ClientTLSSettings

- + - + - + - + @@ -1057,7 +890,7 @@

ClientTLSSettings

- + - + - + - + + + + + + + - + - + - + - + - + - + - + - + - + - + - + - +
modemode TLSmode

Indicates whether connections to this port should be secured @@ -1013,11 +845,11 @@

ClientTLSSettings

-Yes +No
clientCertificateclientCertificate string

REQUIRED if mode is MUTUAL. The path to the file holding the @@ -1030,7 +862,7 @@

ClientTLSSettings

privateKeyprivateKey string

REQUIRED if mode is MUTUAL. The path to the file holding the @@ -1043,12 +875,13 @@

ClientTLSSettings

caCertificatescaCertificates string

OPTIONAL: The path to the file containing certificate authority certificates to use in verifying a presented server certificate. If -omitted, the proxy will not verify the server’s certificate. +omitted, the proxy will verify the server’s certificate using +the OS CA certificates. Should be empty if mode is ISTIO_MUTUAL.

credentialNamecredentialName string

The name of the secret that holds the TLS certs for the @@ -1085,7 +918,7 @@

ClientTLSSettings

subjectAltNamessubjectAltNames string[]

A list of alternate names to verify the subject identity in the @@ -1094,8 +927,7 @@

ClientTLSSettings

If specified, this list overrides the value of subject_alt_names from the ServiceEntry. If unspecified, automatic validation of upstream presented certificate for new upstream connections will be done based on the -downstream HTTP host/authority header, provided VERIFY_CERTIFICATE_AT_CLIENT -and ENABLE_AUTO_SNI environmental variables are set to true.

+downstream HTTP host/authority header.

@@ -1103,13 +935,12 @@

ClientTLSSettings

snisni string

SNI string to present to the server during TLS handshake. If unspecified, SNI will be automatically set based on downstream HTTP -host/authority header for SIMPLE and MUTUAL TLS modes, provided ENABLE_AUTO_SNI -environmental variable is set to true.

+host/authority header for SIMPLE and MUTUAL TLS modes.

@@ -1117,20 +948,28 @@

ClientTLSSettings

insecureSkipVerifyinsecureSkipVerify BoolValue -

InsecureSkipVerify specifies whether the proxy should skip verifying the +

insecureSkipVerify specifies whether the proxy should skip verifying the CA signature and SAN for the server certificate corresponding to the host. -This flag should only be set if global CA signature verification is -enabled, VerifyCertAtClient environmental variable is set to true, -but no verification is desired for a specific host. If enabled with or -without VerifyCertAtClient enabled, verification of the CA signature and -SAN will be skipped.

-

InsecureSkipVerify is false by default. -VerifyCertAtClient is false by default in Istio version 1.9 but will -be true by default in a later version where, going forward, it will be -enabled by default.

+The default value of this field is false.

+ +
+No +
caCrlstring +

OPTIONAL: The path to the file containing the certificate revocation list (CRL) +to use in verifying a presented server certificate. CRL is a list of certificates +that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. +If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. +If omitted, the proxy will not verify the certificate against the crl. Note that if credentialName is set, +CRL cannot be specified using caCrl, rather it has to be specified inside the credential.

@@ -1194,7 +1033,7 @@

LocalityLoadBalancerSetting

distributedistribute Distribute[]

Optional: only one of distribute, failover or failoverPriority can be set. @@ -1208,7 +1047,7 @@

LocalityLoadBalancerSetting

failoverfailover Failover[]

Optional: only one of distribute, failover or failoverPriority can be set. @@ -1222,7 +1061,7 @@

LocalityLoadBalancerSetting

failoverPriorityfailoverPriority string[]

failoverPriority is an ordered list of labels used to sort endpoints to do priority based load balancing. @@ -1259,6 +1098,7 @@

LocalityLoadBalancerSetting

  • topology.kubernetes.io/region is used to match the region metadata of an endpoint, which maps to Kubernetes node label topology.kubernetes.io/region or the deprecated label failure-domain.beta.kubernetes.io/region.
  • topology.kubernetes.io/zone is used to match the zone metadata of an endpoint, which maps to Kubernetes node label topology.kubernetes.io/zone or the deprecated label failure-domain.beta.kubernetes.io/zone.
  • topology.istio.io/subzone is used to match the subzone metadata of an endpoint, which maps to Istio node label topology.istio.io/subzone.
  • +
  • kubernetes.io/hostname is used to match the current node of an endpoint, which maps to Kubernetes node label kubernetes.io/hostname.
  • The below topology config indicates the following priority levels:

    failoverPriority:
    @@ -1293,7 +1133,7 @@ 

    LocalityLoadBalancerSetting

    enabledenabled BoolValue

    enable locality load balancing, this is DestinationRule-level and will override mesh wide settings in entirety. @@ -1322,7 +1162,7 @@

    TrafficPolicy.PortTrafficPolicy

    portport PortSelector

    Specifies the number of a port on the destination service @@ -1334,7 +1174,7 @@

    TrafficPolicy.PortTrafficPolicy

    loadBalancerloadBalancer LoadBalancerSettings

    Settings controlling the load balancer algorithms.

    @@ -1345,7 +1185,7 @@

    TrafficPolicy.PortTrafficPolicy

    connectionPoolconnectionPool ConnectionPoolSettings

    Settings controlling the volume of connections to an upstream service

    @@ -1356,7 +1196,7 @@

    TrafficPolicy.PortTrafficPolicy

    outlierDetectionoutlierDetection OutlierDetection

    Settings controlling eviction of unhealthy hosts from the load balancing pool

    @@ -1367,7 +1207,7 @@

    TrafficPolicy.PortTrafficPolicy

    tlstls ClientTLSSettings

    TLS related settings for connections to the upstream service.

    @@ -1393,7 +1233,7 @@

    TrafficPolicy.TunnelSettings

    protocolprotocol string

    Specifies which protocol to use for tunneling the downstream connection. @@ -1409,7 +1249,7 @@

    TrafficPolicy.TunnelSettings

    targetHosttargetHost string

    Specifies a host to which the downstream connection is tunneled. @@ -1421,7 +1261,7 @@

    TrafficPolicy.TunnelSettings

    targetPorttargetPort uint32

    Specifies a port to which the downstream connection is tunneled.

    @@ -1434,6 +1274,33 @@

    TrafficPolicy.TunnelSettings

    +

    TrafficPolicy.ProxyProtocol

    +
    + + + + + + + + + + + + + + + + + +
    FieldTypeDescriptionRequired
    versionVERSION +

    The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. +By default it is V1.

    + +
    +No +
    +

    LoadBalancerSettings.ConsistentHashLB

    Consistent Hash-based load balancing can be used to provide soft @@ -1462,7 +1329,7 @@

    LoadBalancerSettings.ConsistentHa

    httpHeaderNamehttpHeaderName string (oneof)

    Hash based on a specific HTTP header.

    @@ -1473,7 +1340,7 @@

    LoadBalancerSettings.ConsistentHa

    useSourceIpuseSourceIp bool (oneof)

    Hash based on the source IP address. @@ -1496,7 +1363,7 @@

    LoadBalancerSettings.ConsistentHa

    httpQueryParameterNamehttpQueryParameterName string (oneof)

    Hash based on a specific HTTP query parameter.

    @@ -1507,7 +1374,7 @@

    LoadBalancerSettings.ConsistentHa

    ringHashringHash RingHash (oneof)

    The ring/modulo hash load balancer implements consistent hashing to backend hosts.

    @@ -1518,7 +1385,7 @@

    LoadBalancerSettings.ConsistentHa

    maglevmaglev MagLev (oneof)

    The Maglev load balancer implements consistent hashing to backend hosts.

    @@ -1529,7 +1396,7 @@

    LoadBalancerSettings.ConsistentHa

    minimumRingSizeminimumRingSize uint64

    Deprecated. Use RingHash instead.

    @@ -1555,7 +1422,7 @@

    LoadBalancerSettings.Con

    minimumRingSizeminimumRingSize uint64

    The minimum number of virtual nodes to use for the hash @@ -1585,12 +1452,14 @@

    LoadBalancerSettings.Consi

    tableSizetableSize uint64

    The table size for Maglev hashing. This helps in controlling the disruption when the backend hosts change. -Increasing the table size reduces the amount of disruption.

    +Increasing the table size reduces the amount of disruption. +The table size must be prime number less than 5000011. +If it is not specified, the default is 65537.

    @@ -1603,8 +1472,7 @@

    LoadBalancerSettings.Consi

    LoadBalancerSettings.ConsistentHashLB.HTTPCookie

    Describes a HTTP cookie that will be used as the hash key for the -Consistent Hash load balancer. If the cookie is not present, it will -be generated.

    +Consistent Hash load balancer.

    @@ -1617,7 +1485,7 @@

    LoadBalancerSettings.C

    - + - + - + @@ -1667,7 +1537,7 @@

    ConnectionPoolSettings.TCPSettings

    - + - + - + - + + + + + + + - + - + - + - + - + - + - + + + + + + + - + - + - + - + - + - + - + - + + + +
    namename string

    Name of the cookie.

    @@ -1628,7 +1496,7 @@

    LoadBalancerSettings.C

    pathpath string

    Path to set for the cookie.

    @@ -1639,14 +1507,16 @@

    LoadBalancerSettings.C

    ttlttl Duration -

    Lifetime of the cookie.

    +

    Lifetime of the cookie. If specified, a cookie with the TTL will be +generated if the cookie is not present. If the TTL is present and zero, +the generated cookie will be a session cookie.

    -Yes +No
    maxConnectionsmaxConnections int32

    Maximum number of HTTP1 /TCP connections to a destination host. Default 2^32-1.

    @@ -1678,7 +1548,7 @@

    ConnectionPoolSettings.TCPSettings

    connectTimeoutconnectTimeout Duration

    TCP connection timeout. format: @@ -1690,7 +1560,7 @@

    ConnectionPoolSettings.TCPSettings

    tcpKeepalivetcpKeepalive TcpKeepalive

    If set then set SO_KEEPALIVE on the socket to enable TCP Keepalives.

    @@ -1701,13 +1571,31 @@

    ConnectionPoolSettings.TCPSettings

    maxConnectionDurationmaxConnectionDuration Duration

    The maximum duration of a connection. The duration is defined as the period since a connection was established. If not set, there is no max duration. When max_connection_duration is reached the connection will be closed. Duration must be at least 1ms.

    +
    +No +
    idleTimeoutDuration +

    The idle timeout for TCP connections. +The idle timeout is defined as the period in which there are no bytes sent or received on either +the upstream or downstream connection. +If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. +Idle timeout is not configured per each cluster individually when weighted destinations are used, +because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout +specified in a destination rule for the first weighted route is configured in the listener, +which means also for all weighted routes.

    +
    No @@ -1731,7 +1619,7 @@

    ConnectionPoolSettings.HTTPSettings

    http1MaxPendingRequestshttp1MaxPendingRequests int32

    Maximum number of requests that will be queued while waiting for @@ -1746,7 +1634,7 @@

    ConnectionPoolSettings.HTTPSettings

    http2MaxRequestshttp2MaxRequests int32

    Maximum number of active requests to a destination. Default 2^32-1. @@ -1758,7 +1646,7 @@

    ConnectionPoolSettings.HTTPSettings

    maxRequestsPerConnectionmaxRequestsPerConnection int32

    Maximum number of requests per connection to a backend. Setting this @@ -1771,7 +1659,7 @@

    ConnectionPoolSettings.HTTPSettings

    maxRetriesmaxRetries int32

    Maximum number of retries that can be outstanding to all hosts in a @@ -1783,7 +1671,7 @@

    ConnectionPoolSettings.HTTPSettings

    idleTimeoutidleTimeout Duration

    The idle timeout for upstream connection pool connections. The idle timeout @@ -1800,7 +1688,7 @@

    ConnectionPoolSettings.HTTPSettings

    h2UpgradePolicyh2UpgradePolicy H2UpgradePolicy

    Specify if http1.1 connection should be upgraded to http2 for the associated destination.

    @@ -1811,13 +1699,25 @@

    ConnectionPoolSettings.HTTPSettings

    useClientProtocoluseClientProtocol bool

    If set to true, client protocol will be preserved while initiating connection to backend. Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client connections will not be upgraded to http2.

    +
    +No +
    maxConcurrentStreamsint32 +

    The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. +Defaults to 2^31-1.

    +
    No @@ -1841,7 +1741,7 @@

    ConnectionPoolSettings.

    probesprobes uint32

    Maximum number of keepalive probes to send without response before @@ -1854,7 +1754,7 @@

    ConnectionPoolSettings.

    timetime Duration

    The time duration a connection needs to be idle before keep-alive @@ -1867,7 +1767,7 @@

    ConnectionPoolSettings.

    intervalinterval Duration

    The time duration between keep-alive probes. @@ -1903,7 +1803,7 @@

    LocalityLoadBalancerSetting.Dist

    fromfrom string

    Originating locality, ‘/’ separated, e.g. ‘region/zone/sub_zone’.

    @@ -1914,7 +1814,7 @@

    LocalityLoadBalancerSetting.Dist

    toto map<string, uint32>

    Map of upstream localities to traffic distribution weights. The sum of @@ -1950,7 +1850,7 @@

    LocalityLoadBalancerSetting.Failov

    fromfrom string

    Originating region.

    @@ -1961,7 +1861,7 @@

    LocalityLoadBalancerSetting.Failov

    toto string

    Destination region the traffic will fail over to when endpoints in @@ -1991,7 +1891,7 @@

    google.protobuf.UInt32Value

    valuevalue uint32

    The uint32 value.

    @@ -1999,6 +1899,33 @@

    google.protobuf.UInt32Value

    No +
    +
    +

    TrafficPolicy.ProxyProtocol.VERSION

    +
    + + + + + + + + + + + + + + + @@ -2017,7 +1944,7 @@

    LoadBalancerSettings.SimpleLB

    - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -366,26 +219,7 @@

    Server

    Server describes the properties of the proxy on a given load balancer port. For example,

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: Gateway
    -metadata:
    -  name: my-ingress
    -spec:
    -  selector:
    -    app: my-ingressgateway
    -  servers:
    -  - port:
    -      number: 80
    -      name: http2
    -      protocol: HTTP2
    -    hosts:
    -    - "*"
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: Gateway
     metadata:
       name: my-ingress
    @@ -400,29 +234,8 @@ 

    Server

    hosts: - "*"
    -

    {{}} -{{}}

    Another example

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: Gateway
    -metadata:
    -  name: my-tcp-ingress
    -spec:
    -  selector:
    -    app: my-tcp-ingressgateway
    -  servers:
    -  - port:
    -      number: 27018
    -      name: mongo
    -      protocol: MONGO
    -    hosts:
    -    - "*"
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: Gateway
     metadata:
       name: my-tcp-ingress
    @@ -437,32 +250,8 @@ 

    Server

    hosts: - "*"
    -

    {{}} -{{}}

    The following is an example of TLS configuration for port 443

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: Gateway
    -metadata:
    -  name: my-tls-ingress
    -spec:
    -  selector:
    -    app: my-tls-ingressgateway
    -  servers:
    -  - port:
    -      number: 443
    -      name: https
    -      protocol: HTTPS
    -    hosts:
    -    - "*"
    -    tls:
    -      mode: SIMPLE
    -      credentialName: tls-cert
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: Gateway
     metadata:
       name: my-tls-ingress
    @@ -480,8 +269,6 @@ 

    Server

    mode: SIMPLE credentialName: tls-cert
    -

    {{}} -{{}}

    NameDescription
    V1 +

    ⁣PROXY protocol version 1. Human readable format.

    + +
    V2 +

    ⁣PROXY protocol version 2. Binary format.

    +
    UNSPECIFIEDUNSPECIFIED

    No load balancing algorithm has been specified by the user. Istio will select an appropriate default.

    @@ -2025,7 +1952,7 @@

    LoadBalancerSettings.SimpleLB

    RANDOMRANDOM

    The random load balancer selects a random healthy host. The random load balancer generally performs better than round robin if no health @@ -2034,7 +1961,7 @@

    LoadBalancerSettings.SimpleLB

    PASSTHROUGHPASSTHROUGH

    This option will forward the connection to the original IP address requested by the caller without doing any form of load @@ -2045,7 +1972,7 @@

    LoadBalancerSettings.SimpleLB

    ROUND_ROBINROUND_ROBIN

    A basic round robin load balancing policy. This is generally unsafe for many scenarios (e.g. when endpoint weighting is used) as it can @@ -2055,7 +1982,7 @@

    LoadBalancerSettings.SimpleLB

    LEAST_REQUESTLEAST_REQUEST

    The least request load balancer spreads load across endpoints, favoring endpoints with the least outstanding requests. This is generally safer @@ -2065,7 +1992,7 @@

    LoadBalancerSettings.SimpleLB

    LEAST_CONNLEAST_CONN

    Deprecated. Use LEAST_REQUEST instead.

    @@ -2087,14 +2014,14 @@

    ConnectionPoolSetti

    DEFAULTDEFAULT

    Use the global default.

    DO_NOT_UPGRADEDO_NOT_UPGRADE

    Do not upgrade the connection to http2. This opt-out option overrides the default.

    @@ -2102,7 +2029,7 @@

    ConnectionPoolSetti

    UPGRADEUPGRADE

    Upgrade the connection to http2. This opt-in option overrides the default.

    @@ -2125,21 +2052,21 @@

    ClientTLSSettings.TLSmode

    DISABLEDISABLE

    Do not setup a TLS connection to the upstream endpoint.

    SIMPLESIMPLE

    Originate a TLS connection to the upstream endpoint.

    MUTUALMUTUAL

    Secure connections to the upstream using mutual TLS by presenting client certificates for authentication.

    @@ -2147,7 +2074,7 @@

    ClientTLSSettings.TLSmode

    ISTIO_MUTUALISTIO_MUTUAL

    Secure connections to the upstream using mutual TLS by presenting client certificates for authentication. diff --git a/vendor/istio.io/api/networking/v1alpha3/destination_rule.proto b/vendor/istio.io/api/networking/v1alpha3/destination_rule.proto index 0837768cf..325a09473 100644 --- a/vendor/istio.io/api/networking/v1alpha3/destination_rule.proto +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule.proto @@ -32,10 +32,8 @@ import "type/v1beta1/selector.proto"; // balancing pool. For example, a simple load balancing policy for the // ratings service would look as follows: // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -45,22 +43,6 @@ import "type/v1beta1/selector.proto"; // loadBalancer: // simple: LEAST_REQUEST // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// ``` -// {{}} -// {{}} // // Version specific policies can be specified by defining a named // `subset` and overriding the settings specified at the service level. The @@ -68,10 +50,8 @@ import "type/v1beta1/selector.proto"; // going to a subset named testversion that is composed of endpoints (e.g., // pods) with labels (version:v3). // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -88,29 +68,6 @@ import "type/v1beta1/selector.proto"; // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// {{}} // // **Note:** Policies specified for subsets will not take effect until // a route rule explicitly sends traffic to this subset. @@ -120,31 +77,8 @@ import "type/v1beta1/selector.proto"; // traffic to port 80, while uses a round robin load balancing setting for // traffic to the port 9080. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings-port -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: # Apply to all ports -// portLevelSettings: -// - port: -// number: 80 -// loadBalancer: -// simple: LEAST_REQUEST -// - port: -// number: 9080 -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings-port @@ -161,39 +95,13 @@ import "type/v1beta1/selector.proto"; // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// {{}} // // Destination Rules can be customized to specific workloads as well. // The following example shows how a destination rule can be applied to a // specific workload using the workloadSelector configuration. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: configure-client-mtls-dr-with-workloadselector -// spec: -// host: example.com -// workloadSelector: -// matchLabels: -// app: ratings -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// portLevelSettings: -// - port: -// number: 31443 -// tls: -// credentialName: client-credential -// mode: MUTUAL -// ``` -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: configure-client-mtls-dr-with-workloadselector @@ -212,9 +120,6 @@ import "type/v1beta1/selector.proto"; // credentialName: client-credential // mode: MUTUAL // ``` -// {{}} -// {{}} -// package istio.networking.v1alpha3; option go_package = "istio.io/api/networking/v1alpha3"; @@ -224,8 +129,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // -// message DestinationRule { // The name of a service from the service registry. Service // names are looked up from the platform's service registry (e.g., @@ -342,6 +243,7 @@ message TrafficPolicy { // settings specified at the destination-level will not be inherited when // overridden by port-level settings, i.e. default values will be applied // to fields omitted in port-level traffic policies. + // +kubebuilder:validation:MaxItems=4096 repeated PortTrafficPolicy port_level_settings = 5; message TunnelSettings { @@ -365,6 +267,22 @@ message TrafficPolicy { // for the host configured in the DestinationRule. // Tunnel settings can be applied to TCP or TLS routes and can't be applied to HTTP routes. TunnelSettings tunnel = 6; + + message ProxyProtocol { + enum VERSION { + // ⁣PROXY protocol version 1. Human readable format. + V1 = 0; + + // ⁣PROXY protocol version 2. Binary format. + V2 = 1; + }; + // The PROXY protocol version to use. See https://www.haproxy.org/download/2.1/doc/proxy-protocol.txt for details. + // By default it is `V1`. + VERSION version = 1; + } + + // The upstream PROXY protocol settings. + ProxyProtocol proxy_protocol = 7; } // A subset of endpoints of a service. Subsets can be used for scenarios @@ -376,10 +294,8 @@ message TrafficPolicy { // subset named testversion that is composed of endpoints (e.g., pods) with // labels (version:v3). // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -396,29 +312,6 @@ message TrafficPolicy { // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: LEAST_REQUEST -// subsets: -// - name: testversion -// labels: -// version: v3 -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// {{}} // // **Note:** Policies specified for subsets will not take effect until // a route rule explicitly sends traffic to this subset. @@ -452,24 +345,8 @@ message Subset { // For example, the following rule uses a round robin load balancing policy // for all traffic going to the ratings service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// simple: ROUND_ROBIN -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -479,17 +356,13 @@ message Subset { // loadBalancer: // simple: ROUND_ROBIN // ``` -// {{}} -// {{}} // // The following example sets up sticky sessions for the ratings service // hashing-based load balancer for the same ratings service using the // the User cookie as the hash key. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-ratings @@ -502,27 +375,9 @@ message Subset { // name: user // ttl: 0s // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-ratings -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// loadBalancer: -// consistentHash: -// httpCookie: -// name: user -// ttl: 0s -// ``` -// {{}} -// {{}} // message LoadBalancerSettings { + // +kubebuilder:validation:XValidation:message="only one of warmupDurationSecs or warmup can be set",rule="(has(self.warmupDurationSecs)?1:0)+(has(self.warmup)?1:0)<=1" // Standard load balancing algorithms that require no tuning. enum SimpleLB { // No load balancing algorithm has been specified by the user. Istio @@ -588,18 +443,22 @@ message LoadBalancerSettings { // The table size for Maglev hashing. This helps in controlling the // disruption when the backend hosts change. // Increasing the table size reduces the amount of disruption. + // The table size must be prime number less than 5000011. + // If it is not specified, the default is 65537. uint64 table_size = 1; }; // Describes a HTTP cookie that will be used as the hash key for the - // Consistent Hash load balancer. If the cookie is not present, it will - // be generated. + // Consistent Hash load balancer. message HTTPCookie { // Name of the cookie. string name = 1 [(google.api.field_behavior) = REQUIRED]; // Path to set for the cookie. string path = 2; - // Lifetime of the cookie. - google.protobuf.Duration ttl = 3 [(google.api.field_behavior) = REQUIRED]; + // Lifetime of the cookie. If specified, a cookie with the TTL will be + // generated if the cookie is not present. If the TTL is present and zero, + // the generated cookie will be a session cookie. + // +protoc-gen-crd:duration-validation:none + google.protobuf.Duration ttl = 3; }; // The hash key to use. @@ -648,7 +507,10 @@ message LoadBalancerSettings { // between this object and the object one in MeshConfig LocalityLoadBalancerSetting locality_lb_setting = 3; - // Represents the warmup duration of Service. If set, the newly created endpoint of service + // Deprecated: use `warmup` instead. + google.protobuf.Duration warmup_duration_secs = 4; + + // Represents the warmup configuration of Service. If set, the newly created endpoint of service // remains in warmup mode starting from its creation time for the duration of this window and // Istio progressively increases amount of traffic for that endpoint instead of sending proportional amount of traffic. // This should be enabled for services that require warm up time to serve full production load with reasonable latency. @@ -656,9 +518,25 @@ message LoadBalancerSettings { // endpoints are relatively new like new deployment, this is not very effective as all endpoints end up getting same // amount of requests. // Currently this is only supported for ROUND_ROBIN and LEAST_REQUEST load balancers. - google.protobuf.Duration warmup_duration_secs = 4; + WarmupConfiguration warmup = 5; } +message WarmupConfiguration { + // Duration of warmup mode + google.protobuf.Duration duration = 1 [(google.api.field_behavior) = REQUIRED]; + + // Configures the minimum percentage of origin weight + // If unspecified, defaults to 10 + // +kubebuilder:validation:Maximum=100 + // +kubebuilder:validation:Minimum=0 + google.protobuf.DoubleValue minimum_percent = 2; + + // This parameter controls the speed of traffic increase over the warmup duration. Defaults to 1.0, so that endpoints would + // get linearly increasing amount of traffic. When increasing the value for this parameter, + // the speed of traffic ramp-up increases non-linearly. + // +kubebuilder:validation:Minimum=1 + google.protobuf.DoubleValue aggression = 3; +} // Connection pool settings for an upstream host. The settings apply to // each individual host in the upstream service. See Envoy's [circuit // breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/circuit_breaking) @@ -668,10 +546,8 @@ message LoadBalancerSettings { // For example, the following rule sets a limit of 100 connections to redis // service called myredissrv with a connect timeout of 30ms // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: bookinfo-redis @@ -686,27 +562,6 @@ message LoadBalancerSettings { // time: 7200s // interval: 75s // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: bookinfo-redis -// spec: -// host: myredissrv.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// connectTimeout: 30ms -// tcpKeepalive: -// time: 7200s -// interval: 75s -// ``` -// {{}} -// {{}} // message ConnectionPoolSettings { // Settings common to both HTTP and TCP upstream connections. @@ -743,6 +598,16 @@ message ConnectionPoolSettings { // was established. If not set, there is no max duration. When max_connection_duration // is reached the connection will be closed. Duration must be at least 1ms. google.protobuf.Duration max_connection_duration = 4; + + // The idle timeout for TCP connections. + // The idle timeout is defined as the period in which there are no bytes sent or received on either + // the upstream or downstream connection. + // If not set, the default idle timeout is 1 hour. If set to 0s, the timeout will be disabled. + // Idle timeout is not configured per each cluster individually when weighted destinations are used, + // because idleTimeout is a property of a listener, not a cluster. In that case, idleTimeout + // specified in a destination rule for the first weighted route is configured in the listener, + // which means also for all weighted routes. + google.protobuf.Duration idle_timeout = 5; }; // Settings applicable to HTTP1.1/HTTP2/GRPC connections. @@ -794,6 +659,10 @@ message ConnectionPoolSettings { // Note that when this is set to true, h2_upgrade_policy will be ineffective i.e. the client // connections will not be upgraded to http2. bool use_client_protocol = 7; + + // The maximum number of concurrent streams allowed for a peer on one HTTP/2 connection. + // Defaults to 2^31-1. + int32 max_concurrent_streams = 8; }; // Settings common to both HTTP and TCP upstream connections. @@ -818,32 +687,8 @@ message ConnectionPoolSettings { // hosts to be scanned every 5 mins so that any host that fails 7 consecutive // times with a 502, 503, or 504 error code will be ejected for 15 minutes. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: reviews-cb-policy -// spec: -// host: reviews.prod.svc.cluster.local -// trafficPolicy: -// connectionPool: -// tcp: -// maxConnections: 100 -// http: -// http2MaxRequests: 1000 -// maxRequestsPerConnection: 10 -// outlierDetection: -// consecutive5xxErrors: 7 -// interval: 5m -// baseEjectionTime: 15m -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-cb-policy @@ -861,8 +706,6 @@ message ConnectionPoolSettings { // interval: 5m // baseEjectionTime: 15m // ``` -// {{}} -// {{}} // message OutlierDetection { // Number of errors before a host is ejected from the connection @@ -949,27 +792,8 @@ message OutlierDetection { // For example, the following rule configures a client to use mutual TLS // for connections to upstream database cluster. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: db-mtls -// spec: -// host: mydbserver.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: db-mtls @@ -982,16 +806,12 @@ message OutlierDetection { // privateKey: /etc/certs/client_private_key.pem // caCertificates: /etc/certs/rootcacerts.pem // ``` -// {{}} -// {{}} // // The following rule configures a client to use TLS when talking to a // foreign service whose domain matches *.foo.com. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: tls-foo @@ -1001,44 +821,12 @@ message OutlierDetection { // tls: // mode: SIMPLE // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: tls-foo -// spec: -// host: "*.foo.com" -// trafficPolicy: -// tls: -// mode: SIMPLE -// ``` -// {{}} -// {{}} // // The following rule configures a client to use Istio mutual TLS when talking // to rating services. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: ratings-istio-mtls -// spec: -// host: ratings.prod.svc.cluster.local -// trafficPolicy: -// tls: -// mode: ISTIO_MUTUAL -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: ratings-istio-mtls @@ -1048,8 +836,6 @@ message OutlierDetection { // tls: // mode: ISTIO_MUTUAL // ``` -// {{}} -// {{}} // message ClientTLSSettings { // TLS connection mode @@ -1074,7 +860,7 @@ message ClientTLSSettings { // Indicates whether connections to this port should be secured // using TLS. The value of this field determines how TLS is enforced. - TLSmode mode = 1 [(google.api.field_behavior) = REQUIRED]; + TLSmode mode = 1; // REQUIRED if mode is `MUTUAL`. The path to the file holding the // client-side TLS certificate to use. @@ -1088,7 +874,8 @@ message ClientTLSSettings { // OPTIONAL: The path to the file containing certificate authority // certificates to use in verifying a presented server certificate. If - // omitted, the proxy will not verify the server's certificate. + // omitted, the proxy will verify the server's certificate using + // the OS CA certificates. // Should be empty if mode is `ISTIO_MUTUAL`. string ca_certificates = 4; @@ -1119,29 +906,26 @@ message ClientTLSSettings { // If specified, this list overrides the value of subject_alt_names // from the ServiceEntry. If unspecified, automatic validation of upstream // presented certificate for new upstream connections will be done based on the - // downstream HTTP host/authority header, provided `VERIFY_CERTIFICATE_AT_CLIENT` - // and `ENABLE_AUTO_SNI` environmental variables are set to `true`. + // downstream HTTP host/authority header. repeated string subject_alt_names = 5; // SNI string to present to the server during TLS handshake. // If unspecified, SNI will be automatically set based on downstream HTTP - // host/authority header for SIMPLE and MUTUAL TLS modes, provided `ENABLE_AUTO_SNI` - // environmental variable is set to `true`. + // host/authority header for SIMPLE and MUTUAL TLS modes. string sni = 6; - // InsecureSkipVerify specifies whether the proxy should skip verifying the + // `insecureSkipVerify` specifies whether the proxy should skip verifying the // CA signature and SAN for the server certificate corresponding to the host. - // This flag should only be set if global CA signature verification is - // enabled, `VerifyCertAtClient` environmental variable is set to `true`, - // but no verification is desired for a specific host. If enabled with or - // without `VerifyCertAtClient` enabled, verification of the CA signature and - // SAN will be skipped. - // - // `InsecureSkipVerify` is `false` by default. - // `VerifyCertAtClient` is `false` by default in Istio version 1.9 but will - // be `true` by default in a later version where, going forward, it will be - // enabled by default. + // The default value of this field is false. google.protobuf.BoolValue insecure_skip_verify = 8; + + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented server certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. Note that if `credentialName` is set, + // `CRL` cannot be specified using `caCrl`, rather it has to be specified inside the credential. + string ca_crl = 9; } // Locality-weighted load balancing allows administrators to control the @@ -1269,6 +1053,7 @@ message LocalityLoadBalancerSetting{ // - `topology.kubernetes.io/region` is used to match the region metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/region` or the deprecated label `failure-domain.beta.kubernetes.io/region`. // - `topology.kubernetes.io/zone` is used to match the zone metadata of an endpoint, which maps to Kubernetes node label `topology.kubernetes.io/zone` or the deprecated label `failure-domain.beta.kubernetes.io/zone`. // - `topology.istio.io/subzone` is used to match the subzone metadata of an endpoint, which maps to Istio node label `topology.istio.io/subzone`. + // - `kubernetes.io/hostname` is used to match the current node of an endpoint, which maps to Kubernetes node label `kubernetes.io/hostname`. // // The below topology config indicates the following priority levels: // diff --git a/vendor/istio.io/api/networking/v1alpha3/destination_rule_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/destination_rule_deepcopy.gen.go index d177dcb4d..0f61ea8d3 100644 --- a/vendor/istio.io/api/networking/v1alpha3/destination_rule_deepcopy.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule_deepcopy.gen.go @@ -89,6 +89,27 @@ func (in *TrafficPolicy_TunnelSettings) DeepCopyInterface() interface{} { return in.DeepCopy() } +// DeepCopyInto supports using TrafficPolicy_ProxyProtocol within kubernetes types, where deepcopy-gen is used. +func (in *TrafficPolicy_ProxyProtocol) DeepCopyInto(out *TrafficPolicy_ProxyProtocol) { + p := proto.Clone(in).(*TrafficPolicy_ProxyProtocol) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. +func (in *TrafficPolicy_ProxyProtocol) DeepCopy() *TrafficPolicy_ProxyProtocol { + if in == nil { + return nil + } + out := new(TrafficPolicy_ProxyProtocol) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy_ProxyProtocol. Required by controller-gen. +func (in *TrafficPolicy_ProxyProtocol) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + // DeepCopyInto supports using Subset within kubernetes types, where deepcopy-gen is used. func (in *Subset) DeepCopyInto(out *Subset) { p := proto.Clone(in).(*Subset) @@ -215,6 +236,27 @@ func (in *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) DeepCopyInterface() return in.DeepCopy() } +// DeepCopyInto supports using WarmupConfiguration within kubernetes types, where deepcopy-gen is used. +func (in *WarmupConfiguration) DeepCopyInto(out *WarmupConfiguration) { + p := proto.Clone(in).(*WarmupConfiguration) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WarmupConfiguration. Required by controller-gen. +func (in *WarmupConfiguration) DeepCopy() *WarmupConfiguration { + if in == nil { + return nil + } + out := new(WarmupConfiguration) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WarmupConfiguration. Required by controller-gen. +func (in *WarmupConfiguration) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + // DeepCopyInto supports using ConnectionPoolSettings within kubernetes types, where deepcopy-gen is used. func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) { p := proto.Clone(in).(*ConnectionPoolSettings) diff --git a/vendor/istio.io/api/networking/v1alpha3/destination_rule_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/destination_rule_json.gen.go index 3900fe482..4e65aa9c8 100644 --- a/vendor/istio.io/api/networking/v1alpha3/destination_rule_json.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/destination_rule_json.gen.go @@ -50,6 +50,17 @@ func (this *TrafficPolicy_TunnelSettings) UnmarshalJSON(b []byte) error { return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for TrafficPolicy_ProxyProtocol +func (this *TrafficPolicy_ProxyProtocol) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for TrafficPolicy_ProxyProtocol +func (this *TrafficPolicy_ProxyProtocol) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + // MarshalJSON is a custom marshaler for Subset func (this *Subset) MarshalJSON() ([]byte, error) { str, err := DestinationRuleMarshaler.MarshalToString(this) @@ -116,6 +127,17 @@ func (this *LoadBalancerSettings_ConsistentHashLB_HTTPCookie) UnmarshalJSON(b [] return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for WarmupConfiguration +func (this *WarmupConfiguration) MarshalJSON() ([]byte, error) { + str, err := DestinationRuleMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for WarmupConfiguration +func (this *WarmupConfiguration) UnmarshalJSON(b []byte) error { + return DestinationRuleUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + // MarshalJSON is a custom marshaler for ConnectionPoolSettings func (this *ConnectionPoolSettings) MarshalJSON() ([]byte, error) { str, err := DestinationRuleMarshaler.MarshalToString(this) diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.gen.json b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.gen.json deleted file mode 100644 index e2c849c27..000000000 --- a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.gen.json +++ /dev/null @@ -1,385 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Customizing Envoy configuration generated by Istio.", - "version": "v1alpha3" - }, - "components": { - "schemas": { - "istio.networking.v1alpha3.EnvoyFilter": { - "description": "EnvoyFilter provides a mechanism to customize the Envoy configuration generated by Istio Pilot.", - "type": "object", - "properties": { - "workloadSelector": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.WorkloadSelector" - }, - "configPatches": { - "description": "One or more patches with match conditions.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch" - } - }, - "priority": { - "description": "Priority defines the order in which patch sets are applied within a context. When one patch depends on another patch, the order of patch application is significant. The API provides two primary ways to order patches. Patch sets in the root namespace are applied before the patch sets in the workload namespace. Patches within a patch set are processed in the order that they appear in the `configPatches` list.", - "type": "integer", - "format": "int32" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.ApplyTo": { - "description": "`ApplyTo` specifies where in the Envoy configuration, the given patch should be applied.", - "type": "string", - "enum": [ - "INVALID", - "LISTENER", - "FILTER_CHAIN", - "NETWORK_FILTER", - "HTTP_FILTER", - "ROUTE_CONFIGURATION", - "VIRTUAL_HOST", - "HTTP_ROUTE", - "CLUSTER", - "EXTENSION_CONFIG", - "BOOTSTRAP", - "LISTENER_FILTER" - ] - }, - "istio.networking.v1alpha3.EnvoyFilter.ClusterMatch": { - "description": "Conditions specified in `ClusterMatch` must be met for the patch to be applied to a cluster.", - "type": "object", - "properties": { - "portNumber": { - "description": "The service port for which this cluster was generated. If omitted, applies to clusters for any port. **Note:** for inbound cluster, it is the service target port.", - "type": "integer" - }, - "service": { - "description": "The fully qualified service name for this cluster. If omitted, applies to clusters for any service. For services defined through service entries, the service name is same as the hosts defined in the service entry. **Note:** for inbound cluster, this is ignored.", - "type": "string" - }, - "subset": { - "description": "The subset associated with the service. If omitted, applies to clusters for any subset of a service.", - "type": "string" - }, - "name": { - "description": "The exact name of the cluster to match. To match a specific cluster by name, such as the internally generated `Passthrough` cluster, leave all fields in clusterMatch empty, except the name.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch": { - "description": "One or more match conditions to be met before a patch is applied to the generated configuration for a given proxy.", - "type": "object", - "properties": { - "context": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.PatchContext" - }, - "proxy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ProxyMatch" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "listener" - ], - "properties": { - "listener": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ListenerMatch" - } - } - }, - { - "required": [ - "routeConfiguration" - ], - "properties": { - "routeConfiguration": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch" - } - } - }, - { - "required": [ - "cluster" - ], - "properties": { - "cluster": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ClusterMatch" - } - } - } - ] - } - }, - { - "required": [ - "listener" - ], - "properties": { - "listener": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ListenerMatch" - } - } - }, - { - "required": [ - "routeConfiguration" - ], - "properties": { - "routeConfiguration": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch" - } - } - }, - { - "required": [ - "cluster" - ], - "properties": { - "cluster": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ClusterMatch" - } - } - } - ] - }, - "istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch": { - "description": "Changes to be made to various envoy config objects.", - "type": "object", - "properties": { - "applyTo": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ApplyTo" - }, - "match": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch" - }, - "patch": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.Patch" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.ListenerMatch": { - "description": "Conditions specified in a listener match must be met for the patch to be applied to a specific listener across all filter chains, or a specific filter chain inside the listener.", - "type": "object", - "properties": { - "portNumber": { - "description": "The service port/gateway port to which traffic is being sent/received. If not specified, matches all listeners. Even though inbound listeners are generated for the instance/pod ports, only service ports should be used to match listeners.", - "type": "integer" - }, - "portName": { - "description": "Instead of using specific port numbers, a set of ports matching a given service's port name can be selected. Matching is case insensitive. Not implemented. $hide_from_docs", - "type": "string" - }, - "filterChain": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch" - }, - "listenerFilter": { - "description": "Match a specific listener filter. If specified, the patch will be applied to the listener filter.", - "type": "string" - }, - "name": { - "description": "Match a specific listener by its name. The listeners generated by Pilot are typically named as IP:Port.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch": { - "description": "For listeners with multiple filter chains (e.g., inbound listeners on sidecars with permissive mTLS, gateway listeners with multiple SNI matches), the filter chain match can be used to select a specific filter chain to patch.", - "type": "object", - "properties": { - "name": { - "description": "The name assigned to the filter chain.", - "type": "string" - }, - "sni": { - "description": "The SNI value used by a filter chain's match condition. This condition will evaluate to false if the filter chain has no sni match.", - "type": "string" - }, - "transportProtocol": { - "description": "Applies only to `SIDECAR_INBOUND` context. If non-empty, a transport protocol to consider when determining a filter chain match. This value will be compared against the transport protocol of a new connection, when it's detected by the `tls_inspector` listener filter.", - "type": "string" - }, - "applicationProtocols": { - "description": "Applies only to sidecars. If non-empty, a comma separated set of application protocols to consider when determining a filter chain match. This value will be compared against the application protocols of a new connection, when it's detected by one of the listener filters such as the `http_inspector`.", - "type": "string" - }, - "filter": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch" - }, - "destinationPort": { - "description": "The destination_port value used by a filter chain's match condition. This condition will evaluate to false if the filter chain has no destination_port match.", - "type": "integer" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch": { - "description": "Conditions to match a specific filter within a filter chain.", - "type": "object", - "properties": { - "name": { - "description": "The filter name to match on. For standard Envoy filters, [canonical filter](https://www.envoyproxy.io/docs/envoy/latest/version_history/v1.14.0#deprecated) names should be used.", - "type": "string" - }, - "subFilter": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.SubFilterMatch" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.SubFilterMatch": { - "description": "Conditions to match a specific filter within another filter. This field is typically useful to match a HTTP filter inside the `envoy.filters.network.http_connection_manager` network filter. This could also be applicable for thrift filters.", - "type": "object", - "properties": { - "name": { - "description": "The filter name to match on.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.Patch": { - "description": "Patch specifies how the selected object should be modified.", - "type": "object", - "properties": { - "operation": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.Patch.Operation" - }, - "value": { - "description": "The JSON config of the object being patched. This will be merged using proto merge semantics with the existing proto in the path.", - "type": "object" - }, - "filterClass": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.Patch.FilterClass" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.Patch.FilterClass": { - "description": "FilterClass determines the filter insertion point in the filter chain relative to the filters implicitly inserted by the control plane. It is used in conjunction with the `ADD` operation. This is the preferred insertion mechanism for adding filters over the `INSERT_*` operations since those operations rely on potentially unstable filter names. Filter ordering is important if your filter depends on or affects the functioning of a another filter in the filter chain. Within a filter class, filters are inserted in the order of processing.", - "type": "string", - "enum": [ - "UNSPECIFIED", - "AUTHN", - "AUTHZ", - "STATS" - ] - }, - "istio.networking.v1alpha3.EnvoyFilter.Patch.Operation": { - "description": "Operation denotes how the patch should be applied to the selected configuration.", - "type": "string", - "enum": [ - "INVALID", - "MERGE", - "ADD", - "REMOVE", - "INSERT_BEFORE", - "INSERT_AFTER", - "INSERT_FIRST", - "REPLACE" - ] - }, - "istio.networking.v1alpha3.EnvoyFilter.PatchContext": { - "description": "PatchContext selects a class of configurations based on the traffic flow direction and workload type.", - "type": "string", - "enum": [ - "ANY", - "SIDECAR_INBOUND", - "SIDECAR_OUTBOUND", - "GATEWAY" - ] - }, - "istio.networking.v1alpha3.EnvoyFilter.ProxyMatch": { - "description": "One or more properties of the proxy to match on.", - "type": "object", - "properties": { - "proxyVersion": { - "description": "A regular expression in golang regex format (RE2) that can be used to select proxies using a specific version of istio proxy. The Istio version for a given proxy is obtained from the node metadata field `ISTIO_VERSION` supplied by the proxy when connecting to Pilot. This value is embedded as an environment variable (`ISTIO_META_ISTIO_VERSION`) in the Istio proxy docker image. Custom proxy implementations should provide this metadata variable to take advantage of the Istio version check option.", - "type": "string" - }, - "metadata": { - "description": "Match on the node metadata supplied by a proxy when connecting to Istio Pilot. Note that while Envoy's node metadata is of type Struct, only string key-value pairs are processed by Pilot. All keys specified in the metadata must match with exact values. The match will fail if any of the specified keys are absent or the values fail to match.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch": { - "description": "Conditions specified in RouteConfigurationMatch must be met for the patch to be applied to a route configuration object or a specific virtual host within the route configuration.", - "type": "object", - "properties": { - "portNumber": { - "description": "The service port number or gateway server port number for which this route configuration was generated. If omitted, applies to route configurations for all ports.", - "type": "integer" - }, - "portName": { - "description": "Applicable only for GATEWAY context. The gateway server port name for which this route configuration was generated.", - "type": "string" - }, - "gateway": { - "description": "The Istio gateway config's namespace/name for which this route configuration was generated. Applies only if the context is GATEWAY. Should be in the namespace/name format. Use this field in conjunction with the `portNumber` and `portName` to accurately select the Envoy route configuration for a specific HTTPS server within a gateway config object.", - "type": "string" - }, - "vhost": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch" - }, - "name": { - "description": "Route configuration name to match on. Can be used to match a specific route configuration by name, such as the internally generated `http_proxy` route configuration for all sidecars.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch": { - "description": "Match a specific route inside a virtual host in a route configuration.", - "type": "object", - "properties": { - "name": { - "description": "The Route objects generated by default are named as default. Route objects generated using a virtual service will carry the name used in the virtual service's HTTP routes.", - "type": "string" - }, - "action": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.Action" - } - } - }, - "istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.Action": { - "description": "Action refers to the route action taken by Envoy when a http route matches.", - "type": "string", - "enum": [ - "ANY", - "ROUTE", - "REDIRECT", - "DIRECT_RESPONSE" - ] - }, - "istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch": { - "description": "Match a specific virtual host inside a route configuration.", - "type": "object", - "properties": { - "name": { - "description": "The VirtualHosts objects generated by Istio are named as host:port, where the host typically corresponds to the VirtualService's host field or the hostname of a service in the registry.", - "type": "string" - }, - "route": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch" - } - } - }, - "istio.networking.v1alpha3.WorkloadSelector": { - "description": "`WorkloadSelector` specifies the criteria used to determine if the `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` configuration can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.", - "type": "object", - "properties": { - "labels": { - "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. The scope of label search is restricted to the configuration namespace in which the the resource is present.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.go b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.go index e0282014f..3670ff55c 100644 --- a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: networking/v1alpha3/envoy_filter.proto @@ -335,7 +335,7 @@ // # to avoid accidental name collisions. // - applyTo: EXTENSION_CONFIG // patch: -// operation: ADD # REPLACE is also supported, and would override a cluster level resource with the same name. +// operation: ADD // value: // name: my-wasm-extension // typed_config: @@ -372,41 +372,6 @@ // type_urls: ["type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm"] // ``` // -// The following example adds a Wasm service extension for all proxies using a locally available Wasm file. -// The singleton Wasm extension is used to maintain a shared state between workers executing Wasm filters. -// For example, a local rate limit extension would rely on a singleton to limit requests across all workers. -// As another example, an authorization Wasm extension can use a singleton to maintain a database of accounts. -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: EnvoyFilter -// metadata: -// name: wasm-service -// namespace: myns -// spec: -// configPatches: -// - applyTo: BOOTSTRAP -// patch: -// operation: MERGE -// value: -// bootstrap_extensions: -// - name: envoy.bootstrap.wasm -// typed_config: -// "@type": type.googleapis.com/envoy.extensions.wasm.v3.WasmService -// singleton: true -// config: -// name: my_plugin -// configuration: -// "@type": type.googleapis.com/google.protobuf.StringValue -// value: | -// {} -// vm_config: -// runtime: "envoy.wasm.runtime.v8" -// code: -// local: -// filename: "/etc/envoy_filter_http_wasm_example.wasm" -// ``` -// // The following example inserts an `envoy.filters.listener.proxy_protocol` listener filter before the `envoy.filters.listener.tls_inspector`. // // ```yaml @@ -419,7 +384,7 @@ // configPatches: // - applyTo: LISTENER_FILTER // match: -// context: SIDECAR_INBOUND # will match outbound listeners in all sidecars +// context: SIDECAR_INBOUND # will match inbound listeners in all sidecars // listener: // portNumber: 15006 // listenerFilter: "envoy.filters.listener.tls_inspector" @@ -435,9 +400,9 @@ package v1alpha3 import ( _struct "github.com/golang/protobuf/ptypes/struct" - _ "google.golang.org/genproto/googleapis/api/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + v1beta1 "istio.io/api/type/v1beta1" reflect "reflect" sync "sync" ) @@ -480,7 +445,7 @@ const ( // Applies the patch to or adds an extension config in ECDS output. Note that ECDS // is only supported by HTTP filters. EnvoyFilter_EXTENSION_CONFIG EnvoyFilter_ApplyTo = 9 - // Applies the patch to bootstrap configuration. + // DEPRECATED. Applies the patch to bootstrap configuration. EnvoyFilter_BOOTSTRAP EnvoyFilter_ApplyTo = 10 // Applies the patch to the listener filter. EnvoyFilter_LISTENER_FILTER EnvoyFilter_ApplyTo = 11 @@ -840,12 +805,13 @@ func (EnvoyFilter_Patch_FilterClass) EnumDescriptor() ([]byte, []int) { // // @@ -856,6 +822,7 @@ func (EnvoyFilter_Patch_FilterClass) EnumDescriptor() ([]byte, []int) { // +genclient // +k8s:deepcopy-gen=true // --> +// +kubebuilder:validation:XValidation:message="only one of targetRefs or workloadSelector can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1" type EnvoyFilter struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -864,12 +831,29 @@ type EnvoyFilter struct { // Criteria used to select the specific set of pods/VMs on which // this patch configuration should be applied. If omitted, the set // of patches in this configuration will be applied to all workload - // instances in the same namespace. If omitted, the `EnvoyFilter` - // patches will be applied to all workloads in the same - // namespace. If the `EnvoyFilter` is present in the config root - // namespace, it will be applied to all applicable workloads in any - // namespace. + // instances in the same namespace. If the `EnvoyFilter` is present + // in the config root namespace, it will be applied to all applicable + // workloads in any namespace. WorkloadSelector *WorkloadSelector `protobuf:"bytes,3,opt,name=workload_selector,json=workloadSelector,proto3" json:"workload_selector,omitempty"` + // Optional. The targetRefs specifies a list of resources the policy should be + // applied to. The targeted resources specified will determine which workloads + // the policy applies to. + // + // Currently, the following resource attachment types are supported: + // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. + // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. + // + // If not set, the policy is applied as defined by the selector. + // At most one of the selector and targetRefs can be set. + // + // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, + // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. + // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) + // from misinterpreting the policy as namespace-wide during the upgrade process. + // + // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. + // +kubebuilder:validation:MaxItems=16 + TargetRefs []*v1beta1.PolicyTargetReference `protobuf:"bytes,6,rep,name=targetRefs,proto3" json:"targetRefs,omitempty"` // One or more patches with match conditions. ConfigPatches []*EnvoyFilter_EnvoyConfigObjectPatch `protobuf:"bytes,4,rep,name=config_patches,json=configPatches,proto3" json:"config_patches,omitempty"` // Priority defines the order in which patch sets are applied within a context. @@ -893,11 +877,9 @@ type EnvoyFilter struct { func (x *EnvoyFilter) Reset() { *x = EnvoyFilter{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter) String() string { @@ -908,7 +890,7 @@ func (*EnvoyFilter) ProtoMessage() {} func (x *EnvoyFilter) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -930,6 +912,13 @@ func (x *EnvoyFilter) GetWorkloadSelector() *WorkloadSelector { return nil } +func (x *EnvoyFilter) GetTargetRefs() []*v1beta1.PolicyTargetReference { + if x != nil { + return x.TargetRefs + } + return nil +} + func (x *EnvoyFilter) GetConfigPatches() []*EnvoyFilter_EnvoyConfigObjectPatch { if x != nil { return x.ConfigPatches @@ -970,11 +959,9 @@ type EnvoyFilter_ProxyMatch struct { func (x *EnvoyFilter_ProxyMatch) Reset() { *x = EnvoyFilter_ProxyMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_ProxyMatch) String() string { @@ -985,7 +972,7 @@ func (*EnvoyFilter_ProxyMatch) ProtoMessage() {} func (x *EnvoyFilter_ProxyMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1043,11 +1030,9 @@ type EnvoyFilter_ClusterMatch struct { func (x *EnvoyFilter_ClusterMatch) Reset() { *x = EnvoyFilter_ClusterMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_ClusterMatch) String() string { @@ -1058,7 +1043,7 @@ func (*EnvoyFilter_ClusterMatch) ProtoMessage() {} func (x *EnvoyFilter_ClusterMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1134,11 +1119,9 @@ type EnvoyFilter_RouteConfigurationMatch struct { func (x *EnvoyFilter_RouteConfigurationMatch) Reset() { *x = EnvoyFilter_RouteConfigurationMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_RouteConfigurationMatch) String() string { @@ -1149,7 +1132,7 @@ func (*EnvoyFilter_RouteConfigurationMatch) ProtoMessage() {} func (x *EnvoyFilter_RouteConfigurationMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1233,11 +1216,9 @@ type EnvoyFilter_ListenerMatch struct { func (x *EnvoyFilter_ListenerMatch) Reset() { *x = EnvoyFilter_ListenerMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_ListenerMatch) String() string { @@ -1248,7 +1229,7 @@ func (*EnvoyFilter_ListenerMatch) ProtoMessage() {} func (x *EnvoyFilter_ListenerMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1315,11 +1296,9 @@ type EnvoyFilter_Patch struct { func (x *EnvoyFilter_Patch) Reset() { *x = EnvoyFilter_Patch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_Patch) String() string { @@ -1330,7 +1309,7 @@ func (*EnvoyFilter_Patch) ProtoMessage() {} func (x *EnvoyFilter_Patch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1389,11 +1368,9 @@ type EnvoyFilter_EnvoyConfigObjectMatch struct { func (x *EnvoyFilter_EnvoyConfigObjectMatch) Reset() { *x = EnvoyFilter_EnvoyConfigObjectMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_EnvoyConfigObjectMatch) String() string { @@ -1404,7 +1381,7 @@ func (*EnvoyFilter_EnvoyConfigObjectMatch) ProtoMessage() {} func (x *EnvoyFilter_EnvoyConfigObjectMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1513,11 +1490,9 @@ type EnvoyFilter_EnvoyConfigObjectPatch struct { func (x *EnvoyFilter_EnvoyConfigObjectPatch) Reset() { *x = EnvoyFilter_EnvoyConfigObjectPatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_EnvoyConfigObjectPatch) String() string { @@ -1528,7 +1503,7 @@ func (*EnvoyFilter_EnvoyConfigObjectPatch) ProtoMessage() {} func (x *EnvoyFilter_EnvoyConfigObjectPatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1581,11 +1556,9 @@ type EnvoyFilter_RouteConfigurationMatch_RouteMatch struct { func (x *EnvoyFilter_RouteConfigurationMatch_RouteMatch) Reset() { *x = EnvoyFilter_RouteConfigurationMatch_RouteMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_RouteConfigurationMatch_RouteMatch) String() string { @@ -1596,7 +1569,7 @@ func (*EnvoyFilter_RouteConfigurationMatch_RouteMatch) ProtoMessage() {} func (x *EnvoyFilter_RouteConfigurationMatch_RouteMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1642,11 +1615,9 @@ type EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch struct { func (x *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) Reset() { *x = EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) String() string { @@ -1657,7 +1628,7 @@ func (*EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) ProtoMessage() {} func (x *EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1731,11 +1702,9 @@ type EnvoyFilter_ListenerMatch_FilterChainMatch struct { func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) Reset() { *x = EnvoyFilter_ListenerMatch_FilterChainMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) String() string { @@ -1746,7 +1715,7 @@ func (*EnvoyFilter_ListenerMatch_FilterChainMatch) ProtoMessage() {} func (x *EnvoyFilter_ListenerMatch_FilterChainMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1821,11 +1790,9 @@ type EnvoyFilter_ListenerMatch_FilterMatch struct { func (x *EnvoyFilter_ListenerMatch_FilterMatch) Reset() { *x = EnvoyFilter_ListenerMatch_FilterMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_ListenerMatch_FilterMatch) String() string { @@ -1836,7 +1803,7 @@ func (*EnvoyFilter_ListenerMatch_FilterMatch) ProtoMessage() {} func (x *EnvoyFilter_ListenerMatch_FilterMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1880,11 +1847,9 @@ type EnvoyFilter_ListenerMatch_SubFilterMatch struct { func (x *EnvoyFilter_ListenerMatch_SubFilterMatch) Reset() { *x = EnvoyFilter_ListenerMatch_SubFilterMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *EnvoyFilter_ListenerMatch_SubFilterMatch) String() string { @@ -1895,7 +1860,7 @@ func (*EnvoyFilter_ListenerMatch_SubFilterMatch) ProtoMessage() {} func (x *EnvoyFilter_ListenerMatch_SubFilterMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_envoy_filter_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1924,226 +1889,230 @@ var file_networking_v1alpha3_envoy_filter_proto_rawDesc = []byte{ 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x65, 0x6e, 0x76, 0x6f, 0x79, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x12, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x33, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, - 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, - 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0x9f, 0x1a, 0x0a, 0x0b, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x58, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, - 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, - 0x69, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x65, - 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, - 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, - 0x74, 0x50, 0x61, 0x74, 0x63, 0x68, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0d, 0x63, 0x6f, 0x6e, - 0x66, 0x69, 0x67, 0x50, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, - 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, 0x70, 0x72, - 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x1a, 0xcb, 0x01, 0x0a, 0x0a, 0x50, 0x72, 0x6f, 0x78, 0x79, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x76, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x70, 0x72, - 0x6f, 0x78, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x5b, 0x0a, 0x08, 0x6d, 0x65, - 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x69, + 0x68, 0x61, 0x33, 0x1a, 0x1c, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2f, 0x73, 0x74, 0x72, 0x75, 0x63, 0x74, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x1a, 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x73, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x2e, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x1b, 0x74, 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, + 0x61, 0x31, 0x2f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x22, 0xe5, 0x1a, 0x0a, 0x0b, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x12, 0x58, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, + 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, - 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, - 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x6d, - 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, 0x65, 0x74, 0x61, 0x64, - 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x75, 0x0a, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x70, 0x6f, 0x72, 0x74, 0x4e, - 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, - 0x16, 0x0a, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xc4, 0x04, 0x0a, 0x17, - 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x5f, - 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x70, 0x6f, - 0x72, 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6f, 0x72, 0x74, - 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6f, 0x72, - 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, - 0x65, 0x0a, 0x05, 0x76, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x4f, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, + 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, + 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x0a, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, + 0x65, 0x74, 0x61, 0x31, 0x2e, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x61, 0x72, 0x67, 0x65, + 0x74, 0x52, 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, + 0x65, 0x74, 0x52, 0x65, 0x66, 0x73, 0x12, 0x64, 0x0a, 0x0e, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x5f, 0x70, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, - 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, - 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x56, - 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x05, 0x76, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xcb, 0x01, 0x0a, 0x0a, 0x52, - 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x68, 0x0a, - 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x50, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x52, 0x6f, - 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, - 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3f, 0x0a, 0x06, 0x41, 0x63, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x52, 0x4f, - 0x55, 0x54, 0x45, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x45, 0x44, 0x49, 0x52, 0x45, 0x43, - 0x54, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x5f, 0x52, 0x45, - 0x53, 0x50, 0x4f, 0x4e, 0x53, 0x45, 0x10, 0x03, 0x1a, 0x87, 0x01, 0x0a, 0x10, 0x56, 0x69, 0x72, - 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x5f, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, + 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x50, 0x61, 0x74, 0x63, 0x68, 0x52, 0x0d, 0x63, + 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x50, 0x61, 0x74, 0x63, 0x68, 0x65, 0x73, 0x12, 0x1a, 0x0a, 0x08, + 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x08, + 0x70, 0x72, 0x69, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x1a, 0xcb, 0x01, 0x0a, 0x0a, 0x50, 0x72, 0x6f, + 0x78, 0x79, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x23, 0x0a, 0x0d, 0x70, 0x72, 0x6f, 0x78, 0x79, + 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, + 0x70, 0x72, 0x6f, 0x78, 0x79, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x5b, 0x0a, 0x08, + 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, + 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x2e, 0x4d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, + 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x1a, 0x3b, 0x0a, 0x0d, 0x4d, 0x65, 0x74, + 0x61, 0x64, 0x61, 0x74, 0x61, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, + 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x75, 0x0a, 0x0c, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, + 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x70, 0x6f, 0x72, + 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, + 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xc4, 0x04, + 0x0a, 0x17, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, + 0x74, 0x5f, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, + 0x70, 0x6f, 0x72, 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6f, + 0x72, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, + 0x6f, 0x72, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, + 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, + 0x79, 0x12, 0x65, 0x0a, 0x05, 0x76, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x4f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x72, 0x6f, 0x75, - 0x74, 0x65, 0x1a, 0xc6, 0x05, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x70, 0x6f, 0x72, 0x74, 0x4e, - 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, 0x61, - 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6f, 0x72, 0x74, 0x4e, 0x61, - 0x6d, 0x65, 0x12, 0x68, 0x0a, 0x0c, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x68, 0x61, - 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, - 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x0b, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x27, 0x0a, 0x0f, - 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xa1, 0x02, 0x0a, 0x10, 0x46, 0x69, - 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, - 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, - 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x03, 0x73, 0x6e, 0x69, 0x12, 0x2d, 0x0a, 0x12, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, - 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x11, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x12, 0x33, 0x0a, 0x15, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x14, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x58, 0x0a, 0x06, 0x66, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, - 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x66, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, 0x64, 0x65, - 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x1a, 0x85, 0x01, - 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, - 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, - 0x65, 0x12, 0x62, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x4c, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x53, 0x75, 0x62, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x73, 0x75, 0x62, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x1a, 0x24, 0x0a, 0x0e, 0x53, 0x75, 0x62, 0x46, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xa8, 0x03, 0x0a, 0x05, - 0x50, 0x61, 0x74, 0x63, 0x68, 0x12, 0x54, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, - 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2d, 0x0a, 0x05, 0x76, - 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, 0x6f, 0x6f, - 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, 0x74, 0x72, - 0x75, 0x63, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x5b, 0x0a, 0x0c, 0x66, 0x69, - 0x6c, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, - 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x46, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x52, 0x0b, 0x66, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x22, 0x7c, 0x0a, 0x09, 0x4f, 0x70, 0x65, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, - 0x00, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x45, 0x52, 0x47, 0x45, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, - 0x41, 0x44, 0x44, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x45, 0x4d, 0x4f, 0x56, 0x45, 0x10, - 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x5f, 0x42, 0x45, 0x46, 0x4f, - 0x52, 0x45, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x5f, 0x41, - 0x46, 0x54, 0x45, 0x52, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, - 0x5f, 0x46, 0x49, 0x52, 0x53, 0x54, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, 0x50, 0x4c, - 0x41, 0x43, 0x45, 0x10, 0x07, 0x22, 0x3f, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, - 0x6c, 0x61, 0x73, 0x73, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, - 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x4e, 0x10, 0x01, - 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x5a, 0x10, 0x02, 0x12, 0x09, 0x0a, 0x05, 0x53, - 0x54, 0x41, 0x54, 0x53, 0x10, 0x03, 0x1a, 0xd8, 0x03, 0x0a, 0x16, 0x45, 0x6e, 0x76, 0x6f, 0x79, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x12, 0x4d, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, - 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, - 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, - 0x12, 0x47, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x05, 0x76, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xcb, 0x01, 0x0a, + 0x0a, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, + 0x68, 0x0a, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x50, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, - 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, 0x61, 0x74, - 0x63, 0x68, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x52, 0x0a, 0x08, 0x6c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, - 0x74, 0x65, 0x72, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x48, 0x00, 0x52, 0x08, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x71, 0x0a, - 0x13, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, + 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, + 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x41, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x06, 0x61, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x22, 0x3f, 0x0a, 0x06, 0x41, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, + 0x52, 0x4f, 0x55, 0x54, 0x45, 0x10, 0x01, 0x12, 0x0c, 0x0a, 0x08, 0x52, 0x45, 0x44, 0x49, 0x52, + 0x45, 0x43, 0x54, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x49, 0x52, 0x45, 0x43, 0x54, 0x5f, + 0x52, 0x45, 0x53, 0x50, 0x4f, 0x4e, 0x53, 0x45, 0x10, 0x03, 0x1a, 0x87, 0x01, 0x0a, 0x10, 0x56, + 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x5f, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x49, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, + 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x72, + 0x6f, 0x75, 0x74, 0x65, 0x1a, 0xc6, 0x05, 0x0a, 0x0d, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x6e, + 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0a, 0x70, 0x6f, 0x72, + 0x74, 0x4e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x70, 0x6f, 0x72, 0x74, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x6f, 0x72, 0x74, + 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x68, 0x0a, 0x0c, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x5f, 0x63, + 0x68, 0x61, 0x69, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x45, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x2e, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x0b, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x12, 0x27, + 0x0a, 0x0f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xa1, 0x02, 0x0a, 0x10, + 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x68, 0x61, 0x69, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x73, 0x6e, 0x69, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x03, 0x73, 0x6e, 0x69, 0x12, 0x2d, 0x0a, 0x12, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, + 0x6f, 0x72, 0x74, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x11, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x70, 0x6f, 0x72, 0x74, 0x50, 0x72, 0x6f, + 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x33, 0x0a, 0x15, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x18, 0x04, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x73, 0x12, 0x58, 0x0a, 0x06, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x40, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, - 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x12, 0x72, 0x6f, - 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x4f, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x65, 0x72, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x2e, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0f, + 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x72, 0x74, 0x1a, + 0x85, 0x01, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, + 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, + 0x61, 0x6d, 0x65, 0x12, 0x62, 0x0a, 0x0a, 0x73, 0x75, 0x62, 0x5f, 0x66, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x43, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, + 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x53, 0x75, + 0x62, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x09, 0x73, 0x75, + 0x62, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x1a, 0x24, 0x0a, 0x0e, 0x53, 0x75, 0x62, 0x46, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x1a, 0xa8, 0x03, + 0x0a, 0x05, 0x50, 0x61, 0x74, 0x63, 0x68, 0x12, 0x54, 0x0a, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x36, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, + 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, 0x2e, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x52, 0x09, 0x6f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x2d, 0x0a, + 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x17, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x53, + 0x74, 0x72, 0x75, 0x63, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x5b, 0x0a, 0x0c, + 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x5f, 0x63, 0x6c, 0x61, 0x73, 0x73, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, + 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, + 0x2e, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x52, 0x0b, 0x66, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x22, 0x7c, 0x0a, 0x09, 0x4f, 0x70, 0x65, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x0b, 0x0a, 0x07, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, + 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x4d, 0x45, 0x52, 0x47, 0x45, 0x10, 0x01, 0x12, 0x07, + 0x0a, 0x03, 0x41, 0x44, 0x44, 0x10, 0x02, 0x12, 0x0a, 0x0a, 0x06, 0x52, 0x45, 0x4d, 0x4f, 0x56, + 0x45, 0x10, 0x03, 0x12, 0x11, 0x0a, 0x0d, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, 0x5f, 0x42, 0x45, + 0x46, 0x4f, 0x52, 0x45, 0x10, 0x04, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x4e, 0x53, 0x45, 0x52, 0x54, + 0x5f, 0x41, 0x46, 0x54, 0x45, 0x52, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x4e, 0x53, 0x45, + 0x52, 0x54, 0x5f, 0x46, 0x49, 0x52, 0x53, 0x54, 0x10, 0x06, 0x12, 0x0b, 0x0a, 0x07, 0x52, 0x45, + 0x50, 0x4c, 0x41, 0x43, 0x45, 0x10, 0x07, 0x22, 0x3f, 0x0a, 0x0b, 0x46, 0x69, 0x6c, 0x74, 0x65, + 0x72, 0x43, 0x6c, 0x61, 0x73, 0x73, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, + 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x4e, + 0x10, 0x01, 0x12, 0x09, 0x0a, 0x05, 0x41, 0x55, 0x54, 0x48, 0x5a, 0x10, 0x02, 0x12, 0x09, 0x0a, + 0x05, 0x53, 0x54, 0x41, 0x54, 0x53, 0x10, 0x03, 0x1a, 0xd8, 0x03, 0x0a, 0x16, 0x45, 0x6e, 0x76, + 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x12, 0x4d, 0x0a, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x0e, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, + 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, + 0x63, 0x68, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, 0x52, 0x07, 0x63, 0x6f, 0x6e, 0x74, 0x65, + 0x78, 0x74, 0x12, 0x47, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, - 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x43, 0x6c, 0x75, 0x73, 0x74, 0x65, - 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, - 0x72, 0x42, 0x0e, 0x0a, 0x0c, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x79, 0x70, 0x65, - 0x73, 0x1a, 0xfc, 0x01, 0x0a, 0x16, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, - 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x50, 0x61, 0x74, 0x63, 0x68, 0x12, 0x49, 0x0a, 0x08, - 0x61, 0x70, 0x70, 0x6c, 0x79, 0x5f, 0x74, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2e, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, - 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, 0x52, 0x07, - 0x61, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, 0x12, 0x53, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x45, - 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x42, 0x0a, 0x05, - 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, - 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, - 0x22, 0xdd, 0x01, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, 0x12, 0x0b, 0x0a, 0x07, - 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x4c, 0x49, 0x53, - 0x54, 0x45, 0x4e, 0x45, 0x52, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x46, 0x49, 0x4c, 0x54, 0x45, - 0x52, 0x5f, 0x43, 0x48, 0x41, 0x49, 0x4e, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x4e, 0x45, 0x54, - 0x57, 0x4f, 0x52, 0x4b, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, 0x10, 0x03, 0x12, 0x0f, 0x0a, - 0x0b, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, 0x10, 0x04, 0x12, 0x17, - 0x0a, 0x13, 0x52, 0x4f, 0x55, 0x54, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x55, 0x52, - 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x49, 0x52, 0x54, 0x55, - 0x41, 0x4c, 0x5f, 0x48, 0x4f, 0x53, 0x54, 0x10, 0x06, 0x12, 0x0e, 0x0a, 0x0a, 0x48, 0x54, 0x54, - 0x50, 0x5f, 0x52, 0x4f, 0x55, 0x54, 0x45, 0x10, 0x07, 0x12, 0x0b, 0x0a, 0x07, 0x43, 0x4c, 0x55, - 0x53, 0x54, 0x45, 0x52, 0x10, 0x08, 0x12, 0x14, 0x0a, 0x10, 0x45, 0x58, 0x54, 0x45, 0x4e, 0x53, - 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x10, 0x09, 0x12, 0x0d, 0x0a, 0x09, - 0x42, 0x4f, 0x4f, 0x54, 0x53, 0x54, 0x52, 0x41, 0x50, 0x10, 0x0a, 0x12, 0x13, 0x0a, 0x0f, 0x4c, - 0x49, 0x53, 0x54, 0x45, 0x4e, 0x45, 0x52, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, 0x10, 0x0b, - 0x22, 0x4f, 0x0a, 0x0c, 0x50, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6f, 0x6e, 0x74, 0x65, 0x78, 0x74, - 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x53, 0x49, 0x44, - 0x45, 0x43, 0x41, 0x52, 0x5f, 0x49, 0x4e, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x01, 0x12, 0x14, - 0x0a, 0x10, 0x53, 0x49, 0x44, 0x45, 0x43, 0x41, 0x52, 0x5f, 0x4f, 0x55, 0x54, 0x42, 0x4f, 0x55, - 0x4e, 0x44, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x47, 0x41, 0x54, 0x45, 0x57, 0x41, 0x59, 0x10, - 0x03, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x07, 0x66, - 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x33, + 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x4d, + 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x12, 0x52, 0x0a, 0x08, 0x6c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x34, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, + 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x08, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, + 0x71, 0x0a, 0x13, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x5f, 0x63, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, + 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, + 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x12, + 0x72, 0x6f, 0x75, 0x74, 0x65, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x75, 0x72, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x12, 0x4f, 0x0a, 0x07, 0x63, 0x6c, 0x75, 0x73, 0x74, 0x65, 0x72, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x43, 0x6c, 0x75, 0x73, + 0x74, 0x65, 0x72, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x48, 0x00, 0x52, 0x07, 0x63, 0x6c, 0x75, 0x73, + 0x74, 0x65, 0x72, 0x42, 0x0e, 0x0a, 0x0c, 0x6f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x74, 0x79, + 0x70, 0x65, 0x73, 0x1a, 0xfc, 0x01, 0x0a, 0x16, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, + 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x50, 0x61, 0x74, 0x63, 0x68, 0x12, 0x49, + 0x0a, 0x08, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x5f, 0x74, 0x6f, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, + 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, + 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, + 0x52, 0x07, 0x61, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, 0x12, 0x53, 0x0a, 0x05, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, 0x69, 0x6c, 0x74, 0x65, 0x72, + 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x4f, 0x62, 0x6a, 0x65, + 0x63, 0x74, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x42, + 0x0a, 0x05, 0x70, 0x61, 0x74, 0x63, 0x68, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x6e, 0x76, 0x6f, 0x79, 0x46, + 0x69, 0x6c, 0x74, 0x65, 0x72, 0x2e, 0x50, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x70, 0x61, 0x74, + 0x63, 0x68, 0x22, 0xdd, 0x01, 0x0a, 0x07, 0x41, 0x70, 0x70, 0x6c, 0x79, 0x54, 0x6f, 0x12, 0x0b, + 0x0a, 0x07, 0x49, 0x4e, 0x56, 0x41, 0x4c, 0x49, 0x44, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x4c, + 0x49, 0x53, 0x54, 0x45, 0x4e, 0x45, 0x52, 0x10, 0x01, 0x12, 0x10, 0x0a, 0x0c, 0x46, 0x49, 0x4c, + 0x54, 0x45, 0x52, 0x5f, 0x43, 0x48, 0x41, 0x49, 0x4e, 0x10, 0x02, 0x12, 0x12, 0x0a, 0x0e, 0x4e, + 0x45, 0x54, 0x57, 0x4f, 0x52, 0x4b, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, 0x10, 0x03, 0x12, + 0x0f, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, 0x10, 0x04, + 0x12, 0x17, 0x0a, 0x13, 0x52, 0x4f, 0x55, 0x54, 0x45, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, + 0x55, 0x52, 0x41, 0x54, 0x49, 0x4f, 0x4e, 0x10, 0x05, 0x12, 0x10, 0x0a, 0x0c, 0x56, 0x49, 0x52, + 0x54, 0x55, 0x41, 0x4c, 0x5f, 0x48, 0x4f, 0x53, 0x54, 0x10, 0x06, 0x12, 0x0e, 0x0a, 0x0a, 0x48, + 0x54, 0x54, 0x50, 0x5f, 0x52, 0x4f, 0x55, 0x54, 0x45, 0x10, 0x07, 0x12, 0x0b, 0x0a, 0x07, 0x43, + 0x4c, 0x55, 0x53, 0x54, 0x45, 0x52, 0x10, 0x08, 0x12, 0x14, 0x0a, 0x10, 0x45, 0x58, 0x54, 0x45, + 0x4e, 0x53, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x4f, 0x4e, 0x46, 0x49, 0x47, 0x10, 0x09, 0x12, 0x0d, + 0x0a, 0x09, 0x42, 0x4f, 0x4f, 0x54, 0x53, 0x54, 0x52, 0x41, 0x50, 0x10, 0x0a, 0x12, 0x13, 0x0a, + 0x0f, 0x4c, 0x49, 0x53, 0x54, 0x45, 0x4e, 0x45, 0x52, 0x5f, 0x46, 0x49, 0x4c, 0x54, 0x45, 0x52, + 0x10, 0x0b, 0x22, 0x4f, 0x0a, 0x0c, 0x50, 0x61, 0x74, 0x63, 0x68, 0x43, 0x6f, 0x6e, 0x74, 0x65, + 0x78, 0x74, 0x12, 0x07, 0x0a, 0x03, 0x41, 0x4e, 0x59, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x53, + 0x49, 0x44, 0x45, 0x43, 0x41, 0x52, 0x5f, 0x49, 0x4e, 0x42, 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x01, + 0x12, 0x14, 0x0a, 0x10, 0x53, 0x49, 0x44, 0x45, 0x43, 0x41, 0x52, 0x5f, 0x4f, 0x55, 0x54, 0x42, + 0x4f, 0x55, 0x4e, 0x44, 0x10, 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x47, 0x41, 0x54, 0x45, 0x57, 0x41, + 0x59, 0x10, 0x03, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, + 0x07, 0x66, 0x69, 0x6c, 0x74, 0x65, 0x72, 0x73, 0x52, 0x0f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -2160,7 +2129,7 @@ func file_networking_v1alpha3_envoy_filter_proto_rawDescGZIP() []byte { var file_networking_v1alpha3_envoy_filter_proto_enumTypes = make([]protoimpl.EnumInfo, 5) var file_networking_v1alpha3_envoy_filter_proto_msgTypes = make([]protoimpl.MessageInfo, 14) -var file_networking_v1alpha3_envoy_filter_proto_goTypes = []interface{}{ +var file_networking_v1alpha3_envoy_filter_proto_goTypes = []any{ (EnvoyFilter_ApplyTo)(0), // 0: istio.networking.v1alpha3.EnvoyFilter.ApplyTo (EnvoyFilter_PatchContext)(0), // 1: istio.networking.v1alpha3.EnvoyFilter.PatchContext (EnvoyFilter_RouteConfigurationMatch_RouteMatch_Action)(0), // 2: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.Action @@ -2181,34 +2150,36 @@ var file_networking_v1alpha3_envoy_filter_proto_goTypes = []interface{}{ (*EnvoyFilter_ListenerMatch_FilterMatch)(nil), // 17: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch (*EnvoyFilter_ListenerMatch_SubFilterMatch)(nil), // 18: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.SubFilterMatch (*WorkloadSelector)(nil), // 19: istio.networking.v1alpha3.WorkloadSelector - (*_struct.Struct)(nil), // 20: google.protobuf.Struct + (*v1beta1.PolicyTargetReference)(nil), // 20: istio.type.v1beta1.PolicyTargetReference + (*_struct.Struct)(nil), // 21: google.protobuf.Struct } var file_networking_v1alpha3_envoy_filter_proto_depIdxs = []int32{ 19, // 0: istio.networking.v1alpha3.EnvoyFilter.workload_selector:type_name -> istio.networking.v1alpha3.WorkloadSelector - 12, // 1: istio.networking.v1alpha3.EnvoyFilter.config_patches:type_name -> istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch - 13, // 2: istio.networking.v1alpha3.EnvoyFilter.ProxyMatch.metadata:type_name -> istio.networking.v1alpha3.EnvoyFilter.ProxyMatch.MetadataEntry - 15, // 3: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.vhost:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch - 16, // 4: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.filter_chain:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch - 3, // 5: istio.networking.v1alpha3.EnvoyFilter.Patch.operation:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch.Operation - 20, // 6: istio.networking.v1alpha3.EnvoyFilter.Patch.value:type_name -> google.protobuf.Struct - 4, // 7: istio.networking.v1alpha3.EnvoyFilter.Patch.filter_class:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch.FilterClass - 1, // 8: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.context:type_name -> istio.networking.v1alpha3.EnvoyFilter.PatchContext - 6, // 9: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.proxy:type_name -> istio.networking.v1alpha3.EnvoyFilter.ProxyMatch - 9, // 10: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.listener:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch - 8, // 11: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.route_configuration:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch - 7, // 12: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.cluster:type_name -> istio.networking.v1alpha3.EnvoyFilter.ClusterMatch - 0, // 13: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.apply_to:type_name -> istio.networking.v1alpha3.EnvoyFilter.ApplyTo - 11, // 14: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.match:type_name -> istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch - 10, // 15: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.patch:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch - 2, // 16: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.action:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.Action - 14, // 17: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch.route:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch - 17, // 18: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch.filter:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch - 18, // 19: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch.sub_filter:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.SubFilterMatch - 20, // [20:20] is the sub-list for method output_type - 20, // [20:20] is the sub-list for method input_type - 20, // [20:20] is the sub-list for extension type_name - 20, // [20:20] is the sub-list for extension extendee - 0, // [0:20] is the sub-list for field type_name + 20, // 1: istio.networking.v1alpha3.EnvoyFilter.targetRefs:type_name -> istio.type.v1beta1.PolicyTargetReference + 12, // 2: istio.networking.v1alpha3.EnvoyFilter.config_patches:type_name -> istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch + 13, // 3: istio.networking.v1alpha3.EnvoyFilter.ProxyMatch.metadata:type_name -> istio.networking.v1alpha3.EnvoyFilter.ProxyMatch.MetadataEntry + 15, // 4: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.vhost:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch + 16, // 5: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.filter_chain:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch + 3, // 6: istio.networking.v1alpha3.EnvoyFilter.Patch.operation:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch.Operation + 21, // 7: istio.networking.v1alpha3.EnvoyFilter.Patch.value:type_name -> google.protobuf.Struct + 4, // 8: istio.networking.v1alpha3.EnvoyFilter.Patch.filter_class:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch.FilterClass + 1, // 9: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.context:type_name -> istio.networking.v1alpha3.EnvoyFilter.PatchContext + 6, // 10: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.proxy:type_name -> istio.networking.v1alpha3.EnvoyFilter.ProxyMatch + 9, // 11: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.listener:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch + 8, // 12: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.route_configuration:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch + 7, // 13: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch.cluster:type_name -> istio.networking.v1alpha3.EnvoyFilter.ClusterMatch + 0, // 14: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.apply_to:type_name -> istio.networking.v1alpha3.EnvoyFilter.ApplyTo + 11, // 15: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.match:type_name -> istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectMatch + 10, // 16: istio.networking.v1alpha3.EnvoyFilter.EnvoyConfigObjectPatch.patch:type_name -> istio.networking.v1alpha3.EnvoyFilter.Patch + 2, // 17: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.action:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch.Action + 14, // 18: istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.VirtualHostMatch.route:type_name -> istio.networking.v1alpha3.EnvoyFilter.RouteConfigurationMatch.RouteMatch + 17, // 19: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterChainMatch.filter:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch + 18, // 20: istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.FilterMatch.sub_filter:type_name -> istio.networking.v1alpha3.EnvoyFilter.ListenerMatch.SubFilterMatch + 21, // [21:21] is the sub-list for method output_type + 21, // [21:21] is the sub-list for method input_type + 21, // [21:21] is the sub-list for extension type_name + 21, // [21:21] is the sub-list for extension extendee + 0, // [0:21] is the sub-list for field type_name } func init() { file_networking_v1alpha3_envoy_filter_proto_init() } @@ -2217,165 +2188,7 @@ func file_networking_v1alpha3_envoy_filter_proto_init() { return } file_networking_v1alpha3_sidecar_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1alpha3_envoy_filter_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_ProxyMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_ClusterMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_RouteConfigurationMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_ListenerMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_Patch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_EnvoyConfigObjectMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_EnvoyConfigObjectPatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_RouteConfigurationMatch_RouteMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_RouteConfigurationMatch_VirtualHostMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_ListenerMatch_FilterChainMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_ListenerMatch_FilterMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*EnvoyFilter_ListenerMatch_SubFilterMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1alpha3_envoy_filter_proto_msgTypes[6].OneofWrappers = []interface{}{ + file_networking_v1alpha3_envoy_filter_proto_msgTypes[6].OneofWrappers = []any{ (*EnvoyFilter_EnvoyConfigObjectMatch_Listener)(nil), (*EnvoyFilter_EnvoyConfigObjectMatch_RouteConfiguration)(nil), (*EnvoyFilter_EnvoyConfigObjectMatch_Cluster)(nil), diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.html b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.html index bea8f8a30..8008c6c70 100644 --- a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.pb.html @@ -294,7 +294,7 @@ # to avoid accidental name collisions. - applyTo: EXTENSION_CONFIG patch: - operation: ADD # REPLACE is also supported, and would override a cluster level resource with the same name. + operation: ADD value: name: my-wasm-extension typed_config: @@ -330,38 +330,6 @@ ads: {} type_urls: ["type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm"] -

    The following example adds a Wasm service extension for all proxies using a locally available Wasm file. -The singleton Wasm extension is used to maintain a shared state between workers executing Wasm filters. -For example, a local rate limit extension would rely on a singleton to limit requests across all workers. -As another example, an authorization Wasm extension can use a singleton to maintain a database of accounts.

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: EnvoyFilter
    -metadata:
    -  name: wasm-service
    -  namespace: myns
    -spec:
    -  configPatches:
    -  - applyTo: BOOTSTRAP
    -    patch:
    -      operation: MERGE
    -      value:
    -        bootstrap_extensions:
    -        - name: envoy.bootstrap.wasm
    -          typed_config:
    -            "@type": type.googleapis.com/envoy.extensions.wasm.v3.WasmService
    -            singleton: true
    -            config:
    -              name: my_plugin
    -              configuration:
    -                "@type": type.googleapis.com/google.protobuf.StringValue
    -                value: |
    -                  {}
    -              vm_config:
    -                runtime: "envoy.wasm.runtime.v8"
    -                code:
    -                  local:
    -                    filename: "/etc/envoy_filter_http_wasm_example.wasm"
    -

    The following example inserts an envoy.filters.listener.proxy_protocol listener filter before the envoy.filters.listener.tls_inspector.

    apiVersion: networking.istio.io/v1alpha3
     kind: EnvoyFilter
    @@ -372,7 +340,7 @@
       configPatches:
       - applyTo: LISTENER_FILTER
         match:
    -      context: SIDECAR_INBOUND # will match outbound listeners in all sidecars
    +      context: SIDECAR_INBOUND # will match inbound listeners in all sidecars
           listener:
             portNumber: 15006
             listenerFilter: "envoy.filters.listener.tls_inspector"
    @@ -400,17 +368,40 @@ 

    EnvoyFilter

    workloadSelectorworkloadSelector WorkloadSelector

    Criteria used to select the specific set of pods/VMs on which this patch configuration should be applied. If omitted, the set of patches in this configuration will be applied to all workload -instances in the same namespace. If omitted, the EnvoyFilter -patches will be applied to all workloads in the same -namespace. If the EnvoyFilter is present in the config root -namespace, it will be applied to all applicable workloads in any -namespace.

    +instances in the same namespace. If the EnvoyFilter is present +in the config root namespace, it will be applied to all applicable +workloads in any namespace.

    + +
    +No +
    targetRefsPolicyTargetReference[] +

    Optional. The targetRefs specifies a list of resources the policy should be +applied to. The targeted resources specified will determine which workloads +the policy applies to.

    +

    Currently, the following resource attachment types are supported:

    +
      +
    • kind: Gateway with group: gateway.networking.k8s.io in the same namespace.
    • +
    • kind: Service with "" in the same namespace. This type is only supported for waypoints.
    • +
    +

    If not set, the policy is applied as defined by the selector. +At most one of the selector and targetRefs can be set.

    +

    NOTE: If you are using the targetRefs field in a multi-revision environment with Istio versions prior to 1.22, +it is highly recommended that you pin the policy to a revision running 1.22+ via the istio.io/rev label. +This is to prevent proxies connected to older control planes (that don’t know about the targetRefs field) +from misinterpreting the policy as namespace-wide during the upgrade process.

    +

    NOTE: Waypoint proxies are required to use this field for policies to apply; selector policies will be ignored.

    @@ -418,18 +409,18 @@

    EnvoyFilter

    configPatchesconfigPatches EnvoyConfigObjectPatch[]

    One or more patches with match conditions.

    -Yes +No
    prioritypriority int32

    Priority defines the order in which patch sets are applied within a context. @@ -469,7 +460,7 @@

    EnvoyFilter.ProxyMatch

    proxyVersionproxyVersion string

    A regular expression in golang regex format (RE2) that can be @@ -487,7 +478,7 @@

    EnvoyFilter.ProxyMatch

    metadatametadata map<string, string>

    Match on the node metadata supplied by a proxy when connecting @@ -521,7 +512,7 @@

    EnvoyFilter.ClusterMatch

    portNumberportNumber uint32

    The service port for which this cluster was generated. If @@ -534,7 +525,7 @@

    EnvoyFilter.ClusterMatch

    serviceservice string

    The fully qualified service name for this cluster. If omitted, @@ -549,7 +540,7 @@

    EnvoyFilter.ClusterMatch

    subsetsubset string

    The subset associated with the service. If omitted, applies to @@ -561,7 +552,7 @@

    EnvoyFilter.ClusterMatch

    namename string

    The exact name of the cluster to match. To match a specific @@ -594,7 +585,7 @@

    EnvoyFilter.RouteConfigurationMatch

    portNumberportNumber uint32

    The service port number or gateway server port number for which @@ -607,7 +598,7 @@

    EnvoyFilter.RouteConfigurationMatch

    portNameportName string

    Applicable only for GATEWAY context. The gateway server port @@ -619,7 +610,7 @@

    EnvoyFilter.RouteConfigurationMatch

    gatewaygateway string

    The Istio gateway config’s namespace/name for which this route @@ -635,7 +626,7 @@

    EnvoyFilter.RouteConfigurationMatch

    vhostvhost VirtualHostMatch

    Match a specific virtual host in a route configuration and @@ -647,7 +638,7 @@

    EnvoyFilter.RouteConfigurationMatch

    namename string

    Route configuration name to match on. Can be used to match a @@ -679,7 +670,7 @@

    EnvoyFilter.ListenerMatch

    portNumberportNumber uint32

    The service port/gateway port to which traffic is being @@ -693,7 +684,7 @@

    EnvoyFilter.ListenerMatch

    filterChainfilterChain FilterChainMatch

    Match a specific filter chain in a listener. If specified, the @@ -707,7 +698,7 @@

    EnvoyFilter.ListenerMatch

    listenerFilterlistenerFilter string

    Match a specific listener filter. If specified, the @@ -719,7 +710,7 @@

    EnvoyFilter.ListenerMatch

    namename string

    Match a specific listener by its name. The listeners generated @@ -748,7 +739,7 @@

    EnvoyFilter.Patch

    operationoperation Operation

    Determines how the patch should be applied.

    @@ -759,7 +750,7 @@

    EnvoyFilter.Patch

    valuevalue Struct

    The JSON config of the object being patched. This will be merged using @@ -771,7 +762,7 @@

    EnvoyFilter.Patch

    filterClassfilterClass FilterClass

    Determines the filter insertion order.

    @@ -800,7 +791,7 @@

    EnvoyFilter.EnvoyConfigObjectMatch

    contextcontext PatchContext

    The specific config generation context to match on. Istio Pilot @@ -813,7 +804,7 @@

    EnvoyFilter.EnvoyConfigObjectMatch

    proxyproxy ProxyMatch

    Match on properties associated with a proxy.

    @@ -824,7 +815,7 @@

    EnvoyFilter.EnvoyConfigObjectMatch

    listenerlistener ListenerMatch (oneof)

    Match on envoy listener attributes.

    @@ -835,7 +826,7 @@

    EnvoyFilter.EnvoyConfigObjectMatch

    routeConfigurationrouteConfiguration RouteConfigurationMatch (oneof)

    Match on envoy HTTP route configuration attributes.

    @@ -846,7 +837,7 @@

    EnvoyFilter.EnvoyConfigObjectMatch

    clustercluster ClusterMatch (oneof)

    Match on envoy cluster attributes.

    @@ -874,7 +865,7 @@

    EnvoyFilter.EnvoyConfigObjectPatch

    applyToapplyTo ApplyTo

    Specifies where in the Envoy configuration, the patch should be @@ -893,7 +884,7 @@

    EnvoyFilter.EnvoyConfigObjectPatch

    matchmatch EnvoyConfigObjectMatch

    Match on listener/route configuration/cluster.

    @@ -904,7 +895,7 @@

    EnvoyFilter.EnvoyConfigObjectPatch

    patchpatch Patch

    The patch to apply along with the operation.

    @@ -932,7 +923,7 @@

    EnvoyFilter.RouteConfigu

    namename string

    The Route objects generated by default are named as @@ -946,7 +937,7 @@

    EnvoyFilter.RouteConfigu

    actionaction Action

    Match a route with specific action type.

    @@ -974,7 +965,7 @@

    EnvoyFilter.RouteC

    namename string

    The VirtualHosts objects generated by Istio are named as @@ -988,7 +979,7 @@

    EnvoyFilter.RouteC

    routeroute RouteMatch

    Match a specific route within the virtual host.

    @@ -1019,7 +1010,7 @@

    EnvoyFilter.ListenerMatch.Fi

    namename string

    The name assigned to the filter chain.

    @@ -1030,7 +1021,7 @@

    EnvoyFilter.ListenerMatch.Fi

    snisni string

    The SNI value used by a filter chain’s match condition. This @@ -1043,7 +1034,7 @@

    EnvoyFilter.ListenerMatch.Fi

    transportProtocoltransportProtocol string

    Applies only to SIDECAR_INBOUND context. If non-empty, a @@ -1063,7 +1054,7 @@

    EnvoyFilter.ListenerMatch.Fi

    applicationProtocolsapplicationProtocols string

    Applies only to sidecars. If non-empty, a comma separated set @@ -1079,7 +1070,7 @@

    EnvoyFilter.ListenerMatch.Fi

    filterfilter FilterMatch

    The name of a specific filter to apply the patch to. Set this @@ -1092,7 +1083,7 @@

    EnvoyFilter.ListenerMatch.Fi

    destinationPortdestinationPort uint32

    The destination_port value used by a filter chain’s match condition. @@ -1121,7 +1112,7 @@

    EnvoyFilter.ListenerMatch.FilterM

    namename string

    The filter name to match on. @@ -1134,7 +1125,7 @@

    EnvoyFilter.ListenerMatch.FilterM

    subFiltersubFilter SubFilterMatch

    The next level filter within this filter to match @@ -1167,7 +1158,7 @@

    EnvoyFilter.ListenerMatch.SubF

    namename string

    The filter name to match on.

    @@ -1193,28 +1184,28 @@

    EnvoyFilter.Route

    ANYANY

    All three route actions

    ROUTEROUTE

    Route traffic to a cluster / weighted clusters.

    REDIRECTREDIRECT

    Redirect request.

    DIRECT_RESPONSEDIRECT_RESPONSE

    directly respond to a request with specific payload.

    @@ -1237,12 +1228,12 @@

    EnvoyFilter.Patch.Operation

    INVALIDINVALID
    MERGEMERGE

    Merge the provided config with the generated config using proto merge semantics. If you are specifying config in its @@ -1251,7 +1242,7 @@

    EnvoyFilter.Patch.Operation

    ADDADD

    Add the provided config to an existing list (of listeners, clusters, virtual hosts, network filters, or http @@ -1261,7 +1252,7 @@

    EnvoyFilter.Patch.Operation

    REMOVEREMOVE

    Remove the selected object from the list (of listeners, clusters, virtual hosts, network filters, routes, or http @@ -1272,7 +1263,7 @@

    EnvoyFilter.Patch.Operation

    INSERT_BEFOREINSERT_BEFORE

    Insert operation on an array of named objects. This operation is typically useful only in the context of filters or routes, @@ -1287,7 +1278,7 @@

    EnvoyFilter.Patch.Operation

    INSERT_AFTERINSERT_AFTER

    Insert operation on an array of named objects. This operation is typically useful only in the context of filters or routes, @@ -1302,7 +1293,7 @@

    EnvoyFilter.Patch.Operation

    INSERT_FIRSTINSERT_FIRST

    Insert operation on an array of named objects. This operation is typically useful only in the context of filters or routes, @@ -1317,7 +1308,7 @@

    EnvoyFilter.Patch.Operation

    REPLACEREPLACE

    Replace contents of a named filter with new contents. REPLACE operation is only valid for HTTP_FILTER and @@ -1350,7 +1341,7 @@

    EnvoyFilter.Patch.FilterClass

    UNSPECIFIEDUNSPECIFIED

    Control plane decides where to insert the filter. Do not specify FilterClass if the filter is independent of others.

    @@ -1358,21 +1349,21 @@

    EnvoyFilter.Patch.FilterClass

    AUTHNAUTHN

    Insert filter after Istio authentication filters.

    AUTHZAUTHZ

    Insert filter after Istio authorization filters.

    STATSSTATS

    Insert filter before Istio stats filters.

    @@ -1394,26 +1385,26 @@

    EnvoyFilter.ApplyTo

    INVALIDINVALID
    LISTENERLISTENER

    Applies the patch to the listener.

    FILTER_CHAINFILTER_CHAIN

    Applies the patch to the filter chain.

    NETWORK_FILTERNETWORK_FILTER

    Applies the patch to the network filter chain, to modify an existing filter or add a new filter.

    @@ -1421,7 +1412,7 @@

    EnvoyFilter.ApplyTo

    HTTP_FILTERHTTP_FILTER

    Applies the patch to the HTTP filter chain in the http connection manager, to modify an existing filter or add a new @@ -1430,7 +1421,7 @@

    EnvoyFilter.ApplyTo

    ROUTE_CONFIGURATIONROUTE_CONFIGURATION

    Applies the patch to the Route configuration (rds output) inside a HTTP connection manager. This does not apply to the @@ -1440,14 +1431,14 @@

    EnvoyFilter.ApplyTo

    VIRTUAL_HOSTVIRTUAL_HOST

    Applies the patch to a virtual host inside a route configuration.

    HTTP_ROUTEHTTP_ROUTE

    Applies the patch to a route object inside the matched virtual host in a route configuration.

    @@ -1455,14 +1446,14 @@

    EnvoyFilter.ApplyTo

    CLUSTERCLUSTER

    Applies the patch to a cluster in a CDS output. Also used to add new clusters.

    EXTENSION_CONFIGEXTENSION_CONFIG

    Applies the patch to or adds an extension config in ECDS output. Note that ECDS is only supported by HTTP filters.

    @@ -1470,14 +1461,14 @@

    EnvoyFilter.ApplyTo

    BOOTSTRAPBOOTSTRAP -

    Applies the patch to bootstrap configuration.

    +

    DEPRECATED. Applies the patch to bootstrap configuration.

    LISTENER_FILTERLISTENER_FILTER

    Applies the patch to the listener filter.

    @@ -1500,28 +1491,28 @@

    EnvoyFilter.PatchContext

    ANYANY

    All listeners/routes/clusters in both sidecars and gateways.

    SIDECAR_INBOUNDSIDECAR_INBOUND

    Inbound listener/route/cluster in sidecar.

    SIDECAR_OUTBOUNDSIDECAR_OUTBOUND

    Outbound listener/route/cluster in sidecar.

    GATEWAYGATEWAY

    Gateway listener/route/cluster.

    diff --git a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.proto b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.proto index 633015c30..e71ffab46 100644 --- a/vendor/istio.io/api/networking/v1alpha3/envoy_filter.proto +++ b/vendor/istio.io/api/networking/v1alpha3/envoy_filter.proto @@ -14,9 +14,9 @@ syntax = "proto3"; -import "google/api/field_behavior.proto"; import "google/protobuf/struct.proto"; import "networking/v1alpha3/sidecar.proto"; +import "type/v1beta1/selector.proto"; // $schema: istio.networking.v1alpha3.EnvoyFilter // $title: Envoy Filter @@ -335,7 +335,7 @@ import "networking/v1alpha3/sidecar.proto"; // # to avoid accidental name collisions. // - applyTo: EXTENSION_CONFIG // patch: -// operation: ADD # REPLACE is also supported, and would override a cluster level resource with the same name. +// operation: ADD // value: // name: my-wasm-extension // typed_config: @@ -372,41 +372,6 @@ import "networking/v1alpha3/sidecar.proto"; // type_urls: ["type.googleapis.com/envoy.extensions.filters.http.wasm.v3.Wasm"] // ``` // -// The following example adds a Wasm service extension for all proxies using a locally available Wasm file. -// The singleton Wasm extension is used to maintain a shared state between workers executing Wasm filters. -// For example, a local rate limit extension would rely on a singleton to limit requests across all workers. -// As another example, an authorization Wasm extension can use a singleton to maintain a database of accounts. -// -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: EnvoyFilter -// metadata: -// name: wasm-service -// namespace: myns -// spec: -// configPatches: -// - applyTo: BOOTSTRAP -// patch: -// operation: MERGE -// value: -// bootstrap_extensions: -// - name: envoy.bootstrap.wasm -// typed_config: -// "@type": type.googleapis.com/envoy.extensions.wasm.v3.WasmService -// singleton: true -// config: -// name: my_plugin -// configuration: -// "@type": type.googleapis.com/google.protobuf.StringValue -// value: | -// {} -// vm_config: -// runtime: "envoy.wasm.runtime.v8" -// code: -// local: -// filename: "/etc/envoy_filter_http_wasm_example.wasm" -// ``` -// // The following example inserts an `envoy.filters.listener.proxy_protocol` listener filter before the `envoy.filters.listener.tls_inspector`. // // ```yaml @@ -419,7 +384,7 @@ import "networking/v1alpha3/sidecar.proto"; // configPatches: // - applyTo: LISTENER_FILTER // match: -// context: SIDECAR_INBOUND # will match outbound listeners in all sidecars +// context: SIDECAR_INBOUND # will match inbound listeners in all sidecars // listener: // portNumber: 15006 // listenerFilter: "envoy.filters.listener.tls_inspector" @@ -439,12 +404,13 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // @@ -455,6 +421,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // +genclient // +k8s:deepcopy-gen=true // --> +// +kubebuilder:validation:XValidation:message="only one of targetRefs or workloadSelector can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.targetRefs)?1:0)<=1" message EnvoyFilter { // `ApplyTo` specifies where in the Envoy configuration, the given patch should be applied. enum ApplyTo { @@ -496,7 +463,7 @@ message EnvoyFilter { // is only supported by HTTP filters. EXTENSION_CONFIG = 9; - // Applies the patch to bootstrap configuration. + // DEPRECATED. Applies the patch to bootstrap configuration. BOOTSTRAP = 10; // Applies the patch to the listener filter. @@ -878,15 +845,33 @@ message EnvoyFilter { // Criteria used to select the specific set of pods/VMs on which // this patch configuration should be applied. If omitted, the set // of patches in this configuration will be applied to all workload - // instances in the same namespace. If omitted, the `EnvoyFilter` - // patches will be applied to all workloads in the same - // namespace. If the `EnvoyFilter` is present in the config root - // namespace, it will be applied to all applicable workloads in any - // namespace. + // instances in the same namespace. If the `EnvoyFilter` is present + // in the config root namespace, it will be applied to all applicable + // workloads in any namespace. WorkloadSelector workload_selector = 3; + // Optional. The targetRefs specifies a list of resources the policy should be + // applied to. The targeted resources specified will determine which workloads + // the policy applies to. + // + // Currently, the following resource attachment types are supported: + // * `kind: Gateway` with `group: gateway.networking.k8s.io` in the same namespace. + // * `kind: Service` with `""` in the same namespace. This type is only supported for waypoints. + // + // If not set, the policy is applied as defined by the selector. + // At most one of the selector and targetRefs can be set. + // + // NOTE: If you are using the `targetRefs` field in a multi-revision environment with Istio versions prior to 1.22, + // it is highly recommended that you pin the policy to a revision running 1.22+ via the `istio.io/rev` label. + // This is to prevent proxies connected to older control planes (that don't know about the `targetRefs` field) + // from misinterpreting the policy as namespace-wide during the upgrade process. + // + // NOTE: Waypoint proxies are required to use this field for policies to apply; `selector` policies will be ignored. + // +kubebuilder:validation:MaxItems=16 + repeated istio.type.v1beta1.PolicyTargetReference targetRefs = 6; + // One or more patches with match conditions. - repeated EnvoyConfigObjectPatch config_patches = 4 [(google.api.field_behavior) = REQUIRED]; + repeated EnvoyConfigObjectPatch config_patches = 4; // Priority defines the order in which patch sets are applied within a context. // When one patch depends on another patch, the order of patch application diff --git a/vendor/istio.io/api/networking/v1alpha3/gateway.gen.json b/vendor/istio.io/api/networking/v1alpha3/gateway.gen.json deleted file mode 100644 index 7871cdb67..000000000 --- a/vendor/istio.io/api/networking/v1alpha3/gateway.gen.json +++ /dev/null @@ -1,170 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Configuration affecting edge load balancer.", - "version": "v1alpha3" - }, - "components": { - "schemas": { - "istio.networking.v1alpha3.Gateway": { - "description": "Gateway describes a load balancer operating at the edge of the mesh receiving incoming or outgoing HTTP/TCP connections.", - "type": "object", - "properties": { - "servers": { - "description": "A list of server specifications.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Server" - } - }, - "selector": { - "description": "One or more labels that indicate a specific set of pods/VMs on which this gateway configuration should be applied. By default workloads are searched across all namespaces based on label selectors. This implies that a gateway resource in the namespace \"foo\" can select pods in the namespace \"bar\" based on labels. This behavior can be controlled via the `PILOT_SCOPE_GATEWAY_TO_NAMESPACE` environment variable in istiod. If this variable is set to true, the scope of label search is restricted to the configuration namespace in which the the resource is present. In other words, the Gateway resource must reside in the same namespace as the gateway workload instance. If selector is nil, the Gateway will be applied to all workloads.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.Port": { - "description": "Port describes the properties of a specific port of a service.", - "type": "object", - "properties": { - "number": { - "description": "A valid non-negative integer port number.", - "type": "integer" - }, - "protocol": { - "description": "The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS can be either used to terminate non-HTTP based connections on a specific port or to route traffic based on SNI header to the destination without terminating the TLS connection.", - "type": "string" - }, - "name": { - "description": "Label assigned to the port.", - "type": "string" - }, - "targetPort": { - "description": "The port number on the endpoint where the traffic will be received. Applicable only when used with ServiceEntries. $hide_from_docs", - "type": "integer", - "deprecated": true - } - } - }, - "istio.networking.v1alpha3.Server": { - "description": "`Server` describes the properties of the proxy on a given load balancer port. For example,", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Port" - }, - "bind": { - "description": "The ip or the Unix domain socket to which the listener should be bound to. Format: `x.x.x.x` or `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). When using Unix domain sockets, the port number should be 0. This can be used to restrict the reachability of this server to be gateway internal only. This is typically used when a gateway needs to communicate to another mesh service e.g. publishing metrics. In such case, the server created with the specified bind will not be available to external gateway clients.", - "type": "string" - }, - "hosts": { - "description": "One or more hosts exposed by this gateway. While typically applicable to HTTP services, it can also be used for TCP services using TLS with SNI. A host is specified as a `dnsName` with an optional `namespace/` prefix. The `dnsName` should be specified using FQDN format, optionally including a wildcard character in the left-most component (e.g., `prod/*.example.com`). Set the `dnsName` to `*` to select all `VirtualService` hosts from the specified namespace (e.g.,`prod/*`).", - "type": "array", - "items": { - "type": "string" - } - }, - "tls": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServerTLSSettings" - }, - "defaultEndpoint": { - "description": "The loopback IP endpoint or Unix domain socket to which traffic should be forwarded to by default. Format should be `127.0.0.1:PORT` or `unix:///path/to/socket` or `unix://@foobar` (Linux abstract namespace). NOT IMPLEMENTED. $hide_from_docs", - "type": "string" - }, - "name": { - "description": "An optional name of the server, when set must be unique across all servers. This will be used for variety of purposes like prefixing stats generated with this name etc.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.ServerTLSSettings": { - "type": "object", - "properties": { - "httpsRedirect": { - "description": "If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.", - "type": "boolean" - }, - "mode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServerTLSSettings.TLSmode" - }, - "serverCertificate": { - "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file holding the server-side TLS certificate to use.", - "type": "string" - }, - "privateKey": { - "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file holding the server's private key.", - "type": "string" - }, - "caCertificates": { - "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file containing certificate authority certificates to use in verifying a presented client side certificate.", - "type": "string" - }, - "credentialName": { - "description": "For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates. Applicable only on Kubernetes. An Opaque secret should contain the following keys and values: `key: \u003cprivateKey\u003e` and `cert: \u003cserverCert\u003e`. For mutual TLS, `cacert: \u003cCACertificate\u003e` and `crl: \u003cCertificateRevocationList\u003e` can be provided in the same secret or a separate secret named `\u003csecret\u003e-cacert`. A TLS secret for server certificates with an additional `tls.ocsp-staple` key for specifying OCSP staple information, `ca.crt` key for CA certificates and `ca.crl` for certificate revocation list is also supported. Only one of server certificates and CA certificate or credentialName can be specified.", - "type": "string" - }, - "subjectAltNames": { - "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.", - "type": "array", - "items": { - "type": "string" - } - }, - "verifyCertificateSpki": { - "description": "An optional list of base64-encoded SHA-256 hashes of the SPKIs of authorized client certificates. Note: When both verify_certificate_hash and verify_certificate_spki are specified, a hash matching either value will result in the certificate being accepted.", - "type": "array", - "items": { - "type": "string" - } - }, - "verifyCertificateHash": { - "description": "An optional list of hex-encoded SHA-256 hashes of the authorized client certificates. Both simple and colon separated formats are acceptable. Note: When both verify_certificate_hash and verify_certificate_spki are specified, a hash matching either value will result in the certificate being accepted.", - "type": "array", - "items": { - "type": "string" - } - }, - "minProtocolVersion": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol" - }, - "maxProtocolVersion": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol" - }, - "cipherSuites": { - "description": "Optional: If specified, only support the specified cipher list. Otherwise default to the default cipher list supported by Envoy as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). The supported list of ciphers are: * `ECDHE-ECDSA-AES128-GCM-SHA256` * `ECDHE-RSA-AES128-GCM-SHA256` * `ECDHE-ECDSA-AES256-GCM-SHA384` * `ECDHE-RSA-AES256-GCM-SHA384` * `ECDHE-ECDSA-CHACHA20-POLY1305` * `ECDHE-RSA-CHACHA20-POLY1305` * `ECDHE-ECDSA-AES128-SHA` * `ECDHE-RSA-AES128-SHA` * `ECDHE-ECDSA-AES256-SHA` * `ECDHE-RSA-AES256-SHA` * `AES128-GCM-SHA256` * `AES256-GCM-SHA384` * `AES128-SHA` * `AES256-SHA` * `DES-CBC3-SHA`", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol": { - "description": "TLS protocol versions.", - "type": "string", - "enum": [ - "TLS_AUTO", - "TLSV1_0", - "TLSV1_1", - "TLSV1_2", - "TLSV1_3" - ] - }, - "istio.networking.v1alpha3.ServerTLSSettings.TLSmode": { - "description": "TLS modes enforced by the proxy", - "type": "string", - "enum": [ - "PASSTHROUGH", - "SIMPLE", - "MUTUAL", - "AUTO_PASSTHROUGH", - "ISTIO_MUTUAL", - "OPTIONAL_MUTUAL" - ] - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/networking/v1alpha3/gateway.pb.go b/vendor/istio.io/api/networking/v1alpha3/gateway.pb.go index 4b1a0f5e9..e9747105d 100644 --- a/vendor/istio.io/api/networking/v1alpha3/gateway.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/gateway.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: networking/v1alpha3/gateway.proto @@ -37,10 +37,8 @@ // on these ports, it is the responsibility of the user to ensure that // external traffic to these ports are allowed into the mesh. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-gateway @@ -91,63 +89,6 @@ // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // The Gateway specification above describes the L4-L6 properties of a load // balancer. A `VirtualService` can then be bound to a gateway to control @@ -164,50 +105,8 @@ // applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` // gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-rule @@ -243,18 +142,14 @@ // host: reviews.qa.svc.cluster.local // weight: 20 // ``` -// {{}} -// {{}} // // The following VirtualService forwards traffic arriving at (external) // port 27017 to internal Mongo server on port 5555. This rule is not // applicable internally in the mesh as the gateway list omits the // reserved name `mesh`. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-mongo @@ -273,31 +168,6 @@ // port: // number: 5555 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// {{}} -// {{}} // // It is possible to restrict the set of virtual services that can bind to // a gateway server using the namespace/hostname syntax in the hosts field. @@ -305,10 +175,8 @@ // namespace to bind to it, while restricting only the virtual service with // foo.bar.com host in the ns2 namespace to bind to it. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-gateway @@ -325,29 +193,6 @@ // - "ns1/*" // - "ns2/foo.bar.com" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` -// {{}} -// {{}} // package v1alpha3 @@ -524,8 +369,7 @@ func (ServerTLSSettings_TLSProtocol) EnumDescriptor() ([]byte, []int) { // // -// type Gateway struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -567,11 +408,9 @@ type Gateway struct { func (x *Gateway) Reset() { *x = Gateway{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_gateway_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Gateway) String() string { @@ -582,7 +421,7 @@ func (*Gateway) ProtoMessage() {} func (x *Gateway) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_gateway_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -614,10 +453,8 @@ func (x *Gateway) GetSelector() map[string]string { // `Server` describes the properties of the proxy on a given load balancer // port. For example, // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // @@ -636,38 +473,11 @@ func (x *Gateway) GetSelector() map[string]string { // - "*" // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// -// name: my-ingress -// -// spec: -// -// selector: -// app: my-ingressgateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// -// ``` -// {{}} -// {{}} // // # Another example // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // @@ -686,64 +496,11 @@ func (x *Gateway) GetSelector() map[string]string { // - "*" // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// -// name: my-tcp-ingress -// -// spec: -// -// selector: -// app: my-tcp-ingressgateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// -// ``` -// {{}} -// {{}} // // # The following is an example of TLS configuration for port 443 // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// -// name: my-tls-ingress -// -// spec: -// -// selector: -// app: my-tls-ingressgateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// credentialName: tls-cert -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // @@ -765,8 +522,6 @@ func (x *Gateway) GetSelector() map[string]string { // credentialName: tls-cert // // ``` -// {{}} -// {{}} type Server struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -832,11 +587,9 @@ type Server struct { func (x *Server) Reset() { *x = Server{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_gateway_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Server) String() string { @@ -847,7 +600,7 @@ func (*Server) ProtoMessage() {} func (x *Server) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_gateway_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -913,7 +666,7 @@ type Port struct { // A valid non-negative integer port number. Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. // TLS can be either used to terminate non-HTTP based connections on a specific port // or to route traffic based on SNI header to the destination without terminating the TLS connection. Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` @@ -929,11 +682,9 @@ type Port struct { func (x *Port) Reset() { *x = Port{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_gateway_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Port) String() string { @@ -944,7 +695,7 @@ func (*Port) ProtoMessage() {} func (x *Port) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_gateway_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1010,10 +761,17 @@ type ServerTLSSettings struct { // containing certificate authority certificates to use in verifying a presented // client side certificate. CaCertificates string `protobuf:"bytes,5,opt,name=ca_certificates,json=caCertificates,proto3" json:"ca_certificates,omitempty"` + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented client side certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. + CaCrl string `protobuf:"bytes,13,opt,name=ca_crl,json=caCrl,proto3" json:"ca_crl,omitempty"` // For gateways running on Kubernetes, the name of the secret that // holds the TLS certs including the CA certificates. Applicable // only on Kubernetes. An Opaque secret should contain the following - // keys and values: `key: ` and `cert: `. + // keys and values: `tls.key: ` and `tls.crt: ` or + // `key: ` and `cert: `. // For mutual TLS, `cacert: ` and `crl: ` // can be provided in the same secret or a separate secret named `-cacert`. // A TLS secret for server certificates with an additional `tls.ocsp-staple` key @@ -1070,11 +828,9 @@ type ServerTLSSettings struct { func (x *ServerTLSSettings) Reset() { *x = ServerTLSSettings{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_gateway_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_gateway_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ServerTLSSettings) String() string { @@ -1085,7 +841,7 @@ func (*ServerTLSSettings) ProtoMessage() {} func (x *ServerTLSSettings) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_gateway_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1135,6 +891,13 @@ func (x *ServerTLSSettings) GetCaCertificates() string { return "" } +func (x *ServerTLSSettings) GetCaCrl() string { + if x != nil { + return x.CaCrl + } + return "" +} + func (x *ServerTLSSettings) GetCredentialName() string { if x != nil { return x.CredentialName @@ -1193,103 +956,104 @@ var file_networking_v1alpha3_gateway_proto_rawDesc = []byte{ 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, - 0xdb, 0x01, 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x40, 0x0a, 0x07, 0x73, + 0xd1, 0x01, 0x0a, 0x07, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x12, 0x3b, 0x0a, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x51, 0x0a, - 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x47, 0x61, 0x74, 0x65, - 0x77, 0x61, 0x79, 0x2e, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, - 0x1a, 0x3b, 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xf0, 0x01, - 0x0a, 0x06, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x38, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x52, + 0x07, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x73, 0x12, 0x4c, 0x0a, 0x08, 0x73, 0x65, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x53, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x08, 0x73, 0x65, + 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x1a, 0x3b, 0x0a, 0x0d, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, + 0x6f, 0x72, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0xf2, 0x01, 0x0a, 0x06, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x12, 0x39, + 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x04, 0xe2, + 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, + 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x1a, 0x0a, + 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, + 0x01, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, 0x73, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x33, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x19, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, - 0x02, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, - 0x73, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, - 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, - 0x73, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, - 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x22, 0x82, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x06, 0x6e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, - 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, - 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x12, 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, - 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, - 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0x81, 0x07, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x68, - 0x74, 0x74, 0x70, 0x73, 0x5f, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x08, 0x52, 0x0d, 0x68, 0x74, 0x74, 0x70, 0x73, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, - 0x63, 0x74, 0x12, 0x48, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x34, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, - 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, - 0x4c, 0x53, 0x6d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, - 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, - 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, - 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x0a, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, - 0x63, 0x61, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, - 0x63, 0x61, 0x74, 0x65, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, - 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0e, - 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2a, - 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, - 0x6d, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, - 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, - 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, - 0x5f, 0x73, 0x70, 0x6b, 0x69, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, - 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x53, 0x70, - 0x6b, 0x69, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, - 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, 0x0c, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, - 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x61, 0x73, 0x68, 0x12, 0x6a, 0x0a, 0x14, 0x6d, 0x69, - 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, - 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, - 0x6f, 0x6c, 0x52, 0x12, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, - 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x6a, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x08, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, - 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x12, - 0x6d, 0x61, 0x78, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, - 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, 0x75, 0x69, - 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, 0x68, 0x65, - 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x6f, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x6d, 0x6f, - 0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, - 0x48, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, 0x01, 0x12, - 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x41, - 0x55, 0x54, 0x4f, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, 0x48, 0x10, - 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, - 0x4c, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, 0x4c, 0x5f, - 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x05, 0x22, 0x4f, 0x0a, 0x0b, 0x54, 0x4c, 0x53, 0x50, - 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x5f, 0x41, - 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x30, - 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x31, 0x10, 0x02, 0x12, - 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x0b, 0x0a, 0x07, - 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, + 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x05, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, + 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x85, 0x01, 0x0a, 0x04, 0x50, 0x6f, 0x72, + 0x74, 0x12, 0x1c, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, + 0x20, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0b, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, + 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, + 0x22, 0x98, 0x07, 0x0a, 0x11, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x68, 0x74, 0x74, 0x70, 0x73, 0x5f, + 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, + 0x68, 0x74, 0x74, 0x70, 0x73, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x48, 0x0a, + 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x34, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, + 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x6d, 0x6f, 0x64, + 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x2d, 0x0a, 0x12, 0x73, 0x65, 0x72, 0x76, 0x65, + 0x72, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x11, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x43, 0x65, 0x72, 0x74, 0x69, + 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x70, 0x72, 0x69, 0x76, 0x61, 0x74, + 0x65, 0x5f, 0x6b, 0x65, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x70, 0x72, 0x69, + 0x76, 0x61, 0x74, 0x65, 0x4b, 0x65, 0x79, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x61, 0x5f, 0x63, 0x65, + 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, 0x18, 0x05, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0e, 0x63, 0x61, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x73, + 0x12, 0x15, 0x0a, 0x06, 0x63, 0x61, 0x5f, 0x63, 0x72, 0x6c, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x63, 0x61, 0x43, 0x72, 0x6c, 0x12, 0x27, 0x0a, 0x0f, 0x63, 0x72, 0x65, 0x64, 0x65, + 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0e, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x4e, 0x61, 0x6d, 0x65, + 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, + 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x12, 0x36, 0x0a, 0x17, + 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, + 0x74, 0x65, 0x5f, 0x73, 0x70, 0x6b, 0x69, 0x18, 0x0b, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, + 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, + 0x53, 0x70, 0x6b, 0x69, 0x12, 0x36, 0x0a, 0x17, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x5f, 0x63, + 0x65, 0x72, 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x5f, 0x68, 0x61, 0x73, 0x68, 0x18, + 0x0c, 0x20, 0x03, 0x28, 0x09, 0x52, 0x15, 0x76, 0x65, 0x72, 0x69, 0x66, 0x79, 0x43, 0x65, 0x72, + 0x74, 0x69, 0x66, 0x69, 0x63, 0x61, 0x74, 0x65, 0x48, 0x61, 0x73, 0x68, 0x12, 0x6a, 0x0a, 0x14, + 0x6d, 0x69, 0x6e, 0x5f, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, + 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, + 0x6f, 0x63, 0x6f, 0x6c, 0x52, 0x12, 0x6d, 0x69, 0x6e, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, + 0x6c, 0x56, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x6a, 0x0a, 0x14, 0x6d, 0x61, 0x78, 0x5f, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x5f, 0x76, 0x65, 0x72, 0x73, 0x69, 0x6f, 0x6e, + 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x38, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, + 0x69, 0x6e, 0x67, 0x73, 0x2e, 0x54, 0x4c, 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x52, 0x12, 0x6d, 0x61, 0x78, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x56, 0x65, 0x72, + 0x73, 0x69, 0x6f, 0x6e, 0x12, 0x23, 0x0a, 0x0d, 0x63, 0x69, 0x70, 0x68, 0x65, 0x72, 0x5f, 0x73, + 0x75, 0x69, 0x74, 0x65, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x63, 0x69, 0x70, + 0x68, 0x65, 0x72, 0x53, 0x75, 0x69, 0x74, 0x65, 0x73, 0x22, 0x6f, 0x0a, 0x07, 0x54, 0x4c, 0x53, + 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x0f, 0x0a, 0x0b, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, + 0x55, 0x47, 0x48, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x49, 0x4d, 0x50, 0x4c, 0x45, 0x10, + 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x02, 0x12, 0x14, 0x0a, + 0x10, 0x41, 0x55, 0x54, 0x4f, 0x5f, 0x50, 0x41, 0x53, 0x53, 0x54, 0x48, 0x52, 0x4f, 0x55, 0x47, + 0x48, 0x10, 0x03, 0x12, 0x10, 0x0a, 0x0c, 0x49, 0x53, 0x54, 0x49, 0x4f, 0x5f, 0x4d, 0x55, 0x54, + 0x55, 0x41, 0x4c, 0x10, 0x04, 0x12, 0x13, 0x0a, 0x0f, 0x4f, 0x50, 0x54, 0x49, 0x4f, 0x4e, 0x41, + 0x4c, 0x5f, 0x4d, 0x55, 0x54, 0x55, 0x41, 0x4c, 0x10, 0x05, 0x22, 0x4f, 0x0a, 0x0b, 0x54, 0x4c, + 0x53, 0x50, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x12, 0x0c, 0x0a, 0x08, 0x54, 0x4c, 0x53, + 0x5f, 0x41, 0x55, 0x54, 0x4f, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, + 0x5f, 0x30, 0x10, 0x01, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x31, 0x10, + 0x02, 0x12, 0x0b, 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x32, 0x10, 0x03, 0x12, 0x0b, + 0x0a, 0x07, 0x54, 0x4c, 0x53, 0x56, 0x31, 0x5f, 0x33, 0x10, 0x04, 0x42, 0x22, 0x5a, 0x20, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, + 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1306,7 +1070,7 @@ func file_networking_v1alpha3_gateway_proto_rawDescGZIP() []byte { var file_networking_v1alpha3_gateway_proto_enumTypes = make([]protoimpl.EnumInfo, 2) var file_networking_v1alpha3_gateway_proto_msgTypes = make([]protoimpl.MessageInfo, 5) -var file_networking_v1alpha3_gateway_proto_goTypes = []interface{}{ +var file_networking_v1alpha3_gateway_proto_goTypes = []any{ (ServerTLSSettings_TLSmode)(0), // 0: istio.networking.v1alpha3.ServerTLSSettings.TLSmode (ServerTLSSettings_TLSProtocol)(0), // 1: istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol (*Gateway)(nil), // 2: istio.networking.v1alpha3.Gateway @@ -1335,56 +1099,6 @@ func file_networking_v1alpha3_gateway_proto_init() { if File_networking_v1alpha3_gateway_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_networking_v1alpha3_gateway_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Gateway); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_gateway_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Server); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_gateway_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Port); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_gateway_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServerTLSSettings); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/vendor/istio.io/api/networking/v1alpha3/gateway.pb.html b/vendor/istio.io/api/networking/v1alpha3/gateway.pb.html index 204f6f288..463e2339a 100644 --- a/vendor/istio.io/api/networking/v1alpha3/gateway.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/gateway.pb.html @@ -18,9 +18,7 @@ applied to the proxy running on a pod with labels app: my-gateway-controller. While Istio will configure the proxy to listen on these ports, it is the responsibility of the user to ensure that external traffic to these ports are allowed into the mesh.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: Gateway
     metadata:
       name: my-gateway
    @@ -71,61 +69,6 @@
         hosts:
         - "*"
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: Gateway
    -metadata:
    -  name: my-gateway
    -  namespace: some-config-namespace
    -spec:
    -  selector:
    -    app: my-gateway-controller
    -  servers:
    -  - port:
    -      number: 80
    -      name: http
    -      protocol: HTTP
    -    hosts:
    -    - uk.bookinfo.com
    -    - eu.bookinfo.com
    -    tls:
    -      httpsRedirect: true # sends 301 redirect for http requests
    -  - port:
    -      number: 443
    -      name: https-443
    -      protocol: HTTPS
    -    hosts:
    -    - uk.bookinfo.com
    -    - eu.bookinfo.com
    -    tls:
    -      mode: SIMPLE # enables HTTPS on this port
    -      serverCertificate: /etc/certs/servercert.pem
    -      privateKey: /etc/certs/privatekey.pem
    -  - port:
    -      number: 9443
    -      name: https-9443
    -      protocol: HTTPS
    -    hosts:
    -    - "bookinfo-namespace/*.bookinfo.com"
    -    tls:
    -      mode: SIMPLE # enables HTTPS on this port
    -      credentialName: bookinfo-secret # fetches certs from Kubernetes secret
    -  - port:
    -      number: 9080
    -      name: http-wildcard
    -      protocol: HTTP
    -    hosts:
    -    - "*"
    -  - port:
    -      number: 2379 # to expose internal service via external port 2379
    -      name: mongo
    -      protocol: MONGO
    -    hosts:
    -    - "*"
    -
    -

    {{}} -{{}}

    The Gateway specification above describes the L4-L6 properties of a load balancer. A VirtualService can then be bound to a gateway to control the forwarding of traffic arriving at a particular host or gateway port.

    @@ -139,47 +82,7 @@ requests to the “reviews.prod.svc.cluster.local” service. This rule is applicable across ports 443, 9080. Note that http://uk.bookinfo.com gets redirected to https://uk.bookinfo.com (i.e. 80 redirects to 443).

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: bookinfo-rule
    -  namespace: bookinfo-namespace
    -spec:
    -  hosts:
    -  - reviews.prod.svc.cluster.local
    -  - uk.bookinfo.com
    -  - eu.bookinfo.com
    -  gateways:
    -  - some-config-namespace/my-gateway
    -  - mesh # applies to all the sidecars in the mesh
    -  http:
    -  - match:
    -    - headers:
    -        cookie:
    -          exact: "user=dev-123"
    -    route:
    -    - destination:
    -        port:
    -          number: 7777
    -        host: reviews.qa.svc.cluster.local
    -  - match:
    -    - uri:
    -        prefix: /reviews/
    -    route:
    -    - destination:
    -        port:
    -          number: 9080 # can be omitted if it's the only port for reviews
    -        host: reviews.prod.svc.cluster.local
    -      weight: 80
    -    - destination:
    -        host: reviews.qa.svc.cluster.local
    -      weight: 20
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: bookinfo-rule
    @@ -215,36 +118,11 @@
             host: reviews.qa.svc.cluster.local
           weight: 20
     
    -

    {{}} -{{}}

    The following VirtualService forwards traffic arriving at (external) port 27017 to internal Mongo server on port 5555. This rule is not applicable internally in the mesh as the gateway list omits the reserved name mesh.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: bookinfo-mongo
    -  namespace: bookinfo-namespace
    -spec:
    -  hosts:
    -  - mongosvr.prod.svc.cluster.local # name of internal Mongo service
    -  gateways:
    -  - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service.
    -  tcp:
    -  - match:
    -    - port: 27017
    -    route:
    -    - destination:
    -        host: mongo.prod.svc.cluster.local
    -        port:
    -          number: 5555
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: bookinfo-mongo
    @@ -263,35 +141,12 @@
             port:
               number: 5555
     
    -

    {{}} -{{}}

    It is possible to restrict the set of virtual services that can bind to a gateway server using the namespace/hostname syntax in the hosts field. For example, the following Gateway allows any virtual service in the ns1 namespace to bind to it, while restricting only the virtual service with foo.bar.com host in the ns2 namespace to bind to it.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: Gateway
    -metadata:
    -  name: my-gateway
    -  namespace: some-config-namespace
    -spec:
    -  selector:
    -    app: my-gateway-controller
    -  servers:
    -  - port:
    -      number: 80
    -      name: http
    -      protocol: HTTP
    -    hosts:
    -    - "ns1/*"
    -    - "ns2/foo.bar.com"
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: Gateway
     metadata:
       name: my-gateway
    @@ -308,8 +163,6 @@
         - "ns1/*"
         - "ns2/foo.bar.com"
     
    -

    {{}} -{{}}

    Gateway

    @@ -327,18 +180,18 @@

    Gateway

    serversservers Server[]

    A list of server specifications.

    -Yes +No
    selectorselector map<string, string>

    One or more labels that indicate a specific set of pods/VMs @@ -356,7 +209,7 @@

    Gateway

    -Yes +No
    @@ -494,7 +281,7 @@

    Server

    - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + + + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + +
    portport Port

    The Port on which the proxy should listen for incoming @@ -506,7 +293,7 @@

    Server

    bindbind string

    The ip or the Unix domain socket to which the listener should be bound @@ -524,7 +311,7 @@

    Server

    hostshosts string[]

    One or more hosts exposed by this gateway. @@ -560,7 +347,7 @@

    Server

    tlstls ServerTLSSettings

    Set of TLS related options that govern the server’s behavior. Use @@ -573,7 +360,7 @@

    Server

    namename string

    An optional name of the server, when set must be unique across all servers. @@ -603,7 +390,7 @@

    Port

    numbernumber uint32

    A valid non-negative integer port number.

    @@ -614,11 +401,11 @@

    Port

    protocolprotocol string

    The protocol exposed on the port. -MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. +MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. TLS can be either used to terminate non-HTTP based connections on a specific port or to route traffic based on SNI header to the destination without terminating the TLS connection.

    @@ -628,7 +415,7 @@

    Port

    namename string

    Label assigned to the port.

    @@ -654,7 +441,7 @@

    ServerTLSSettings

    httpsRedirecthttpsRedirect bool

    If set to true, the load balancer will send a 301 redirect for @@ -666,7 +453,7 @@

    ServerTLSSettings

    modemode TLSmode

    Optional: Indicates whether connections to this port should be @@ -679,7 +466,7 @@

    ServerTLSSettings

    serverCertificateserverCertificate string

    REQUIRED if mode is SIMPLE or MUTUAL. The path to the file @@ -691,7 +478,7 @@

    ServerTLSSettings

    privateKeyprivateKey string

    REQUIRED if mode is SIMPLE or MUTUAL. The path to the file @@ -703,26 +490,42 @@

    ServerTLSSettings

    caCertificatescaCertificates string

    REQUIRED if mode is MUTUAL or OPTIONAL_MUTUAL. The path to a file containing certificate authority certificates to use in verifying a presented client side certificate.

    +
    +No +
    caCrlstring +

    OPTIONAL: The path to the file containing the certificate revocation list (CRL) +to use in verifying a presented client side certificate. CRL is a list of certificates +that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. +If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. +If omitted, the proxy will not verify the certificate against the crl.

    +
    No
    credentialNamecredentialName string

    For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates. Applicable only on Kubernetes. An Opaque secret should contain the following -keys and values: key: <privateKey> and cert: <serverCert>. +keys and values: tls.key: <privateKey> and tls.crt: <serverCert> or +key: <privateKey> and cert: <serverCert>. For mutual TLS, cacert: <CACertificate> and crl: <CertificateRevocationList> can be provided in the same secret or a separate secret named <secret>-cacert. A TLS secret for server certificates with an additional tls.ocsp-staple key @@ -737,7 +540,7 @@

    ServerTLSSettings

    subjectAltNamessubjectAltNames string[]

    A list of alternate names to verify the subject identity in the @@ -749,7 +552,7 @@

    ServerTLSSettings

    verifyCertificateSpkiverifyCertificateSpki string[]

    An optional list of base64-encoded SHA-256 hashes of the SPKIs of @@ -764,7 +567,7 @@

    ServerTLSSettings

    verifyCertificateHashverifyCertificateHash string[]

    An optional list of hex-encoded SHA-256 hashes of the @@ -780,7 +583,7 @@

    ServerTLSSettings

    minProtocolVersionminProtocolVersion TLSProtocol

    Optional: Minimum TLS protocol version. By default, it is TLSV1_2. @@ -794,7 +597,7 @@

    ServerTLSSettings

    maxProtocolVersionmaxProtocolVersion TLSProtocol

    Optional: Maximum TLS protocol version.

    @@ -805,7 +608,7 @@

    ServerTLSSettings

    cipherSuitescipherSuites string[]

    Optional: If specified, only support the specified cipher list. @@ -851,7 +654,7 @@

    ServerTLSSettings.TLSmode

    PASSTHROUGHPASSTHROUGH

    The SNI string presented by the client will be used as the match criterion in a VirtualService TLS route to determine @@ -860,7 +663,7 @@

    ServerTLSSettings.TLSmode

    SIMPLESIMPLE

    Secure connections with standard TLS semantics. In this mode client certificate is not requested during handshake.

    @@ -868,7 +671,7 @@

    ServerTLSSettings.TLSmode

    MUTUALMUTUAL

    Secure connections to the downstream using mutual TLS by presenting server certificates for authentication. @@ -878,7 +681,7 @@

    ServerTLSSettings.TLSmode

    AUTO_PASSTHROUGHAUTO_PASSTHROUGH

    Similar to the passthrough mode, except servers with this TLS mode do not require an associated VirtualService to map from @@ -895,7 +698,7 @@

    ServerTLSSettings.TLSmode

    ISTIO_MUTUALISTIO_MUTUAL

    Secure connections from the downstream using mutual TLS by presenting server certificates for authentication. Compared @@ -907,7 +710,7 @@

    ServerTLSSettings.TLSmode

    OPTIONAL_MUTUALOPTIONAL_MUTUAL

    Similar to MUTUAL mode, except that the client certificate is optional. Unlike SIMPLE mode, A client certificate will @@ -934,35 +737,35 @@

    ServerTLSSettings.TLSProtocol

    TLS_AUTOTLS_AUTO

    Automatically choose the optimal TLS version.

    TLSV1_0TLSV1_0

    TLS version 1.0

    TLSV1_1TLSV1_1

    TLS version 1.1

    TLSV1_2TLSV1_2

    TLS version 1.2

    TLSV1_3TLSV1_3

    TLS version 1.3

    diff --git a/vendor/istio.io/api/networking/v1alpha3/gateway.proto b/vendor/istio.io/api/networking/v1alpha3/gateway.proto index 1efb1fe21..69c5055e6 100644 --- a/vendor/istio.io/api/networking/v1alpha3/gateway.proto +++ b/vendor/istio.io/api/networking/v1alpha3/gateway.proto @@ -35,10 +35,8 @@ import "google/api/field_behavior.proto"; // on these ports, it is the responsibility of the user to ensure that // external traffic to these ports are allowed into the mesh. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-gateway @@ -89,63 +87,6 @@ import "google/api/field_behavior.proto"; // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// httpsRedirect: true # sends 301 redirect for http requests -// - port: -// number: 443 -// name: https-443 -// protocol: HTTPS -// hosts: -// - uk.bookinfo.com -// - eu.bookinfo.com -// tls: -// mode: SIMPLE # enables HTTPS on this port -// serverCertificate: /etc/certs/servercert.pem -// privateKey: /etc/certs/privatekey.pem -// - port: -// number: 9443 -// name: https-9443 -// protocol: HTTPS -// hosts: -// - "bookinfo-namespace/*.bookinfo.com" -// tls: -// mode: SIMPLE # enables HTTPS on this port -// credentialName: bookinfo-secret # fetches certs from Kubernetes secret -// - port: -// number: 9080 -// name: http-wildcard -// protocol: HTTP -// hosts: -// - "*" -// - port: -// number: 2379 # to expose internal service via external port 2379 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // The Gateway specification above describes the L4-L6 properties of a load // balancer. A `VirtualService` can then be bound to a gateway to control @@ -162,10 +103,8 @@ import "google/api/field_behavior.proto"; // applicable across ports 443, 9080. Note that `http://uk.bookinfo.com` // gets redirected to `https://uk.bookinfo.com` (i.e. 80 redirects to 443). // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-rule @@ -201,81 +140,14 @@ import "google/api/field_behavior.proto"; // host: reviews.qa.svc.cluster.local // weight: 20 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-rule -// namespace: bookinfo-namespace -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// - uk.bookinfo.com -// - eu.bookinfo.com -// gateways: -// - some-config-namespace/my-gateway -// - mesh # applies to all the sidecars in the mesh -// http: -// - match: -// - headers: -// cookie: -// exact: "user=dev-123" -// route: -// - destination: -// port: -// number: 7777 -// host: reviews.qa.svc.cluster.local -// - match: -// - uri: -// prefix: /reviews/ -// route: -// - destination: -// port: -// number: 9080 # can be omitted if it's the only port for reviews -// host: reviews.prod.svc.cluster.local -// weight: 80 -// - destination: -// host: reviews.qa.svc.cluster.local -// weight: 20 -// ``` -// {{}} -// {{}} // // The following VirtualService forwards traffic arriving at (external) // port 27017 to internal Mongo server on port 5555. This rule is not // applicable internally in the mesh as the gateway list omits the // reserved name `mesh`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// namespace: bookinfo-namespace -// spec: -// hosts: -// - mongosvr.prod.svc.cluster.local # name of internal Mongo service -// gateways: -// - some-config-namespace/my-gateway # can omit the namespace if gateway is in same namespace as virtual service. -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.prod.svc.cluster.local -// port: -// number: 5555 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-mongo @@ -294,8 +166,6 @@ import "google/api/field_behavior.proto"; // port: // number: 5555 // ``` -// {{}} -// {{}} // // It is possible to restrict the set of virtual services that can bind to // a gateway server using the namespace/hostname syntax in the hosts field. @@ -303,10 +173,8 @@ import "google/api/field_behavior.proto"; // namespace to bind to it, while restricting only the virtual service with // foo.bar.com host in the ns2 namespace to bind to it. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-gateway @@ -323,29 +191,6 @@ import "google/api/field_behavior.proto"; // - "ns1/*" // - "ns2/foo.bar.com" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-gateway -// namespace: some-config-namespace -// spec: -// selector: -// app: my-gateway-controller -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "ns1/*" -// - "ns2/foo.bar.com" -// ``` -// {{}} -// {{}} // package istio.networking.v1alpha3; @@ -356,8 +201,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // -// message Gateway { // A list of server specifications. - repeated Server servers = 1 [(google.api.field_behavior) = REQUIRED]; + repeated Server servers = 1; // One or more labels that indicate a specific set of pods/VMs // on which this gateway configuration should be applied. @@ -391,35 +232,14 @@ message Gateway { // resource must reside in the same namespace as the gateway workload // instance. // If selector is nil, the Gateway will be applied to all workloads. - map selector = 2 [(google.api.field_behavior) = REQUIRED]; + map selector = 2; } // `Server` describes the properties of the proxy on a given load balancer // port. For example, // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// name: my-ingress -// spec: -// selector: -// app: my-ingressgateway -// servers: -// - port: -// number: 80 -// name: http2 -// protocol: HTTP2 -// hosts: -// - "*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-ingress @@ -434,15 +254,11 @@ message Gateway { // hosts: // - "*" // ``` -// {{}} -// {{}} // // Another example // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-tcp-ingress @@ -457,56 +273,11 @@ message Gateway { // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: my-tcp-ingress -// spec: -// selector: -// app: my-tcp-ingressgateway -// servers: -// - port: -// number: 27018 -// name: mongo -// protocol: MONGO -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // The following is an example of TLS configuration for port 443 // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// name: my-tls-ingress -// spec: -// selector: -// app: my-tls-ingressgateway -// servers: -// - port: -// number: 443 -// name: https -// protocol: HTTPS -// hosts: -// - "*" -// tls: -// mode: SIMPLE -// credentialName: tls-cert -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: my-tls-ingress @@ -524,8 +295,6 @@ message Gateway { // mode: SIMPLE // credentialName: tls-cert // ``` -// {{}} -// {{}} // message Server { // The Port on which the proxy should listen for incoming @@ -597,7 +366,7 @@ message Port { uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; // The protocol exposed on the port. - // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // MUST BE one of HTTP|HTTPS|GRPC|GRPC-WEB|HTTP2|MONGO|TCP|TLS. // TLS can be either used to terminate non-HTTP based connections on a specific port // or to route traffic based on SNI header to the destination without terminating the TLS connection. string protocol = 2 [(google.api.field_behavior) = REQUIRED]; @@ -681,10 +450,18 @@ message ServerTLSSettings { // client side certificate. string ca_certificates = 5; + // OPTIONAL: The path to the file containing the certificate revocation list (CRL) + // to use in verifying a presented client side certificate. `CRL` is a list of certificates + // that have been revoked by the CA (Certificate Authority) before their scheduled expiration date. + // If specified, the proxy will verify if the presented certificate is part of the revoked list of certificates. + // If omitted, the proxy will not verify the certificate against the `crl`. + string ca_crl = 13; + // For gateways running on Kubernetes, the name of the secret that // holds the TLS certs including the CA certificates. Applicable // only on Kubernetes. An Opaque secret should contain the following - // keys and values: `key: ` and `cert: `. + // keys and values: `tls.key: ` and `tls.crt: ` or + // `key: ` and `cert: `. // For mutual TLS, `cacert: ` and `crl: ` // can be provided in the same secret or a separate secret named `-cacert`. // A TLS secret for server certificates with an additional `tls.ocsp-staple` key diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry.gen.json b/vendor/istio.io/api/networking/v1alpha3/service_entry.gen.json deleted file mode 100644 index db45bc73e..000000000 --- a/vendor/istio.io/api/networking/v1alpha3/service_entry.gen.json +++ /dev/null @@ -1,161 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Configuration affecting service registry.", - "version": "v1alpha3" - }, - "components": { - "schemas": { - "istio.networking.v1alpha3.ServiceEntry": { - "description": "ServiceEntry enables adding additional entries into Istio's internal service registry.", - "type": "object", - "properties": { - "hosts": { - "description": "The hosts associated with the ServiceEntry. Could be a DNS name with wildcard prefix.", - "type": "array", - "items": { - "type": "string" - } - }, - "addresses": { - "description": "The virtual IP addresses associated with the service. Could be CIDR prefix. For HTTP traffic, generated route configurations will include http route domains for both the `addresses` and `hosts` field values and the destination will be identified based on the HTTP Host/Authority header. If one or more IP addresses are specified, the incoming traffic will be identified as belonging to this service if the destination IP matches the IP/CIDRs specified in the addresses field. If the Addresses field is empty, traffic will be identified solely based on the destination port. In such scenarios, the port on which the service is being accessed must not be shared by any other service in the mesh. In other words, the sidecar will behave as a simple TCP proxy, forwarding incoming traffic on a specified port to the specified destination endpoint IP/host. Unix domain socket addresses are not supported in this field.", - "type": "array", - "items": { - "type": "string" - } - }, - "ports": { - "description": "The ports associated with the external service. If the Endpoints are Unix domain socket addresses, there must be exactly one port.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServicePort" - } - }, - "location": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServiceEntry.Location" - }, - "resolution": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServiceEntry.Resolution" - }, - "endpoints": { - "description": "One or more endpoints associated with the service. Only one of `endpoints` or `workloadSelector` can be specified.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.WorkloadEntry" - } - }, - "workloadSelector": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.WorkloadSelector" - }, - "exportTo": { - "description": "A list of namespaces to which this service is exported. Exporting a service allows it to be used by sidecars, gateways and virtual services defined in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of services across namespace boundaries.", - "type": "array", - "items": { - "type": "string" - } - }, - "subjectAltNames": { - "description": "If specified, the proxy will verify that the server certificate's subject alternate name matches one of the specified values.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.ServiceEntry.Location": { - "description": "Location specifies whether the service is part of Istio mesh or outside the mesh. Location determines the behavior of several features, such as service-to-service mTLS authentication, policy enforcement, etc. When communicating with services outside the mesh, Istio's mTLS authentication is disabled, and policy enforcement is performed on the client-side as opposed to server-side.", - "type": "string", - "enum": [ - "MESH_EXTERNAL", - "MESH_INTERNAL" - ] - }, - "istio.networking.v1alpha3.ServiceEntry.Resolution": { - "description": "Resolution determines how the proxy will resolve the IP addresses of the network endpoints associated with the service, so that it can route to one of them. The resolution mode specified here has no impact on how the application resolves the IP address associated with the service. The application may still have to use DNS to resolve the service to an IP so that the outbound traffic can be captured by the Proxy. Alternatively, for HTTP services, the application could directly communicate with the proxy (e.g., by setting HTTP_PROXY) to talk to these services.", - "type": "string", - "enum": [ - "NONE", - "STATIC", - "DNS", - "DNS_ROUND_ROBIN" - ] - }, - "istio.networking.v1alpha3.ServicePort": { - "description": "ServicePort describes the properties of a specific port of a service.", - "type": "object", - "properties": { - "number": { - "description": "A valid non-negative integer port number.", - "type": "integer" - }, - "protocol": { - "description": "The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS implies the connection will be routed based on the SNI header to the destination without terminating the TLS connection.", - "type": "string" - }, - "name": { - "description": "Label assigned to the port.", - "type": "string" - }, - "targetPort": { - "description": "The port number on the endpoint where the traffic will be received. If unset, default to `number`.", - "type": "integer" - } - } - }, - "istio.networking.v1alpha3.WorkloadEntry": { - "description": "WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.", - "type": "object", - "properties": { - "address": { - "description": "Address associated with the network endpoint without the port. Domain names can be used if and only if the resolution is set to DNS, and must be fully-qualified without wildcards. Use the form unix:///absolute/path/to/socket for Unix domain socket endpoints. If address is empty, network must be specified.", - "type": "string" - }, - "ports": { - "description": "Set of ports associated with the endpoint. If the port map is specified, it must be a map of servicePortName to this endpoint's port, such that traffic to the service port will be forwarded to the endpoint port that maps to the service's portName. If omitted, and the targetPort is specified as part of the service's port specification, traffic to the service port will be forwarded to one of the endpoints on the specified `targetPort`. If both the targetPort and endpoint's port map are not specified, traffic to a service port will be forwarded to one of the endpoints on the same port.", - "type": "object", - "additionalProperties": { - "type": "integer" - } - }, - "labels": { - "description": "One or more labels associated with the endpoint.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "network": { - "description": "Network enables Istio to group endpoints resident in the same L3 domain/network. All endpoints in the same network are assumed to be directly reachable from one another. When endpoints in different networks cannot reach each other directly, an Istio Gateway can be used to establish connectivity (usually using the `AUTO_PASSTHROUGH` mode in a Gateway Server). This is an advanced configuration used typically for spanning an Istio mesh over multiple clusters. Required if address is not provided.", - "type": "string" - }, - "locality": { - "description": "The locality associated with the endpoint. A locality corresponds to a failure domain (e.g., country/region/zone). Arbitrary failure domain hierarchies can be represented by separating each encapsulating failure domain by /. For example, the locality of an an endpoint in US, in US-East-1 region, within availability zone az-1, in data center rack r11 can be represented as us/us-east-1/az-1/r11. Istio will configure the sidecar to route to endpoints within the same locality as the sidecar. If none of the endpoints in the locality are available, endpoints parent locality (but within the same network ID) will be chosen. For example, if there are two endpoints in same network (networkID \"n1\"), say e1 with locality us/us-east-1/az-1/r11 and e2 with locality us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality will prefer e1 from the same locality over e2 from a different locality. Endpoint e2 could be the IP associated with a gateway (that bridges networks n1 and n2), or the IP associated with a standard service endpoint.", - "type": "string" - }, - "weight": { - "description": "The load balancing weight associated with the endpoint. Endpoints with higher weights will receive proportionally higher traffic.", - "type": "integer" - }, - "serviceAccount": { - "description": "The service account associated with the workload if a sidecar is present in the workload. The service account must be present in the same namespace as the configuration ( WorkloadEntry or a ServiceEntry)", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.WorkloadSelector": { - "description": "`WorkloadSelector` specifies the criteria used to determine if the `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` configuration can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.", - "type": "object", - "properties": { - "labels": { - "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. The scope of label search is restricted to the configuration namespace in which the the resource is present.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.go b/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.go index 075bbf136..30872a00e 100644 --- a/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: networking/v1alpha3/service_entry.proto @@ -44,10 +44,8 @@ // applications over HTTPS. The sidecar inspects the SNI value in the // ClientHello message to route to the appropriate external service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-https @@ -63,61 +61,14 @@ // protocol: TLS // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// {{}} -// {{}} // // The following configuration adds a set of MongoDB instances running on // unmanaged VMs to Istio's registry, so that these services can be treated // as any other service in the mesh. The associated DestinationRule is used // to initiate mTLS connections to the database instances. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-mongocluster @@ -136,15 +87,11 @@ // - address: 2.2.2.2 // - address: 3.3.3.3 // ``` -// {{}} -// {{}} // // and the associated DestinationRule // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: mtls-mongocluster @@ -157,34 +104,13 @@ // privateKey: /etc/certs/client_private_key.pem // caCertificates: /etc/certs/rootcacerts.pem // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// {{}} -// {{}} // // The following example uses a combination of service entry and TLS // routing in a virtual service to steer traffic based on the SNI value to // an internal egress firewall. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-redirect @@ -199,34 +125,11 @@ // protocol: TLS // resolution: NONE // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// {{}} -// {{}} // // And the associated VirtualService to route based on the SNI value. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: tls-routing @@ -243,29 +146,6 @@ // - destination: // host: internal-egress-firewall.ns1.svc.cluster.local // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// {{}} -// {{}} // // The virtual service with TLS match serves to override the default SNI // match. In the absence of a virtual service, traffic will be forwarded to @@ -279,10 +159,8 @@ // current namespace, represented by ".", so that it cannot be used by other // namespaces. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-httpbin @@ -299,36 +177,11 @@ // protocol: HTTP // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// {{}} -// {{}} // // Define a gateway to handle all egress traffic. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: istio-egressgateway @@ -344,28 +197,6 @@ // hosts: // - "*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// {{}} -// {{}} // // And the associated `VirtualService` to route from the sidecar to the // gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as @@ -374,43 +205,8 @@ // through the gateway to the external service. Forcing traffic to go through // a managed middle proxy like this is a common practice. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: example.com -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: gateway-routing @@ -439,18 +235,14 @@ // - destination: // host: example.com // ``` -// {{}} -// {{}} // // The following example demonstrates the use of wildcards in the hosts for // external services. If the connection has to be routed to the IP address // requested by the application (i.e. application resolves DNS and attempts // to connect to a specific IP), the resolution mode must be set to `NONE`. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-wildcard-example @@ -464,35 +256,13 @@ // protocol: HTTP // resolution: NONE // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// {{}} -// {{}} // // The following example demonstrates a service that is available via a // Unix Domain Socket on the host of the client. The resolution must be // set to STATIC to use Unix address endpoints. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: unix-domain-socket-example @@ -508,28 +278,6 @@ // endpoints: // - address: unix:///var/run/example/socket // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// {{}} -// {{}} // // For HTTP-based services, it is possible to create a `VirtualService` // backed by multiple DNS addressable endpoints. In such a scenario, the @@ -539,10 +287,8 @@ // service called foo.bar.com backed by three domains: us.foo.bar.com:8080, // uk.foo.bar.com:9080, and in.foo.bar.com:7080 // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-dns @@ -566,36 +312,6 @@ // ports: // http: 7080 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// http: 8080 -// - address: uk.foo.bar.com -// ports: -// http: 9080 -// - address: in.foo.bar.com -// ports: -// http: 7080 -// ``` -// {{}} -// {{}} // // With `HTTP_PROXY=http://localhost/`, calls from the application to // `http://foo.bar.com` will be load balanced across the three domains @@ -606,34 +322,8 @@ // containing a subject alternate name // whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - example.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: httpbin @@ -653,8 +343,6 @@ // subjectAltNames: // - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" // ``` -// {{}} -// {{}} // // The following example demonstrates the use of `ServiceEntry` with a // `workloadSelector` to handle the migration of a service @@ -664,10 +352,8 @@ // service in the mesh will be automatically load balanced across the // VMs and Kubernetes. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-vm-1 @@ -678,7 +364,7 @@ // app: details // instance-id: vm1 // --- -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-vm-2 @@ -689,65 +375,14 @@ // app: details // instance-id: vm2 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-1 -// spec: -// serviceAccount: details -// address: 2.2.2.2 -// labels: -// app: details -// instance-id: vm1 -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-vm-2 -// spec: -// serviceAccount: details -// address: 3.3.3.3 -// labels: -// app: details -// instance-id: vm2 -// ``` -// {{}} -// {{}} // // Assuming there is also a Kubernetes deployment with pod labels // `app: details` using the same service account `details`, the // following service entry declares a service spanning both VMs and // Kubernetes: // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -764,8 +399,6 @@ // labels: // app: details // ``` -// {{}} -// {{}} package v1alpha3 @@ -773,6 +406,8 @@ import ( _ "google.golang.org/genproto/googleapis/api/annotations" protoreflect "google.golang.org/protobuf/reflect/protoreflect" protoimpl "google.golang.org/protobuf/runtime/protoimpl" + v1alpha11 "istio.io/api/analysis/v1alpha1" + v1alpha1 "istio.io/api/meta/v1alpha1" reflect "reflect" sync "sync" ) @@ -933,8 +568,7 @@ func (ServiceEntry_Resolution) EnumDescriptor() ([]byte, []int) { // // // // -// +// +kubebuilder:validation:XValidation:message="only one of WorkloadSelector or Endpoints can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1" +// +kubebuilder:validation:XValidation:message="CIDR addresses are allowed only for NONE/STATIC resolution types",rule="!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))" +// +kubebuilder:validation:XValidation:message="NONE mode cannot set endpoints",rule="(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true" +// +kubebuilder:validation:XValidation:message="DNS_ROUND_ROBIN mode cannot have multiple endpoints",rule="(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true" type ServiceEntry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -989,6 +626,10 @@ type ServiceEntry struct { // 1. subjectAltNames: In addition to verifying the SANs of the // service accounts associated with the pods of the service, the // SANs specified here will also be verified. + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=256 + // +protoc-gen-crd:list-value-validation:XValidation:message="hostname cannot be wildcard",rule="self != '*'" Hosts []string `protobuf:"bytes,1,rep,name=hosts,proto3" json:"hosts,omitempty"` // The virtual IP addresses associated with the service. Could be CIDR // prefix. For HTTP traffic, generated route configurations will include http route @@ -1004,10 +645,16 @@ type ServiceEntry struct { // simple TCP proxy, forwarding incoming traffic on a specified port to // the specified destination endpoint IP/host. Unix domain socket // addresses are not supported in this field. + // +kubebuilder:validation:MaxItems=256 + // +protoc-gen-crd:list-value-validation:MaxLength=64 Addresses []string `protobuf:"bytes,2,rep,name=addresses,proto3" json:"addresses,omitempty"` // The ports associated with the external service. If the // Endpoints are Unix domain socket addresses, there must be exactly one // port. + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=256 + // +kubebuilder:validation:XValidation:message="port number cannot be duplicated",rule="self.all(l1, self.exists_one(l2, l1.number == l2.number))" Ports []*ServicePort `protobuf:"bytes,3,rep,name=ports,proto3" json:"ports,omitempty"` // Specify whether the service should be considered external to the mesh // or part of the mesh. @@ -1019,6 +666,7 @@ type ServiceEntry struct { Resolution ServiceEntry_Resolution `protobuf:"varint,5,opt,name=resolution,proto3,enum=istio.networking.v1alpha3.ServiceEntry_Resolution" json:"resolution,omitempty"` // One or more endpoints associated with the service. Only one of // `endpoints` or `workloadSelector` can be specified. + // +kubebuilder:validation:MaxItems=4096 Endpoints []*WorkloadEntry `protobuf:"bytes,6,rep,name=endpoints,proto3" json:"endpoints,omitempty"` // Applicable only for MESH_INTERNAL services. Only one of // `endpoints` or `workloadSelector` can be specified. Selects one @@ -1056,11 +704,9 @@ type ServiceEntry struct { func (x *ServiceEntry) Reset() { *x = ServiceEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ServiceEntry) String() string { @@ -1071,7 +717,7 @@ func (*ServiceEntry) ProtoMessage() {} func (x *ServiceEntry) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1156,26 +802,28 @@ type ServicePort struct { unknownFields protoimpl.UnknownFields // A valid non-negative integer port number. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` // The protocol exposed on the port. // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. // TLS implies the connection will be routed based on the SNI header to // the destination without terminating the TLS connection. + // +kubebuilder:validation:MaxLength=256 Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` // Label assigned to the port. + // +kubebuilder:validation:MaxLength=256 Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` // The port number on the endpoint where the traffic will be // received. If unset, default to `number`. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` } func (x *ServicePort) Reset() { *x = ServicePort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ServicePort) String() string { @@ -1186,7 +834,7 @@ func (*ServicePort) ProtoMessage() {} func (x *ServicePort) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1229,6 +877,146 @@ func (x *ServicePort) GetTargetPort() uint32 { return 0 } +type ServiceEntryStatus struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Current service state of ServiceEntry. + // More info: https://istio.io/docs/reference/config/config-status/ + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + Conditions []*v1alpha1.IstioCondition `protobuf:"bytes,1,rep,name=conditions,proto3" json:"conditions,omitempty"` + // Includes any errors or warnings detected by Istio's analyzers. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + ValidationMessages []*v1alpha11.AnalysisMessageBase `protobuf:"bytes,2,rep,name=validation_messages,json=validationMessages,proto3" json:"validation_messages,omitempty"` + // Resource Generation to which the Reconciled Condition refers. + // When this value is not equal to the object's metadata generation, reconciled condition calculation for the current + // generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. + // +optional + ObservedGeneration int64 `protobuf:"varint,3,opt,name=observed_generation,json=observedGeneration,proto3" json:"observed_generation,omitempty"` + // List of addresses which were assigned to this ServiceEntry. + // +optional + Addresses []*ServiceEntryAddress `protobuf:"bytes,10,rep,name=addresses,proto3" json:"addresses,omitempty"` +} + +func (x *ServiceEntryStatus) Reset() { + *x = ServiceEntryStatus{} + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ServiceEntryStatus) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceEntryStatus) ProtoMessage() {} + +func (x *ServiceEntryStatus) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceEntryStatus.ProtoReflect.Descriptor instead. +func (*ServiceEntryStatus) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_service_entry_proto_rawDescGZIP(), []int{2} +} + +func (x *ServiceEntryStatus) GetConditions() []*v1alpha1.IstioCondition { + if x != nil { + return x.Conditions + } + return nil +} + +func (x *ServiceEntryStatus) GetValidationMessages() []*v1alpha11.AnalysisMessageBase { + if x != nil { + return x.ValidationMessages + } + return nil +} + +func (x *ServiceEntryStatus) GetObservedGeneration() int64 { + if x != nil { + return x.ObservedGeneration + } + return 0 +} + +func (x *ServiceEntryStatus) GetAddresses() []*ServiceEntryAddress { + if x != nil { + return x.Addresses + } + return nil +} + +// minor abstraction to allow for adding hostnames if relevant +type ServiceEntryAddress struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // Value is the address (192.168.0.2) + Value string `protobuf:"bytes,1,opt,name=value,proto3" json:"value,omitempty"` + // Host is the name associated with this address + Host string `protobuf:"bytes,2,opt,name=host,proto3" json:"host,omitempty"` +} + +func (x *ServiceEntryAddress) Reset() { + *x = ServiceEntryAddress{} + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *ServiceEntryAddress) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ServiceEntryAddress) ProtoMessage() {} + +func (x *ServiceEntryAddress) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_service_entry_proto_msgTypes[3] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ServiceEntryAddress.ProtoReflect.Descriptor instead. +func (*ServiceEntryAddress) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_service_entry_proto_rawDescGZIP(), []int{3} +} + +func (x *ServiceEntryAddress) GetValue() string { + if x != nil { + return x.Value + } + return "" +} + +func (x *ServiceEntryAddress) GetHost() string { + if x != nil { + return x.Host + } + return "" +} + var File_networking_v1alpha3_service_entry_proto protoreflect.FileDescriptor var file_networking_v1alpha3_service_entry_proto_rawDesc = []byte{ @@ -1243,59 +1031,86 @@ var file_networking_v1alpha3_service_entry_proto_rawDesc = []byte{ 0x61, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0x90, 0x05, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x12, 0x19, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, - 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1c, - 0x0a, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x41, 0x0a, 0x05, - 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, - 0x6f, 0x72, 0x74, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, - 0x4c, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x57, 0x0a, - 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, - 0x0e, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, - 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0a, 0x72, 0x65, 0x73, 0x6f, - 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, - 0x6e, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, - 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x12, 0x58, - 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x74, 0x6f, 0x1a, 0x1f, 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x1a, 0x1a, 0x6d, 0x65, 0x74, 0x61, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, + 0x87, 0x05, 0x0a, 0x0c, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x1a, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x1c, 0x0a, 0x09, + 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x09, 0x61, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x12, 0x3c, 0x0a, 0x05, 0x70, 0x6f, + 0x72, 0x74, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, - 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, - 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, - 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, - 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, - 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, 0x4e, 0x61, 0x6d, 0x65, - 0x73, 0x22, 0x30, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x11, 0x0a, - 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x00, - 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x54, 0x45, 0x52, 0x4e, 0x41, - 0x4c, 0x10, 0x01, 0x22, 0x40, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, 0x0a, 0x0a, 0x06, 0x53, - 0x54, 0x41, 0x54, 0x49, 0x43, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x44, 0x4e, 0x53, 0x10, 0x02, - 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x4e, 0x53, 0x5f, 0x52, 0x4f, 0x55, 0x4e, 0x44, 0x5f, 0x52, 0x4f, - 0x42, 0x49, 0x4e, 0x10, 0x03, 0x22, 0x85, 0x01, 0x0a, 0x0b, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, - 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1b, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, - 0x65, 0x72, 0x12, 0x1f, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x63, 0x6f, 0x6c, 0x12, 0x17, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, 0x0b, - 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, - 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x22, 0x5a, - 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, + 0x74, 0x52, 0x05, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, 0x4c, 0x0a, 0x08, 0x6c, 0x6f, 0x63, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x08, 0x6c, 0x6f, + 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x52, 0x0a, 0x0a, 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, + 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x32, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x2e, 0x52, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, + 0x72, 0x65, 0x73, 0x6f, 0x6c, 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x46, 0x0a, 0x09, 0x65, 0x6e, + 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x28, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x09, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, + 0x74, 0x73, 0x12, 0x58, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x1b, 0x0a, 0x09, + 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x07, 0x20, 0x03, 0x28, 0x09, 0x52, + 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x6f, 0x12, 0x2a, 0x0a, 0x11, 0x73, 0x75, 0x62, + 0x6a, 0x65, 0x63, 0x74, 0x5f, 0x61, 0x6c, 0x74, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x08, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x75, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x41, 0x6c, 0x74, + 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, 0x30, 0x0a, 0x08, 0x4c, 0x6f, 0x63, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x45, 0x58, 0x54, 0x45, 0x52, 0x4e, + 0x41, 0x4c, 0x10, 0x00, 0x12, 0x11, 0x0a, 0x0d, 0x4d, 0x45, 0x53, 0x48, 0x5f, 0x49, 0x4e, 0x54, + 0x45, 0x52, 0x4e, 0x41, 0x4c, 0x10, 0x01, 0x22, 0x40, 0x0a, 0x0a, 0x52, 0x65, 0x73, 0x6f, 0x6c, + 0x75, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x53, 0x54, 0x41, 0x54, 0x49, 0x43, 0x10, 0x01, 0x12, 0x07, 0x0a, 0x03, 0x44, + 0x4e, 0x53, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x44, 0x4e, 0x53, 0x5f, 0x52, 0x4f, 0x55, 0x4e, + 0x44, 0x5f, 0x52, 0x4f, 0x42, 0x49, 0x4e, 0x10, 0x03, 0x22, 0x82, 0x01, 0x0a, 0x0b, 0x53, 0x65, + 0x72, 0x76, 0x69, 0x63, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x1c, 0x0a, 0x06, 0x6e, 0x75, 0x6d, + 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, + 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x63, 0x6f, 0x6c, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, + 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1f, 0x0a, + 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x0d, 0x52, 0x0a, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x22, 0xb7, + 0x02, 0x0a, 0x12, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x53, + 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x43, 0x0a, 0x0a, 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6d, 0x65, 0x74, 0x61, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, + 0x49, 0x73, 0x74, 0x69, 0x6f, 0x43, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0a, + 0x63, 0x6f, 0x6e, 0x64, 0x69, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x5d, 0x0a, 0x13, 0x76, 0x61, + 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x61, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x31, 0x2e, 0x41, 0x6e, 0x61, 0x6c, 0x79, 0x73, 0x69, 0x73, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, + 0x65, 0x42, 0x61, 0x73, 0x65, 0x52, 0x12, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x4d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x6f, 0x62, 0x73, + 0x65, 0x72, 0x76, 0x65, 0x64, 0x5f, 0x67, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x03, 0x52, 0x12, 0x6f, 0x62, 0x73, 0x65, 0x72, 0x76, 0x65, 0x64, + 0x47, 0x65, 0x6e, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4c, 0x0a, 0x09, 0x61, 0x64, + 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x18, 0x0a, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, + 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x52, 0x09, 0x61, + 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x65, 0x73, 0x22, 0x3f, 0x0a, 0x13, 0x53, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x41, 0x64, 0x64, 0x72, 0x65, 0x73, 0x73, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, + 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1311,26 +1126,33 @@ func file_networking_v1alpha3_service_entry_proto_rawDescGZIP() []byte { } var file_networking_v1alpha3_service_entry_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1alpha3_service_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 2) -var file_networking_v1alpha3_service_entry_proto_goTypes = []interface{}{ - (ServiceEntry_Location)(0), // 0: istio.networking.v1alpha3.ServiceEntry.Location - (ServiceEntry_Resolution)(0), // 1: istio.networking.v1alpha3.ServiceEntry.Resolution - (*ServiceEntry)(nil), // 2: istio.networking.v1alpha3.ServiceEntry - (*ServicePort)(nil), // 3: istio.networking.v1alpha3.ServicePort - (*WorkloadEntry)(nil), // 4: istio.networking.v1alpha3.WorkloadEntry - (*WorkloadSelector)(nil), // 5: istio.networking.v1alpha3.WorkloadSelector +var file_networking_v1alpha3_service_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_networking_v1alpha3_service_entry_proto_goTypes = []any{ + (ServiceEntry_Location)(0), // 0: istio.networking.v1alpha3.ServiceEntry.Location + (ServiceEntry_Resolution)(0), // 1: istio.networking.v1alpha3.ServiceEntry.Resolution + (*ServiceEntry)(nil), // 2: istio.networking.v1alpha3.ServiceEntry + (*ServicePort)(nil), // 3: istio.networking.v1alpha3.ServicePort + (*ServiceEntryStatus)(nil), // 4: istio.networking.v1alpha3.ServiceEntryStatus + (*ServiceEntryAddress)(nil), // 5: istio.networking.v1alpha3.ServiceEntryAddress + (*WorkloadEntry)(nil), // 6: istio.networking.v1alpha3.WorkloadEntry + (*WorkloadSelector)(nil), // 7: istio.networking.v1alpha3.WorkloadSelector + (*v1alpha1.IstioCondition)(nil), // 8: istio.meta.v1alpha1.IstioCondition + (*v1alpha11.AnalysisMessageBase)(nil), // 9: istio.analysis.v1alpha1.AnalysisMessageBase } var file_networking_v1alpha3_service_entry_proto_depIdxs = []int32{ 3, // 0: istio.networking.v1alpha3.ServiceEntry.ports:type_name -> istio.networking.v1alpha3.ServicePort 0, // 1: istio.networking.v1alpha3.ServiceEntry.location:type_name -> istio.networking.v1alpha3.ServiceEntry.Location 1, // 2: istio.networking.v1alpha3.ServiceEntry.resolution:type_name -> istio.networking.v1alpha3.ServiceEntry.Resolution - 4, // 3: istio.networking.v1alpha3.ServiceEntry.endpoints:type_name -> istio.networking.v1alpha3.WorkloadEntry - 5, // 4: istio.networking.v1alpha3.ServiceEntry.workload_selector:type_name -> istio.networking.v1alpha3.WorkloadSelector - 5, // [5:5] is the sub-list for method output_type - 5, // [5:5] is the sub-list for method input_type - 5, // [5:5] is the sub-list for extension type_name - 5, // [5:5] is the sub-list for extension extendee - 0, // [0:5] is the sub-list for field type_name + 6, // 3: istio.networking.v1alpha3.ServiceEntry.endpoints:type_name -> istio.networking.v1alpha3.WorkloadEntry + 7, // 4: istio.networking.v1alpha3.ServiceEntry.workload_selector:type_name -> istio.networking.v1alpha3.WorkloadSelector + 8, // 5: istio.networking.v1alpha3.ServiceEntryStatus.conditions:type_name -> istio.meta.v1alpha1.IstioCondition + 9, // 6: istio.networking.v1alpha3.ServiceEntryStatus.validation_messages:type_name -> istio.analysis.v1alpha1.AnalysisMessageBase + 5, // 7: istio.networking.v1alpha3.ServiceEntryStatus.addresses:type_name -> istio.networking.v1alpha3.ServiceEntryAddress + 8, // [8:8] is the sub-list for method output_type + 8, // [8:8] is the sub-list for method input_type + 8, // [8:8] is the sub-list for extension type_name + 8, // [8:8] is the sub-list for extension extendee + 0, // [0:8] is the sub-list for field type_name } func init() { file_networking_v1alpha3_service_entry_proto_init() } @@ -1340,39 +1162,13 @@ func file_networking_v1alpha3_service_entry_proto_init() { } file_networking_v1alpha3_sidecar_proto_init() file_networking_v1alpha3_workload_entry_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1alpha3_service_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_service_entry_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServicePort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_networking_v1alpha3_service_entry_proto_rawDesc, NumEnums: 2, - NumMessages: 2, + NumMessages: 4, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.html b/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.html index d20027980..a5cc7f078 100644 --- a/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry.pb.html @@ -6,7 +6,7 @@ generator: protoc-gen-docs schema: istio.networking.v1alpha3.ServiceEntry aliases: [/docs/reference/config/networking/v1alpha3/service-entry] -number_of_entries: 4 +number_of_entries: 6 ---

    ServiceEntry enables adding additional entries into Istio’s internal service registry, so that auto-discovered services in the @@ -26,9 +26,7 @@

    The following example declares a few external APIs accessed by internal applications over HTTPS. The sidecar inspects the SNI value in the ClientHello message to route to the appropriate external service.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: external-svc-https
    @@ -44,54 +42,11 @@
         protocol: TLS
       resolution: DNS
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: ServiceEntry
    -metadata:
    -  name: external-svc-https
    -spec:
    -  hosts:
    -  - api.dropboxapi.com
    -  - www.googleapis.com
    -  - api.facebook.com
    -  location: MESH_EXTERNAL
    -  ports:
    -  - number: 443
    -    name: https
    -    protocol: TLS
    -  resolution: DNS
    -
    -

    {{}} -{{}}

    The following configuration adds a set of MongoDB instances running on unmanaged VMs to Istio’s registry, so that these services can be treated as any other service in the mesh. The associated DestinationRule is used to initiate mTLS connections to the database instances.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: external-svc-mongocluster
    -spec:
    -  hosts:
    -  - mymongodb.somedomain # not used
    -  addresses:
    -  - 192.192.192.192/24 # VIPs
    -  ports:
    -  - number: 27018
    -    name: mongodb
    -    protocol: MONGO
    -  location: MESH_INTERNAL
    -  resolution: STATIC
    -  endpoints:
    -  - address: 2.2.2.2
    -  - address: 3.3.3.3
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: external-svc-mongocluster
    @@ -110,27 +65,8 @@
       - address: 2.2.2.2
       - address: 3.3.3.3
     
    -

    {{}} -{{}}

    and the associated DestinationRule

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: DestinationRule
    -metadata:
    -  name: mtls-mongocluster
    -spec:
    -  host: mymongodb.somedomain
    -  trafficPolicy:
    -    tls:
    -      mode: MUTUAL
    -      clientCertificate: /etc/certs/myclientcert.pem
    -      privateKey: /etc/certs/client_private_key.pem
    -      caCertificates: /etc/certs/rootcacerts.pem
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: DestinationRule
     metadata:
       name: mtls-mongocluster
    @@ -143,31 +79,10 @@
           privateKey: /etc/certs/client_private_key.pem
           caCertificates: /etc/certs/rootcacerts.pem
     
    -

    {{}} -{{}}

    The following example uses a combination of service entry and TLS routing in a virtual service to steer traffic based on the SNI value to an internal egress firewall.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: external-svc-redirect
    -spec:
    -  hosts:
    -  - wikipedia.org
    -  - "*.wikipedia.org"
    -  location: MESH_EXTERNAL
    -  ports:
    -  - number: 443
    -    name: https
    -    protocol: TLS
    -  resolution: NONE
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: external-svc-redirect
    @@ -182,31 +97,8 @@
         protocol: TLS
       resolution: NONE
     
    -

    {{}} -{{}}

    And the associated VirtualService to route based on the SNI value.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: tls-routing
    -spec:
    -  hosts:
    -  - wikipedia.org
    -  - "*.wikipedia.org"
    -  tls:
    -  - match:
    -    - sniHosts:
    -      - wikipedia.org
    -      - "*.wikipedia.org"
    -    route:
    -    - destination:
    -        host: internal-egress-firewall.ns1.svc.cluster.local
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: tls-routing
    @@ -223,8 +115,6 @@
         - destination:
             host: internal-egress-firewall.ns1.svc.cluster.local
     
    -

    {{}} -{{}}

    The virtual service with TLS match serves to override the default SNI match. In the absence of a virtual service, traffic will be forwarded to the wikipedia domains.

    @@ -235,28 +125,7 @@ to all namespaces. The following example restricts the visibility to the current namespace, represented by “.”, so that it cannot be used by other namespaces.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: external-svc-httpbin
    -  namespace : egress
    -spec:
    -  hosts:
    -  - example.com
    -  exportTo:
    -  - "."
    -  location: MESH_EXTERNAL
    -  ports:
    -  - number: 80
    -    name: http
    -    protocol: HTTP
    -  resolution: DNS
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: external-svc-httpbin
    @@ -273,30 +142,8 @@
         protocol: HTTP
       resolution: DNS
     
    -

    {{}} -{{}}

    Define a gateway to handle all egress traffic.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: Gateway
    -metadata:
    - name: istio-egressgateway
    - namespace: istio-system
    -spec:
    - selector:
    -   istio: egressgateway
    - servers:
    - - port:
    -     number: 80
    -     name: http
    -     protocol: HTTP
    -   hosts:
    -   - "*"
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: Gateway
     metadata:
      name: istio-egressgateway
    @@ -312,48 +159,13 @@
        hosts:
        - "*"
     
    -

    {{}} -{{}}

    And the associated VirtualService to route from the sidecar to the gateway service (istio-egressgateway.istio-system.svc.cluster.local), as well as route from the gateway to the external service. Note that the virtual service is exported to all namespaces enabling them to route traffic through the gateway to the external service. Forcing traffic to go through a managed middle proxy like this is a common practice.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: gateway-routing
    -  namespace: egress
    -spec:
    -  hosts:
    -  - example.com
    -  exportTo:
    -  - "*"
    -  gateways:
    -  - mesh
    -  - istio-egressgateway
    -  http:
    -  - match:
    -    - port: 80
    -      gateways:
    -      - mesh
    -    route:
    -    - destination:
    -        host: istio-egressgateway.istio-system.svc.cluster.local
    -  - match:
    -    - port: 80
    -      gateways:
    -      - istio-egressgateway
    -    route:
    -    - destination:
    -        host: example.com
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: gateway-routing
    @@ -382,31 +194,11 @@
         - destination:
             host: example.com
     
    -

    {{}} -{{}}

    The following example demonstrates the use of wildcards in the hosts for external services. If the connection has to be routed to the IP address requested by the application (i.e. application resolves DNS and attempts to connect to a specific IP), the resolution mode must be set to NONE.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: external-svc-wildcard-example
    -spec:
    -  hosts:
    -  - "*.bar.com"
    -  location: MESH_EXTERNAL
    -  ports:
    -  - number: 80
    -    name: http
    -    protocol: HTTP
    -  resolution: NONE
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: external-svc-wildcard-example
    @@ -420,14 +212,10 @@
         protocol: HTTP
       resolution: NONE
     
    -

    {{}} -{{}}

    The following example demonstrates a service that is available via a Unix Domain Socket on the host of the client. The resolution must be set to STATIC to use Unix address endpoints.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: unix-domain-socket-example
    @@ -443,26 +231,6 @@
       endpoints:
       - address: unix:///var/run/example/socket
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: ServiceEntry
    -metadata:
    -  name: unix-domain-socket-example
    -spec:
    -  hosts:
    -  - "example.unix.local"
    -  location: MESH_EXTERNAL
    -  ports:
    -  - number: 80
    -    name: http
    -    protocol: HTTP
    -  resolution: STATIC
    -  endpoints:
    -  - address: unix:///var/run/example/socket
    -
    -

    {{}} -{{}}

    For HTTP-based services, it is possible to create a VirtualService backed by multiple DNS addressable endpoints. In such a scenario, the application can use the HTTP_PROXY environment variable to transparently @@ -470,35 +238,7 @@ example, the following configuration creates a non-existent external service called foo.bar.com backed by three domains: us.foo.bar.com:8080, uk.foo.bar.com:9080, and in.foo.bar.com:7080

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: external-svc-dns
    -spec:
    -  hosts:
    -  - foo.bar.com
    -  location: MESH_EXTERNAL
    -  ports:
    -  - number: 80
    -    name: http
    -    protocol: HTTP
    -  resolution: DNS
    -  endpoints:
    -  - address: us.foo.bar.com
    -    ports:
    -      http: 8080
    -  - address: uk.foo.bar.com
    -    ports:
    -      http: 9080
    -  - address: in.foo.bar.com
    -    ports:
    -      http: 7080
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: external-svc-dns
    @@ -522,8 +262,6 @@
         ports:
           http: 7080
     
    -

    {{}} -{{}}

    With HTTP_PROXY=http://localhost/, calls from the application to http://foo.bar.com will be load balanced across the three domains specified above. In other words, a call to http://foo.bar.com/baz would @@ -531,31 +269,7 @@

    The following example illustrates the usage of a ServiceEntry containing a subject alternate name whose format conforms to the SPIFFE standard:

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: httpbin
    -  namespace : httpbin-ns
    -spec:
    -  hosts:
    -  - example.com
    -  location: MESH_INTERNAL
    -  ports:
    -  - number: 80
    -    name: http
    -    protocol: HTTP
    -  resolution: STATIC
    -  endpoints:
    -  - address: 2.2.2.2
    -  - address: 3.3.3.3
    -  subjectAltNames:
    -  - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: httpbin
    @@ -575,8 +289,6 @@
       subjectAltNames:
       - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account"
     
    -

    {{}} -{{}}

    The following example demonstrates the use of ServiceEntry with a workloadSelector to handle the migration of a service details.bookinfo.com from VMs to Kubernetes. The service has two @@ -584,33 +296,7 @@ pods managed by a standard deployment object. Consumers of this service in the mesh will be automatically load balanced across the VMs and Kubernetes.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: WorkloadEntry
    -metadata:
    -  name: details-vm-1
    -spec:
    -  serviceAccount: details
    -  address: 2.2.2.2
    -  labels:
    -    app: details
    -    instance-id: vm1
    ----
    -apiVersion: networking.istio.io/v1alpha3
    -kind: WorkloadEntry
    -metadata:
    -  name: details-vm-2
    -spec:
    -  serviceAccount: details
    -  address: 3.3.3.3
    -  labels:
    -    app: details
    -    instance-id: vm2
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: WorkloadEntry
     metadata:
       name: details-vm-1
    @@ -621,7 +307,7 @@
         app: details
         instance-id: vm1
     ---
    -apiVersion: networking.istio.io/v1beta1
    +apiVersion: networking.istio.io/v1
     kind: WorkloadEntry
     metadata:
       name: details-vm-2
    @@ -632,34 +318,11 @@
         app: details
         instance-id: vm2
     
    -

    {{}} -{{}}

    Assuming there is also a Kubernetes deployment with pod labels app: details using the same service account details, the following service entry declares a service spanning both VMs and Kubernetes:

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: details-svc
    -spec:
    -  hosts:
    -  - details.bookinfo.com
    -  location: MESH_INTERNAL
    -  ports:
    -  - number: 80
    -    name: http
    -    protocol: HTTP
    -  resolution: STATIC
    -  workloadSelector:
    -    labels:
    -      app: details
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: details-svc
    @@ -676,8 +339,6 @@
         labels:
           app: details
     
    -

    {{}} -{{}}

    ServiceEntry

    @@ -695,7 +356,7 @@

    ServiceEntry

    hostshosts string[]

    The hosts associated with the ServiceEntry. Could be a DNS @@ -728,7 +389,7 @@

    ServiceEntry

    addressesaddresses string[]

    The virtual IP addresses associated with the service. Could be CIDR @@ -752,7 +413,7 @@

    ServiceEntry

    portsports ServicePort[]

    The ports associated with the external service. If the @@ -761,11 +422,11 @@

    ServiceEntry

    -Yes +No
    locationlocation Location

    Specify whether the service should be considered external to the mesh @@ -777,7 +438,7 @@

    ServiceEntry

    resolutionresolution Resolution

    Service resolution mode for the hosts. Care must be taken @@ -787,11 +448,11 @@

    ServiceEntry

    -Yes +No
    endpointsendpoints WorkloadEntry[]

    One or more endpoints associated with the service. Only one of @@ -803,7 +464,7 @@

    ServiceEntry

    workloadSelectorworkloadSelector WorkloadSelector

    Applicable only for MESH_INTERNAL services. Only one of @@ -819,7 +480,7 @@

    ServiceEntry

    exportToexportTo string[]

    A list of namespaces to which this service is exported. Exporting a service @@ -842,7 +503,7 @@

    ServiceEntry

    subjectAltNamessubjectAltNames string[]

    If specified, the proxy will verify that the server certificate’s @@ -875,7 +536,7 @@

    ServicePort

    numbernumber uint32

    A valid non-negative integer port number.

    @@ -886,7 +547,7 @@

    ServicePort

    protocolprotocol string

    The protocol exposed on the port. @@ -896,11 +557,11 @@

    ServicePort

    -Yes +No
    namename string

    Label assigned to the port.

    @@ -911,12 +572,113 @@

    ServicePort

    targetPorttargetPort uint32

    The port number on the endpoint where the traffic will be received. If unset, default to number.

    +
    +No +
    +
    +

    ServiceEntryStatus

    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    FieldTypeDescriptionRequired
    conditionsIstioCondition[] +

    Current service state of ServiceEntry. +More info: https://istio.io/docs/reference/config/config-status/

    + +
    +No +
    validationMessagesAnalysisMessageBase[] +

    Includes any errors or warnings detected by Istio’s analyzers.

    + +
    +No +
    observedGenerationint64 +

    Resource Generation to which the Reconciled Condition refers. +When this value is not equal to the object’s metadata generation, reconciled condition calculation for the current +generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info.

    + +
    +No +
    addressesServiceEntryAddress[] +

    List of addresses which were assigned to this ServiceEntry.

    + +
    +No +
    +
    +

    ServiceEntryAddress

    +
    +

    minor abstraction to allow for adding hostnames if relevant

    + + + + + + + + + + + + + + + + + + + + + - + - + - + - + - + - + - + - + - + + + + + + + - + - - + + - + - + - + - + + + + + + + - - + + - + - + - + - + @@ -732,14 +660,7 @@

    WorkloadSelector

    OutboundTrafficPolicy

    OutboundTrafficPolicy sets the default behavior of the sidecar for -handling outbound traffic from the application. -If your application uses one or more external -services that are not known apriori, setting the policy to ALLOW_ANY -will cause the sidecars to route any unknown traffic originating from -the application to its requested destination. Users are strongly -encouraged to use ServiceEntry configurations to explicitly declare any external -dependencies, instead of using ALLOW_ANY, so that traffic to these -services can be monitored.

    +handling unknown outbound traffic from the application.

    FieldTypeDescriptionRequired
    valuestring +

    Value is the address (192.168.0.2)

    + +
    +No +
    hoststring +

    Host is the name associated with this address

    +
    No @@ -943,7 +705,7 @@

    ServiceEntry.Location

    MESH_EXTERNALMESH_EXTERNAL

    Signifies that the service is external to the mesh. Typically used to indicate external services consumed through APIs.

    @@ -951,7 +713,7 @@

    ServiceEntry.Location

    MESH_INTERNALMESH_INTERNAL

    Signifies that the service is part of the mesh. Typically used to indicate services added explicitly as part of expanding the service @@ -984,7 +746,7 @@

    ServiceEntry.Resolution

    NONENONE

    Assume that incoming connections have already been resolved (to a specific destination IP address). Such connections are typically @@ -996,7 +758,7 @@

    ServiceEntry.Resolution

    STATICSTATIC

    Use the static IP addresses specified in endpoints (see below) as the backing instances associated with the service.

    @@ -1004,7 +766,7 @@

    ServiceEntry.Resolution

    DNSDNS

    Attempt to resolve the IP address by querying the ambient DNS, asynchronously. If no endpoints are specified, the proxy @@ -1017,7 +779,7 @@

    ServiceEntry.Resolution

    DNS_ROUND_ROBINDNS_ROUND_ROBIN

    Attempt to resolve the IP address by querying the ambient DNS, asynchronously. Unlike DNS, DNS_ROUND_ROBIN only uses the diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry.proto b/vendor/istio.io/api/networking/v1alpha3/service_entry.proto index 3d15f50b8..66782f243 100644 --- a/vendor/istio.io/api/networking/v1alpha3/service_entry.proto +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry.proto @@ -17,6 +17,8 @@ syntax = "proto3"; import "google/api/field_behavior.proto"; import "networking/v1alpha3/sidecar.proto"; import "networking/v1alpha3/workload_entry.proto"; +import "analysis/v1alpha1/message.proto"; +import "meta/v1alpha1/status.proto"; // $schema: istio.networking.v1alpha3.ServiceEntry // $title: Service Entry @@ -44,10 +46,8 @@ import "networking/v1alpha3/workload_entry.proto"; // applications over HTTPS. The sidecar inspects the SNI value in the // ClientHello message to route to the appropriate external service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-https @@ -63,38 +63,14 @@ import "networking/v1alpha3/workload_entry.proto"; // protocol: TLS // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-https -// spec: -// hosts: -// - api.dropboxapi.com -// - www.googleapis.com -// - api.facebook.com -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: DNS -// ``` -// {{}} -// {{}} // // The following configuration adds a set of MongoDB instances running on // unmanaged VMs to Istio's registry, so that these services can be treated // as any other service in the mesh. The associated DestinationRule is used // to initiate mTLS connections to the database instances. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-mongocluster @@ -113,55 +89,11 @@ import "networking/v1alpha3/workload_entry.proto"; // - address: 2.2.2.2 // - address: 3.3.3.3 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mongocluster -// spec: -// hosts: -// - mymongodb.somedomain # not used -// addresses: -// - 192.192.192.192/24 # VIPs -// ports: -// - number: 27018 -// name: mongodb -// protocol: MONGO -// location: MESH_INTERNAL -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// ``` -// {{}} -// {{}} // // and the associated DestinationRule // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: mtls-mongocluster -// spec: -// host: mymongodb.somedomain -// trafficPolicy: -// tls: -// mode: MUTUAL -// clientCertificate: /etc/certs/myclientcert.pem -// privateKey: /etc/certs/client_private_key.pem -// caCertificates: /etc/certs/rootcacerts.pem -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: mtls-mongocluster @@ -174,17 +106,13 @@ import "networking/v1alpha3/workload_entry.proto"; // privateKey: /etc/certs/client_private_key.pem // caCertificates: /etc/certs/rootcacerts.pem // ``` -// {{}} -// {{}} // // The following example uses a combination of service entry and TLS // routing in a virtual service to steer traffic based on the SNI value to // an internal egress firewall. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-redirect @@ -199,34 +127,11 @@ import "networking/v1alpha3/workload_entry.proto"; // protocol: TLS // resolution: NONE // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-redirect -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// location: MESH_EXTERNAL -// ports: -// - number: 443 -// name: https -// protocol: TLS -// resolution: NONE -// ``` -// {{}} -// {{}} // // And the associated VirtualService to route based on the SNI value. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: tls-routing @@ -243,29 +148,6 @@ import "networking/v1alpha3/workload_entry.proto"; // - destination: // host: internal-egress-firewall.ns1.svc.cluster.local // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: tls-routing -// spec: -// hosts: -// - wikipedia.org -// - "*.wikipedia.org" -// tls: -// - match: -// - sniHosts: -// - wikipedia.org -// - "*.wikipedia.org" -// route: -// - destination: -// host: internal-egress-firewall.ns1.svc.cluster.local -// ``` -// {{}} -// {{}} // // The virtual service with TLS match serves to override the default SNI // match. In the absence of a virtual service, traffic will be forwarded to @@ -279,10 +161,8 @@ import "networking/v1alpha3/workload_entry.proto"; // current namespace, represented by ".", so that it cannot be used by other // namespaces. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-httpbin @@ -299,56 +179,11 @@ import "networking/v1alpha3/workload_entry.proto"; // protocol: HTTP // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-httpbin -// namespace : egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "." -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// ``` -// {{}} -// {{}} // // Define a gateway to handle all egress traffic. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Gateway -// metadata: -// name: istio-egressgateway -// namespace: istio-system -// spec: -// selector: -// istio: egressgateway -// servers: -// - port: -// number: 80 -// name: http -// protocol: HTTP -// hosts: -// - "*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Gateway // metadata: // name: istio-egressgateway @@ -364,8 +199,6 @@ import "networking/v1alpha3/workload_entry.proto"; // hosts: // - "*" // ``` -// {{}} -// {{}} // // And the associated `VirtualService` to route from the sidecar to the // gateway service (`istio-egressgateway.istio-system.svc.cluster.local`), as @@ -374,10 +207,8 @@ import "networking/v1alpha3/workload_entry.proto"; // through the gateway to the external service. Forcing traffic to go through // a managed middle proxy like this is a common practice. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: gateway-routing @@ -406,51 +237,14 @@ import "networking/v1alpha3/workload_entry.proto"; // - destination: // host: example.com // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: gateway-routing -// namespace: egress -// spec: -// hosts: -// - example.com -// exportTo: -// - "*" -// gateways: -// - mesh -// - istio-egressgateway -// http: -// - match: -// - port: 80 -// gateways: -// - mesh -// route: -// - destination: -// host: istio-egressgateway.istio-system.svc.cluster.local -// - match: -// - port: 80 -// gateways: -// - istio-egressgateway -// route: -// - destination: -// host: example.com -// ``` -// {{}} -// {{}} // // The following example demonstrates the use of wildcards in the hosts for // external services. If the connection has to be routed to the IP address // requested by the application (i.e. application resolves DNS and attempts // to connect to a specific IP), the resolution mode must be set to `NONE`. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-wildcard-example @@ -464,55 +258,13 @@ import "networking/v1alpha3/workload_entry.proto"; // protocol: HTTP // resolution: NONE // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wildcard-example -// spec: -// hosts: -// - "*.bar.com" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: NONE -// ``` -// {{}} -// {{}} // // The following example demonstrates a service that is available via a // Unix Domain Socket on the host of the client. The resolution must be // set to STATIC to use Unix address endpoints. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: unix-domain-socket-example -// spec: -// hosts: -// - "example.unix.local" -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: unix:///var/run/example/socket -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: unix-domain-socket-example @@ -528,8 +280,6 @@ import "networking/v1alpha3/workload_entry.proto"; // endpoints: // - address: unix:///var/run/example/socket // ``` -// {{}} -// {{}} // // For HTTP-based services, it is possible to create a `VirtualService` // backed by multiple DNS addressable endpoints. In such a scenario, the @@ -539,10 +289,8 @@ import "networking/v1alpha3/workload_entry.proto"; // service called foo.bar.com backed by three domains: us.foo.bar.com:8080, // uk.foo.bar.com:9080, and in.foo.bar.com:7080 // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-dns @@ -566,36 +314,6 @@ import "networking/v1alpha3/workload_entry.proto"; // ports: // http: 7080 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-dns -// spec: -// hosts: -// - foo.bar.com -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: DNS -// endpoints: -// - address: us.foo.bar.com -// ports: -// http: 8080 -// - address: uk.foo.bar.com -// ports: -// http: 9080 -// - address: in.foo.bar.com -// ports: -// http: 7080 -// ``` -// {{}} -// {{}} // // With `HTTP_PROXY=http://localhost/`, calls from the application to // `http://foo.bar.com` will be load balanced across the three domains @@ -606,34 +324,8 @@ import "networking/v1alpha3/workload_entry.proto"; // containing a subject alternate name // whose format conforms to the [SPIFFE standard](https://github.com/spiffe/spiffe/blob/master/standards/SPIFFE-ID.md): // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: httpbin -// namespace : httpbin-ns -// spec: -// hosts: -// - example.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// endpoints: -// - address: 2.2.2.2 -// - address: 3.3.3.3 -// subjectAltNames: -// - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: httpbin @@ -653,8 +345,6 @@ import "networking/v1alpha3/workload_entry.proto"; // subjectAltNames: // - "spiffe://cluster.local/ns/httpbin-ns/sa/httpbin-service-account" // ``` -// {{}} -// {{}} // // The following example demonstrates the use of `ServiceEntry` with a // `workloadSelector` to handle the migration of a service @@ -664,36 +354,8 @@ import "networking/v1alpha3/workload_entry.proto"; // service in the mesh will be automatically load balanced across the // VMs and Kubernetes. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-vm-1 -// spec: -// serviceAccount: details -// address: 2.2.2.2 -// labels: -// app: details -// instance-id: vm1 -// --- -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-vm-2 -// spec: -// serviceAccount: details -// address: 3.3.3.3 -// labels: -// app: details -// instance-id: vm2 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-vm-1 @@ -704,7 +366,7 @@ import "networking/v1alpha3/workload_entry.proto"; // app: details // instance-id: vm1 // --- -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-vm-2 @@ -715,18 +377,14 @@ import "networking/v1alpha3/workload_entry.proto"; // app: details // instance-id: vm2 // ``` -// {{}} -// {{}} // // Assuming there is also a Kubernetes deployment with pod labels // `app: details` using the same service account `details`, the // following service entry declares a service spanning both VMs and // Kubernetes: // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -743,40 +401,17 @@ import "networking/v1alpha3/workload_entry.proto"; // labels: // app: details // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// resolution: STATIC -// workloadSelector: -// labels: -// app: details -// ``` -// {{}} -// {{}} package istio.networking.v1alpha3; option go_package = "istio.io/api/networking/v1alpha3"; + // ServiceEntry enables adding additional entries into Istio's internal // service registry. // // // // -// +// +kubebuilder:validation:XValidation:message="only one of WorkloadSelector or Endpoints can be set",rule="(has(self.workloadSelector)?1:0)+(has(self.endpoints)?1:0)<=1" +// +kubebuilder:validation:XValidation:message="CIDR addresses are allowed only for NONE/STATIC resolution types",rule="!(has(self.addresses) && self.addresses.exists(k, k.contains('/')) && (has(self.resolution) && self.resolution != 'STATIC' && self.resolution != 'NONE'))" +// +kubebuilder:validation:XValidation:message="NONE mode cannot set endpoints",rule="(!has(self.resolution) || self.resolution == 'NONE') ? !has(self.endpoints) : true" +// +kubebuilder:validation:XValidation:message="DNS_ROUND_ROBIN mode cannot have multiple endpoints",rule="(has(self.resolution) && self.resolution == 'DNS_ROUND_ROBIN') ? (!has(self.endpoints) || size(self.endpoints) == 1) : true" message ServiceEntry { // The hosts associated with the ServiceEntry. Could be a DNS // name with wildcard prefix. @@ -827,7 +465,9 @@ message ServiceEntry { // 1. subjectAltNames: In addition to verifying the SANs of the // service accounts associated with the pods of the service, the // SANs specified here will also be verified. - // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=256 + // +protoc-gen-crd:list-value-validation:XValidation:message="hostname cannot be wildcard",rule="self != '*'" repeated string hosts = 1 [(google.api.field_behavior) = REQUIRED]; // The virtual IP addresses associated with the service. Could be CIDR @@ -844,12 +484,18 @@ message ServiceEntry { // simple TCP proxy, forwarding incoming traffic on a specified port to // the specified destination endpoint IP/host. Unix domain socket // addresses are not supported in this field. + // +kubebuilder:validation:MaxItems=256 + // +protoc-gen-crd:list-value-validation:MaxLength=64 repeated string addresses = 2; // The ports associated with the external service. If the // Endpoints are Unix domain socket addresses, there must be exactly one // port. - repeated ServicePort ports = 3 [(google.api.field_behavior) = REQUIRED]; + // +listType=map + // +listMapKey=name + // +kubebuilder:validation:MaxItems=256 + // +kubebuilder:validation:XValidation:message="port number cannot be duplicated",rule="self.all(l1, self.exists_one(l2, l1.number == l2.number))" + repeated ServicePort ports = 3; // Location specifies whether the service is part of Istio mesh or // outside the mesh. Location determines the behavior of several @@ -921,10 +567,11 @@ message ServiceEntry { // when setting the resolution mode to NONE for a TCP port without // accompanying IP addresses. In such cases, traffic to any IP on // said port will be allowed (i.e. `0.0.0.0:`). - Resolution resolution = 5 [(google.api.field_behavior) = REQUIRED]; + Resolution resolution = 5; // One or more endpoints associated with the service. Only one of // `endpoints` or `workloadSelector` can be specified. + // +kubebuilder:validation:MaxItems=4096 repeated WorkloadEntry endpoints = 6; // Applicable only for MESH_INTERNAL services. Only one of @@ -966,18 +613,59 @@ message ServiceEntry { // ServicePort describes the properties of a specific port of a service. message ServicePort { // A valid non-negative integer port number. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; // The protocol exposed on the port. // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. // TLS implies the connection will be routed based on the SNI header to // the destination without terminating the TLS connection. - string protocol = 2 [(google.api.field_behavior) = REQUIRED]; + // +kubebuilder:validation:MaxLength=256 + string protocol = 2; // Label assigned to the port. + // +kubebuilder:validation:MaxLength=256 string name = 3 [(google.api.field_behavior) = REQUIRED]; // The port number on the endpoint where the traffic will be // received. If unset, default to `number`. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" uint32 target_port = 4; } + +message ServiceEntryStatus { + // Current service state of ServiceEntry. + // More info: https://istio.io/docs/reference/config/config-status/ + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + repeated meta.v1alpha1.IstioCondition conditions = 1; + + // Includes any errors or warnings detected by Istio's analyzers. + // +optional + // +patchMergeKey=type + // +patchStrategy=merge + repeated analysis.v1alpha1.AnalysisMessageBase validation_messages = 2; + + // Resource Generation to which the Reconciled Condition refers. + // When this value is not equal to the object's metadata generation, reconciled condition calculation for the current + // generation is still in progress. See https://istio.io/latest/docs/reference/config/config-status/ for more info. + // +optional + int64 observed_generation = 3; + + // Above this is just a copy of the common IstioStatus since proto cannot embed an anonymous message whole cloth + + // List of addresses which were assigned to this ServiceEntry. + // +optional + repeated ServiceEntryAddress addresses = 10; +} + +// minor abstraction to allow for adding hostnames if relevant +message ServiceEntryAddress{ + // Value is the address (192.168.0.2) + string value = 1; + + // Host is the name associated with this address + string host = 2; +} + diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/service_entry_deepcopy.gen.go index 7e80449c6..6c1353760 100644 --- a/vendor/istio.io/api/networking/v1alpha3/service_entry_deepcopy.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry_deepcopy.gen.go @@ -46,3 +46,45 @@ func (in *ServicePort) DeepCopy() *ServicePort { func (in *ServicePort) DeepCopyInterface() interface{} { return in.DeepCopy() } + +// DeepCopyInto supports using ServiceEntryStatus within kubernetes types, where deepcopy-gen is used. +func (in *ServiceEntryStatus) DeepCopyInto(out *ServiceEntryStatus) { + p := proto.Clone(in).(*ServiceEntryStatus) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryStatus. Required by controller-gen. +func (in *ServiceEntryStatus) DeepCopy() *ServiceEntryStatus { + if in == nil { + return nil + } + out := new(ServiceEntryStatus) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryStatus. Required by controller-gen. +func (in *ServiceEntryStatus) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using ServiceEntryAddress within kubernetes types, where deepcopy-gen is used. +func (in *ServiceEntryAddress) DeepCopyInto(out *ServiceEntryAddress) { + p := proto.Clone(in).(*ServiceEntryAddress) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryAddress. Required by controller-gen. +func (in *ServiceEntryAddress) DeepCopy() *ServiceEntryAddress { + if in == nil { + return nil + } + out := new(ServiceEntryAddress) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ServiceEntryAddress. Required by controller-gen. +func (in *ServiceEntryAddress) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/vendor/istio.io/api/networking/v1alpha3/service_entry_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/service_entry_json.gen.go index 09a29c6d5..aa9732e61 100644 --- a/vendor/istio.io/api/networking/v1alpha3/service_entry_json.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/service_entry_json.gen.go @@ -28,6 +28,28 @@ func (this *ServicePort) UnmarshalJSON(b []byte) error { return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for ServiceEntryStatus +func (this *ServiceEntryStatus) MarshalJSON() ([]byte, error) { + str, err := ServiceEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServiceEntryStatus +func (this *ServiceEntryStatus) UnmarshalJSON(b []byte) error { + return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + +// MarshalJSON is a custom marshaler for ServiceEntryAddress +func (this *ServiceEntryAddress) MarshalJSON() ([]byte, error) { + str, err := ServiceEntryMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for ServiceEntryAddress +func (this *ServiceEntryAddress) UnmarshalJSON(b []byte) error { + return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + var ( ServiceEntryMarshaler = &jsonpb.Marshaler{} ServiceEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} diff --git a/vendor/istio.io/api/networking/v1alpha3/sidecar.gen.json b/vendor/istio.io/api/networking/v1alpha3/sidecar.gen.json deleted file mode 100644 index 4d1fd4e45..000000000 --- a/vendor/istio.io/api/networking/v1alpha3/sidecar.gen.json +++ /dev/null @@ -1,259 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Configuration affecting network reachability of a sidecar.", - "version": "v1alpha3" - }, - "components": { - "schemas": { - "istio.networking.v1alpha3.CaptureMode": { - "description": "`CaptureMode` describes how traffic to a listener is expected to be captured. Applicable only when the listener is bound to an IP.", - "type": "string", - "enum": [ - "DEFAULT", - "IPTABLES", - "NONE" - ] - }, - "istio.networking.v1alpha3.Destination": { - "description": "Destination indicates the network addressable service to which the request/connection will be sent after processing a routing rule. The destination.host should unambiguously refer to a service in the service registry. Istio's service registry is composed of all the services found in the platform's service registry (e.g., Kubernetes services, Consul services), as well as services declared through the [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource.", - "type": "object", - "properties": { - "host": { - "description": "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to destinations that are not found in either of the two, will be dropped.", - "type": "string" - }, - "subset": { - "description": "The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.", - "type": "string" - }, - "port": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.PortSelector" - } - } - }, - "istio.networking.v1alpha3.IstioEgressListener": { - "description": "`IstioEgressListener` specifies the properties of an outbound traffic listener on the sidecar proxy attached to a workload instance.", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Port" - }, - "bind": { - "description": "The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If omitted, Istio will automatically configure the defaults based on imported services, the workload instances to which this configuration is applied to and the captureMode. If captureMode is `NONE`, bind will default to 127.0.0.1.", - "type": "string" - }, - "captureMode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.CaptureMode" - }, - "hosts": { - "description": "One or more service hosts exposed by the listener in `namespace/dnsName` format. Services in the specified namespace matching `dnsName` will be exposed. The corresponding service can be a service in the service registry (e.g., a Kubernetes or cloud foundry service) or a service specified using a `ServiceEntry` or `VirtualService` configuration. Any associated `DestinationRule` in the same namespace will also be used.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.IstioIngressListener": { - "description": "`IstioIngressListener` specifies the properties of an inbound traffic listener on the sidecar proxy attached to a workload instance.", - "type": "object", - "properties": { - "port": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Port" - }, - "bind": { - "description": "The IP(IPv4 or IPv6) to which the listener should be bound. Unix domain socket addresses are not allowed in the bind field for ingress listeners. If omitted, Istio will automatically configure the defaults based on imported services and the workload instances to which this configuration is applied to.", - "type": "string" - }, - "captureMode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.CaptureMode" - }, - "defaultEndpoint": { - "description": "The IP endpoint or Unix domain socket to which traffic should be forwarded to. This configuration can be used to redirect traffic arriving at the bind `IP:Port` on the sidecar to a `localhost:port` or Unix domain socket where the application workload instance is listening for connections. Arbitrary IPs are not supported. Format should be one of `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), or `unix:///path/to/socket` (forward to Unix domain socket).", - "type": "string" - }, - "tls": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServerTLSSettings" - } - } - }, - "istio.networking.v1alpha3.OutboundTrafficPolicy": { - "description": "`OutboundTrafficPolicy` sets the default behavior of the sidecar for handling outbound traffic from the application. If your application uses one or more external services that are not known apriori, setting the policy to `ALLOW_ANY` will cause the sidecars to route any unknown traffic originating from the application to its requested destination. Users are strongly encouraged to use `ServiceEntry` configurations to explicitly declare any external dependencies, instead of using `ALLOW_ANY`, so that traffic to these services can be monitored.", - "type": "object", - "properties": { - "mode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.OutboundTrafficPolicy.Mode" - }, - "egressProxy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Destination" - } - } - }, - "istio.networking.v1alpha3.OutboundTrafficPolicy.Mode": { - "type": "string", - "enum": [ - "REGISTRY_ONLY", - "ALLOW_ANY" - ] - }, - "istio.networking.v1alpha3.Port": { - "description": "Port describes the properties of a specific port of a service.", - "type": "object", - "properties": { - "number": { - "description": "A valid non-negative integer port number.", - "type": "integer" - }, - "protocol": { - "description": "The protocol exposed on the port. MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. TLS can be either used to terminate non-HTTP based connections on a specific port or to route traffic based on SNI header to the destination without terminating the TLS connection.", - "type": "string" - }, - "name": { - "description": "Label assigned to the port.", - "type": "string" - }, - "targetPort": { - "description": "The port number on the endpoint where the traffic will be received. Applicable only when used with ServiceEntries. $hide_from_docs", - "type": "integer", - "deprecated": true - } - } - }, - "istio.networking.v1alpha3.PortSelector": { - "description": "PortSelector specifies the number of a port to be used for matching or selection for final routing.", - "type": "object", - "properties": { - "number": { - "description": "Valid port number", - "type": "integer" - } - } - }, - "istio.networking.v1alpha3.ServerTLSSettings": { - "type": "object", - "properties": { - "httpsRedirect": { - "description": "If set to true, the load balancer will send a 301 redirect for all http connections, asking the clients to use HTTPS.", - "type": "boolean" - }, - "mode": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServerTLSSettings.TLSmode" - }, - "serverCertificate": { - "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file holding the server-side TLS certificate to use.", - "type": "string" - }, - "privateKey": { - "description": "REQUIRED if mode is `SIMPLE` or `MUTUAL`. The path to the file holding the server's private key.", - "type": "string" - }, - "caCertificates": { - "description": "REQUIRED if mode is `MUTUAL` or `OPTIONAL_MUTUAL`. The path to a file containing certificate authority certificates to use in verifying a presented client side certificate.", - "type": "string" - }, - "credentialName": { - "description": "For gateways running on Kubernetes, the name of the secret that holds the TLS certs including the CA certificates. Applicable only on Kubernetes. An Opaque secret should contain the following keys and values: `key: \u003cprivateKey\u003e` and `cert: \u003cserverCert\u003e`. For mutual TLS, `cacert: \u003cCACertificate\u003e` and `crl: \u003cCertificateRevocationList\u003e` can be provided in the same secret or a separate secret named `\u003csecret\u003e-cacert`. A TLS secret for server certificates with an additional `tls.ocsp-staple` key for specifying OCSP staple information, `ca.crt` key for CA certificates and `ca.crl` for certificate revocation list is also supported. Only one of server certificates and CA certificate or credentialName can be specified.", - "type": "string" - }, - "subjectAltNames": { - "description": "A list of alternate names to verify the subject identity in the certificate presented by the client.", - "type": "array", - "items": { - "type": "string" - } - }, - "verifyCertificateSpki": { - "description": "An optional list of base64-encoded SHA-256 hashes of the SPKIs of authorized client certificates. Note: When both verify_certificate_hash and verify_certificate_spki are specified, a hash matching either value will result in the certificate being accepted.", - "type": "array", - "items": { - "type": "string" - } - }, - "verifyCertificateHash": { - "description": "An optional list of hex-encoded SHA-256 hashes of the authorized client certificates. Both simple and colon separated formats are acceptable. Note: When both verify_certificate_hash and verify_certificate_spki are specified, a hash matching either value will result in the certificate being accepted.", - "type": "array", - "items": { - "type": "string" - } - }, - "minProtocolVersion": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol" - }, - "maxProtocolVersion": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol" - }, - "cipherSuites": { - "description": "Optional: If specified, only support the specified cipher list. Otherwise default to the default cipher list supported by Envoy as specified [here](https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/transport_sockets/tls/v3/common.proto). The supported list of ciphers are: * `ECDHE-ECDSA-AES128-GCM-SHA256` * `ECDHE-RSA-AES128-GCM-SHA256` * `ECDHE-ECDSA-AES256-GCM-SHA384` * `ECDHE-RSA-AES256-GCM-SHA384` * `ECDHE-ECDSA-CHACHA20-POLY1305` * `ECDHE-RSA-CHACHA20-POLY1305` * `ECDHE-ECDSA-AES128-SHA` * `ECDHE-RSA-AES128-SHA` * `ECDHE-ECDSA-AES256-SHA` * `ECDHE-RSA-AES256-SHA` * `AES128-GCM-SHA256` * `AES256-GCM-SHA384` * `AES128-SHA` * `AES256-SHA` * `DES-CBC3-SHA`", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.ServerTLSSettings.TLSProtocol": { - "description": "TLS protocol versions.", - "type": "string", - "enum": [ - "TLS_AUTO", - "TLSV1_0", - "TLSV1_1", - "TLSV1_2", - "TLSV1_3" - ] - }, - "istio.networking.v1alpha3.ServerTLSSettings.TLSmode": { - "description": "TLS modes enforced by the proxy", - "type": "string", - "enum": [ - "PASSTHROUGH", - "SIMPLE", - "MUTUAL", - "AUTO_PASSTHROUGH", - "ISTIO_MUTUAL", - "OPTIONAL_MUTUAL" - ] - }, - "istio.networking.v1alpha3.Sidecar": { - "description": "`Sidecar` describes the configuration of the sidecar proxy that mediates inbound and outbound communication of the workload instance to which it is attached.", - "type": "object", - "properties": { - "workloadSelector": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.WorkloadSelector" - }, - "ingress": { - "description": "Ingress specifies the configuration of the sidecar for processing inbound traffic to the attached workload instance. If omitted, Istio will automatically configure the sidecar based on the information about the workload obtained from the orchestration platform (e.g., exposed ports, services, etc.). If specified, inbound ports are configured if and only if the workload instance is associated with a service.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.IstioIngressListener" - } - }, - "egress": { - "description": "Egress specifies the configuration of the sidecar for processing outbound traffic from the attached workload instance to other services in the mesh. If not specified, inherits the system detected defaults from the namespace-wide or the global default Sidecar.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.IstioEgressListener" - } - }, - "outboundTrafficPolicy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.OutboundTrafficPolicy" - } - } - }, - "istio.networking.v1alpha3.WorkloadSelector": { - "description": "`WorkloadSelector` specifies the criteria used to determine if the `Gateway`, `Sidecar`, `EnvoyFilter`, `ServiceEntry`, or `DestinationRule` configuration can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.", - "type": "object", - "properties": { - "labels": { - "description": "One or more labels that indicate a specific set of pods/VMs on which the configuration should be applied. The scope of label search is restricted to the configuration namespace in which the the resource is present.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.go b/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.go index b83d46e75..dcbb74660 100644 --- a/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: networking/v1alpha3/sidecar.proto @@ -31,9 +31,15 @@ // well as accept traffic on all the ports associated with the // workload. The `Sidecar` configuration provides a way to fine tune the set of // ports, protocols that the proxy will accept when forwarding traffic to -// and from the workload. In addition, it is possible to restrict the set -// of services that the proxy can reach when forwarding outbound traffic -// from workload instances. +// and from the workload. +// +// One the common usages of `Sidecar` is to limit the set of configuration for outbound traffic. +// This configuration scoping, among [other options](/docs/ops/configuration/mesh/configuration-scoping/), is useful to prune +// out unneeded configuration, to improve scalability of the mesh. +// A common misunderstanding is that restricting the configuration amounts to *blocking* the traffic. +// If requests are sent to destinations not included in the scoping, the traffic will be treated as +// [unmatched traffic](/docs/ops/configuration/traffic-management/traffic-routing/#unmatched-traffic), which is often still allowed. +// The sidecar is not able to enforce an outbound traffic restriction (see [Egress Gateways](/docs/tasks/traffic-management/egress/egress-gateway/) for how to achieve this). // // Services and configuration in a mesh are organized into one or more // namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` @@ -64,14 +70,12 @@ // // The example below declares a global default `Sidecar` configuration // in the root namespace called `istio-config`, that configures -// sidecars in all namespaces to allow egress traffic only to other +// sidecars in all namespaces to configure egress traffic only to other // workloads in the same namespace as well as to services in the // `istio-system` namespace. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: default @@ -82,50 +86,15 @@ // - "./*" // - "istio-system/*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: default -// namespace: istio-config -// spec: -// egress: -// - hosts: -// - "./*" -// - "istio-system/*" -// ``` -// {{}} -// {{}} // // The example below declares a `Sidecar` configuration in the // `prod-us1` namespace that overrides the global default defined -// above, and configures the sidecars in the namespace to allow egress +// above, and configures the sidecars in the namespace to configure egress // traffic to public services in the `prod-us1`, `prod-apis`, and the // `istio-system` namespaces. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// egress: -// - hosts: -// - "prod-us1/*" -// - "prod-apis/*" -// - "istio-system/*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: default @@ -137,8 +106,6 @@ // - "prod-apis/*" // - "istio-system/*" // ``` -// {{}} -// {{}} // // The following example declares a `Sidecar` configuration in the // `prod-us1` namespace for all pods with labels `app: ratings` @@ -149,10 +116,8 @@ // namespace, the sidecar proxies only HTTP traffic bound for port // 9080 for services in the `prod-us1` namespace. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: ratings @@ -177,37 +142,6 @@ // - hosts: // - "istio-system/*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: ratings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: ratings -// ingress: -// - port: -// number: 9080 -// protocol: HTTP -// name: somename -// defaultEndpoint: unix:///var/run/someuds.sock -// egress: -// - port: -// number: 9080 -// protocol: HTTP -// name: egresshttp -// hosts: -// - "prod-us1/*" -// - hosts: -// - "istio-system/*" -// ``` -// {{}} -// {{}} // // If the workload is deployed without IPTables-based traffic capture, // the `Sidecar` configuration is the only way to configure the ports @@ -224,40 +158,8 @@ // `127.0.0.1:3306`, that then gets proxied to the externally hosted // MySQL service at `mysql.foo.com:3306`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: no-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - port: -// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE # not needed if metadata is set for entire proxy -// egress: -// - port: -// number: 3306 -// protocol: MYSQL -// name: egressmysql -// captureMode: NONE # not needed if metadata is set for entire proxy -// bind: 127.0.0.1 -// hosts: -// - "*/mysql.foo.com" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: no-ip-tables @@ -283,15 +185,11 @@ // hosts: // - "*/mysql.foo.com" // ``` -// {{}} -// {{}} // // And the associated service entry for routing to `mysql.foo.com:3306` // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-mysql @@ -306,27 +204,6 @@ // location: MESH_EXTERNAL // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mysql -// namespace: ns1 -// spec: -// hosts: -// - mysql.foo.com -// ports: -// - number: 3306 -// name: mysql -// protocol: MYSQL -// location: MESH_EXTERNAL -// resolution: DNS -// ``` -// {{}} -// {{}} // // It is also possible to mix and match traffic capture modes in a single // proxy. For example, consider a setup where internal services are on the @@ -341,10 +218,8 @@ // proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, // implying that IP tables based traffic capture is active. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: partial-ip-tables @@ -370,38 +245,6 @@ // hosts: // - "*/*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: partial-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - bind: 172.16.1.32 -// port: -// number: 80 # binds to 172.16.1.32:80 -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE -// egress: -// # use the system detected defaults -// # sets up configuration to handle outbound traffic to services -// # in 192.168.0.0/16 subnet, based on information provided by the -// # service registry -// - captureMode: IPTABLES -// hosts: -// - "*/*" -// ``` -// {{}} -// {{}} // // The following example declares a `Sidecar` configuration in the // `prod-us1` namespace for all pods with labels `app: ratings` @@ -416,10 +259,8 @@ // In this example, the mTLS mode is disabled on PORT 80. // This feature is currently experimental. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: ratings @@ -438,11 +279,7 @@ // mode: SIMPLE // privateKey: "/etc/certs/privatekey.pem" // serverCertificate: "/etc/certs/servercert.pem" -// ``` -// {{}} -// -// {{}} -// ```yaml +// --- // apiVersion: v1 // kind: Service // metadata: @@ -457,12 +294,8 @@ // targetPort: 80 // selector: // app: ratings -// ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: security.istio.io/v1beta1 +// --- +// apiVersion: security.istio.io/v1 // kind: PeerAuthentication // metadata: // name: ratings-peer-auth @@ -477,8 +310,45 @@ // 80: // mode: DISABLE // ``` -// {{}} -// {{}} +// +// In addition to configuring traffic capture and how traffic is forwarded to the app, +// it's possible to control inbound connection pool settings. By default, Istio pushes +// connection pool settings from `DestinationRules` to both clients (for outbound +// connections to the service) as well as servers (for inbound connections to a service +// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings +// in a `Sidecar` allow you to control those connection pools for the server separately +// from the settings pushed to all clients. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: connection-pool-settings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// inboundConnectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// ingress: +// - port: +// number: 80 +// protocol: HTTP +// name: somename +// connectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// tcp: +// maxConnections: 100 +// ``` package v1alpha3 @@ -558,11 +428,17 @@ func (CaptureMode) EnumDescriptor() ([]byte, []int) { type OutboundTrafficPolicy_Mode int32 const ( - // Outbound traffic will be restricted to services defined in the - // service registry as well as those defined through `ServiceEntry` configurations. + // In `REGISTRY_ONLY` mode, unknown outbound traffic will be dropped. + // Traffic destinations must be explicitly declared into the service registry through `ServiceEntry` configurations. + // + // Note: Istio [does not offer an outbound traffic security policy](https://istio.io/latest/docs/ops/best-practices/security/#understand-traffic-capture-limitations). + // This option does not act as one, or as any form of an outbound firewall. + // Instead, this option exists primarily to offer users a way to detect missing `ServiceEntry` configurations by explicitly failing. OutboundTrafficPolicy_REGISTRY_ONLY OutboundTrafficPolicy_Mode = 0 - // Outbound traffic to unknown destinations will be allowed, in case - // there are no services or `ServiceEntry` configurations for the destination port. + // In `ALLOW_ANY` mode, any traffic to unknown destinations will be allowed. + // Unknown destination traffic will have limited functionality, however, such as reduced observability. + // This mode allows users that do not have all possible egress destinations registered through `ServiceEntry` configurations to still connect + // to arbitrary destinations. OutboundTrafficPolicy_ALLOW_ANY OutboundTrafficPolicy_Mode = 1 ) @@ -611,8 +487,7 @@ func (OutboundTrafficPolicy_Mode) EnumDescriptor() ([]byte, []int) { // // -// type Sidecar struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -651,23 +523,43 @@ type Sidecar struct { // services in the mesh. If not specified, inherits the system // detected defaults from the namespace-wide or the global default Sidecar. Egress []*IstioEgressListener `protobuf:"bytes,3,rep,name=egress,proto3" json:"egress,omitempty"` - // Configuration for the outbound traffic policy. If your - // application uses one or more external services that are not known - // apriori, setting the policy to `ALLOW_ANY` will cause the - // sidecars to route any unknown traffic originating from the - // application to its requested destination. If not specified, - // inherits the system detected defaults from the namespace-wide or - // the global default Sidecar. + // Settings controlling the volume of connections Envoy will accept from the network. + // This default will apply for all inbound listeners and can be overridden per-port + // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s + // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. + // + // By default, Istio applies a service's `DestinationRule` to client sidecars + // for outbound traffic directed at the service -- the usual case folks think + // of when configuring a `DestinationRule` -- but also to the server's inbound + // sidecar. The `Sidecar`'s connection pool configures the server's inbound + // sidecar directly, so its settings can be different than clients'. This is + // valuable, for example, when you have many clients calling few servers: a + // `DestinationRule` can limit the concurrency of any single client, while + // the `Sidecar` allows you to configure much higher concurrency on the server + // side. + // + // Connection pool settings for a server's inbound sidecar are configured in the + // following precedence, highest to lowest: + // - per-port `ConnectionPool` from the `Sidecar` + // - top level `InboundConnectionPool` from the `Sidecar` + // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - default connection pool settings (essentially unlimited) + // + // In every case, the connection pool settings are overridden, not merged. + InboundConnectionPool *ConnectionPoolSettings `protobuf:"bytes,7,opt,name=inbound_connection_pool,json=inboundConnectionPool,proto3" json:"inbound_connection_pool,omitempty"` + // Set the default behavior of the sidecar for handling outbound + // traffic from the application. + // + // Default mode is `ALLOW_ANY`, which means outbound traffic to unknown destinations will be allowed. OutboundTrafficPolicy *OutboundTrafficPolicy `protobuf:"bytes,4,opt,name=outbound_traffic_policy,json=outboundTrafficPolicy,proto3" json:"outbound_traffic_policy,omitempty"` } func (x *Sidecar) Reset() { *x = Sidecar{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Sidecar) String() string { @@ -678,7 +570,7 @@ func (*Sidecar) ProtoMessage() {} func (x *Sidecar) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -714,6 +606,13 @@ func (x *Sidecar) GetEgress() []*IstioEgressListener { return nil } +func (x *Sidecar) GetInboundConnectionPool() *ConnectionPoolSettings { + if x != nil { + return x.InboundConnectionPool + } + return nil +} + func (x *Sidecar) GetOutboundTrafficPolicy() *OutboundTrafficPolicy { if x != nil { return x.OutboundTrafficPolicy @@ -729,7 +628,7 @@ type IstioIngressListener struct { unknownFields protoimpl.UnknownFields // The port associated with the listener. - Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` + Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` // The IP(IPv4 or IPv6) to which the listener should be bound. // Unix domain socket addresses are not allowed in // the bind field for ingress listeners. If omitted, Istio will @@ -753,15 +652,21 @@ type IstioIngressListener struct { // sidecar for requests originating from outside the mesh. // Currently supports only SIMPLE and MUTUAL TLS modes. Tls *ServerTLSSettings `protobuf:"bytes,7,opt,name=tls,proto3" json:"tls,omitempty"` + // Settings controlling the volume of connections Envoy will accept from the network. + // This setting overrides the top-level default `inboundConnectionPool` to configure + // specific settings for this port. This configuration mirrors the `DestinationRule`'s + // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. + // This port level connection pool has the highest precedence in configuration, + // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any + // connection pooling settings from the `DestinationRule`. + ConnectionPool *ConnectionPoolSettings `protobuf:"bytes,8,opt,name=connection_pool,json=connectionPool,proto3" json:"connection_pool,omitempty"` } func (x *IstioIngressListener) Reset() { *x = IstioIngressListener{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IstioIngressListener) String() string { @@ -772,7 +677,7 @@ func (*IstioIngressListener) ProtoMessage() {} func (x *IstioIngressListener) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -787,7 +692,7 @@ func (*IstioIngressListener) Descriptor() ([]byte, []int) { return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{1} } -func (x *IstioIngressListener) GetPort() *Port { +func (x *IstioIngressListener) GetPort() *SidecarPort { if x != nil { return x.Port } @@ -822,6 +727,13 @@ func (x *IstioIngressListener) GetTls() *ServerTLSSettings { return nil } +func (x *IstioIngressListener) GetConnectionPool() *ConnectionPoolSettings { + if x != nil { + return x.ConnectionPool + } + return nil +} + // `IstioEgressListener` specifies the properties of an outbound traffic // listener on the sidecar proxy attached to a workload instance. type IstioEgressListener struct { @@ -838,7 +750,7 @@ type IstioEgressListener struct { // specific ports while others have no port, the hosts exposed on a // listener port will be based on the listener with the most specific // port. - Port *Port `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` + Port *SidecarPort `protobuf:"bytes,1,opt,name=port,proto3" json:"port,omitempty"` // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or // `unix:///path/to/uds` or `unix://@foobar` (Linux abstract namespace). If @@ -883,11 +795,9 @@ type IstioEgressListener struct { func (x *IstioEgressListener) Reset() { *x = IstioEgressListener{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *IstioEgressListener) String() string { @@ -898,7 +808,7 @@ func (*IstioEgressListener) ProtoMessage() {} func (x *IstioEgressListener) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -913,7 +823,7 @@ func (*IstioEgressListener) Descriptor() ([]byte, []int) { return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{2} } -func (x *IstioEgressListener) GetPort() *Port { +func (x *IstioEgressListener) GetPort() *SidecarPort { if x != nil { return x.Port } @@ -959,16 +869,17 @@ type WorkloadSelector struct { // on which the configuration should be applied. The scope of // label search is restricted to the configuration namespace in which the // the resource is present. + // +kubebuilder:validation:MaxProperties=256 + // +protoc-gen-crd:map-value-validation:MaxLength=63 + // +protoc-gen-crd:map-value-validation:XValidation:message="wildcard is not supported in selector",rule="!self.contains('*')" Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *WorkloadSelector) Reset() { *x = WorkloadSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *WorkloadSelector) String() string { @@ -979,7 +890,7 @@ func (*WorkloadSelector) ProtoMessage() {} func (x *WorkloadSelector) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1002,14 +913,7 @@ func (x *WorkloadSelector) GetLabels() map[string]string { } // `OutboundTrafficPolicy` sets the default behavior of the sidecar for -// handling outbound traffic from the application. -// If your application uses one or more external -// services that are not known apriori, setting the policy to `ALLOW_ANY` -// will cause the sidecars to route any unknown traffic originating from -// the application to its requested destination. Users are strongly -// encouraged to use `ServiceEntry` configurations to explicitly declare any external -// dependencies, instead of using `ALLOW_ANY`, so that traffic to these -// services can be monitored. +// handling unknown outbound traffic from the application. type OutboundTrafficPolicy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1035,11 +939,9 @@ type OutboundTrafficPolicy struct { func (x *OutboundTrafficPolicy) Reset() { *x = OutboundTrafficPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *OutboundTrafficPolicy) String() string { @@ -1050,7 +952,7 @@ func (*OutboundTrafficPolicy) ProtoMessage() {} func (x *OutboundTrafficPolicy) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1079,6 +981,88 @@ func (x *OutboundTrafficPolicy) GetEgressProxy() *Destination { return nil } +// Port describes the properties of a specific port of a service. +type SidecarPort struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // A valid non-negative integer port number. + Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` + // The protocol exposed on the port. + // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. + Protocol string `protobuf:"bytes,2,opt,name=protocol,proto3" json:"protocol,omitempty"` + // Label assigned to the port. + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // Has no effect, only for backwards compatibility + // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + // + // Deprecated: Marked as deprecated in networking/v1alpha3/sidecar.proto. + TargetPort uint32 `protobuf:"varint,4,opt,name=target_port,json=targetPort,proto3" json:"target_port,omitempty"` +} + +func (x *SidecarPort) Reset() { + *x = SidecarPort{} + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *SidecarPort) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*SidecarPort) ProtoMessage() {} + +func (x *SidecarPort) ProtoReflect() protoreflect.Message { + mi := &file_networking_v1alpha3_sidecar_proto_msgTypes[5] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use SidecarPort.ProtoReflect.Descriptor instead. +func (*SidecarPort) Descriptor() ([]byte, []int) { + return file_networking_v1alpha3_sidecar_proto_rawDescGZIP(), []int{5} +} + +func (x *SidecarPort) GetNumber() uint32 { + if x != nil { + return x.Number + } + return 0 +} + +func (x *SidecarPort) GetProtocol() string { + if x != nil { + return x.Protocol + } + return "" +} + +func (x *SidecarPort) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +// Deprecated: Marked as deprecated in networking/v1alpha3/sidecar.proto. +func (x *SidecarPort) GetTargetPort() uint32 { + if x != nil { + return x.TargetPort + } + return 0 +} + var File_networking_v1alpha3_sidecar_proto protoreflect.FileDescriptor var file_networking_v1alpha3_sidecar_proto_rawDesc = []byte{ @@ -1088,100 +1072,123 @@ var file_networking_v1alpha3_sidecar_proto_rawDesc = []byte{ 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, - 0x21, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x33, 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x1a, 0x29, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, - 0x73, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xf7, 0x02, - 0x0a, 0x07, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x12, 0x58, 0x0a, 0x11, 0x77, 0x6f, 0x72, - 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, - 0x72, 0x52, 0x10, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, - 0x74, 0x6f, 0x72, 0x12, 0x49, 0x0a, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12, 0x46, - 0x0a, 0x06, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, + 0x2a, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2f, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x21, 0x6e, 0x65, 0x74, + 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, + 0x2f, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x29, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2f, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x73, 0x65, 0x72, 0x76, + 0x69, 0x63, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x22, 0xe2, 0x03, 0x0a, 0x07, 0x53, 0x69, + 0x64, 0x65, 0x63, 0x61, 0x72, 0x12, 0x58, 0x0a, 0x11, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, + 0x64, 0x5f, 0x73, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, + 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x10, 0x77, + 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, + 0x49, 0x0a, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x49, 0x73, 0x74, + 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x52, 0x07, 0x69, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12, 0x46, 0x0a, 0x06, 0x65, 0x67, + 0x72, 0x65, 0x73, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2e, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x06, 0x65, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x12, 0x69, 0x0a, 0x17, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x63, 0x6f, + 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x07, 0x20, + 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, + 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x15, 0x69, 0x6e, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x43, + 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x12, 0x68, 0x0a, + 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, + 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x49, 0x73, 0x74, 0x69, 0x6f, - 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x06, - 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x12, 0x68, 0x0a, 0x17, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, - 0x6e, 0x64, 0x5f, 0x74, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x5f, 0x70, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, - 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, - 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x09, 0x6c, 0x6f, - 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x22, 0xc1, 0x02, 0x0a, 0x14, 0x49, 0x73, 0x74, 0x69, - 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x12, 0x38, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x6f, 0x72, 0x74, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, - 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x49, - 0x0a, 0x0c, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, - 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x2e, 0x0a, 0x10, 0x64, 0x65, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, - 0x01, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, - 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, 0x73, - 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, - 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, 0x74, 0x6c, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, - 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, - 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xe6, 0x01, 0x0a, 0x13, - 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, - 0x6e, 0x65, 0x72, 0x12, 0x33, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x6f, - 0x72, 0x74, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x49, 0x0a, 0x0c, - 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, - 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, - 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x19, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, - 0x18, 0x04, 0x20, 0x03, 0x28, 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, - 0x74, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, - 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, - 0x5f, 0x74, 0x6c, 0x73, 0x22, 0xa3, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x54, 0x0a, 0x06, 0x6c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, - 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xd7, 0x01, 0x0a, 0x15, 0x4f, - 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x12, 0x49, 0x0a, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4f, - 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, - 0x49, 0x0a, 0x0c, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x52, 0x15, 0x6f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, + 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, + 0x06, 0x10, 0x07, 0x52, 0x09, 0x6c, 0x6f, 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x22, 0xa0, + 0x03, 0x0a, 0x14, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x49, 0x6e, 0x67, 0x72, 0x65, 0x73, 0x73, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x40, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x65, - 0x67, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x78, 0x79, 0x22, 0x28, 0x0a, 0x04, 0x4d, 0x6f, - 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x52, 0x45, 0x47, 0x49, 0x53, 0x54, 0x52, 0x59, 0x5f, 0x4f, - 0x4e, 0x4c, 0x59, 0x10, 0x00, 0x12, 0x0d, 0x0a, 0x09, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x5f, 0x41, - 0x4e, 0x59, 0x10, 0x01, 0x2a, 0x32, 0x0a, 0x0b, 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, - 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, - 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, 0x53, 0x10, 0x01, 0x12, 0x08, - 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x33, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x42, 0x04, 0xe2, + 0x41, 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, + 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x49, 0x0a, + 0x0c, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, + 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x43, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, + 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x29, 0x0a, 0x10, 0x64, 0x65, 0x66, 0x61, + 0x75, 0x6c, 0x74, 0x5f, 0x65, 0x6e, 0x64, 0x70, 0x6f, 0x69, 0x6e, 0x74, 0x18, 0x04, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x0f, 0x64, 0x65, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x45, 0x6e, 0x64, 0x70, 0x6f, + 0x69, 0x6e, 0x74, 0x12, 0x3e, 0x0a, 0x03, 0x74, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x65, 0x72, + 0x76, 0x65, 0x72, 0x54, 0x4c, 0x53, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, 0x03, + 0x74, 0x6c, 0x73, 0x12, 0x5a, 0x0a, 0x0f, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, + 0x6e, 0x5f, 0x70, 0x6f, 0x6f, 0x6c, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x31, 0x2e, 0x69, + 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, + 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x53, 0x65, 0x74, 0x74, 0x69, 0x6e, 0x67, 0x73, 0x52, + 0x0e, 0x63, 0x6f, 0x6e, 0x6e, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x50, 0x6f, 0x6f, 0x6c, 0x4a, + 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, 0x63, + 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x63, 0x6c, 0x69, 0x65, 0x6e, 0x74, 0x5f, 0x74, 0x6c, + 0x73, 0x22, 0xee, 0x01, 0x0a, 0x13, 0x49, 0x73, 0x74, 0x69, 0x6f, 0x45, 0x67, 0x72, 0x65, 0x73, + 0x73, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x12, 0x3a, 0x0a, 0x04, 0x70, 0x6f, 0x72, + 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x52, + 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x04, 0x62, 0x69, 0x6e, 0x64, 0x12, 0x49, 0x0a, 0x0c, 0x63, 0x61, 0x70, + 0x74, 0x75, 0x72, 0x65, 0x5f, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0e, 0x32, + 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x61, 0x70, 0x74, + 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x52, 0x0b, 0x63, 0x61, 0x70, 0x74, 0x75, 0x72, 0x65, + 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x1a, 0x0a, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x04, 0x20, + 0x03, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x68, 0x6f, 0x73, 0x74, 0x73, + 0x4a, 0x04, 0x08, 0x05, 0x10, 0x06, 0x4a, 0x04, 0x08, 0x06, 0x10, 0x07, 0x52, 0x14, 0x6c, 0x6f, + 0x63, 0x61, 0x6c, 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x74, + 0x6c, 0x73, 0x22, 0x9e, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x4f, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, + 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x37, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, + 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, + 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, + 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, + 0x02, 0x38, 0x01, 0x22, 0xd7, 0x01, 0x0a, 0x15, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, + 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x49, 0x0a, + 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x35, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4f, 0x75, 0x74, 0x62, 0x6f, 0x75, 0x6e, 0x64, + 0x54, 0x72, 0x61, 0x66, 0x66, 0x69, 0x63, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x4d, 0x6f, + 0x64, 0x65, 0x52, 0x04, 0x6d, 0x6f, 0x64, 0x65, 0x12, 0x49, 0x0a, 0x0c, 0x65, 0x67, 0x72, 0x65, + 0x73, 0x73, 0x5f, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x0b, 0x65, 0x67, 0x72, 0x65, 0x73, 0x73, 0x50, 0x72, + 0x6f, 0x78, 0x79, 0x22, 0x28, 0x0a, 0x04, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x11, 0x0a, 0x0d, 0x52, + 0x45, 0x47, 0x49, 0x53, 0x54, 0x52, 0x59, 0x5f, 0x4f, 0x4e, 0x4c, 0x59, 0x10, 0x00, 0x12, 0x0d, + 0x0a, 0x09, 0x41, 0x4c, 0x4c, 0x4f, 0x57, 0x5f, 0x41, 0x4e, 0x59, 0x10, 0x01, 0x22, 0x7a, 0x0a, + 0x0b, 0x53, 0x69, 0x64, 0x65, 0x63, 0x61, 0x72, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, + 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, + 0x6d, 0x62, 0x65, 0x72, 0x12, 0x1a, 0x0a, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x08, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x63, 0x6f, 0x6c, + 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0b, 0x74, 0x61, 0x72, 0x67, 0x65, 0x74, 0x5f, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0a, 0x74, + 0x61, 0x72, 0x67, 0x65, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x2a, 0x32, 0x0a, 0x0b, 0x43, 0x61, 0x70, + 0x74, 0x75, 0x72, 0x65, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0b, 0x0a, 0x07, 0x44, 0x45, 0x46, 0x41, + 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x0c, 0x0a, 0x08, 0x49, 0x50, 0x54, 0x41, 0x42, 0x4c, 0x45, + 0x53, 0x10, 0x01, 0x12, 0x08, 0x0a, 0x04, 0x4e, 0x4f, 0x4e, 0x45, 0x10, 0x02, 0x42, 0x22, 0x5a, + 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -1197,8 +1204,8 @@ func file_networking_v1alpha3_sidecar_proto_rawDescGZIP() []byte { } var file_networking_v1alpha3_sidecar_proto_enumTypes = make([]protoimpl.EnumInfo, 2) -var file_networking_v1alpha3_sidecar_proto_msgTypes = make([]protoimpl.MessageInfo, 6) -var file_networking_v1alpha3_sidecar_proto_goTypes = []interface{}{ +var file_networking_v1alpha3_sidecar_proto_msgTypes = make([]protoimpl.MessageInfo, 7) +var file_networking_v1alpha3_sidecar_proto_goTypes = []any{ (CaptureMode)(0), // 0: istio.networking.v1alpha3.CaptureMode (OutboundTrafficPolicy_Mode)(0), // 1: istio.networking.v1alpha3.OutboundTrafficPolicy.Mode (*Sidecar)(nil), // 2: istio.networking.v1alpha3.Sidecar @@ -1206,29 +1213,32 @@ var file_networking_v1alpha3_sidecar_proto_goTypes = []interface{}{ (*IstioEgressListener)(nil), // 4: istio.networking.v1alpha3.IstioEgressListener (*WorkloadSelector)(nil), // 5: istio.networking.v1alpha3.WorkloadSelector (*OutboundTrafficPolicy)(nil), // 6: istio.networking.v1alpha3.OutboundTrafficPolicy - nil, // 7: istio.networking.v1alpha3.WorkloadSelector.LabelsEntry - (*Port)(nil), // 8: istio.networking.v1alpha3.Port - (*ServerTLSSettings)(nil), // 9: istio.networking.v1alpha3.ServerTLSSettings - (*Destination)(nil), // 10: istio.networking.v1alpha3.Destination + (*SidecarPort)(nil), // 7: istio.networking.v1alpha3.SidecarPort + nil, // 8: istio.networking.v1alpha3.WorkloadSelector.LabelsEntry + (*ConnectionPoolSettings)(nil), // 9: istio.networking.v1alpha3.ConnectionPoolSettings + (*ServerTLSSettings)(nil), // 10: istio.networking.v1alpha3.ServerTLSSettings + (*Destination)(nil), // 11: istio.networking.v1alpha3.Destination } var file_networking_v1alpha3_sidecar_proto_depIdxs = []int32{ 5, // 0: istio.networking.v1alpha3.Sidecar.workload_selector:type_name -> istio.networking.v1alpha3.WorkloadSelector 3, // 1: istio.networking.v1alpha3.Sidecar.ingress:type_name -> istio.networking.v1alpha3.IstioIngressListener 4, // 2: istio.networking.v1alpha3.Sidecar.egress:type_name -> istio.networking.v1alpha3.IstioEgressListener - 6, // 3: istio.networking.v1alpha3.Sidecar.outbound_traffic_policy:type_name -> istio.networking.v1alpha3.OutboundTrafficPolicy - 8, // 4: istio.networking.v1alpha3.IstioIngressListener.port:type_name -> istio.networking.v1alpha3.Port - 0, // 5: istio.networking.v1alpha3.IstioIngressListener.capture_mode:type_name -> istio.networking.v1alpha3.CaptureMode - 9, // 6: istio.networking.v1alpha3.IstioIngressListener.tls:type_name -> istio.networking.v1alpha3.ServerTLSSettings - 8, // 7: istio.networking.v1alpha3.IstioEgressListener.port:type_name -> istio.networking.v1alpha3.Port - 0, // 8: istio.networking.v1alpha3.IstioEgressListener.capture_mode:type_name -> istio.networking.v1alpha3.CaptureMode - 7, // 9: istio.networking.v1alpha3.WorkloadSelector.labels:type_name -> istio.networking.v1alpha3.WorkloadSelector.LabelsEntry - 1, // 10: istio.networking.v1alpha3.OutboundTrafficPolicy.mode:type_name -> istio.networking.v1alpha3.OutboundTrafficPolicy.Mode - 10, // 11: istio.networking.v1alpha3.OutboundTrafficPolicy.egress_proxy:type_name -> istio.networking.v1alpha3.Destination - 12, // [12:12] is the sub-list for method output_type - 12, // [12:12] is the sub-list for method input_type - 12, // [12:12] is the sub-list for extension type_name - 12, // [12:12] is the sub-list for extension extendee - 0, // [0:12] is the sub-list for field type_name + 9, // 3: istio.networking.v1alpha3.Sidecar.inbound_connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings + 6, // 4: istio.networking.v1alpha3.Sidecar.outbound_traffic_policy:type_name -> istio.networking.v1alpha3.OutboundTrafficPolicy + 7, // 5: istio.networking.v1alpha3.IstioIngressListener.port:type_name -> istio.networking.v1alpha3.SidecarPort + 0, // 6: istio.networking.v1alpha3.IstioIngressListener.capture_mode:type_name -> istio.networking.v1alpha3.CaptureMode + 10, // 7: istio.networking.v1alpha3.IstioIngressListener.tls:type_name -> istio.networking.v1alpha3.ServerTLSSettings + 9, // 8: istio.networking.v1alpha3.IstioIngressListener.connection_pool:type_name -> istio.networking.v1alpha3.ConnectionPoolSettings + 7, // 9: istio.networking.v1alpha3.IstioEgressListener.port:type_name -> istio.networking.v1alpha3.SidecarPort + 0, // 10: istio.networking.v1alpha3.IstioEgressListener.capture_mode:type_name -> istio.networking.v1alpha3.CaptureMode + 8, // 11: istio.networking.v1alpha3.WorkloadSelector.labels:type_name -> istio.networking.v1alpha3.WorkloadSelector.LabelsEntry + 1, // 12: istio.networking.v1alpha3.OutboundTrafficPolicy.mode:type_name -> istio.networking.v1alpha3.OutboundTrafficPolicy.Mode + 11, // 13: istio.networking.v1alpha3.OutboundTrafficPolicy.egress_proxy:type_name -> istio.networking.v1alpha3.Destination + 14, // [14:14] is the sub-list for method output_type + 14, // [14:14] is the sub-list for method input_type + 14, // [14:14] is the sub-list for extension type_name + 14, // [14:14] is the sub-list for extension extendee + 0, // [0:14] is the sub-list for field type_name } func init() { file_networking_v1alpha3_sidecar_proto_init() } @@ -1236,77 +1246,16 @@ func file_networking_v1alpha3_sidecar_proto_init() { if File_networking_v1alpha3_sidecar_proto != nil { return } + file_networking_v1alpha3_destination_rule_proto_init() file_networking_v1alpha3_gateway_proto_init() file_networking_v1alpha3_virtual_service_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1alpha3_sidecar_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Sidecar); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_sidecar_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioIngressListener); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_sidecar_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*IstioEgressListener); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_sidecar_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_sidecar_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*OutboundTrafficPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_networking_v1alpha3_sidecar_proto_rawDesc, NumEnums: 2, - NumMessages: 6, + NumMessages: 7, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.html b/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.html index c9a71b07f..c6b0a48a8 100644 --- a/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar.pb.html @@ -6,7 +6,7 @@ generator: protoc-gen-docs schema: istio.networking.v1alpha3.Sidecar aliases: [/docs/reference/config/networking/v1alpha3/sidecar] -number_of_entries: 7 +number_of_entries: 8 ---

    Sidecar describes the configuration of the sidecar proxy that mediates inbound and outbound communication to the workload instance it is attached to. By @@ -15,9 +15,14 @@ well as accept traffic on all the ports associated with the workload. The Sidecar configuration provides a way to fine tune the set of ports, protocols that the proxy will accept when forwarding traffic to -and from the workload. In addition, it is possible to restrict the set -of services that the proxy can reach when forwarding outbound traffic -from workload instances.

    +and from the workload.

    +

    One the common usages of Sidecar is to limit the set of configuration for outbound traffic. +This configuration scoping, among other options, is useful to prune +out unneeded configuration, to improve scalability of the mesh. +A common misunderstanding is that restricting the configuration amounts to blocking the traffic. +If requests are sent to destinations not included in the scoping, the traffic will be treated as +unmatched traffic, which is often still allowed. +The sidecar is not able to enforce an outbound traffic restriction (see Egress Gateways for how to achieve this).

    Services and configuration in a mesh are organized into one or more namespaces (e.g., a Kubernetes namespace or a CF org/space). A Sidecar configuration in a namespace will apply to one or more workload instances in the same @@ -43,12 +48,10 @@

    NOTE 3: A Sidecar is not applicable to gateways, even though gateways are istio-proxies.

    The example below declares a global default Sidecar configuration in the root namespace called istio-config, that configures -sidecars in all namespaces to allow egress traffic only to other +sidecars in all namespaces to configure egress traffic only to other workloads in the same namespace as well as to services in the istio-system namespace.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: Sidecar
     metadata:
       name: default
    @@ -59,29 +62,12 @@
         - "./*"
         - "istio-system/*"
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: Sidecar
    -metadata:
    -  name: default
    -  namespace: istio-config
    -spec:
    -  egress:
    -  - hosts:
    -    - "./*"
    -    - "istio-system/*"
    -
    -

    {{}} -{{}}

    The example below declares a Sidecar configuration in the prod-us1 namespace that overrides the global default defined -above, and configures the sidecars in the namespace to allow egress +above, and configures the sidecars in the namespace to configure egress traffic to public services in the prod-us1, prod-apis, and the istio-system namespaces.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: Sidecar
     metadata:
       name: default
    @@ -93,22 +79,6 @@
         - "prod-apis/*"
         - "istio-system/*"
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: Sidecar
    -metadata:
    -  name: default
    -  namespace: prod-us1
    -spec:
    -  egress:
    -  - hosts:
    -    - "prod-us1/*"
    -    - "prod-apis/*"
    -    - "istio-system/*"
    -
    -

    {{}} -{{}}

    The following example declares a Sidecar configuration in the prod-us1 namespace for all pods with labels app: ratings belonging to the ratings.prod-us1 service. The workload accepts @@ -117,36 +87,7 @@ socket. In the egress direction, in addition to the istio-system namespace, the sidecar proxies only HTTP traffic bound for port 9080 for services in the prod-us1 namespace.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: Sidecar
    -metadata:
    -  name: ratings
    -  namespace: prod-us1
    -spec:
    -  workloadSelector:
    -    labels:
    -      app: ratings
    -  ingress:
    -  - port:
    -      number: 9080
    -      protocol: HTTP
    -      name: somename
    -    defaultEndpoint: unix:///var/run/someuds.sock
    -  egress:
    -  - port:
    -      number: 9080
    -      protocol: HTTP
    -      name: egresshttp
    -    hosts:
    -    - "prod-us1/*"
    -  - hosts:
    -    - "istio-system/*"
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: Sidecar
     metadata:
       name: ratings
    @@ -171,8 +112,6 @@
       - hosts:
         - "istio-system/*"
     
    -

    {{}} -{{}}

    If the workload is deployed without IPTables-based traffic capture, the Sidecar configuration is the only way to configure the ports on the proxy attached to the workload instance. The following @@ -187,9 +126,7 @@ the application to communicate with a backing MySQL database on 127.0.0.1:3306, that then gets proxied to the externally hosted MySQL service at mysql.foo.com:3306.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: Sidecar
     metadata:
       name: no-ip-tables
    @@ -215,57 +152,8 @@
         hosts:
         - "*/mysql.foo.com"
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: Sidecar
    -metadata:
    -  name: no-ip-tables
    -  namespace: prod-us1
    -spec:
    -  workloadSelector:
    -    labels:
    -      app: productpage
    -  ingress:
    -  - port:
    -      number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance)
    -      protocol: HTTP
    -      name: somename
    -    defaultEndpoint: 127.0.0.1:8080
    -    captureMode: NONE # not needed if metadata is set for entire proxy
    -  egress:
    -  - port:
    -      number: 3306
    -      protocol: MYSQL
    -      name: egressmysql
    -    captureMode: NONE # not needed if metadata is set for entire proxy
    -    bind: 127.0.0.1
    -    hosts:
    -    - "*/mysql.foo.com"
    -
    -

    {{}} -{{}}

    And the associated service entry for routing to mysql.foo.com:3306

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: external-svc-mysql
    -  namespace: ns1
    -spec:
    -  hosts:
    -  - mysql.foo.com
    -  ports:
    -  - number: 3306
    -    name: mysql
    -    protocol: MYSQL
    -  location: MESH_EXTERNAL
    -  resolution: DNS
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: external-svc-mysql
    @@ -280,8 +168,6 @@
       location: MESH_EXTERNAL
       resolution: DNS
     
    -

    {{}} -{{}}

    It is also possible to mix and match traffic capture modes in a single proxy. For example, consider a setup where internal services are on the 192.168.0.0/16 subnet. So, IP tables are setup on the VM to capture all @@ -293,37 +179,7 @@

    NOTE: The ISTIO_META_INTERCEPTION_MODE metadata on the proxy in the VM should contain REDIRECT or TPROXY as its value, implying that IP tables based traffic capture is active.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: Sidecar
    -metadata:
    -  name: partial-ip-tables
    -  namespace: prod-us1
    -spec:
    -  workloadSelector:
    -    labels:
    -      app: productpage
    -  ingress:
    -  - bind: 172.16.1.32
    -    port:
    -      number: 80 # binds to 172.16.1.32:80
    -      protocol: HTTP
    -      name: somename
    -    defaultEndpoint: 127.0.0.1:8080
    -    captureMode: NONE
    -  egress:
    -    # use the system detected defaults
    -    # sets up configuration to handle outbound traffic to services
    -    # in 192.168.0.0/16 subnet, based on information provided by the
    -    # service registry
    -  - captureMode: IPTABLES
    -    hosts:
    -    - "*/*"
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: Sidecar
     metadata:
       name: partial-ip-tables
    @@ -349,8 +205,6 @@
         hosts:
         - "*/*"
     
    -

    {{}} -{{}}

    The following example declares a Sidecar configuration in the prod-us1 namespace for all pods with labels app: ratings belonging to the ratings.prod-us1 service. The service accepts @@ -363,9 +217,7 @@ ports. In this example, the mTLS mode is disabled on PORT 80. This feature is currently experimental.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: Sidecar
     metadata:
       name: ratings
    @@ -384,10 +236,8 @@
           mode: SIMPLE
           privateKey: "/etc/certs/privatekey.pem"
           serverCertificate: "/etc/certs/servercert.pem"
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: v1
    +---
    +apiVersion: v1
     kind: Service
     metadata:
       name: ratings
    @@ -401,10 +251,8 @@
         targetPort: 80
       selector:
         app: ratings
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: security.istio.io/v1beta1
    +---
    +apiVersion: security.istio.io/v1
     kind: PeerAuthentication
     metadata:
       name: ratings-peer-auth
    @@ -419,8 +267,42 @@
         80:
           mode: DISABLE
     
    -

    {{}} -{{}}

    +

    In addition to configuring traffic capture and how traffic is forwarded to the app, +it’s possible to control inbound connection pool settings. By default, Istio pushes +connection pool settings from DestinationRules to both clients (for outbound +connections to the service) as well as servers (for inbound connections to a service +instance). Using the InboundConnectionPool and per-port ConnectionPool settings +in a Sidecar allow you to control those connection pools for the server separately +from the settings pushed to all clients.

    +
    apiVersion: networking.istio.io/v1
    +kind: Sidecar
    +metadata:
    +  name: connection-pool-settings
    +  namespace: prod-us1
    +spec:
    +  workloadSelector:
    +    labels:
    +      app: productpage
    +  inboundConnectionPool:
    +      http:
    +        http1MaxPendingRequests: 1024
    +        http2MaxRequests: 1024
    +        maxRequestsPerConnection: 1024
    +        maxRetries: 100
    +  ingress:
    +  - port:
    +      number: 80
    +      protocol: HTTP
    +      name: somename
    +    connectionPool:
    +      http:
    +        http1MaxPendingRequests: 1024
    +        http2MaxRequests: 1024
    +        maxRequestsPerConnection: 1024
    +        maxRetries: 100
    +      tcp:
    +        maxConnections: 100
    +

    Sidecar

    @@ -439,7 +321,7 @@

    Sidecar

    workloadSelectorworkloadSelector WorkloadSelector

    Criteria used to select the specific set of pods/VMs on which this @@ -452,7 +334,7 @@

    Sidecar

    ingressingress IstioIngressListener[]

    Ingress specifies the configuration of the sidecar for processing @@ -468,7 +350,7 @@

    Sidecar

    egressegress IstioEgressListener[]

    Egress specifies the configuration of the sidecar for processing @@ -476,22 +358,51 @@

    Sidecar

    services in the mesh. If not specified, inherits the system detected defaults from the namespace-wide or the global default Sidecar.

    +
    +No +
    inboundConnectionPoolConnectionPoolSettings +

    Settings controlling the volume of connections Envoy will accept from the network. +This default will apply for all inbound listeners and can be overridden per-port +in the Ingress field. This configuration mirrors the DestinationRule’s +connectionPool field.

    +

    By default, Istio applies a service’s DestinationRule to client sidecars +for outbound traffic directed at the service – the usual case folks think +of when configuring a DestinationRule – but also to the server’s inbound +sidecar. The Sidecar’s connection pool configures the server’s inbound +sidecar directly, so its settings can be different than clients’. This is +valuable, for example, when you have many clients calling few servers: a +DestinationRule can limit the concurrency of any single client, while +the Sidecar allows you to configure much higher concurrency on the server +side.

    +

    Connection pool settings for a server’s inbound sidecar are configured in the +following precedence, highest to lowest:

    +
      +
    • per-port ConnectionPool from the Sidecar
    • +
    • top level InboundConnectionPool from the Sidecar
    • +
    • per-port TrafficPolicy.ConnectionPool from the DestinationRule
    • +
    • top level TrafficPolicy.ConnectionPool from the DestinationRule
    • +
    • default connection pool settings (essentially unlimited)
    • +
    +

    In every case, the connection pool settings are overridden, not merged.

    +
    No
    outboundTrafficPolicyoutboundTrafficPolicy OutboundTrafficPolicy -

    Configuration for the outbound traffic policy. If your -application uses one or more external services that are not known -apriori, setting the policy to ALLOW_ANY will cause the -sidecars to route any unknown traffic originating from the -application to its requested destination. If not specified, -inherits the system detected defaults from the namespace-wide or -the global default Sidecar.

    +

    Set the default behavior of the sidecar for handling outbound +traffic from the application.

    +

    Default mode is ALLOW_ANY, which means outbound traffic to unknown destinations will be allowed.

    @@ -517,8 +428,8 @@

    IstioIngressListener

    portPortportSidecarPort

    The port associated with the listener.

    @@ -528,7 +439,7 @@

    IstioIngressListener

    bindbind string

    The IP(IPv4 or IPv6) to which the listener should be bound. @@ -544,7 +455,7 @@

    IstioIngressListener

    captureModecaptureMode CaptureMode

    The captureMode option dictates how traffic to the listener is @@ -556,7 +467,7 @@

    IstioIngressListener

    defaultEndpointdefaultEndpoint string

    The IP endpoint or Unix domain socket to which @@ -570,17 +481,34 @@

    IstioIngressListener

    -Yes +No
    tlstls ServerTLSSettings

    Set of TLS related options that will enable TLS termination on the sidecar for requests originating from outside the mesh. Currently supports only SIMPLE and MUTUAL TLS modes.

    +
    +No +
    connectionPoolConnectionPoolSettings +

    Settings controlling the volume of connections Envoy will accept from the network. +This setting overrides the top-level default inboundConnectionPool to configure +specific settings for this port. This configuration mirrors the DestinationRule’s +PortTrafficPolicy.connectionPool field. +This port level connection pool has the highest precedence in configuration, +overriding both the Sidecar’s top level InboundConnectionPool as well as any +connection pooling settings from the DestinationRule.

    +
    No @@ -605,8 +533,8 @@

    IstioEgressListener

    portPortportSidecarPort

    The port associated with the listener. If using Unix domain socket, use 0 as the port number, with a valid protocol. The port if @@ -624,7 +552,7 @@

    IstioEgressListener

    bindbind string

    The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound @@ -641,7 +569,7 @@

    IstioEgressListener

    captureModecaptureMode CaptureMode

    When the bind address is an IP, the captureMode option dictates @@ -654,7 +582,7 @@

    IstioEgressListener

    hostshosts string[]

    One or more service hosts exposed by the listener @@ -713,7 +641,7 @@

    WorkloadSelector

    labelslabels map<string, string>

    One or more labels that indicate a specific set of pods/VMs @@ -723,7 +651,7 @@

    WorkloadSelector

    -Yes +No
    @@ -752,9 +673,62 @@

    OutboundTrafficPolicy

    - + + + + +
    modemode Mode + +No +
    +
    +

    SidecarPort

    +
    +

    Port describes the properties of a specific port of a service.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + @@ -806,21 +785,21 @@

    CaptureMode

    - + - + - + - + - + - + - + - + - +
    FieldTypeDescriptionRequired
    numberuint32 +

    A valid non-negative integer port number.

    + +
    +No +
    protocolstring +

    The protocol exposed on the port. +MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. +TLS can be either used to terminate non-HTTP based connections on a specific port +or to route traffic based on SNI header to the destination without terminating the TLS connection.

    + +
    +No +
    namestring +

    Label assigned to the port.

    +
    No @@ -774,18 +748,23 @@

    OutboundTrafficPolicy.Mode

    REGISTRY_ONLYREGISTRY_ONLY -

    Outbound traffic will be restricted to services defined in the -service registry as well as those defined through ServiceEntry configurations.

    +

    In REGISTRY_ONLY mode, unknown outbound traffic will be dropped. +Traffic destinations must be explicitly declared into the service registry through ServiceEntry configurations.

    +

    Note: Istio does not offer an outbound traffic security policy. +This option does not act as one, or as any form of an outbound firewall. +Instead, this option exists primarily to offer users a way to detect missing ServiceEntry configurations by explicitly failing.

    ALLOW_ANYALLOW_ANY -

    Outbound traffic to unknown destinations will be allowed, in case -there are no services or ServiceEntry configurations for the destination port.

    +

    In ALLOW_ANY mode, any traffic to unknown destinations will be allowed. +Unknown destination traffic will have limited functionality, however, such as reduced observability. +This mode allows users that do not have all possible egress destinations registered through ServiceEntry configurations to still connect +to arbitrary destinations.

    DEFAULTDEFAULT

    The default capture mode defined by the environment.

    IPTABLESIPTABLES

    Capture traffic using IPtables redirection.

    NONENONE

    No traffic capture. When used in an egress listener, the application is expected to explicitly communicate with the listener port or Unix diff --git a/vendor/istio.io/api/networking/v1alpha3/sidecar.proto b/vendor/istio.io/api/networking/v1alpha3/sidecar.proto index 229b6285f..051cd27cf 100644 --- a/vendor/istio.io/api/networking/v1alpha3/sidecar.proto +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar.proto @@ -15,6 +15,7 @@ syntax = "proto3"; import "google/api/field_behavior.proto"; +import "networking/v1alpha3/destination_rule.proto"; import "networking/v1alpha3/gateway.proto"; import "networking/v1alpha3/virtual_service.proto"; @@ -31,9 +32,15 @@ import "networking/v1alpha3/virtual_service.proto"; // well as accept traffic on all the ports associated with the // workload. The `Sidecar` configuration provides a way to fine tune the set of // ports, protocols that the proxy will accept when forwarding traffic to -// and from the workload. In addition, it is possible to restrict the set -// of services that the proxy can reach when forwarding outbound traffic -// from workload instances. +// and from the workload. +// +// One the common usages of `Sidecar` is to limit the set of configuration for outbound traffic. +// This configuration scoping, among [other options](/docs/ops/configuration/mesh/configuration-scoping/), is useful to prune +// out unneeded configuration, to improve scalability of the mesh. +// A common misunderstanding is that restricting the configuration amounts to *blocking* the traffic. +// If requests are sent to destinations not included in the scoping, the traffic will be treated as +// [unmatched traffic](/docs/ops/configuration/traffic-management/traffic-routing/#unmatched-traffic), which is often still allowed. +// The sidecar is not able to enforce an outbound traffic restriction (see [Egress Gateways](/docs/tasks/traffic-management/egress/egress-gateway/) for how to achieve this). // // Services and configuration in a mesh are organized into one or more // namespaces (e.g., a Kubernetes namespace or a CF org/space). A `Sidecar` @@ -64,29 +71,12 @@ import "networking/v1alpha3/virtual_service.proto"; // // The example below declares a global default `Sidecar` configuration // in the root namespace called `istio-config`, that configures -// sidecars in all namespaces to allow egress traffic only to other +// sidecars in all namespaces to configure egress traffic only to other // workloads in the same namespace as well as to services in the // `istio-system` namespace. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: default -// namespace: istio-config -// spec: -// egress: -// - hosts: -// - "./*" -// - "istio-system/*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: default @@ -97,35 +87,15 @@ import "networking/v1alpha3/virtual_service.proto"; // - "./*" // - "istio-system/*" // ``` -// {{}} -// {{}} // // The example below declares a `Sidecar` configuration in the // `prod-us1` namespace that overrides the global default defined -// above, and configures the sidecars in the namespace to allow egress +// above, and configures the sidecars in the namespace to configure egress // traffic to public services in the `prod-us1`, `prod-apis`, and the // `istio-system` namespaces. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: default -// namespace: prod-us1 -// spec: -// egress: -// - hosts: -// - "prod-us1/*" -// - "prod-apis/*" -// - "istio-system/*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: default @@ -137,8 +107,6 @@ import "networking/v1alpha3/virtual_service.proto"; // - "prod-apis/*" // - "istio-system/*" // ``` -// {{}} -// {{}} // // The following example declares a `Sidecar` configuration in the // `prod-us1` namespace for all pods with labels `app: ratings` @@ -149,10 +117,8 @@ import "networking/v1alpha3/virtual_service.proto"; // namespace, the sidecar proxies only HTTP traffic bound for port // 9080 for services in the `prod-us1` namespace. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: ratings @@ -177,37 +143,6 @@ import "networking/v1alpha3/virtual_service.proto"; // - hosts: // - "istio-system/*" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: Sidecar -// metadata: -// name: ratings -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: ratings -// ingress: -// - port: -// number: 9080 -// protocol: HTTP -// name: somename -// defaultEndpoint: unix:///var/run/someuds.sock -// egress: -// - port: -// number: 9080 -// protocol: HTTP -// name: egresshttp -// hosts: -// - "prod-us1/*" -// - hosts: -// - "istio-system/*" -// ``` -// {{}} -// {{}} // // If the workload is deployed without IPTables-based traffic capture, // the `Sidecar` configuration is the only way to configure the ports @@ -224,40 +159,8 @@ import "networking/v1alpha3/virtual_service.proto"; // `127.0.0.1:3306`, that then gets proxied to the externally hosted // MySQL service at `mysql.foo.com:3306`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: no-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - port: -// number: 9080 # binds to proxy_instance_ip:9080 (0.0.0.0:9080, if no unicast IP is available for the instance) -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE # not needed if metadata is set for entire proxy -// egress: -// - port: -// number: 3306 -// protocol: MYSQL -// name: egressmysql -// captureMode: NONE # not needed if metadata is set for entire proxy -// bind: 127.0.0.1 -// hosts: -// - "*/mysql.foo.com" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: no-ip-tables @@ -283,15 +186,11 @@ import "networking/v1alpha3/virtual_service.proto"; // hosts: // - "*/mysql.foo.com" // ``` -// {{}} -// {{}} // // And the associated service entry for routing to `mysql.foo.com:3306` // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-mysql @@ -306,27 +205,6 @@ import "networking/v1alpha3/virtual_service.proto"; // location: MESH_EXTERNAL // resolution: DNS // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-mysql -// namespace: ns1 -// spec: -// hosts: -// - mysql.foo.com -// ports: -// - number: 3306 -// name: mysql -// protocol: MYSQL -// location: MESH_EXTERNAL -// resolution: DNS -// ``` -// {{}} -// {{}} // // It is also possible to mix and match traffic capture modes in a single // proxy. For example, consider a setup where internal services are on the @@ -341,40 +219,8 @@ import "networking/v1alpha3/virtual_service.proto"; // proxy in the VM should contain `REDIRECT` or `TPROXY` as its value, // implying that IP tables based traffic capture is active. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: Sidecar -// metadata: -// name: partial-ip-tables -// namespace: prod-us1 -// spec: -// workloadSelector: -// labels: -// app: productpage -// ingress: -// - bind: 172.16.1.32 -// port: -// number: 80 # binds to 172.16.1.32:80 -// protocol: HTTP -// name: somename -// defaultEndpoint: 127.0.0.1:8080 -// captureMode: NONE -// egress: -// # use the system detected defaults -// # sets up configuration to handle outbound traffic to services -// # in 192.168.0.0/16 subnet, based on information provided by the -// # service registry -// - captureMode: IPTABLES -// hosts: -// - "*/*" -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: partial-ip-tables @@ -400,8 +246,6 @@ import "networking/v1alpha3/virtual_service.proto"; // hosts: // - "*/*" // ``` -// {{}} -// {{}} // // The following example declares a `Sidecar` configuration in the // `prod-us1` namespace for all pods with labels `app: ratings` @@ -416,10 +260,8 @@ import "networking/v1alpha3/virtual_service.proto"; // In this example, the mTLS mode is disabled on PORT 80. // This feature is currently experimental. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: Sidecar // metadata: // name: ratings @@ -438,11 +280,7 @@ import "networking/v1alpha3/virtual_service.proto"; // mode: SIMPLE // privateKey: "/etc/certs/privatekey.pem" // serverCertificate: "/etc/certs/servercert.pem" -// ``` -// {{}} -// -// {{}} -// ```yaml +// --- // apiVersion: v1 // kind: Service // metadata: @@ -457,12 +295,8 @@ import "networking/v1alpha3/virtual_service.proto"; // targetPort: 80 // selector: // app: ratings -// ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: security.istio.io/v1beta1 +// --- +// apiVersion: security.istio.io/v1 // kind: PeerAuthentication // metadata: // name: ratings-peer-auth @@ -477,8 +311,45 @@ import "networking/v1alpha3/virtual_service.proto"; // 80: // mode: DISABLE // ``` -// {{}} -// {{}} +// +// In addition to configuring traffic capture and how traffic is forwarded to the app, +// it's possible to control inbound connection pool settings. By default, Istio pushes +// connection pool settings from `DestinationRules` to both clients (for outbound +// connections to the service) as well as servers (for inbound connections to a service +// instance). Using the `InboundConnectionPool` and per-port `ConnectionPool` settings +// in a `Sidecar` allow you to control those connection pools for the server separately +// from the settings pushed to all clients. +// +// ```yaml +// apiVersion: networking.istio.io/v1 +// kind: Sidecar +// metadata: +// name: connection-pool-settings +// namespace: prod-us1 +// spec: +// workloadSelector: +// labels: +// app: productpage +// inboundConnectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// ingress: +// - port: +// number: 80 +// protocol: HTTP +// name: somename +// connectionPool: +// http: +// http1MaxPendingRequests: 1024 +// http2MaxRequests: 1024 +// maxRequestsPerConnection: 1024 +// maxRetries: 100 +// tcp: +// maxConnections: 100 +// ``` package istio.networking.v1alpha3; option go_package = "istio.io/api/networking/v1alpha3"; @@ -489,8 +360,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // -// message Sidecar { // Criteria used to select the specific set of pods/VMs on which this // `Sidecar` configuration should be applied. If omitted, the `Sidecar` @@ -528,13 +395,36 @@ message Sidecar { // detected defaults from the namespace-wide or the global default Sidecar. repeated IstioEgressListener egress = 3; - // Configuration for the outbound traffic policy. If your - // application uses one or more external services that are not known - // apriori, setting the policy to `ALLOW_ANY` will cause the - // sidecars to route any unknown traffic originating from the - // application to its requested destination. If not specified, - // inherits the system detected defaults from the namespace-wide or - // the global default Sidecar. + // Settings controlling the volume of connections Envoy will accept from the network. + // This default will apply for all inbound listeners and can be overridden per-port + // in the `Ingress` field. This configuration mirrors the `DestinationRule`'s + // [`connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#ConnectionPoolSettings) field. + // + // By default, Istio applies a service's `DestinationRule` to client sidecars + // for outbound traffic directed at the service -- the usual case folks think + // of when configuring a `DestinationRule` -- but also to the server's inbound + // sidecar. The `Sidecar`'s connection pool configures the server's inbound + // sidecar directly, so its settings can be different than clients'. This is + // valuable, for example, when you have many clients calling few servers: a + // `DestinationRule` can limit the concurrency of any single client, while + // the `Sidecar` allows you to configure much higher concurrency on the server + // side. + // + // Connection pool settings for a server's inbound sidecar are configured in the + // following precedence, highest to lowest: + // - per-port `ConnectionPool` from the `Sidecar` + // - top level `InboundConnectionPool` from the `Sidecar` + // - per-port `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - top level `TrafficPolicy.ConnectionPool` from the `DestinationRule` + // - default connection pool settings (essentially unlimited) + // + // In every case, the connection pool settings are overridden, not merged. + ConnectionPoolSettings inbound_connection_pool = 7; + + // Set the default behavior of the sidecar for handling outbound + // traffic from the application. + // + // Default mode is `ALLOW_ANY`, which means outbound traffic to unknown destinations will be allowed. OutboundTrafficPolicy outbound_traffic_policy = 4; reserved "localhost"; @@ -545,7 +435,7 @@ message Sidecar { // traffic listener on the sidecar proxy attached to a workload instance. message IstioIngressListener { // The port associated with the listener. - Port port = 1 [(google.api.field_behavior) = REQUIRED]; + SidecarPort port = 1 [(google.api.field_behavior) = REQUIRED]; // The IP(IPv4 or IPv6) to which the listener should be bound. // Unix domain socket addresses are not allowed in @@ -567,7 +457,7 @@ message IstioIngressListener { // `127.0.0.1:PORT`, `[::1]:PORT` (forward to localhost), // `0.0.0.0:PORT`, `[::]:PORT` (forward to the instance IP), // or `unix:///path/to/socket` (forward to Unix domain socket). - string default_endpoint = 4 [(google.api.field_behavior) = REQUIRED]; + string default_endpoint = 4; reserved "localhost_client_tls"; reserved 5, 6; @@ -576,6 +466,15 @@ message IstioIngressListener { // sidecar for requests originating from outside the mesh. // Currently supports only SIMPLE and MUTUAL TLS modes. ServerTLSSettings tls = 7; + + // Settings controlling the volume of connections Envoy will accept from the network. + // This setting overrides the top-level default `inboundConnectionPool` to configure + // specific settings for this port. This configuration mirrors the `DestinationRule`'s + // [`PortTrafficPolicy.connectionPool`](https://istio.io/latest/docs/reference/config/networking/destination-rule/#TrafficPolicy-PortTrafficPolicy) field. + // This port level connection pool has the highest precedence in configuration, + // overriding both the `Sidecar`'s top level `InboundConnectionPool` as well as any + // connection pooling settings from the `DestinationRule`. + ConnectionPoolSettings connection_pool = 8; } // `IstioEgressListener` specifies the properties of an outbound traffic @@ -590,7 +489,7 @@ message IstioEgressListener { // specific ports while others have no port, the hosts exposed on a // listener port will be based on the listener with the most specific // port. - Port port = 1; + SidecarPort port = 1; // The IP(IPv4 or IPv6) or the Unix domain socket to which the listener should be bound // to. Port MUST be specified if bind is not empty. Format: IPv4 or IPv6 address formats or @@ -653,7 +552,10 @@ message WorkloadSelector { // on which the configuration should be applied. The scope of // label search is restricted to the configuration namespace in which the // the resource is present. - map labels = 1 [(google.api.field_behavior) = REQUIRED]; + // +kubebuilder:validation:MaxProperties=256 + // +protoc-gen-crd:map-value-validation:MaxLength=63 + // +protoc-gen-crd:map-value-validation:XValidation:message="wildcard is not supported in selector",rule="!self.contains('*')" + map labels = 1; // $hide_from_docs // other forms of identification supplied by the proxy @@ -662,21 +564,20 @@ message WorkloadSelector { } // `OutboundTrafficPolicy` sets the default behavior of the sidecar for -// handling outbound traffic from the application. -// If your application uses one or more external -// services that are not known apriori, setting the policy to `ALLOW_ANY` -// will cause the sidecars to route any unknown traffic originating from -// the application to its requested destination. Users are strongly -// encouraged to use `ServiceEntry` configurations to explicitly declare any external -// dependencies, instead of using `ALLOW_ANY`, so that traffic to these -// services can be monitored. +// handling unknown outbound traffic from the application. message OutboundTrafficPolicy { enum Mode { - // Outbound traffic will be restricted to services defined in the - // service registry as well as those defined through `ServiceEntry` configurations. + // In `REGISTRY_ONLY` mode, unknown outbound traffic will be dropped. + // Traffic destinations must be explicitly declared into the service registry through `ServiceEntry` configurations. + // + // Note: Istio [does not offer an outbound traffic security policy](https://istio.io/latest/docs/ops/best-practices/security/#understand-traffic-capture-limitations). + // This option does not act as one, or as any form of an outbound firewall. + // Instead, this option exists primarily to offer users a way to detect missing `ServiceEntry` configurations by explicitly failing. REGISTRY_ONLY = 0; - // Outbound traffic to unknown destinations will be allowed, in case - // there are no services or `ServiceEntry` configurations for the destination port. + // In `ALLOW_ANY` mode, any traffic to unknown destinations will be allowed. + // Unknown destination traffic will have limited functionality, however, such as reduced observability. + // This mode allows users that do not have all possible egress destinations registered through `ServiceEntry` configurations to still connect + // to arbitrary destinations. ALLOW_ANY = 1; } Mode mode = 1; @@ -715,3 +616,23 @@ enum CaptureMode { // the host. NONE = 2; } + +// Port describes the properties of a specific port of a service. +message SidecarPort { + // A valid non-negative integer port number. + uint32 number = 1; + + // The protocol exposed on the port. + // MUST BE one of HTTP|HTTPS|GRPC|HTTP2|MONGO|TCP|TLS. + // TLS can be either used to terminate non-HTTP based connections on a specific port + // or to route traffic based on SNI header to the destination without terminating the TLS connection. + string protocol = 2; + + // Label assigned to the port. + string name = 3; + + // Has no effect, only for backwards compatibility + // received. Applicable only when used with ServiceEntries. + // $hide_from_docs + uint32 target_port = 4 [deprecated=true]; +} diff --git a/vendor/istio.io/api/networking/v1alpha3/sidecar_deepcopy.gen.go b/vendor/istio.io/api/networking/v1alpha3/sidecar_deepcopy.gen.go index 2257fcbbe..eff0c21d7 100644 --- a/vendor/istio.io/api/networking/v1alpha3/sidecar_deepcopy.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar_deepcopy.gen.go @@ -109,3 +109,24 @@ func (in *OutboundTrafficPolicy) DeepCopy() *OutboundTrafficPolicy { func (in *OutboundTrafficPolicy) DeepCopyInterface() interface{} { return in.DeepCopy() } + +// DeepCopyInto supports using SidecarPort within kubernetes types, where deepcopy-gen is used. +func (in *SidecarPort) DeepCopyInto(out *SidecarPort) { + p := proto.Clone(in).(*SidecarPort) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. +func (in *SidecarPort) DeepCopy() *SidecarPort { + if in == nil { + return nil + } + out := new(SidecarPort) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new SidecarPort. Required by controller-gen. +func (in *SidecarPort) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/vendor/istio.io/api/networking/v1alpha3/sidecar_json.gen.go b/vendor/istio.io/api/networking/v1alpha3/sidecar_json.gen.go index 4bc9e2960..f21b971b8 100644 --- a/vendor/istio.io/api/networking/v1alpha3/sidecar_json.gen.go +++ b/vendor/istio.io/api/networking/v1alpha3/sidecar_json.gen.go @@ -61,6 +61,17 @@ func (this *OutboundTrafficPolicy) UnmarshalJSON(b []byte) error { return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for SidecarPort +func (this *SidecarPort) MarshalJSON() ([]byte, error) { + str, err := SidecarMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for SidecarPort +func (this *SidecarPort) UnmarshalJSON(b []byte) error { + return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + var ( SidecarMarshaler = &jsonpb.Marshaler{} SidecarUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} diff --git a/vendor/istio.io/api/networking/v1alpha3/virtual_service.gen.json b/vendor/istio.io/api/networking/v1alpha3/virtual_service.gen.json deleted file mode 100644 index a3ae5a972..000000000 --- a/vendor/istio.io/api/networking/v1alpha3/virtual_service.gen.json +++ /dev/null @@ -1,949 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Configuration affecting label/content routing, sni routing, etc.", - "version": "v1alpha3" - }, - "components": { - "schemas": { - "istio.networking.v1alpha3.CorsPolicy": { - "description": "Describes the Cross-Origin Resource Sharing (CORS) policy, for a given service. Refer to [CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS) for further details about cross origin resource sharing. For example, the following rule restricts cross origin requests to those originating from example.com domain using HTTP POST/GET, and sets the `Access-Control-Allow-Credentials` header to false. In addition, it only exposes `X-Foo-bar` header and sets an expiry period of 1 day.", - "type": "object", - "properties": { - "allowOrigin": { - "description": "The list of origins that are allowed to perform CORS requests. The content will be serialized into the Access-Control-Allow-Origin header. Wildcard * will allow all origins. $hide_from_docs", - "type": "array", - "items": { - "type": "string" - }, - "deprecated": true - }, - "allowOrigins": { - "description": "String patterns that match allowed origins. An origin is allowed if any of the string matchers match. If a match is found, then the outgoing Access-Control-Allow-Origin would be set to the origin as provided by the client.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.StringMatch" - } - }, - "allowMethods": { - "description": "List of HTTP methods allowed to access the resource. The content will be serialized into the Access-Control-Allow-Methods header.", - "type": "array", - "items": { - "type": "string" - } - }, - "allowHeaders": { - "description": "List of HTTP headers that can be used when requesting the resource. Serialized to Access-Control-Allow-Headers header.", - "type": "array", - "items": { - "type": "string" - } - }, - "exposeHeaders": { - "description": "A list of HTTP headers that the browsers are allowed to access. Serialized into Access-Control-Expose-Headers header.", - "type": "array", - "items": { - "type": "string" - } - }, - "maxAge": { - "description": "Specifies how long the results of a preflight request can be cached. Translates to the `Access-Control-Max-Age` header.", - "type": "string" - }, - "allowCredentials": { - "description": "Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to `Access-Control-Allow-Credentials` header.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.Delegate": { - "description": "Describes the delegate VirtualService. The following routing rules forward the traffic to `/productpage` by a delegate VirtualService named `productpage`, forward the traffic to `/reviews` by a delegate VirtualService named `reviews`.", - "type": "object", - "properties": { - "name": { - "description": "Name specifies the name of the delegate VirtualService.", - "type": "string" - }, - "namespace": { - "description": "Namespace specifies the namespace where the delegate VirtualService resides. By default, it is same to the root's.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.Destination": { - "description": "Destination indicates the network addressable service to which the request/connection will be sent after processing a routing rule. The destination.host should unambiguously refer to a service in the service registry. Istio's service registry is composed of all the services found in the platform's service registry (e.g., Kubernetes services, Consul services), as well as services declared through the [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry) resource.", - "type": "object", - "properties": { - "host": { - "description": "The name of a service from the service registry. Service names are looked up from the platform's service registry (e.g., Kubernetes services, Consul services, etc.) and from the hosts declared by [ServiceEntry](https://istio.io/docs/reference/config/networking/service-entry/#ServiceEntry). Traffic forwarded to destinations that are not found in either of the two, will be dropped.", - "type": "string" - }, - "subset": { - "description": "The name of a subset within the service. Applicable only to services within the mesh. The subset must be defined in a corresponding DestinationRule.", - "type": "string" - }, - "port": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.PortSelector" - } - } - }, - "istio.networking.v1alpha3.HTTPBody": { - "type": "object", - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "string" - ], - "properties": { - "string": { - "description": "response body as a string", - "type": "string" - } - } - }, - { - "required": [ - "bytes" - ], - "properties": { - "bytes": { - "description": "response body as base64 encoded bytes.", - "type": "string", - "format": "binary" - } - } - } - ] - } - }, - { - "required": [ - "string" - ], - "properties": { - "string": { - "description": "response body as a string", - "type": "string" - } - } - }, - { - "required": [ - "bytes" - ], - "properties": { - "bytes": { - "description": "response body as base64 encoded bytes.", - "type": "string", - "format": "binary" - } - } - } - ] - }, - "istio.networking.v1alpha3.HTTPDirectResponse": { - "description": "HTTPDirectResponse can be used to send a fixed response to clients. For example, the following rule returns a fixed 503 status with a body to requests for /v1/getProductRatings API.", - "type": "object", - "properties": { - "status": { - "description": "Specifies the HTTP response status to be returned.", - "type": "integer" - }, - "body": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPBody" - } - } - }, - "istio.networking.v1alpha3.HTTPFaultInjection": { - "description": "HTTPFaultInjection can be used to specify one or more faults to inject while forwarding HTTP requests to the destination specified in a route. Fault specification is part of a VirtualService rule. Faults include aborting the Http request from downstream service, and/or delaying proxying of requests. A fault rule MUST HAVE delay or abort or both.", - "type": "object", - "properties": { - "delay": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPFaultInjection.Delay" - }, - "abort": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPFaultInjection.Abort" - } - } - }, - "istio.networking.v1alpha3.HTTPFaultInjection.Abort": { - "description": "Abort specification is used to prematurely abort a request with a pre-specified error code. The following example will return an HTTP 400 error code for 1 out of every 1000 requests to the \"ratings\" service \"v1\".", - "type": "object", - "properties": { - "percentage": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Percent" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpStatus" - ], - "properties": { - "httpStatus": { - "description": "HTTP status code to use to abort the Http request.", - "type": "integer", - "format": "int32" - } - } - }, - { - "required": [ - "grpcStatus" - ], - "properties": { - "grpcStatus": { - "description": "GRPC status code to use to abort the request. The supported codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md Note: If you want to return the status \"Unavailable\", then you should specify the code as `UNAVAILABLE`(all caps), but not `14`.", - "type": "string" - } - } - }, - { - "required": [ - "http2Error" - ], - "properties": { - "http2Error": { - "type": "string" - } - } - } - ] - } - }, - { - "required": [ - "httpStatus" - ], - "properties": { - "httpStatus": { - "description": "HTTP status code to use to abort the Http request.", - "type": "integer", - "format": "int32" - } - } - }, - { - "required": [ - "grpcStatus" - ], - "properties": { - "grpcStatus": { - "description": "GRPC status code to use to abort the request. The supported codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md Note: If you want to return the status \"Unavailable\", then you should specify the code as `UNAVAILABLE`(all caps), but not `14`.", - "type": "string" - } - } - }, - { - "required": [ - "http2Error" - ], - "properties": { - "http2Error": { - "type": "string" - } - } - } - ] - }, - "istio.networking.v1alpha3.HTTPFaultInjection.Delay": { - "description": "Delay specification is used to inject latency into the request forwarding path. The following example will introduce a 5 second delay in 1 out of every 1000 requests to the \"v1\" version of the \"reviews\" service from all pods with label env: prod", - "type": "object", - "properties": { - "percent": { - "description": "Percentage of requests on which the delay will be injected (0-100). Use of integer `percent` value is deprecated. Use the double `percentage` field instead.", - "type": "integer", - "format": "int32", - "deprecated": true - }, - "percentage": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Percent" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "fixedDelay" - ], - "properties": { - "fixedDelay": { - "description": "Add a fixed delay before forwarding the request. Format: 1h/1m/1s/1ms. MUST be \u003e=1ms.", - "type": "string" - } - } - }, - { - "required": [ - "exponentialDelay" - ], - "properties": { - "exponentialDelay": { - "type": "string" - } - } - } - ] - } - }, - { - "required": [ - "fixedDelay" - ], - "properties": { - "fixedDelay": { - "description": "Add a fixed delay before forwarding the request. Format: 1h/1m/1s/1ms. MUST be \u003e=1ms.", - "type": "string" - } - } - }, - { - "required": [ - "exponentialDelay" - ], - "properties": { - "exponentialDelay": { - "type": "string" - } - } - } - ] - }, - "istio.networking.v1alpha3.HTTPMatchRequest": { - "description": "HttpMatchRequest specifies a set of criterion to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a custom `end-user` header with value `jason`.", - "type": "object", - "properties": { - "name": { - "description": "The name assigned to a match. The match's name will be concatenated with the parent route's name and will be logged in the access logs for requests matching this route.", - "type": "string" - }, - "uri": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.StringMatch" - }, - "scheme": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.StringMatch" - }, - "method": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.StringMatch" - }, - "authority": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.StringMatch" - }, - "headers": { - "description": "The header keys must be lowercase and use hyphen as the separator, e.g. _x-request-id_.", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.StringMatch" - } - }, - "port": { - "description": "Specifies the ports on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.", - "type": "integer" - }, - "sourceLabels": { - "description": "One or more labels that constrain the applicability of a rule to source (client) workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "gateways": { - "description": "Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.", - "type": "array", - "items": { - "type": "string" - } - }, - "queryParams": { - "description": "Query parameters for matching.", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.StringMatch" - } - }, - "ignoreUriCase": { - "description": "Flag to specify whether the URI matching should be case-insensitive.", - "type": "boolean" - }, - "withoutHeaders": { - "description": "withoutHeader has the same syntax with the header, but has opposite meaning. If a header is matched with a matching rule among withoutHeader, the traffic becomes not matched one.", - "type": "object", - "additionalProperties": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.StringMatch" - } - }, - "sourceNamespace": { - "description": "Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.", - "type": "string" - }, - "statPrefix": { - "description": "The human readable prefix to use when emitting statistics for this route. The statistics are generated with prefix route.\u003cstat_prefix\u003e. This should be set for highly critical routes that one wishes to get \"per-route\" statistics on. This prefix is only for proxy-level statistics (envoy_*) and not service-level (istio_*) statistics. Refer to https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/route/v3/route_components.proto#envoy-v3-api-field-config-route-v3-route-stat-prefix for statistics that are generated when this is configured.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.HTTPMirrorPolicy": { - "description": "Hide this from doc until implemented.", - "type": "object", - "properties": { - "destination": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Destination" - }, - "percentage": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Percent" - } - } - }, - "istio.networking.v1alpha3.HTTPRedirect": { - "description": "HTTPRedirect can be used to send a 301 redirect response to the caller, where the Authority/Host and the URI in the response can be swapped with the specified values. For example, the following rule redirects requests for /v1/getProductRatings API on the ratings service to /v1/bookRatings provided by the bookratings service.", - "type": "object", - "properties": { - "uri": { - "description": "On a redirect, overwrite the Path portion of the URL with this value. Note that the entire path will be replaced, irrespective of the request URI being matched as an exact path or prefix.", - "type": "string" - }, - "authority": { - "description": "On a redirect, overwrite the Authority/Host portion of the URL with this value.", - "type": "string" - }, - "scheme": { - "description": "On a redirect, overwrite the scheme portion of the URL with this value. For example, `http` or `https`. If unset, the original scheme will be used. If `derivePort` is set to `FROM_PROTOCOL_DEFAULT`, this will impact the port used as well", - "type": "string" - }, - "redirectCode": { - "description": "On a redirect, Specifies the HTTP status code to use in the redirect response. The default response code is MOVED_PERMANENTLY (301).", - "type": "integer" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "port" - ], - "properties": { - "port": { - "description": "On a redirect, overwrite the port portion of the URL with this value.", - "type": "integer" - } - } - }, - { - "required": [ - "derivePort" - ], - "properties": { - "derivePort": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRedirect.RedirectPortSelection" - } - } - } - ] - } - }, - { - "required": [ - "port" - ], - "properties": { - "port": { - "description": "On a redirect, overwrite the port portion of the URL with this value.", - "type": "integer" - } - } - }, - { - "required": [ - "derivePort" - ], - "properties": { - "derivePort": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRedirect.RedirectPortSelection" - } - } - } - ] - }, - "istio.networking.v1alpha3.HTTPRedirect.RedirectPortSelection": { - "type": "string", - "enum": [ - "FROM_PROTOCOL_DEFAULT", - "FROM_REQUEST_PORT" - ] - }, - "istio.networking.v1alpha3.HTTPRetry": { - "description": "Describes the retry policy to use when a HTTP request fails. For example, the following rule sets the maximum number of retries to 3 when calling ratings:v1 service, with a 2s timeout per retry attempt. A retry will be attempted if there is a connect-failure, refused_stream or when the upstream server responds with Service Unavailable(503).", - "type": "object", - "properties": { - "attempts": { - "description": "Number of retries to be allowed for a given request. The interval between retries will be determined automatically (25ms+). When request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) or `per_try_timeout` is configured, the actual number of retries attempted also depends on the specified request `timeout` and `per_try_timeout` values.", - "type": "integer", - "format": "int32" - }, - "perTryTimeout": { - "description": "Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE \u003e=1ms. Default is same value as request `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute), which means no timeout.", - "type": "string" - }, - "retryOn": { - "description": "Specifies the conditions under which retry takes place. One or more policies can be specified using a ‘,’ delimited list. If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details.", - "type": "string" - }, - "retryRemoteLocalities": { - "description": "Flag to specify whether the retries should retry to other localities. See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details.", - "type": "boolean", - "nullable": true - } - } - }, - "istio.networking.v1alpha3.HTTPRewrite": { - "description": "HTTPRewrite can be used to rewrite specific parts of a HTTP request before forwarding the request to the destination. Rewrite primitive can be used only with HTTPRouteDestination. The following example demonstrates how to rewrite the URL prefix for api call (/ratings) to ratings service before making the actual API call.", - "type": "object", - "properties": { - "uri": { - "description": "rewrite the path (or the prefix) portion of the URI with this value. If the original URI was matched based on prefix, the value provided in this field will replace the corresponding matched prefix.", - "type": "string" - }, - "authority": { - "description": "rewrite the Authority/Host header with this value.", - "type": "string" - }, - "uriRegexRewrite": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.RegexRewrite" - } - } - }, - "istio.networking.v1alpha3.HTTPRoute": { - "description": "Describes match conditions and actions for routing HTTP/1.1, HTTP2, and gRPC traffic. See VirtualService for usage examples.", - "type": "object", - "properties": { - "name": { - "description": "The name assigned to the route for debugging purposes. The route's name will be concatenated with the match's name and will be logged in the access logs for requests matching this route/match.", - "type": "string" - }, - "match": { - "description": "Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPMatchRequest" - } - }, - "route": { - "description": "A HTTP rule can either return a direct_response, redirect or forward (default) traffic. The forwarding target can be one of several versions of a service (see glossary in beginning of document). Weights associated with the service version determine the proportion of traffic it receives.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRouteDestination" - } - }, - "redirect": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRedirect" - }, - "directResponse": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPDirectResponse" - }, - "delegate": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Delegate" - }, - "rewrite": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRewrite" - }, - "timeout": { - "description": "Timeout for HTTP requests, default is disabled.", - "type": "string" - }, - "retries": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRetry" - }, - "fault": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPFaultInjection" - }, - "mirror": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Destination" - }, - "mirrors": { - "description": "Hide this from doc until implemented.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPMirrorPolicy" - } - }, - "mirrorPercent": { - "description": "Percentage of the traffic to be mirrored by the `mirror` field. Use of integer `mirror_percent` value is deprecated. Use the double `mirror_percentage` field instead $hide_from_docs", - "type": "integer", - "deprecated": true, - "nullable": true - }, - "mirrorPercentage": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Percent" - }, - "corsPolicy": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.CorsPolicy" - }, - "headers": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Headers" - } - } - }, - "istio.networking.v1alpha3.HTTPRouteDestination": { - "description": "Each routing rule is associated with one or more service versions (see glossary in beginning of document). Weights associated with the version determine the proportion of traffic it receives. For example, the following rule will route 25% of traffic for the \"reviews\" service to instances with the \"v2\" tag and the remaining traffic (i.e., 75%) to \"v1\".", - "type": "object", - "properties": { - "destination": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Destination" - }, - "weight": { - "description": "Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. If there is only one destination in a rule, it will receive all traffic. Otherwise, if weight is `0`, the destination will not receive any traffic.", - "type": "integer", - "format": "int32" - }, - "headers": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Headers" - } - } - }, - "istio.networking.v1alpha3.Headers": { - "description": "Message headers can be manipulated when Envoy forwards requests to, or responses from, a destination service. Header manipulation rules can be specified for a specific route destination or for all destinations. The following VirtualService adds a `test` header with the value `true` to requests that are routed to any `reviews` service destination. It also removes the `foo` response header, but only from responses coming from the `v1` subset (version) of the `reviews` service.", - "type": "object", - "properties": { - "request": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Headers.HeaderOperations" - }, - "response": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Headers.HeaderOperations" - } - } - }, - "istio.networking.v1alpha3.Headers.HeaderOperations": { - "description": "HeaderOperations Describes the header manipulations to apply", - "type": "object", - "properties": { - "set": { - "description": "Overwrite the headers specified by key with the given values", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "add": { - "description": "Append the given values to the headers specified by keys (will create a comma-separated list of values)", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "remove": { - "description": "Remove the specified headers", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.L4MatchAttributes": { - "description": "L4 connection match attributes. Note that L4 connection matching support is incomplete.", - "type": "object", - "properties": { - "destinationSubnets": { - "description": "IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d.", - "type": "array", - "items": { - "type": "string" - } - }, - "port": { - "description": "Specifies the port on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.", - "type": "integer" - }, - "sourceSubnet": { - "description": "IPv4 or IPv6 ip address of source with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d $hide_from_docs", - "type": "string" - }, - "sourceLabels": { - "description": "One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it should include the reserved gateway `mesh` in order for this field to be applicable.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "gateways": { - "description": "Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.", - "type": "array", - "items": { - "type": "string" - } - }, - "sourceNamespace": { - "description": "Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.Percent": { - "description": "Percent specifies a percentage in the range of [0.0, 100.0].", - "type": "object", - "properties": { - "value": { - "type": "number", - "format": "double" - } - } - }, - "istio.networking.v1alpha3.PortSelector": { - "description": "PortSelector specifies the number of a port to be used for matching or selection for final routing.", - "type": "object", - "properties": { - "number": { - "description": "Valid port number", - "type": "integer" - } - } - }, - "istio.networking.v1alpha3.RegexRewrite": { - "type": "object", - "properties": { - "match": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", - "type": "string" - }, - "rewrite": { - "description": "The string that should replace into matching portions of original URI. Capture groups in the pattern can be referenced in the new URI. Examples: Example 1: rewrite with capture groups Path pattern \"/service/update/v1/api\" with match \"^/service/([^/]+)(/.*)$\" and rewrite string of \"/customprefix/\\2/\\1\" would transform into \"/customprefix/v1/api/update\".", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.RouteDestination": { - "description": "L4 routing rule weighted destination.", - "type": "object", - "properties": { - "destination": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.Destination" - }, - "weight": { - "description": "Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive `weight/(sum of all weights)` requests. If there is only one destination in a rule, it will receive all traffic. Otherwise, if weight is `0`, the destination will not receive any traffic.", - "type": "integer", - "format": "int32" - } - } - }, - "istio.networking.v1alpha3.StringMatch": { - "description": "Describes how to match a given string in HTTP headers. Match is case-sensitive.", - "type": "object", - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "exact" - ], - "properties": { - "exact": { - "description": "exact string match", - "type": "string" - } - } - }, - { - "required": [ - "prefix" - ], - "properties": { - "prefix": { - "description": "prefix-based match", - "type": "string" - } - } - }, - { - "required": [ - "regex" - ], - "properties": { - "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", - "type": "string" - } - } - } - ] - } - }, - { - "required": [ - "exact" - ], - "properties": { - "exact": { - "description": "exact string match", - "type": "string" - } - } - }, - { - "required": [ - "prefix" - ], - "properties": { - "prefix": { - "description": "prefix-based match", - "type": "string" - } - } - }, - { - "required": [ - "regex" - ], - "properties": { - "regex": { - "description": "RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).", - "type": "string" - } - } - } - ] - }, - "istio.networking.v1alpha3.TCPRoute": { - "description": "Describes match conditions and actions for routing TCP traffic. The following routing rule forwards traffic arriving at port 27017 for mongo.prod.svc.cluster.local to another Mongo server on port 5555.", - "type": "object", - "properties": { - "match": { - "description": "Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.L4MatchAttributes" - } - }, - "route": { - "description": "The destination to which the connection should be forwarded to.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.RouteDestination" - } - } - } - }, - "istio.networking.v1alpha3.TLSMatchAttributes": { - "description": "TLS connection match attributes.", - "type": "object", - "properties": { - "sniHosts": { - "description": "SNI (server name indicator) to match on. Wildcard prefixes can be used in the SNI value, e.g., *.com will match foo.example.com as well as example.com. An SNI value must be a subset (i.e., fall within the domain) of the corresponding virtual service's hosts.", - "type": "array", - "items": { - "type": "string" - } - }, - "destinationSubnets": { - "description": "IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., a.b.c.d/xx form or just a.b.c.d.", - "type": "array", - "items": { - "type": "string" - } - }, - "port": { - "description": "Specifies the port on the host that is being addressed. Many services only expose a single port or label ports with the protocols they support, in these cases it is not required to explicitly select the port.", - "type": "integer" - }, - "sourceLabels": { - "description": "One or more labels that constrain the applicability of a rule to workloads with the given labels. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it should include the reserved gateway `mesh` in order for this field to be applicable.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "gateways": { - "description": "Names of gateways where the rule should be applied. Gateway names in the top-level `gateways` field of the VirtualService (if any) are overridden. The gateway match is independent of sourceLabels.", - "type": "array", - "items": { - "type": "string" - } - }, - "sourceNamespace": { - "description": "Source namespace constraining the applicability of a rule to workloads in that namespace. If the VirtualService has a list of gateways specified in the top-level `gateways` field, it must include the reserved gateway `mesh` for this field to be applicable.", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.TLSRoute": { - "description": "Describes match conditions and actions for routing unterminated TLS traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS traffic arriving at port 443 of gateway called \"mygateway\" to internal services in the mesh based on the SNI value.", - "type": "object", - "properties": { - "match": { - "description": "Match conditions to be satisfied for the rule to be activated. All conditions inside a single match block have AND semantics, while the list of match blocks have OR semantics. The rule is matched if any one of the match blocks succeed.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TLSMatchAttributes" - } - }, - "route": { - "description": "The destination to which the connection should be forwarded to.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.RouteDestination" - } - } - } - }, - "istio.networking.v1alpha3.VirtualService": { - "description": "Configuration affecting traffic routing.", - "type": "object", - "properties": { - "hosts": { - "description": "The destination hosts to which traffic is being sent. Could be a DNS name with wildcard prefix or an IP address. Depending on the platform, short-names can also be used instead of a FQDN (i.e. has no dots in the name). In such a scenario, the FQDN of the host would be derived based on the underlying platform.", - "type": "array", - "items": { - "type": "string" - } - }, - "gateways": { - "description": "The names of gateways and sidecars that should apply these routes. Gateways in other namespaces may be referred to by `\u003cgateway namespace\u003e/\u003cgateway name\u003e`; specifying a gateway with no namespace qualifier is the same as specifying the VirtualService's namespace. A single VirtualService is used for sidecars inside the mesh as well as for one or more gateways. The selection condition imposed by this field can be overridden using the source field in the match conditions of protocol-specific routes. The reserved word `mesh` is used to imply all the sidecars in the mesh. When this field is omitted, the default gateway (`mesh`) will be used, which would apply the rule to all sidecars in the mesh. If a list of gateway names is provided, the rules will apply only to the gateways. To apply the rules to both gateways and sidecars, specify `mesh` as one of the gateway names.", - "type": "array", - "items": { - "type": "string" - } - }, - "http": { - "description": "An ordered list of route rules for HTTP traffic. HTTP routes will be applied to platform service ports using HTTP/HTTP2/GRPC protocols, gateway ports with protocol HTTP/HTTP2/GRPC/TLS-terminated-HTTPS and service entry ports using HTTP/HTTP2/GRPC protocols. The first rule matching an incoming request is used.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPRoute" - } - }, - "tls": { - "description": "An ordered list of route rule for non-terminated TLS \u0026 HTTPS traffic. Routing is typically performed using the SNI value presented by the ClientHello message. TLS routes will be applied to platform service ports named 'https-*', 'tls-*', unterminated gateway ports using HTTPS/TLS protocols (i.e. with \"passthrough\" TLS mode) and service entry ports using HTTPS/TLS protocols. The first rule matching an incoming request is used. NOTE: Traffic 'https-*' or 'tls-*' ports without associated virtual service will be treated as opaque TCP traffic.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TLSRoute" - } - }, - "tcp": { - "description": "An ordered list of route rules for opaque TCP traffic. TCP routes will be applied to any port that is not a HTTP or TLS port. The first rule matching an incoming request is used.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPRoute" - } - }, - "exportTo": { - "description": "A list of namespaces to which this virtual service is exported. Exporting a virtual service allows it to be used by sidecars and gateways defined in other namespaces. This feature provides a mechanism for service owners and mesh administrators to control the visibility of virtual services across namespace boundaries.", - "type": "array", - "items": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.go b/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.go index ab1a42026..d133ab0e8 100644 --- a/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: networking/v1alpha3/virtual_service.proto @@ -67,10 +67,8 @@ // be rewritten to /newcatalog and sent to pods with label "version: v2". // // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -96,47 +94,13 @@ // host: reviews.prod.svc.cluster.local // subset: v1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// {{}} -// {{}} // // A subset/version of a route destination is identified with a reference // to a named service subset which must be declared in a corresponding // `DestinationRule`. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-destination @@ -150,26 +114,6 @@ // labels: // version: v2 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// {{}} -// {{}} // package v1alpha3 @@ -237,12 +181,65 @@ func (HTTPRedirect_RedirectPortSelection) EnumDescriptor() ([]byte, []int) { return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{12, 0} } +type CorsPolicy_UnmatchedPreflights int32 + +const ( + // Default to FORWARD + CorsPolicy_UNSPECIFIED CorsPolicy_UnmatchedPreflights = 0 + // Preflight requests not matching the configured allowed origin + // will be forwarded to the upstream. + CorsPolicy_FORWARD CorsPolicy_UnmatchedPreflights = 1 + // Preflight requests not matching the configured allowed origin + // will not be forwarded to the upstream. + CorsPolicy_IGNORE CorsPolicy_UnmatchedPreflights = 2 +) + +// Enum value maps for CorsPolicy_UnmatchedPreflights. +var ( + CorsPolicy_UnmatchedPreflights_name = map[int32]string{ + 0: "UNSPECIFIED", + 1: "FORWARD", + 2: "IGNORE", + } + CorsPolicy_UnmatchedPreflights_value = map[string]int32{ + "UNSPECIFIED": 0, + "FORWARD": 1, + "IGNORE": 2, + } +) + +func (x CorsPolicy_UnmatchedPreflights) Enum() *CorsPolicy_UnmatchedPreflights { + p := new(CorsPolicy_UnmatchedPreflights) + *p = x + return p +} + +func (x CorsPolicy_UnmatchedPreflights) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (CorsPolicy_UnmatchedPreflights) Descriptor() protoreflect.EnumDescriptor { + return file_networking_v1alpha3_virtual_service_proto_enumTypes[1].Descriptor() +} + +func (CorsPolicy_UnmatchedPreflights) Type() protoreflect.EnumType { + return &file_networking_v1alpha3_virtual_service_proto_enumTypes[1] +} + +func (x CorsPolicy_UnmatchedPreflights) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use CorsPolicy_UnmatchedPreflights.Descriptor instead. +func (CorsPolicy_UnmatchedPreflights) EnumDescriptor() ([]byte, []int) { + return file_networking_v1alpha3_virtual_service_proto_rawDescGZIP(), []int{19, 0} +} + // Configuration affecting traffic routing. // // -// type VirtualService struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -353,11 +347,9 @@ type VirtualService struct { func (x *VirtualService) Reset() { *x = VirtualService{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *VirtualService) String() string { @@ -368,7 +360,7 @@ func (*VirtualService) ProtoMessage() {} func (x *VirtualService) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -436,7 +428,7 @@ func (x *VirtualService) GetExportTo() []string { // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews will be +// rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of the // actual namespace associated with the reviews service. _To avoid potential // misconfigurations, it is recommended to always use fully qualified @@ -446,10 +438,8 @@ func (x *VirtualService) GetExportTo() []string { // of the reviews service with label "version: v1" (i.e., subset v1), and // some to subset v2, in a Kubernetes environment. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -478,71 +468,11 @@ func (x *VirtualService) GetExportTo() []string { // subset: v1 // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// namespace: foo -// -// spec: -// -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// -// ``` -// {{}} -// {{}} // // # And the associated DestinationRule // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: reviews-destination -// namespace: foo -// -// spec: -// -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -561,8 +491,6 @@ func (x *VirtualService) GetExportTo() []string { // version: v2 // // ``` -// {{}} -// {{}} // // The following VirtualService sets a timeout of 5s for all calls to // productpage.prod.svc.cluster.local service in Kubernetes. Notice that @@ -574,10 +502,8 @@ func (x *VirtualService) GetExportTo() []string { // productpage.prod.svc.cluster.local. Therefore the rule's namespace does // not have an impact in resolving the name of the productpage service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -595,30 +521,6 @@ func (x *VirtualService) GetExportTo() []string { // host: productpage.prod.svc.cluster.local // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: my-productpage-rule -// namespace: istio-system -// -// spec: -// -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// -// ``` -// {{}} -// {{}} // // To control routing for traffic bound to services outside the mesh, external // services must first be added to Istio's internal service registry using the @@ -626,10 +528,8 @@ func (x *VirtualService) GetExportTo() []string { // bound to these external services. For example, the following rules define a // Service for wikipedia.org and set a timeout of 5s for HTTP requests. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // @@ -647,7 +547,7 @@ func (x *VirtualService) GetExportTo() []string { // resolution: DNS // // --- -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -664,47 +564,6 @@ func (x *VirtualService) GetExportTo() []string { // host: wikipedia.org // // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// -// name: external-svc-wikipedia -// -// spec: -// -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// -// name: my-wiki-rule -// -// spec: -// -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// -// ``` -// {{}} -// {{}} type Destination struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -719,7 +578,7 @@ type Destination struct { // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews will be + // rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of // the actual namespace associated with the reviews service. To avoid // potential misconfiguration, it is recommended to always use fully @@ -737,11 +596,9 @@ type Destination struct { func (x *Destination) Reset() { *x = Destination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Destination) String() string { @@ -752,7 +609,7 @@ func (*Destination) ProtoMessage() {} func (x *Destination) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -840,6 +697,15 @@ type HTTPRoute struct { // Timeout for HTTP requests, default is disabled. Timeout *duration.Duration `protobuf:"bytes,6,opt,name=timeout,proto3" json:"timeout,omitempty"` // Retry policy for HTTP requests. + // + // Note: the default cluster-wide retry policy, if not specified, is: + // + // ```yaml + // attempts: 2 + // retryOn: "connect-failure,refused-stream,unavailable,cancelled,503" + // ``` + // + // This can be customized in [`Mesh Config` `defaultHttpRetryPolicy`](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig). Retries *HTTPRetry `protobuf:"bytes,7,opt,name=retries,proto3" json:"retries,omitempty"` // Fault injection policy to apply on HTTP traffic at the client side. // Note that timeouts or retries will not be enabled when faults are @@ -852,9 +718,6 @@ type HTTPRoute struct { // original destination. Statistics will be generated for the mirrored // destination. Mirror *Destination `protobuf:"bytes,9,opt,name=mirror,proto3" json:"mirror,omitempty"` - // $hide_from_docs - // Hide this from doc until implemented. - // // Specifies the destinations to mirror HTTP traffic in addition // to the original destination. Mirrored traffic is on a // best effort basis where the sidecar/gateway will not wait for the @@ -866,6 +729,7 @@ type HTTPRoute struct { // Use of integer `mirror_percent` value is deprecated. Use the // double `mirror_percentage` field instead // $hide_from_docs + // +kubebuilder:altName=mirror_percent // // Deprecated: Marked as deprecated in networking/v1alpha3/virtual_service.proto. MirrorPercent *wrappers.UInt32Value `protobuf:"bytes,18,opt,name=mirror_percent,json=mirrorPercent,proto3" json:"mirror_percent,omitempty"` @@ -883,11 +747,9 @@ type HTTPRoute struct { func (x *HTTPRoute) Reset() { *x = HTTPRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRoute) String() string { @@ -898,7 +760,7 @@ func (*HTTPRoute) ProtoMessage() {} func (x *HTTPRoute) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1031,7 +893,7 @@ func (x *HTTPRoute) GetHeaders() *Headers { // forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1060,7 +922,7 @@ func (x *HTTPRoute) GetHeaders() *Headers { // ``` // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1083,7 +945,7 @@ func (x *HTTPRoute) GetHeaders() *Headers { // ``` // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1112,11 +974,9 @@ type Delegate struct { func (x *Delegate) Reset() { *x = Delegate{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Delegate) String() string { @@ -1127,7 +987,7 @@ func (*Delegate) ProtoMessage() {} func (x *Delegate) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1164,44 +1024,8 @@ func (x *Delegate) GetNamespace() string { // It also removes the `foo` response header, but only from responses // coming from the `v1` subset (version) of the `reviews` service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: "true" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1231,8 +1055,6 @@ func (x *Delegate) GetNamespace() string { // weight: 75 // // ``` -// {{}} -// {{}} type Headers struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1248,11 +1070,9 @@ type Headers struct { func (x *Headers) Reset() { *x = Headers{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Headers) String() string { @@ -1263,7 +1083,7 @@ func (*Headers) ProtoMessage() {} func (x *Headers) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1297,43 +1117,8 @@ func (x *Headers) GetResponse() *Headers_HeaderOperations { // traffic arriving at port 443 of gateway called "mygateway" to internal // services in the mesh based on the SNI value. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: bookinfo-sni -// -// spec: -// -// hosts: -// - "*.bookinfo.com" -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1362,8 +1147,6 @@ func (x *Headers) GetResponse() *Headers_HeaderOperations { // host: reviews.prod.svc.cluster.local // // ``` -// {{}} -// {{}} type TLSRoute struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1380,11 +1163,9 @@ type TLSRoute struct { func (x *TLSRoute) Reset() { *x = TLSRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TLSRoute) String() string { @@ -1395,7 +1176,7 @@ func (*TLSRoute) ProtoMessage() {} func (x *TLSRoute) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1415,47 +1196,21 @@ func (x *TLSRoute) GetMatch() []*TLSMatchAttributes { return x.Match } return nil -} - -func (x *TLSRoute) GetRoute() []*RouteDestination { - if x != nil { - return x.Route - } - return nil -} - -// Describes match conditions and actions for routing TCP traffic. The -// following routing rule forwards traffic arriving at port 27017 for -// mongo.prod.svc.cluster.local to another Mongo server on port 5555. -// -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: bookinfo-mongo -// -// spec: -// -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// -// ``` -// {{}} +} + +func (x *TLSRoute) GetRoute() []*RouteDestination { + if x != nil { + return x.Route + } + return nil +} + +// Describes match conditions and actions for routing TCP traffic. The +// following routing rule forwards traffic arriving at port 27017 for +// mongo.prod.svc.cluster.local to another Mongo server on port 5555. // -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1475,8 +1230,6 @@ func (x *TLSRoute) GetRoute() []*RouteDestination { // number: 5555 // // ``` -// {{}} -// {{}} type TCPRoute struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -1493,11 +1246,9 @@ type TCPRoute struct { func (x *TCPRoute) Reset() { *x = TCPRoute{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TCPRoute) String() string { @@ -1508,7 +1259,7 @@ func (*TCPRoute) ProtoMessage() {} func (x *TCPRoute) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1537,43 +1288,14 @@ func (x *TCPRoute) GetRoute() []*RouteDestination { return nil } -// HttpMatchRequest specifies a set of criterion to be met in order for the +// HttpMatchRequest specifies a set of criteria to be met in order for the // rule to be applied to the HTTP request. For example, the following // restricts the rule to match only requests where the URL path // starts with /ratings/v2/ and the request contains a custom `end-user` header // with value `jason`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1596,8 +1318,6 @@ func (x *TCPRoute) GetRoute() []*RouteDestination { // host: ratings.prod.svc.cluster.local // // ``` -// {{}} -// {{}} // // HTTPMatchRequest CANNOT be empty. // **Note:** @@ -1619,10 +1339,10 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // // **Note:** Case-insensitive matching could be enabled via the - // `ignore_uri_case` flag. + // `ignoreUriCase` flag. Uri *StringMatch `protobuf:"bytes,1,opt,name=uri,proto3" json:"uri,omitempty"` // URI Scheme // values are case-sensitive and formatted as follows: @@ -1631,7 +1351,7 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). Scheme *StringMatch `protobuf:"bytes,2,opt,name=scheme,proto3" json:"scheme,omitempty"` // HTTP Method // values are case-sensitive and formatted as follows: @@ -1640,7 +1360,7 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). Method *StringMatch `protobuf:"bytes,3,opt,name=method,proto3" json:"method,omitempty"` // HTTP Authority // values are case-sensitive and formatted as follows: @@ -1649,7 +1369,7 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). Authority *StringMatch `protobuf:"bytes,4,opt,name=authority,proto3" json:"authority,omitempty"` // The header keys must be lowercase and use hyphen as the separator, // e.g. _x-request-id_. @@ -1660,7 +1380,7 @@ type HTTPMatchRequest struct { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // // If the value is empty and only the name of header is specified, presence of the header is checked. // To provide an empty value, use `{}`, for example: @@ -1726,11 +1446,9 @@ type HTTPMatchRequest struct { func (x *HTTPMatchRequest) Reset() { *x = HTTPMatchRequest{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[7] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[7] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPMatchRequest) String() string { @@ -1741,7 +1459,7 @@ func (*HTTPMatchRequest) ProtoMessage() {} func (x *HTTPMatchRequest) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[7] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -1861,36 +1579,8 @@ func (x *HTTPMatchRequest) GetStatPrefix() string { // instances with the "v2" tag and the remaining traffic (i.e., 75%) to // "v1". // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -1912,37 +1602,11 @@ func (x *HTTPMatchRequest) GetStatPrefix() string { // weight: 75 // // ``` -// {{}} -// {{}} // // # And the associated DestinationRule // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// -// name: reviews-destination -// -// spec: -// -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // @@ -1960,41 +1624,13 @@ func (x *HTTPMatchRequest) GetStatPrefix() string { // version: v2 // // ``` -// {{}} -// {{}} // // Traffic can also be split across two entirely different services without // having to define new subsets. For example, the following rule forwards 25% of // traffic to reviews.com to dev.reviews.com // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews-route-two-domains -// -// spec: -// -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2014,8 +1650,6 @@ func (x *HTTPMatchRequest) GetStatPrefix() string { // weight: 75 // // ``` -// {{}} -// {{}} type HTTPRouteDestination struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2034,11 +1668,9 @@ type HTTPRouteDestination struct { func (x *HTTPRouteDestination) Reset() { *x = HTTPRouteDestination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[8] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[8] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRouteDestination) String() string { @@ -2049,7 +1681,7 @@ func (*HTTPRouteDestination) ProtoMessage() {} func (x *HTTPRouteDestination) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[8] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2102,11 +1734,9 @@ type RouteDestination struct { func (x *RouteDestination) Reset() { *x = RouteDestination{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[9] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[9] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *RouteDestination) String() string { @@ -2117,7 +1747,7 @@ func (*RouteDestination) ProtoMessage() {} func (x *RouteDestination) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[9] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2181,11 +1811,9 @@ type L4MatchAttributes struct { func (x *L4MatchAttributes) Reset() { *x = L4MatchAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[10] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[10] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *L4MatchAttributes) String() string { @@ -2196,7 +1824,7 @@ func (*L4MatchAttributes) ProtoMessage() {} func (x *L4MatchAttributes) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[10] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2289,11 +1917,9 @@ type TLSMatchAttributes struct { func (x *TLSMatchAttributes) Reset() { *x = TLSMatchAttributes{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[11] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[11] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TLSMatchAttributes) String() string { @@ -2304,7 +1930,7 @@ func (*TLSMatchAttributes) ProtoMessage() {} func (x *TLSMatchAttributes) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[11] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2367,34 +1993,8 @@ func (x *TLSMatchAttributes) GetSourceNamespace() string { // requests for /v1/getProductRatings API on the ratings service to // /v1/bookRatings provided by the bookratings service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2414,8 +2014,6 @@ func (x *TLSMatchAttributes) GetSourceNamespace() string { // ... // // ``` -// {{}} -// {{}} type HTTPRedirect struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2445,11 +2043,9 @@ type HTTPRedirect struct { func (x *HTTPRedirect) Reset() { *x = HTTPRedirect{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[12] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[12] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRedirect) String() string { @@ -2460,7 +2056,7 @@ func (*HTTPRedirect) ProtoMessage() {} func (x *HTTPRedirect) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[12] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2548,35 +2144,8 @@ func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} // For example, the following rule returns a fixed 503 status with a body // to requests for /v1/getProductRatings API. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "unknown error" -// ... -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2597,41 +2166,12 @@ func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} // ... // // ``` -// {{}} -// {{}} // // It is also possible to specify a binary response body. // This is mostly useful for non text-based protocols such as gRPC. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 -// ... -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2652,46 +2192,13 @@ func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} // ... // // ``` -// {{}} -// {{}} // // It is good practice to add headers in the HTTPRoute // as well as the direct_response, for example to specify // the returned Content-Type. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "{\"error\": \"unknown error\"}" -// headers: -// response: -// set: -// content-type: "application/json" -// ... -// -// ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2716,8 +2223,6 @@ func (*HTTPRedirect_DerivePort) isHTTPRedirect_RedirectPort() {} // ... // // ``` -// {{}} -// {{}} type HTTPDirectResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2732,11 +2237,9 @@ type HTTPDirectResponse struct { func (x *HTTPDirectResponse) Reset() { *x = HTTPDirectResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[13] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[13] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPDirectResponse) String() string { @@ -2747,7 +2250,7 @@ func (*HTTPDirectResponse) ProtoMessage() {} func (x *HTTPDirectResponse) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[13] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2790,11 +2293,9 @@ type HTTPBody struct { func (x *HTTPBody) Reset() { *x = HTTPBody{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[14] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[14] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPBody) String() string { @@ -2805,7 +2306,7 @@ func (*HTTPBody) ProtoMessage() {} func (x *HTTPBody) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[14] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2856,45 +2357,17 @@ type HTTPBody_Bytes struct { } func (*HTTPBody_String_) isHTTPBody_Specifier() {} - -func (*HTTPBody_Bytes) isHTTPBody_Specifier() {} - -// HTTPRewrite can be used to rewrite specific parts of a HTTP request -// before forwarding the request to the destination. Rewrite primitive can -// be used only with HTTPRouteDestination. The following example -// demonstrates how to rewrite the URL prefix for api call (/ratings) to -// ratings service before making the actual API call. -// -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// -// ``` -// {{}} + +func (*HTTPBody_Bytes) isHTTPBody_Specifier() {} + +// HTTPRewrite can be used to rewrite specific parts of a HTTP request +// before forwarding the request to the destination. Rewrite primitive can +// be used only with HTTPRouteDestination. The following example +// demonstrates how to rewrite the URL prefix for api call (/ratings) to +// ratings service before making the actual API call. // -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -2916,8 +2389,6 @@ func (*HTTPBody_Bytes) isHTTPBody_Specifier() {} // subset: v1 // // ``` -// {{}} -// {{}} type HTTPRewrite struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -2935,11 +2406,9 @@ type HTTPRewrite struct { func (x *HTTPRewrite) Reset() { *x = HTTPRewrite{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[15] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[15] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRewrite) String() string { @@ -2950,7 +2419,7 @@ func (*HTTPRewrite) ProtoMessage() {} func (x *HTTPRewrite) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[15] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -2991,7 +2460,7 @@ type RegexRewrite struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). Match string `protobuf:"bytes,1,opt,name=match,proto3" json:"match,omitempty"` // The string that should replace into matching portions of original URI. // Capture groups in the pattern can be referenced in the new URI. @@ -3009,11 +2478,9 @@ type RegexRewrite struct { func (x *RegexRewrite) Reset() { *x = RegexRewrite{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[16] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[16] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *RegexRewrite) String() string { @@ -3024,7 +2491,7 @@ func (*RegexRewrite) ProtoMessage() {} func (x *RegexRewrite) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[16] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3053,8 +2520,8 @@ func (x *RegexRewrite) GetRewrite() string { return "" } -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. +// Describes how to match a given string in HTTP headers. `exact` and `prefix` matching is +// case-sensitive. `regex` matching supports case-insensitive matches. type StringMatch struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -3070,11 +2537,9 @@ type StringMatch struct { func (x *StringMatch) Reset() { *x = StringMatch{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[17] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[17] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *StringMatch) String() string { @@ -3085,7 +2550,7 @@ func (*StringMatch) ProtoMessage() {} func (x *StringMatch) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[17] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3143,7 +2608,9 @@ type StringMatch_Prefix struct { } type StringMatch_Regex struct { - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). + // + // Example: `(?i)^aaa$` can be used to case-insensitive match a string consisting of three a's. Regex string `protobuf:"bytes,3,opt,name=regex,proto3,oneof"` } @@ -3159,35 +2626,8 @@ func (*StringMatch_Regex) isStringMatch_MatchType() {} // A retry will be attempted if there is a connect-failure, refused_stream // or when the upstream server responds with Service Unavailable(503). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: connect-failure,refused-stream,503 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -3208,8 +2648,6 @@ func (*StringMatch_Regex) isStringMatch_MatchType() {} // retryOn: gateway-error,connect-failure,refused-stream // // ``` -// {{}} -// {{}} type HTTPRetry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -3219,7 +2657,8 @@ type HTTPRetry struct { // between retries will be determined automatically (25ms+). When request // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) // or `per_try_timeout` is configured, the actual number of retries attempted also depends on - // the specified request `timeout` and `per_try_timeout` values. + // the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. + // The maximum possible number of requests made will be 1 + `attempts`. Attempts int32 `protobuf:"varint,1,opt,name=attempts,proto3" json:"attempts,omitempty"` // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. // Default is same value as request @@ -3228,9 +2667,15 @@ type HTTPRetry struct { PerTryTimeout *duration.Duration `protobuf:"bytes,2,opt,name=per_try_timeout,json=perTryTimeout,proto3" json:"per_try_timeout,omitempty"` // Specifies the conditions under which retry takes place. // One or more policies can be specified using a ‘,’ delimited list. - // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + // + // In addition to the policies specified above, a list of HTTP status codes can be passed, such as `retryOn: "503,reset"`. + // Note these status codes refer to the actual responses received from the destination. + // For example, if a connection is reset, Istio will translate this to 503 for it's response. + // However, the destination did not return a 503 error, so this would not match `"503"` (it would, however, match `"reset"`). + // + // If not specified, this defaults to `connect-failure,refused-stream,unavailable,cancelled,503`. RetryOn string `protobuf:"bytes,3,opt,name=retry_on,json=retryOn,proto3" json:"retry_on,omitempty"` // Flag to specify whether the retries should retry to other localities. // See the [retry plugin configuration](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/http/http_connection_management#retry-plugin-configuration) for more details. @@ -3239,11 +2684,9 @@ type HTTPRetry struct { func (x *HTTPRetry) Reset() { *x = HTTPRetry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[18] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[18] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPRetry) String() string { @@ -3254,7 +2697,7 @@ func (*HTTPRetry) ProtoMessage() {} func (x *HTTPRetry) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[18] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3305,41 +2748,8 @@ func (x *HTTPRetry) GetRetryRemoteLocalities() *wrappers.BoolValue { // `Access-Control-Allow-Credentials` header to false. In addition, it only // exposes `X-Foo-bar` header and sets an expiry period of 1 day. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigins: -// - exact: https://example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -3366,8 +2776,6 @@ func (x *HTTPRetry) GetRetryRemoteLocalities() *wrappers.BoolValue { // maxAge: "24h" // // ``` -// {{}} -// {{}} type CorsPolicy struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -3400,15 +2808,17 @@ type CorsPolicy struct { // (not the preflight) using credentials. Translates to // `Access-Control-Allow-Credentials` header. AllowCredentials *wrappers.BoolValue `protobuf:"bytes,6,opt,name=allow_credentials,json=allowCredentials,proto3" json:"allow_credentials,omitempty"` + // Indicates whether preflight requests not matching the configured + // allowed origin shouldn't be forwarded to the upstream. + // Default is forward to upstream. + UnmatchedPreflights CorsPolicy_UnmatchedPreflights `protobuf:"varint,8,opt,name=unmatched_preflights,json=unmatchedPreflights,proto3,enum=istio.networking.v1alpha3.CorsPolicy_UnmatchedPreflights" json:"unmatched_preflights,omitempty"` } func (x *CorsPolicy) Reset() { *x = CorsPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[19] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *CorsPolicy) String() string { @@ -3419,7 +2829,7 @@ func (*CorsPolicy) ProtoMessage() {} func (x *CorsPolicy) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[19] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3484,6 +2894,13 @@ func (x *CorsPolicy) GetAllowCredentials() *wrappers.BoolValue { return nil } +func (x *CorsPolicy) GetUnmatchedPreflights() CorsPolicy_UnmatchedPreflights { + if x != nil { + return x.UnmatchedPreflights + } + return CorsPolicy_UNSPECIFIED +} + // HTTPFaultInjection can be used to specify one or more faults to inject // while forwarding HTTP requests to the destination specified in a route. // Fault specification is part of a VirtualService rule. Faults include @@ -3507,11 +2924,9 @@ type HTTPFaultInjection struct { func (x *HTTPFaultInjection) Reset() { *x = HTTPFaultInjection{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[20] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[20] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPFaultInjection) String() string { @@ -3522,7 +2937,7 @@ func (*HTTPFaultInjection) ProtoMessage() {} func (x *HTTPFaultInjection) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[20] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3551,9 +2966,6 @@ func (x *HTTPFaultInjection) GetAbort() *HTTPFaultInjection_Abort { return nil } -// $hide_from_docs -// Hide this from doc until implemented. -// // HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition // to the original destination. Mirrored traffic is on a // best effort basis where the sidecar/gateway will not wait for the @@ -3565,14 +2977,8 @@ type HTTPMirrorPolicy struct { sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // $hide_from_docs - // Hide this from doc until implemented. - // // Destination specifies the target of the mirror operation. Destination *Destination `protobuf:"bytes,1,opt,name=destination,proto3" json:"destination,omitempty"` - // $hide_from_docs - // Hide this from doc until implemented. - // // Percentage of the traffic to be mirrored by the `destination` field. // If this field is absent, all the traffic (100%) will be mirrored. // Max value is 100. @@ -3581,11 +2987,9 @@ type HTTPMirrorPolicy struct { func (x *HTTPMirrorPolicy) Reset() { *x = HTTPMirrorPolicy{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[21] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[21] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPMirrorPolicy) String() string { @@ -3596,7 +3000,7 @@ func (*HTTPMirrorPolicy) ProtoMessage() {} func (x *HTTPMirrorPolicy) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[21] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3638,11 +3042,9 @@ type PortSelector struct { func (x *PortSelector) Reset() { *x = PortSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[22] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[22] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PortSelector) String() string { @@ -3653,7 +3055,7 @@ func (*PortSelector) ProtoMessage() {} func (x *PortSelector) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[22] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3686,11 +3088,9 @@ type Percent struct { func (x *Percent) Reset() { *x = Percent{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[23] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[23] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Percent) String() string { @@ -3701,7 +3101,7 @@ func (*Percent) ProtoMessage() {} func (x *Percent) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[23] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3740,11 +3140,9 @@ type Headers_HeaderOperations struct { func (x *Headers_HeaderOperations) Reset() { *x = Headers_HeaderOperations{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[24] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[24] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *Headers_HeaderOperations) String() string { @@ -3755,7 +3153,7 @@ func (*Headers_HeaderOperations) ProtoMessage() {} func (x *Headers_HeaderOperations) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[24] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3796,39 +3194,8 @@ func (x *Headers_HeaderOperations) GetRemove() []string { // in 1 out of every 1000 requests to the "v1" version of the "reviews" // service from all pods with label env: prod // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: reviews-route -// -// spec: -// -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - match: -// - sourceLabels: -// env: prod -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// fault: -// delay: -// percentage: -// value: 0.1 -// fixedDelay: 5s -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -3853,8 +3220,6 @@ func (x *Headers_HeaderOperations) GetRemove() []string { // fixedDelay: 5s // // ``` -// {{}} -// {{}} // // The _fixedDelay_ field is used to indicate the amount of delay in seconds. // The optional _percentage_ field can be used to only delay a certain @@ -3882,11 +3247,9 @@ type HTTPFaultInjection_Delay struct { func (x *HTTPFaultInjection_Delay) Reset() { *x = HTTPFaultInjection_Delay{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[33] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[33] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPFaultInjection_Delay) String() string { @@ -3897,7 +3260,7 @@ func (*HTTPFaultInjection_Delay) ProtoMessage() {} func (x *HTTPFaultInjection_Delay) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[33] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -3971,36 +3334,8 @@ func (*HTTPFaultInjection_Delay_ExponentialDelay) isHTTPFaultInjection_Delay_Htt // pre-specified error code. The following example will return an HTTP 400 // error code for 1 out of every 1000 requests to the "ratings" service "v1". // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// -// name: ratings-route -// -// spec: -// -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// fault: -// abort: -// percentage: -// value: 0.1 -// httpStatus: 400 -// -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // @@ -4022,8 +3357,6 @@ func (*HTTPFaultInjection_Delay_ExponentialDelay) isHTTPFaultInjection_Delay_Htt // httpStatus: 400 // // ``` -// {{}} -// {{}} // // The _httpStatus_ field is used to indicate the HTTP status code to // return to the caller. The optional _percentage_ field can be used to only @@ -4047,11 +3380,9 @@ type HTTPFaultInjection_Abort struct { func (x *HTTPFaultInjection_Abort) Reset() { *x = HTTPFaultInjection_Abort{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[34] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[34] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPFaultInjection_Abort) String() string { @@ -4062,7 +3393,7 @@ func (*HTTPFaultInjection_Abort) ProtoMessage() {} func (x *HTTPFaultInjection_Abort) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_virtual_service_proto_msgTypes[34] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -4170,383 +3501,394 @@ var file_networking_v1alpha3_virtual_service_proto_rawDesc = []byte{ 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x03, 0x74, 0x63, 0x70, 0x12, 0x1b, 0x0a, 0x09, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x5f, 0x74, 0x6f, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x65, 0x78, 0x70, 0x6f, 0x72, 0x74, 0x54, - 0x6f, 0x22, 0x7b, 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x12, 0x17, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, 0x62, - 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, 0x73, 0x65, - 0x74, 0x12, 0x3b, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, - 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x6f, 0x72, 0x74, - 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xbb, - 0x09, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, - 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x12, 0x41, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x05, 0x6d, 0x61, - 0x74, 0x63, 0x68, 0x12, 0x45, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, - 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, - 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x43, 0x0a, 0x08, 0x72, 0x65, - 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, - 0x56, 0x0a, 0x0f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x08, 0x64, 0x65, 0x6c, 0x65, 0x67, - 0x61, 0x74, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x52, 0x08, - 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x40, 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, - 0x69, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, - 0x65, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x74, 0x69, - 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, - 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, - 0x3e, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, - 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x6f, 0x22, 0x7c, 0x0a, 0x0b, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x12, 0x18, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, + 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x75, + 0x62, 0x73, 0x65, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x75, 0x62, 0x73, + 0x65, 0x74, 0x12, 0x3b, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x6f, 0x72, + 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, + 0xbb, 0x09, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x12, 0x0a, + 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x11, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x12, 0x41, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, - 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x12, - 0x43, 0x0a, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, - 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x66, - 0x61, 0x75, 0x6c, 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x09, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x6d, 0x69, - 0x72, 0x72, 0x6f, 0x72, 0x12, 0x45, 0x0a, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, - 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x52, 0x05, 0x6d, + 0x61, 0x74, 0x63, 0x68, 0x12, 0x45, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, + 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, + 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x43, 0x0a, 0x08, 0x72, + 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, + 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x08, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x12, 0x56, 0x0a, 0x0f, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, + 0x6e, 0x73, 0x65, 0x18, 0x15, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x52, 0x0e, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, + 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x3f, 0x0a, 0x08, 0x64, 0x65, 0x6c, 0x65, + 0x67, 0x61, 0x74, 0x65, 0x18, 0x14, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x52, + 0x08, 0x64, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x40, 0x0a, 0x07, 0x72, 0x65, 0x77, + 0x72, 0x69, 0x74, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, 0x69, + 0x74, 0x65, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x33, 0x0a, 0x07, 0x74, + 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, + 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x07, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x12, 0x3e, 0x0a, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x24, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, + 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x69, 0x65, 0x73, + 0x12, 0x43, 0x0a, 0x05, 0x66, 0x61, 0x75, 0x6c, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, + 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, + 0x66, 0x61, 0x75, 0x6c, 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x18, + 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, 0x69, - 0x63, 0x79, 0x52, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x0e, 0x6d, - 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x12, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, 0x75, - 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0d, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x12, 0x4f, 0x0a, 0x11, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, - 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, 0x6d, + 0x69, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x45, 0x0a, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, + 0x18, 0x16, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, + 0x69, 0x63, 0x79, 0x52, 0x07, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x47, 0x0a, 0x0e, + 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x12, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x55, 0x49, 0x6e, 0x74, 0x33, 0x32, 0x56, 0x61, 0x6c, + 0x75, 0x65, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0d, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, + 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x4f, 0x0a, 0x11, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x5f, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x13, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, + 0x63, 0x65, 0x6e, 0x74, 0x52, 0x10, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, 0x63, + 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x12, 0x46, 0x0a, 0x0b, 0x63, 0x6f, 0x72, 0x73, 0x5f, 0x70, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, + 0x63, 0x79, 0x52, 0x0a, 0x63, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3c, + 0x0a, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, 0x63, - 0x65, 0x6e, 0x74, 0x52, 0x10, 0x6d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x65, 0x72, 0x63, 0x65, - 0x6e, 0x74, 0x61, 0x67, 0x65, 0x12, 0x46, 0x0a, 0x0b, 0x63, 0x6f, 0x72, 0x73, 0x5f, 0x70, 0x6f, - 0x6c, 0x69, 0x63, 0x79, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, - 0x79, 0x52, 0x0a, 0x63, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x3c, 0x0a, - 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x10, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, - 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x05, 0x10, - 0x06, 0x4a, 0x04, 0x08, 0x0b, 0x10, 0x10, 0x52, 0x11, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, 0x6b, - 0x65, 0x74, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x52, 0x0e, 0x61, 0x70, 0x70, 0x65, - 0x6e, 0x64, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, - 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, - 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, - 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x3c, 0x0a, 0x08, - 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, - 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, 0xe6, 0x03, 0x0a, 0x07, 0x48, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4d, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x72, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4f, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, - 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, 0x64, - 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x08, 0x72, 0x65, - 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0xba, 0x02, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, 0x03, 0x73, - 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x05, + 0x10, 0x06, 0x4a, 0x04, 0x08, 0x0b, 0x10, 0x10, 0x52, 0x11, 0x77, 0x65, 0x62, 0x73, 0x6f, 0x63, + 0x6b, 0x65, 0x74, 0x5f, 0x75, 0x70, 0x67, 0x72, 0x61, 0x64, 0x65, 0x52, 0x0e, 0x61, 0x70, 0x70, + 0x65, 0x6e, 0x64, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x72, 0x65, 0x6d, + 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, + 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x72, + 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x3c, 0x0a, + 0x08, 0x44, 0x65, 0x6c, 0x65, 0x67, 0x61, 0x74, 0x65, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x1c, 0x0a, + 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x22, 0xe6, 0x03, 0x0a, 0x07, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x4d, 0x0a, 0x07, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x65, - 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x65, 0x74, 0x12, 0x4e, 0x0a, 0x03, 0x61, - 0x64, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x07, 0x72, + 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x4f, 0x0a, 0x08, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, + 0x73, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x41, 0x64, - 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x61, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, 0x72, - 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x6d, - 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, - 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, - 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, 0x41, - 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x22, 0x97, 0x01, 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x12, 0x48, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, - 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x4c, 0x53, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, 0x03, - 0xe0, 0x41, 0x02, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x41, 0x0a, 0x05, 0x72, 0x6f, - 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x08, 0x72, + 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x1a, 0xba, 0x02, 0x0a, 0x10, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x4e, 0x0a, 0x03, + 0x73, 0x65, 0x74, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, - 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x22, 0x91, 0x01, - 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x05, 0x6d, 0x61, - 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, + 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x73, 0x65, 0x74, 0x12, 0x4e, 0x0a, 0x03, + 0x61, 0x64, 0x64, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, - 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x41, - 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, - 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, - 0x65, 0x22, 0xc5, 0x09, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x0b, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x03, 0x75, 0x72, - 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x03, 0x75, 0x72, 0x69, 0x12, 0x3e, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x02, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x73, 0x63, - 0x68, 0x65, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x18, 0x03, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, 0x6d, 0x65, - 0x74, 0x68, 0x6f, 0x64, 0x12, 0x44, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x52, 0x0a, 0x07, 0x68, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, 0x69, 0x73, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x2e, 0x48, 0x65, + 0x61, 0x64, 0x65, 0x72, 0x4f, 0x70, 0x65, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x41, + 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x03, 0x61, 0x64, 0x64, 0x12, 0x16, 0x0a, 0x06, + 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, + 0x6d, 0x6f, 0x76, 0x65, 0x1a, 0x36, 0x0a, 0x08, 0x53, 0x65, 0x74, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, + 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x36, 0x0a, 0x08, + 0x41, 0x64, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x22, 0x98, 0x01, 0x0a, 0x08, 0x54, 0x4c, 0x53, 0x52, 0x6f, 0x75, 0x74, + 0x65, 0x12, 0x49, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x2d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x4c, 0x53, + 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x42, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x41, 0x0a, 0x05, + 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x12, - 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x12, 0x62, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, - 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, - 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, - 0x79, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, - 0x79, 0x73, 0x12, 0x5f, 0x0a, 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, 0x72, 0x61, - 0x6d, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, - 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, - 0x61, 0x6d, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x5f, 0x75, 0x72, - 0x69, 0x5f, 0x63, 0x61, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, 0x69, 0x67, - 0x6e, 0x6f, 0x72, 0x65, 0x55, 0x72, 0x69, 0x43, 0x61, 0x73, 0x65, 0x12, 0x68, 0x0a, 0x0f, 0x77, - 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x0c, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, - 0x74, 0x2e, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0e, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, - 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, - 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, - 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, - 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, 0x66, 0x69, - 0x78, 0x1a, 0x62, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x6b, 0x65, 0x79, 0x12, 0x3c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, - 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, - 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x66, 0x0a, 0x10, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, - 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3c, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x22, + 0x91, 0x01, 0x0a, 0x08, 0x54, 0x43, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x12, 0x42, 0x0a, 0x05, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x2c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, - 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x69, - 0x0a, 0x13, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, + 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, + 0x12, 0x41, 0x0a, 0x05, 0x72, 0x6f, 0x75, 0x74, 0x65, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x2b, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x6f, 0x75, 0x74, + 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x05, 0x72, 0x6f, + 0x75, 0x74, 0x65, 0x22, 0xc5, 0x09, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x0b, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x38, 0x0a, 0x03, + 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x3e, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa3, 0x02, 0x0a, 0x14, 0x48, 0x54, - 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x4d, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, - 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, - 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, - 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x3c, 0x0a, 0x07, 0x68, 0x65, 0x61, - 0x64, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, + 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, + 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x3e, 0x0a, 0x06, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x06, + 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x12, 0x44, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, + 0x69, 0x74, 0x79, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x52, 0x0a, 0x07, + 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x38, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, + 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, + 0x70, 0x6f, 0x72, 0x74, 0x12, 0x62, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, + 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, + 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x73, 0x18, 0x08, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, + 0x77, 0x61, 0x79, 0x73, 0x12, 0x5f, 0x0a, 0x0c, 0x71, 0x75, 0x65, 0x72, 0x79, 0x5f, 0x70, 0x61, + 0x72, 0x61, 0x6d, 0x73, 0x18, 0x09, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3c, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x07, - 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x07, 0x52, 0x17, 0x72, - 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, - 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, 0x72, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, - 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, - 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, 0x6e, 0x64, 0x5f, - 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, - 0x79, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x12, 0x4d, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, - 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, - 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0xea, 0x02, 0x0a, 0x11, 0x4c, - 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, - 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x64, - 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, - 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, - 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0c, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x12, 0x63, 0x0a, 0x0d, 0x73, 0x6f, - 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x04, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, - 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x4c, 0x34, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, - 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, - 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, - 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, - 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, - 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, - 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, - 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, - 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xfe, 0x02, 0x0a, 0x12, 0x54, 0x4c, 0x53, 0x4d, - 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x12, 0x20, - 0x0a, 0x09, 0x73, 0x6e, 0x69, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x09, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x73, 0x6e, 0x69, 0x48, 0x6f, 0x73, 0x74, 0x73, - 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, - 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x12, 0x64, - 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, - 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x64, 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, - 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, - 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, 0x2e, 0x53, 0x6f, 0x75, 0x72, - 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, - 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x06, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, - 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x07, 0x20, 0x01, 0x28, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x2e, 0x51, 0x75, 0x65, 0x72, 0x79, 0x50, 0x61, 0x72, + 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x71, 0x75, 0x65, 0x72, 0x79, 0x50, + 0x61, 0x72, 0x61, 0x6d, 0x73, 0x12, 0x26, 0x0a, 0x0f, 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x5f, + 0x75, 0x72, 0x69, 0x5f, 0x63, 0x61, 0x73, 0x65, 0x18, 0x0a, 0x20, 0x01, 0x28, 0x08, 0x52, 0x0d, + 0x69, 0x67, 0x6e, 0x6f, 0x72, 0x65, 0x55, 0x72, 0x69, 0x43, 0x61, 0x73, 0x65, 0x12, 0x68, 0x0a, + 0x0f, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x18, 0x0c, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x65, 0x71, 0x75, + 0x65, 0x73, 0x74, 0x2e, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0e, 0x77, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, + 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, - 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, - 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, - 0x02, 0x38, 0x01, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, - 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x22, 0xcf, 0x02, 0x0a, 0x0c, 0x48, 0x54, 0x54, - 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, - 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, - 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, 0x0a, 0x04, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, - 0x60, 0x0a, 0x0b, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, + 0x63, 0x65, 0x12, 0x1f, 0x0a, 0x0b, 0x73, 0x74, 0x61, 0x74, 0x5f, 0x70, 0x72, 0x65, 0x66, 0x69, + 0x78, 0x18, 0x0e, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0a, 0x73, 0x74, 0x61, 0x74, 0x50, 0x72, 0x65, + 0x66, 0x69, 0x78, 0x1a, 0x62, 0x0a, 0x0c, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3c, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x2e, 0x52, 0x65, - 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, - 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x50, 0x6f, 0x72, - 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x23, 0x0a, 0x0d, 0x72, 0x65, 0x64, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0d, - 0x52, 0x0c, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x43, 0x6f, 0x64, 0x65, 0x22, 0x49, - 0x0a, 0x15, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, 0x46, 0x52, 0x4f, 0x4d, 0x5f, - 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x44, 0x45, 0x46, 0x41, 0x55, 0x4c, 0x54, - 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x52, 0x45, 0x51, 0x55, 0x45, - 0x53, 0x54, 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x10, 0x01, 0x42, 0x0f, 0x0a, 0x0d, 0x72, 0x65, 0x64, - 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x6a, 0x0a, 0x12, 0x48, 0x54, - 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, - 0x12, 0x1b, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, - 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x37, 0x0a, - 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, + 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, + 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x66, 0x0a, 0x10, 0x51, 0x75, 0x65, 0x72, + 0x79, 0x50, 0x61, 0x72, 0x61, 0x6d, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3c, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, + 0x4d, 0x61, 0x74, 0x63, 0x68, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, + 0x1a, 0x69, 0x0a, 0x13, 0x57, 0x69, 0x74, 0x68, 0x6f, 0x75, 0x74, 0x48, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x3c, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, + 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, + 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xa4, 0x02, 0x0a, 0x14, + 0x48, 0x54, 0x54, 0x50, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x12, 0x3c, 0x0a, 0x07, + 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, + 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, + 0x73, 0x52, 0x07, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x4a, 0x04, 0x08, 0x03, 0x10, 0x07, + 0x52, 0x17, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, + 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x17, 0x61, 0x70, 0x70, 0x65, 0x6e, + 0x64, 0x5f, 0x72, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x52, 0x16, 0x72, 0x65, 0x6d, 0x6f, 0x76, 0x65, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, + 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x52, 0x16, 0x61, 0x70, 0x70, 0x65, + 0x6e, 0x64, 0x5f, 0x72, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, + 0x72, 0x73, 0x22, 0x7a, 0x0a, 0x10, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x44, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x4e, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x42, 0x6f, 0x64, 0x79, - 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x49, 0x0a, 0x08, 0x48, 0x54, 0x54, 0x50, 0x42, 0x6f, - 0x64, 0x79, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x12, 0x16, 0x0a, 0x05, - 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0c, 0x48, 0x00, 0x52, 0x05, 0x62, - 0x79, 0x74, 0x65, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x73, 0x70, 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, - 0x72, 0x22, 0x92, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, - 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, - 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, - 0x79, 0x12, 0x53, 0x0a, 0x11, 0x75, 0x72, 0x69, 0x5f, 0x72, 0x65, 0x67, 0x65, 0x78, 0x5f, 0x72, - 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, + 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x16, 0x0a, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x06, 0x77, 0x65, 0x69, 0x67, 0x68, 0x74, 0x22, 0xea, + 0x02, 0x0a, 0x11, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, + 0x75, 0x74, 0x65, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, + 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x75, + 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x23, 0x0a, 0x0d, 0x73, 0x6f, 0x75, + 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x53, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x12, 0x63, + 0x0a, 0x0d, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, + 0x04, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, + 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, + 0x33, 0x2e, 0x4c, 0x34, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, + 0x74, 0x65, 0x73, 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, + 0x65, 0x6c, 0x73, 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, + 0x05, 0x20, 0x03, 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, + 0x29, 0x0a, 0x10, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, + 0x61, 0x63, 0x65, 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xff, 0x02, 0x0a, 0x12, + 0x54, 0x4c, 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, + 0x65, 0x73, 0x12, 0x21, 0x0a, 0x09, 0x73, 0x6e, 0x69, 0x5f, 0x68, 0x6f, 0x73, 0x74, 0x73, 0x18, + 0x01, 0x20, 0x03, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x73, 0x6e, 0x69, + 0x48, 0x6f, 0x73, 0x74, 0x73, 0x12, 0x2f, 0x0a, 0x13, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, + 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x12, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, + 0x75, 0x62, 0x6e, 0x65, 0x74, 0x73, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0d, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x64, 0x0a, 0x0d, 0x73, 0x6f, + 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x05, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x4c, + 0x53, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x41, 0x74, 0x74, 0x72, 0x69, 0x62, 0x75, 0x74, 0x65, 0x73, + 0x2e, 0x53, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, + 0x72, 0x79, 0x52, 0x0c, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x12, 0x1a, 0x0a, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x18, 0x06, 0x20, 0x03, + 0x28, 0x09, 0x52, 0x08, 0x67, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x12, 0x29, 0x0a, 0x10, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x18, 0x07, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0f, 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x4e, 0x61, + 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x1a, 0x3f, 0x0a, 0x11, 0x53, 0x6f, 0x75, 0x72, 0x63, + 0x65, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, + 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, + 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x4a, 0x04, 0x08, 0x04, 0x10, 0x05, 0x52, 0x0d, + 0x73, 0x6f, 0x75, 0x72, 0x63, 0x65, 0x5f, 0x73, 0x75, 0x62, 0x6e, 0x65, 0x74, 0x22, 0xcf, 0x02, + 0x0a, 0x0c, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x12, 0x10, + 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, + 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x14, + 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0d, 0x48, 0x00, 0x52, 0x04, + 0x70, 0x6f, 0x72, 0x74, 0x12, 0x60, 0x0a, 0x0b, 0x64, 0x65, 0x72, 0x69, 0x76, 0x65, 0x5f, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x3d, 0x2e, 0x69, 0x73, 0x74, 0x69, + 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, + 0x63, 0x74, 0x2e, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, 0x6f, 0x72, 0x74, 0x53, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x64, 0x65, 0x72, 0x69, + 0x76, 0x65, 0x50, 0x6f, 0x72, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, + 0x18, 0x06, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x23, + 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x63, 0x6f, 0x64, 0x65, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x0c, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x43, + 0x6f, 0x64, 0x65, 0x22, 0x49, 0x0a, 0x15, 0x52, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x50, + 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x19, 0x0a, 0x15, + 0x46, 0x52, 0x4f, 0x4d, 0x5f, 0x50, 0x52, 0x4f, 0x54, 0x4f, 0x43, 0x4f, 0x4c, 0x5f, 0x44, 0x45, + 0x46, 0x41, 0x55, 0x4c, 0x54, 0x10, 0x00, 0x12, 0x15, 0x0a, 0x11, 0x46, 0x52, 0x4f, 0x4d, 0x5f, + 0x52, 0x45, 0x51, 0x55, 0x45, 0x53, 0x54, 0x5f, 0x50, 0x4f, 0x52, 0x54, 0x10, 0x01, 0x42, 0x0f, + 0x0a, 0x0d, 0x72, 0x65, 0x64, 0x69, 0x72, 0x65, 0x63, 0x74, 0x5f, 0x70, 0x6f, 0x72, 0x74, 0x22, + 0x6b, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x44, 0x69, 0x72, 0x65, 0x63, 0x74, 0x52, 0x65, 0x73, + 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x06, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, + 0x01, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x73, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x37, 0x0a, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x23, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, + 0x54, 0x50, 0x42, 0x6f, 0x64, 0x79, 0x52, 0x04, 0x62, 0x6f, 0x64, 0x79, 0x22, 0x49, 0x0a, 0x08, + 0x48, 0x54, 0x54, 0x50, 0x42, 0x6f, 0x64, 0x79, 0x12, 0x18, 0x0a, 0x06, 0x73, 0x74, 0x72, 0x69, + 0x6e, 0x67, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x73, 0x74, 0x72, 0x69, + 0x6e, 0x67, 0x12, 0x16, 0x0a, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, + 0x0c, 0x48, 0x00, 0x52, 0x05, 0x62, 0x79, 0x74, 0x65, 0x73, 0x42, 0x0b, 0x0a, 0x09, 0x73, 0x70, + 0x65, 0x63, 0x69, 0x66, 0x69, 0x65, 0x72, 0x22, 0x92, 0x01, 0x0a, 0x0b, 0x48, 0x54, 0x54, 0x50, + 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x10, 0x0a, 0x03, 0x75, 0x72, 0x69, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x75, 0x72, 0x69, 0x12, 0x1c, 0x0a, 0x09, 0x61, 0x75, 0x74, + 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x61, 0x75, + 0x74, 0x68, 0x6f, 0x72, 0x69, 0x74, 0x79, 0x12, 0x53, 0x0a, 0x11, 0x75, 0x72, 0x69, 0x5f, 0x72, + 0x65, 0x67, 0x65, 0x78, 0x5f, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x27, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, + 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, + 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x0f, 0x75, 0x72, 0x69, + 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x3e, 0x0a, 0x0c, + 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, + 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x12, 0x18, 0x0a, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x65, 0x0a, 0x0b, + 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, + 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, + 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, + 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, + 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, + 0x72, 0x65, 0x67, 0x65, 0x78, 0x42, 0x0c, 0x0a, 0x0a, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x22, 0xd9, 0x01, 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, + 0x79, 0x12, 0x1a, 0x0a, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x18, 0x01, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x12, 0x41, 0x0a, + 0x0f, 0x70, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, + 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x54, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, + 0x12, 0x19, 0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x52, 0x0a, 0x17, 0x72, + 0x65, 0x74, 0x72, 0x79, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, + 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, + 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x72, 0x65, 0x74, 0x72, 0x79, 0x52, + 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, + 0x9d, 0x04, 0x0a, 0x0a, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, + 0x0a, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x01, + 0x20, 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, + 0x72, 0x69, 0x67, 0x69, 0x6e, 0x12, 0x4b, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, + 0x72, 0x69, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, 0x65, - 0x77, 0x72, 0x69, 0x74, 0x65, 0x52, 0x0f, 0x75, 0x72, 0x69, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, - 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x3e, 0x0a, 0x0c, 0x52, 0x65, 0x67, 0x65, 0x78, 0x52, - 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x18, 0x0a, 0x07, - 0x72, 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x72, - 0x65, 0x77, 0x72, 0x69, 0x74, 0x65, 0x22, 0x65, 0x0a, 0x0b, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, - 0x4d, 0x61, 0x74, 0x63, 0x68, 0x12, 0x16, 0x0a, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x65, 0x78, 0x61, 0x63, 0x74, 0x12, 0x18, 0x0a, - 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, - 0x06, 0x70, 0x72, 0x65, 0x66, 0x69, 0x78, 0x12, 0x16, 0x0a, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, - 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x05, 0x72, 0x65, 0x67, 0x65, 0x78, 0x42, - 0x0c, 0x0a, 0x0a, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x22, 0xde, 0x01, - 0x0a, 0x09, 0x48, 0x54, 0x54, 0x50, 0x52, 0x65, 0x74, 0x72, 0x79, 0x12, 0x1f, 0x0a, 0x08, 0x61, - 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x03, 0xe0, - 0x41, 0x02, 0x52, 0x08, 0x61, 0x74, 0x74, 0x65, 0x6d, 0x70, 0x74, 0x73, 0x12, 0x41, 0x0a, 0x0f, - 0x70, 0x65, 0x72, 0x5f, 0x74, 0x72, 0x79, 0x5f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, - 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, - 0x52, 0x0d, 0x70, 0x65, 0x72, 0x54, 0x72, 0x79, 0x54, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x12, - 0x19, 0x0a, 0x08, 0x72, 0x65, 0x74, 0x72, 0x79, 0x5f, 0x6f, 0x6e, 0x18, 0x03, 0x20, 0x01, 0x28, - 0x09, 0x52, 0x07, 0x72, 0x65, 0x74, 0x72, 0x79, 0x4f, 0x6e, 0x12, 0x52, 0x0a, 0x17, 0x72, 0x65, - 0x74, 0x72, 0x79, 0x5f, 0x72, 0x65, 0x6d, 0x6f, 0x74, 0x65, 0x5f, 0x6c, 0x6f, 0x63, 0x61, 0x6c, - 0x69, 0x74, 0x69, 0x65, 0x73, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, - 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x72, 0x65, 0x74, 0x72, 0x79, 0x52, 0x65, - 0x6d, 0x6f, 0x74, 0x65, 0x4c, 0x6f, 0x63, 0x61, 0x6c, 0x69, 0x74, 0x69, 0x65, 0x73, 0x22, 0xee, - 0x02, 0x0a, 0x0a, 0x43, 0x6f, 0x72, 0x73, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x25, 0x0a, - 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, 0x69, 0x67, 0x69, 0x6e, 0x18, 0x01, 0x20, - 0x03, 0x28, 0x09, 0x42, 0x02, 0x18, 0x01, 0x52, 0x0b, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, - 0x69, 0x67, 0x69, 0x6e, 0x12, 0x4b, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6f, 0x72, - 0x69, 0x67, 0x69, 0x6e, 0x73, 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, 0x61, - 0x74, 0x63, 0x68, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, 0x6e, - 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, - 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4d, - 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, - 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, - 0x6c, 0x6c, 0x6f, 0x77, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x65, - 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, 0x20, - 0x03, 0x28, 0x09, 0x52, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, 0x65, - 0x72, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, 0x06, - 0x6d, 0x61, 0x78, 0x41, 0x67, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, - 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x01, 0x28, - 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, 0x61, - 0x6c, 0x6c, 0x6f, 0x77, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x22, - 0x8f, 0x05, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, + 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x53, 0x74, 0x72, 0x69, 0x6e, 0x67, 0x4d, + 0x61, 0x74, 0x63, 0x68, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x4f, 0x72, 0x69, 0x67, 0x69, + 0x6e, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x5f, 0x6d, 0x65, 0x74, 0x68, + 0x6f, 0x64, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x4d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x73, 0x12, 0x23, 0x0a, 0x0d, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0c, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x12, 0x25, 0x0a, 0x0e, + 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x04, + 0x20, 0x03, 0x28, 0x09, 0x52, 0x0d, 0x65, 0x78, 0x70, 0x6f, 0x73, 0x65, 0x48, 0x65, 0x61, 0x64, + 0x65, 0x72, 0x73, 0x12, 0x32, 0x0a, 0x07, 0x6d, 0x61, 0x78, 0x5f, 0x61, 0x67, 0x65, 0x18, 0x05, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, + 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x52, + 0x06, 0x6d, 0x61, 0x78, 0x41, 0x67, 0x65, 0x12, 0x47, 0x0a, 0x11, 0x61, 0x6c, 0x6c, 0x6f, 0x77, + 0x5f, 0x63, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, 0x18, 0x06, 0x20, 0x01, + 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, + 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x10, + 0x61, 0x6c, 0x6c, 0x6f, 0x77, 0x43, 0x72, 0x65, 0x64, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x73, + 0x12, 0x6c, 0x0a, 0x14, 0x75, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x70, 0x72, + 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x39, + 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x43, 0x6f, 0x72, 0x73, 0x50, + 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x2e, 0x55, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, + 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x52, 0x13, 0x75, 0x6e, 0x6d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x6c, 0x69, 0x67, 0x68, 0x74, 0x73, 0x22, 0x3f, + 0x0a, 0x13, 0x55, 0x6e, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x50, 0x72, 0x65, 0x66, 0x6c, + 0x69, 0x67, 0x68, 0x74, 0x73, 0x12, 0x0f, 0x0a, 0x0b, 0x55, 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, + 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0b, 0x0a, 0x07, 0x46, 0x4f, 0x52, 0x57, 0x41, 0x52, + 0x44, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x10, 0x02, 0x22, + 0x85, 0x05, 0x0a, 0x12, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x49, 0x0a, 0x05, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, @@ -4556,56 +3898,56 @@ var file_networking_v1alpha3_virtual_service_proto_rawDesc = []byte{ 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x46, 0x61, 0x75, 0x6c, 0x74, 0x49, 0x6e, 0x6a, 0x65, 0x63, 0x74, 0x69, 0x6f, 0x6e, 0x2e, - 0x41, 0x62, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x1a, 0x89, 0x02, 0x0a, + 0x41, 0x62, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x61, 0x62, 0x6f, 0x72, 0x74, 0x1a, 0x84, 0x02, 0x0a, 0x05, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x1c, 0x0a, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x05, 0x42, 0x02, 0x18, 0x01, 0x52, 0x07, 0x70, 0x65, 0x72, - 0x63, 0x65, 0x6e, 0x74, 0x12, 0x41, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x5f, 0x64, 0x65, + 0x63, 0x65, 0x6e, 0x74, 0x12, 0x3c, 0x0a, 0x0b, 0x66, 0x69, 0x78, 0x65, 0x64, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, - 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x78, - 0x65, 0x64, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x48, 0x0a, 0x11, 0x65, 0x78, 0x70, 0x6f, 0x6e, - 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, - 0x10, 0x65, 0x78, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, - 0x79, 0x12, 0x42, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, - 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, - 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, - 0x33, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, - 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, 0x11, 0x0a, 0x0f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x64, 0x65, - 0x6c, 0x61, 0x79, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x1a, 0xd6, 0x01, 0x0a, 0x05, 0x41, 0x62, 0x6f, - 0x72, 0x74, 0x12, 0x26, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, - 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x48, 0x00, 0x52, 0x0a, - 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x72, - 0x70, 0x63, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, - 0x00, 0x52, 0x0a, 0x67, 0x72, 0x70, 0x63, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, - 0x0b, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x32, 0x45, 0x72, 0x72, 0x6f, 0x72, - 0x12, 0x42, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, - 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, - 0x74, 0x61, 0x67, 0x65, 0x42, 0x0c, 0x0a, 0x0a, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x5f, 0x74, 0x79, - 0x70, 0x65, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x07, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, - 0x74, 0x22, 0xa5, 0x01, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, - 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x4d, 0x0a, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, - 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, - 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x42, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, - 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, - 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, - 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x22, 0x32, 0x0a, 0x0c, 0x50, 0x6f, 0x72, - 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, - 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, - 0x72, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x1f, 0x0a, - 0x07, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, - 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x22, - 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, - 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, - 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x0a, 0x66, 0x69, 0x78, 0x65, 0x64, 0x44, 0x65, 0x6c, + 0x61, 0x79, 0x12, 0x48, 0x0a, 0x11, 0x65, 0x78, 0x70, 0x6f, 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, + 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x19, 0x2e, + 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, + 0x44, 0x75, 0x72, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x48, 0x00, 0x52, 0x10, 0x65, 0x78, 0x70, 0x6f, + 0x6e, 0x65, 0x6e, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x12, 0x42, 0x0a, 0x0a, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, + 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, + 0x42, 0x11, 0x0a, 0x0f, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x74, + 0x79, 0x70, 0x65, 0x1a, 0xd1, 0x01, 0x0a, 0x05, 0x41, 0x62, 0x6f, 0x72, 0x74, 0x12, 0x21, 0x0a, + 0x0b, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x05, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, 0x53, 0x74, 0x61, 0x74, 0x75, 0x73, + 0x12, 0x21, 0x0a, 0x0b, 0x67, 0x72, 0x70, 0x63, 0x5f, 0x73, 0x74, 0x61, 0x74, 0x75, 0x73, 0x18, + 0x03, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x67, 0x72, 0x70, 0x63, 0x53, 0x74, 0x61, + 0x74, 0x75, 0x73, 0x12, 0x21, 0x0a, 0x0b, 0x68, 0x74, 0x74, 0x70, 0x32, 0x5f, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x48, 0x00, 0x52, 0x0a, 0x68, 0x74, 0x74, 0x70, + 0x32, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x42, 0x0a, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, + 0x74, 0x61, 0x67, 0x65, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, + 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, + 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x42, 0x0c, 0x0a, 0x0a, 0x65, 0x72, + 0x72, 0x6f, 0x72, 0x5f, 0x74, 0x79, 0x70, 0x65, 0x4a, 0x04, 0x08, 0x01, 0x10, 0x02, 0x52, 0x07, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x22, 0xa6, 0x01, 0x0a, 0x10, 0x48, 0x54, 0x54, 0x50, + 0x4d, 0x69, 0x72, 0x72, 0x6f, 0x72, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x12, 0x4e, 0x0a, 0x0b, + 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0b, 0x32, 0x26, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, + 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x44, 0x65, + 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, + 0x0b, 0x64, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x12, 0x42, 0x0a, 0x0a, + 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x22, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, + 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x50, 0x65, 0x72, + 0x63, 0x65, 0x6e, 0x74, 0x52, 0x0a, 0x70, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x61, 0x67, 0x65, + 0x22, 0x32, 0x0a, 0x0c, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, + 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, + 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x4a, 0x04, 0x08, 0x02, 0x10, 0x03, 0x52, 0x04, + 0x6e, 0x61, 0x6d, 0x65, 0x22, 0x1f, 0x0a, 0x07, 0x50, 0x65, 0x72, 0x63, 0x65, 0x6e, 0x74, 0x12, + 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x01, 0x52, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, + 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, + 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, + 0x33, } var ( @@ -4620,114 +3962,116 @@ func file_networking_v1alpha3_virtual_service_proto_rawDescGZIP() []byte { return file_networking_v1alpha3_virtual_service_proto_rawDescData } -var file_networking_v1alpha3_virtual_service_proto_enumTypes = make([]protoimpl.EnumInfo, 1) +var file_networking_v1alpha3_virtual_service_proto_enumTypes = make([]protoimpl.EnumInfo, 2) var file_networking_v1alpha3_virtual_service_proto_msgTypes = make([]protoimpl.MessageInfo, 35) -var file_networking_v1alpha3_virtual_service_proto_goTypes = []interface{}{ +var file_networking_v1alpha3_virtual_service_proto_goTypes = []any{ (HTTPRedirect_RedirectPortSelection)(0), // 0: istio.networking.v1alpha3.HTTPRedirect.RedirectPortSelection - (*VirtualService)(nil), // 1: istio.networking.v1alpha3.VirtualService - (*Destination)(nil), // 2: istio.networking.v1alpha3.Destination - (*HTTPRoute)(nil), // 3: istio.networking.v1alpha3.HTTPRoute - (*Delegate)(nil), // 4: istio.networking.v1alpha3.Delegate - (*Headers)(nil), // 5: istio.networking.v1alpha3.Headers - (*TLSRoute)(nil), // 6: istio.networking.v1alpha3.TLSRoute - (*TCPRoute)(nil), // 7: istio.networking.v1alpha3.TCPRoute - (*HTTPMatchRequest)(nil), // 8: istio.networking.v1alpha3.HTTPMatchRequest - (*HTTPRouteDestination)(nil), // 9: istio.networking.v1alpha3.HTTPRouteDestination - (*RouteDestination)(nil), // 10: istio.networking.v1alpha3.RouteDestination - (*L4MatchAttributes)(nil), // 11: istio.networking.v1alpha3.L4MatchAttributes - (*TLSMatchAttributes)(nil), // 12: istio.networking.v1alpha3.TLSMatchAttributes - (*HTTPRedirect)(nil), // 13: istio.networking.v1alpha3.HTTPRedirect - (*HTTPDirectResponse)(nil), // 14: istio.networking.v1alpha3.HTTPDirectResponse - (*HTTPBody)(nil), // 15: istio.networking.v1alpha3.HTTPBody - (*HTTPRewrite)(nil), // 16: istio.networking.v1alpha3.HTTPRewrite - (*RegexRewrite)(nil), // 17: istio.networking.v1alpha3.RegexRewrite - (*StringMatch)(nil), // 18: istio.networking.v1alpha3.StringMatch - (*HTTPRetry)(nil), // 19: istio.networking.v1alpha3.HTTPRetry - (*CorsPolicy)(nil), // 20: istio.networking.v1alpha3.CorsPolicy - (*HTTPFaultInjection)(nil), // 21: istio.networking.v1alpha3.HTTPFaultInjection - (*HTTPMirrorPolicy)(nil), // 22: istio.networking.v1alpha3.HTTPMirrorPolicy - (*PortSelector)(nil), // 23: istio.networking.v1alpha3.PortSelector - (*Percent)(nil), // 24: istio.networking.v1alpha3.Percent - (*Headers_HeaderOperations)(nil), // 25: istio.networking.v1alpha3.Headers.HeaderOperations - nil, // 26: istio.networking.v1alpha3.Headers.HeaderOperations.SetEntry - nil, // 27: istio.networking.v1alpha3.Headers.HeaderOperations.AddEntry - nil, // 28: istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry - nil, // 29: istio.networking.v1alpha3.HTTPMatchRequest.SourceLabelsEntry - nil, // 30: istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry - nil, // 31: istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry - nil, // 32: istio.networking.v1alpha3.L4MatchAttributes.SourceLabelsEntry - nil, // 33: istio.networking.v1alpha3.TLSMatchAttributes.SourceLabelsEntry - (*HTTPFaultInjection_Delay)(nil), // 34: istio.networking.v1alpha3.HTTPFaultInjection.Delay - (*HTTPFaultInjection_Abort)(nil), // 35: istio.networking.v1alpha3.HTTPFaultInjection.Abort - (*duration.Duration)(nil), // 36: google.protobuf.Duration - (*wrappers.UInt32Value)(nil), // 37: google.protobuf.UInt32Value - (*wrappers.BoolValue)(nil), // 38: google.protobuf.BoolValue + (CorsPolicy_UnmatchedPreflights)(0), // 1: istio.networking.v1alpha3.CorsPolicy.UnmatchedPreflights + (*VirtualService)(nil), // 2: istio.networking.v1alpha3.VirtualService + (*Destination)(nil), // 3: istio.networking.v1alpha3.Destination + (*HTTPRoute)(nil), // 4: istio.networking.v1alpha3.HTTPRoute + (*Delegate)(nil), // 5: istio.networking.v1alpha3.Delegate + (*Headers)(nil), // 6: istio.networking.v1alpha3.Headers + (*TLSRoute)(nil), // 7: istio.networking.v1alpha3.TLSRoute + (*TCPRoute)(nil), // 8: istio.networking.v1alpha3.TCPRoute + (*HTTPMatchRequest)(nil), // 9: istio.networking.v1alpha3.HTTPMatchRequest + (*HTTPRouteDestination)(nil), // 10: istio.networking.v1alpha3.HTTPRouteDestination + (*RouteDestination)(nil), // 11: istio.networking.v1alpha3.RouteDestination + (*L4MatchAttributes)(nil), // 12: istio.networking.v1alpha3.L4MatchAttributes + (*TLSMatchAttributes)(nil), // 13: istio.networking.v1alpha3.TLSMatchAttributes + (*HTTPRedirect)(nil), // 14: istio.networking.v1alpha3.HTTPRedirect + (*HTTPDirectResponse)(nil), // 15: istio.networking.v1alpha3.HTTPDirectResponse + (*HTTPBody)(nil), // 16: istio.networking.v1alpha3.HTTPBody + (*HTTPRewrite)(nil), // 17: istio.networking.v1alpha3.HTTPRewrite + (*RegexRewrite)(nil), // 18: istio.networking.v1alpha3.RegexRewrite + (*StringMatch)(nil), // 19: istio.networking.v1alpha3.StringMatch + (*HTTPRetry)(nil), // 20: istio.networking.v1alpha3.HTTPRetry + (*CorsPolicy)(nil), // 21: istio.networking.v1alpha3.CorsPolicy + (*HTTPFaultInjection)(nil), // 22: istio.networking.v1alpha3.HTTPFaultInjection + (*HTTPMirrorPolicy)(nil), // 23: istio.networking.v1alpha3.HTTPMirrorPolicy + (*PortSelector)(nil), // 24: istio.networking.v1alpha3.PortSelector + (*Percent)(nil), // 25: istio.networking.v1alpha3.Percent + (*Headers_HeaderOperations)(nil), // 26: istio.networking.v1alpha3.Headers.HeaderOperations + nil, // 27: istio.networking.v1alpha3.Headers.HeaderOperations.SetEntry + nil, // 28: istio.networking.v1alpha3.Headers.HeaderOperations.AddEntry + nil, // 29: istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry + nil, // 30: istio.networking.v1alpha3.HTTPMatchRequest.SourceLabelsEntry + nil, // 31: istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry + nil, // 32: istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry + nil, // 33: istio.networking.v1alpha3.L4MatchAttributes.SourceLabelsEntry + nil, // 34: istio.networking.v1alpha3.TLSMatchAttributes.SourceLabelsEntry + (*HTTPFaultInjection_Delay)(nil), // 35: istio.networking.v1alpha3.HTTPFaultInjection.Delay + (*HTTPFaultInjection_Abort)(nil), // 36: istio.networking.v1alpha3.HTTPFaultInjection.Abort + (*duration.Duration)(nil), // 37: google.protobuf.Duration + (*wrappers.UInt32Value)(nil), // 38: google.protobuf.UInt32Value + (*wrappers.BoolValue)(nil), // 39: google.protobuf.BoolValue } var file_networking_v1alpha3_virtual_service_proto_depIdxs = []int32{ - 3, // 0: istio.networking.v1alpha3.VirtualService.http:type_name -> istio.networking.v1alpha3.HTTPRoute - 6, // 1: istio.networking.v1alpha3.VirtualService.tls:type_name -> istio.networking.v1alpha3.TLSRoute - 7, // 2: istio.networking.v1alpha3.VirtualService.tcp:type_name -> istio.networking.v1alpha3.TCPRoute - 23, // 3: istio.networking.v1alpha3.Destination.port:type_name -> istio.networking.v1alpha3.PortSelector - 8, // 4: istio.networking.v1alpha3.HTTPRoute.match:type_name -> istio.networking.v1alpha3.HTTPMatchRequest - 9, // 5: istio.networking.v1alpha3.HTTPRoute.route:type_name -> istio.networking.v1alpha3.HTTPRouteDestination - 13, // 6: istio.networking.v1alpha3.HTTPRoute.redirect:type_name -> istio.networking.v1alpha3.HTTPRedirect - 14, // 7: istio.networking.v1alpha3.HTTPRoute.direct_response:type_name -> istio.networking.v1alpha3.HTTPDirectResponse - 4, // 8: istio.networking.v1alpha3.HTTPRoute.delegate:type_name -> istio.networking.v1alpha3.Delegate - 16, // 9: istio.networking.v1alpha3.HTTPRoute.rewrite:type_name -> istio.networking.v1alpha3.HTTPRewrite - 36, // 10: istio.networking.v1alpha3.HTTPRoute.timeout:type_name -> google.protobuf.Duration - 19, // 11: istio.networking.v1alpha3.HTTPRoute.retries:type_name -> istio.networking.v1alpha3.HTTPRetry - 21, // 12: istio.networking.v1alpha3.HTTPRoute.fault:type_name -> istio.networking.v1alpha3.HTTPFaultInjection - 2, // 13: istio.networking.v1alpha3.HTTPRoute.mirror:type_name -> istio.networking.v1alpha3.Destination - 22, // 14: istio.networking.v1alpha3.HTTPRoute.mirrors:type_name -> istio.networking.v1alpha3.HTTPMirrorPolicy - 37, // 15: istio.networking.v1alpha3.HTTPRoute.mirror_percent:type_name -> google.protobuf.UInt32Value - 24, // 16: istio.networking.v1alpha3.HTTPRoute.mirror_percentage:type_name -> istio.networking.v1alpha3.Percent - 20, // 17: istio.networking.v1alpha3.HTTPRoute.cors_policy:type_name -> istio.networking.v1alpha3.CorsPolicy - 5, // 18: istio.networking.v1alpha3.HTTPRoute.headers:type_name -> istio.networking.v1alpha3.Headers - 25, // 19: istio.networking.v1alpha3.Headers.request:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations - 25, // 20: istio.networking.v1alpha3.Headers.response:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations - 12, // 21: istio.networking.v1alpha3.TLSRoute.match:type_name -> istio.networking.v1alpha3.TLSMatchAttributes - 10, // 22: istio.networking.v1alpha3.TLSRoute.route:type_name -> istio.networking.v1alpha3.RouteDestination - 11, // 23: istio.networking.v1alpha3.TCPRoute.match:type_name -> istio.networking.v1alpha3.L4MatchAttributes - 10, // 24: istio.networking.v1alpha3.TCPRoute.route:type_name -> istio.networking.v1alpha3.RouteDestination - 18, // 25: istio.networking.v1alpha3.HTTPMatchRequest.uri:type_name -> istio.networking.v1alpha3.StringMatch - 18, // 26: istio.networking.v1alpha3.HTTPMatchRequest.scheme:type_name -> istio.networking.v1alpha3.StringMatch - 18, // 27: istio.networking.v1alpha3.HTTPMatchRequest.method:type_name -> istio.networking.v1alpha3.StringMatch - 18, // 28: istio.networking.v1alpha3.HTTPMatchRequest.authority:type_name -> istio.networking.v1alpha3.StringMatch - 28, // 29: istio.networking.v1alpha3.HTTPMatchRequest.headers:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry - 29, // 30: istio.networking.v1alpha3.HTTPMatchRequest.source_labels:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.SourceLabelsEntry - 30, // 31: istio.networking.v1alpha3.HTTPMatchRequest.query_params:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry - 31, // 32: istio.networking.v1alpha3.HTTPMatchRequest.without_headers:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry - 2, // 33: istio.networking.v1alpha3.HTTPRouteDestination.destination:type_name -> istio.networking.v1alpha3.Destination - 5, // 34: istio.networking.v1alpha3.HTTPRouteDestination.headers:type_name -> istio.networking.v1alpha3.Headers - 2, // 35: istio.networking.v1alpha3.RouteDestination.destination:type_name -> istio.networking.v1alpha3.Destination - 32, // 36: istio.networking.v1alpha3.L4MatchAttributes.source_labels:type_name -> istio.networking.v1alpha3.L4MatchAttributes.SourceLabelsEntry - 33, // 37: istio.networking.v1alpha3.TLSMatchAttributes.source_labels:type_name -> istio.networking.v1alpha3.TLSMatchAttributes.SourceLabelsEntry + 4, // 0: istio.networking.v1alpha3.VirtualService.http:type_name -> istio.networking.v1alpha3.HTTPRoute + 7, // 1: istio.networking.v1alpha3.VirtualService.tls:type_name -> istio.networking.v1alpha3.TLSRoute + 8, // 2: istio.networking.v1alpha3.VirtualService.tcp:type_name -> istio.networking.v1alpha3.TCPRoute + 24, // 3: istio.networking.v1alpha3.Destination.port:type_name -> istio.networking.v1alpha3.PortSelector + 9, // 4: istio.networking.v1alpha3.HTTPRoute.match:type_name -> istio.networking.v1alpha3.HTTPMatchRequest + 10, // 5: istio.networking.v1alpha3.HTTPRoute.route:type_name -> istio.networking.v1alpha3.HTTPRouteDestination + 14, // 6: istio.networking.v1alpha3.HTTPRoute.redirect:type_name -> istio.networking.v1alpha3.HTTPRedirect + 15, // 7: istio.networking.v1alpha3.HTTPRoute.direct_response:type_name -> istio.networking.v1alpha3.HTTPDirectResponse + 5, // 8: istio.networking.v1alpha3.HTTPRoute.delegate:type_name -> istio.networking.v1alpha3.Delegate + 17, // 9: istio.networking.v1alpha3.HTTPRoute.rewrite:type_name -> istio.networking.v1alpha3.HTTPRewrite + 37, // 10: istio.networking.v1alpha3.HTTPRoute.timeout:type_name -> google.protobuf.Duration + 20, // 11: istio.networking.v1alpha3.HTTPRoute.retries:type_name -> istio.networking.v1alpha3.HTTPRetry + 22, // 12: istio.networking.v1alpha3.HTTPRoute.fault:type_name -> istio.networking.v1alpha3.HTTPFaultInjection + 3, // 13: istio.networking.v1alpha3.HTTPRoute.mirror:type_name -> istio.networking.v1alpha3.Destination + 23, // 14: istio.networking.v1alpha3.HTTPRoute.mirrors:type_name -> istio.networking.v1alpha3.HTTPMirrorPolicy + 38, // 15: istio.networking.v1alpha3.HTTPRoute.mirror_percent:type_name -> google.protobuf.UInt32Value + 25, // 16: istio.networking.v1alpha3.HTTPRoute.mirror_percentage:type_name -> istio.networking.v1alpha3.Percent + 21, // 17: istio.networking.v1alpha3.HTTPRoute.cors_policy:type_name -> istio.networking.v1alpha3.CorsPolicy + 6, // 18: istio.networking.v1alpha3.HTTPRoute.headers:type_name -> istio.networking.v1alpha3.Headers + 26, // 19: istio.networking.v1alpha3.Headers.request:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations + 26, // 20: istio.networking.v1alpha3.Headers.response:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations + 13, // 21: istio.networking.v1alpha3.TLSRoute.match:type_name -> istio.networking.v1alpha3.TLSMatchAttributes + 11, // 22: istio.networking.v1alpha3.TLSRoute.route:type_name -> istio.networking.v1alpha3.RouteDestination + 12, // 23: istio.networking.v1alpha3.TCPRoute.match:type_name -> istio.networking.v1alpha3.L4MatchAttributes + 11, // 24: istio.networking.v1alpha3.TCPRoute.route:type_name -> istio.networking.v1alpha3.RouteDestination + 19, // 25: istio.networking.v1alpha3.HTTPMatchRequest.uri:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 26: istio.networking.v1alpha3.HTTPMatchRequest.scheme:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 27: istio.networking.v1alpha3.HTTPMatchRequest.method:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 28: istio.networking.v1alpha3.HTTPMatchRequest.authority:type_name -> istio.networking.v1alpha3.StringMatch + 29, // 29: istio.networking.v1alpha3.HTTPMatchRequest.headers:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry + 30, // 30: istio.networking.v1alpha3.HTTPMatchRequest.source_labels:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.SourceLabelsEntry + 31, // 31: istio.networking.v1alpha3.HTTPMatchRequest.query_params:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry + 32, // 32: istio.networking.v1alpha3.HTTPMatchRequest.without_headers:type_name -> istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry + 3, // 33: istio.networking.v1alpha3.HTTPRouteDestination.destination:type_name -> istio.networking.v1alpha3.Destination + 6, // 34: istio.networking.v1alpha3.HTTPRouteDestination.headers:type_name -> istio.networking.v1alpha3.Headers + 3, // 35: istio.networking.v1alpha3.RouteDestination.destination:type_name -> istio.networking.v1alpha3.Destination + 33, // 36: istio.networking.v1alpha3.L4MatchAttributes.source_labels:type_name -> istio.networking.v1alpha3.L4MatchAttributes.SourceLabelsEntry + 34, // 37: istio.networking.v1alpha3.TLSMatchAttributes.source_labels:type_name -> istio.networking.v1alpha3.TLSMatchAttributes.SourceLabelsEntry 0, // 38: istio.networking.v1alpha3.HTTPRedirect.derive_port:type_name -> istio.networking.v1alpha3.HTTPRedirect.RedirectPortSelection - 15, // 39: istio.networking.v1alpha3.HTTPDirectResponse.body:type_name -> istio.networking.v1alpha3.HTTPBody - 17, // 40: istio.networking.v1alpha3.HTTPRewrite.uri_regex_rewrite:type_name -> istio.networking.v1alpha3.RegexRewrite - 36, // 41: istio.networking.v1alpha3.HTTPRetry.per_try_timeout:type_name -> google.protobuf.Duration - 38, // 42: istio.networking.v1alpha3.HTTPRetry.retry_remote_localities:type_name -> google.protobuf.BoolValue - 18, // 43: istio.networking.v1alpha3.CorsPolicy.allow_origins:type_name -> istio.networking.v1alpha3.StringMatch - 36, // 44: istio.networking.v1alpha3.CorsPolicy.max_age:type_name -> google.protobuf.Duration - 38, // 45: istio.networking.v1alpha3.CorsPolicy.allow_credentials:type_name -> google.protobuf.BoolValue - 34, // 46: istio.networking.v1alpha3.HTTPFaultInjection.delay:type_name -> istio.networking.v1alpha3.HTTPFaultInjection.Delay - 35, // 47: istio.networking.v1alpha3.HTTPFaultInjection.abort:type_name -> istio.networking.v1alpha3.HTTPFaultInjection.Abort - 2, // 48: istio.networking.v1alpha3.HTTPMirrorPolicy.destination:type_name -> istio.networking.v1alpha3.Destination - 24, // 49: istio.networking.v1alpha3.HTTPMirrorPolicy.percentage:type_name -> istio.networking.v1alpha3.Percent - 26, // 50: istio.networking.v1alpha3.Headers.HeaderOperations.set:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations.SetEntry - 27, // 51: istio.networking.v1alpha3.Headers.HeaderOperations.add:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations.AddEntry - 18, // 52: istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry.value:type_name -> istio.networking.v1alpha3.StringMatch - 18, // 53: istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry.value:type_name -> istio.networking.v1alpha3.StringMatch - 18, // 54: istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry.value:type_name -> istio.networking.v1alpha3.StringMatch - 36, // 55: istio.networking.v1alpha3.HTTPFaultInjection.Delay.fixed_delay:type_name -> google.protobuf.Duration - 36, // 56: istio.networking.v1alpha3.HTTPFaultInjection.Delay.exponential_delay:type_name -> google.protobuf.Duration - 24, // 57: istio.networking.v1alpha3.HTTPFaultInjection.Delay.percentage:type_name -> istio.networking.v1alpha3.Percent - 24, // 58: istio.networking.v1alpha3.HTTPFaultInjection.Abort.percentage:type_name -> istio.networking.v1alpha3.Percent - 59, // [59:59] is the sub-list for method output_type - 59, // [59:59] is the sub-list for method input_type - 59, // [59:59] is the sub-list for extension type_name - 59, // [59:59] is the sub-list for extension extendee - 0, // [0:59] is the sub-list for field type_name + 16, // 39: istio.networking.v1alpha3.HTTPDirectResponse.body:type_name -> istio.networking.v1alpha3.HTTPBody + 18, // 40: istio.networking.v1alpha3.HTTPRewrite.uri_regex_rewrite:type_name -> istio.networking.v1alpha3.RegexRewrite + 37, // 41: istio.networking.v1alpha3.HTTPRetry.per_try_timeout:type_name -> google.protobuf.Duration + 39, // 42: istio.networking.v1alpha3.HTTPRetry.retry_remote_localities:type_name -> google.protobuf.BoolValue + 19, // 43: istio.networking.v1alpha3.CorsPolicy.allow_origins:type_name -> istio.networking.v1alpha3.StringMatch + 37, // 44: istio.networking.v1alpha3.CorsPolicy.max_age:type_name -> google.protobuf.Duration + 39, // 45: istio.networking.v1alpha3.CorsPolicy.allow_credentials:type_name -> google.protobuf.BoolValue + 1, // 46: istio.networking.v1alpha3.CorsPolicy.unmatched_preflights:type_name -> istio.networking.v1alpha3.CorsPolicy.UnmatchedPreflights + 35, // 47: istio.networking.v1alpha3.HTTPFaultInjection.delay:type_name -> istio.networking.v1alpha3.HTTPFaultInjection.Delay + 36, // 48: istio.networking.v1alpha3.HTTPFaultInjection.abort:type_name -> istio.networking.v1alpha3.HTTPFaultInjection.Abort + 3, // 49: istio.networking.v1alpha3.HTTPMirrorPolicy.destination:type_name -> istio.networking.v1alpha3.Destination + 25, // 50: istio.networking.v1alpha3.HTTPMirrorPolicy.percentage:type_name -> istio.networking.v1alpha3.Percent + 27, // 51: istio.networking.v1alpha3.Headers.HeaderOperations.set:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations.SetEntry + 28, // 52: istio.networking.v1alpha3.Headers.HeaderOperations.add:type_name -> istio.networking.v1alpha3.Headers.HeaderOperations.AddEntry + 19, // 53: istio.networking.v1alpha3.HTTPMatchRequest.HeadersEntry.value:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 54: istio.networking.v1alpha3.HTTPMatchRequest.QueryParamsEntry.value:type_name -> istio.networking.v1alpha3.StringMatch + 19, // 55: istio.networking.v1alpha3.HTTPMatchRequest.WithoutHeadersEntry.value:type_name -> istio.networking.v1alpha3.StringMatch + 37, // 56: istio.networking.v1alpha3.HTTPFaultInjection.Delay.fixed_delay:type_name -> google.protobuf.Duration + 37, // 57: istio.networking.v1alpha3.HTTPFaultInjection.Delay.exponential_delay:type_name -> google.protobuf.Duration + 25, // 58: istio.networking.v1alpha3.HTTPFaultInjection.Delay.percentage:type_name -> istio.networking.v1alpha3.Percent + 25, // 59: istio.networking.v1alpha3.HTTPFaultInjection.Abort.percentage:type_name -> istio.networking.v1alpha3.Percent + 60, // [60:60] is the sub-list for method output_type + 60, // [60:60] is the sub-list for method input_type + 60, // [60:60] is the sub-list for extension type_name + 60, // [60:60] is the sub-list for extension extendee + 0, // [0:60] is the sub-list for field type_name } func init() { file_networking_v1alpha3_virtual_service_proto_init() } @@ -4735,350 +4079,24 @@ func file_networking_v1alpha3_virtual_service_proto_init() { if File_networking_v1alpha3_virtual_service_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_networking_v1alpha3_virtual_service_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VirtualService); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Destination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Delegate); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Headers); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TLSRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TCPRoute); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[7].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPMatchRequest); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[8].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRouteDestination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[9].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RouteDestination); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[10].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*L4MatchAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[11].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TLSMatchAttributes); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[12].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRedirect); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[13].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPDirectResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[14].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPBody); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[15].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRewrite); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[16].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RegexRewrite); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[17].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*StringMatch); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[18].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPRetry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*CorsPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPMirrorPolicy); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PortSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Percent); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*Headers_HeaderOperations); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[33].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection_Delay); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[34].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPFaultInjection_Abort); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1alpha3_virtual_service_proto_msgTypes[12].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[12].OneofWrappers = []any{ (*HTTPRedirect_Port)(nil), (*HTTPRedirect_DerivePort)(nil), } - file_networking_v1alpha3_virtual_service_proto_msgTypes[14].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[14].OneofWrappers = []any{ (*HTTPBody_String_)(nil), (*HTTPBody_Bytes)(nil), } - file_networking_v1alpha3_virtual_service_proto_msgTypes[17].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[17].OneofWrappers = []any{ (*StringMatch_Exact)(nil), (*StringMatch_Prefix)(nil), (*StringMatch_Regex)(nil), } - file_networking_v1alpha3_virtual_service_proto_msgTypes[33].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[33].OneofWrappers = []any{ (*HTTPFaultInjection_Delay_FixedDelay)(nil), (*HTTPFaultInjection_Delay_ExponentialDelay)(nil), } - file_networking_v1alpha3_virtual_service_proto_msgTypes[34].OneofWrappers = []interface{}{ + file_networking_v1alpha3_virtual_service_proto_msgTypes[34].OneofWrappers = []any{ (*HTTPFaultInjection_Abort_HttpStatus)(nil), (*HTTPFaultInjection_Abort_GrpcStatus)(nil), (*HTTPFaultInjection_Abort_Http2Error)(nil), @@ -5088,7 +4106,7 @@ func file_networking_v1alpha3_virtual_service_proto_init() { File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_networking_v1alpha3_virtual_service_proto_rawDesc, - NumEnums: 1, + NumEnums: 2, NumMessages: 35, NumExtensions: 0, NumServices: 0, diff --git a/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.html b/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.html index d7f328d18..912f74a0c 100644 --- a/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/virtual_service.pb.html @@ -6,7 +6,7 @@ generator: protoc-gen-docs schema: istio.networking.v1alpha3.VirtualService aliases: [/docs/reference/config/networking/v1alpha3/virtual-service] -number_of_entries: 28 +number_of_entries: 30 ---

    Configuration affecting traffic routing. Here are a few terms useful to define in the context of traffic routing.

    @@ -41,9 +41,7 @@ pods of the reviews service with label “version: v1”. In addition, HTTP requests with path starting with /wpcatalog/ or /consumercatalog/ will be rewritten to /newcatalog and sent to pods with label “version: v2”.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: reviews-route
    @@ -69,42 +67,10 @@
             host: reviews.prod.svc.cluster.local
             subset: v1
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: reviews-route
    -spec:
    -  hosts:
    -  - reviews.prod.svc.cluster.local
    -  http:
    -  - name: "reviews-v2-routes"
    -    match:
    -    - uri:
    -        prefix: "/wpcatalog"
    -    - uri:
    -        prefix: "/consumercatalog"
    -    rewrite:
    -      uri: "/newcatalog"
    -    route:
    -    - destination:
    -        host: reviews.prod.svc.cluster.local
    -        subset: v2
    -  - name: "reviews-v1-route"
    -    route:
    -    - destination:
    -        host: reviews.prod.svc.cluster.local
    -        subset: v1
    -
    -

    {{}} -{{}}

    A subset/version of a route destination is identified with a reference to a named service subset which must be declared in a corresponding DestinationRule.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: DestinationRule
     metadata:
       name: reviews-destination
    @@ -118,24 +84,6 @@
         labels:
           version: v2
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: DestinationRule
    -metadata:
    -  name: reviews-destination
    -spec:
    -  host: reviews.prod.svc.cluster.local
    -  subsets:
    -  - name: v1
    -    labels:
    -      version: v1
    -  - name: v2
    -    labels:
    -      version: v2
    -
    -

    {{}} -{{}}

    VirtualService

    @@ -152,7 +100,7 @@

    VirtualService

    hostshosts string[]

    The destination hosts to which traffic is being sent. Could @@ -187,7 +135,7 @@

    VirtualService

    gatewaysgateways string[]

    The names of gateways and sidecars that should apply these routes. @@ -210,7 +158,7 @@

    VirtualService

    httphttp HTTPRoute[]

    An ordered list of route rules for HTTP traffic. HTTP routes will be @@ -225,7 +173,7 @@

    VirtualService

    tlstls TLSRoute[]

    An ordered list of route rule for non-terminated TLS & HTTPS @@ -244,7 +192,7 @@

    VirtualService

    tcptcp TCPRoute[]

    An ordered list of route rules for opaque TCP traffic. TCP routes will @@ -257,7 +205,7 @@

    VirtualService

    exportToexportTo string[]

    A list of namespaces to which this virtual service is exported. Exporting a @@ -291,7 +239,7 @@

    Destination

    Note for Kubernetes users: When short names are used (e.g. “reviews” instead of “reviews.default.svc.cluster.local”), Istio will interpret the short name based on the namespace of the rule, not the service. A -rule in the “default” namespace containing a host “reviews will be +rule in the “default” namespace containing a host “reviews” will be interpreted as “reviews.default.svc.cluster.local”, irrespective of the actual namespace associated with the reviews service. To avoid potential misconfigurations, it is recommended to always use fully qualified @@ -299,9 +247,7 @@

    Destination

    The following Kubernetes example routes all traffic by default to pods of the reviews service with label “version: v1” (i.e., subset v1), and some to subset v2, in a Kubernetes environment.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: reviews-route
    @@ -326,56 +272,8 @@ 

    Destination

    host: reviews # interpreted as reviews.foo.svc.cluster.local subset: v1
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: reviews-route
    -  namespace: foo
    -spec:
    -  hosts:
    -  - reviews # interpreted as reviews.foo.svc.cluster.local
    -  http:
    -  - match:
    -    - uri:
    -        prefix: "/wpcatalog"
    -    - uri:
    -        prefix: "/consumercatalog"
    -    rewrite:
    -      uri: "/newcatalog"
    -    route:
    -    - destination:
    -        host: reviews # interpreted as reviews.foo.svc.cluster.local
    -        subset: v2
    -  - route:
    -    - destination:
    -        host: reviews # interpreted as reviews.foo.svc.cluster.local
    -        subset: v1
    -
    -

    {{}} -{{}}

    And the associated DestinationRule

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: DestinationRule
    -metadata:
    -  name: reviews-destination
    -  namespace: foo
    -spec:
    -  host: reviews # interpreted as reviews.foo.svc.cluster.local
    -  subsets:
    -  - name: v1
    -    labels:
    -      version: v1
    -  - name: v2
    -    labels:
    -      version: v2
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: DestinationRule
     metadata:
       name: reviews-destination
    @@ -390,8 +288,6 @@ 

    Destination

    labels: version: v2
    -

    {{}} -{{}}

    The following VirtualService sets a timeout of 5s for all calls to productpage.prod.svc.cluster.local service in Kubernetes. Notice that there are no subsets defined in this rule. Istio will fetch all @@ -401,9 +297,7 @@

    Destination

    qualified domain name of the productpage service, productpage.prod.svc.cluster.local. Therefore the rule’s namespace does not have an impact in resolving the name of the productpage service.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: my-productpage-rule
    @@ -417,61 +311,12 @@ 

    Destination

    - destination: host: productpage.prod.svc.cluster.local
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: my-productpage-rule
    -  namespace: istio-system
    -spec:
    -  hosts:
    -  - productpage.prod.svc.cluster.local # ignores rule namespace
    -  http:
    -  - timeout: 5s
    -    route:
    -    - destination:
    -        host: productpage.prod.svc.cluster.local
    -
    -

    {{}} -{{}}

    To control routing for traffic bound to services outside the mesh, external services must first be added to Istio’s internal service registry using the ServiceEntry resource. VirtualServices can then be defined to control traffic bound to these external services. For example, the following rules define a Service for wikipedia.org and set a timeout of 5s for HTTP requests.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: external-svc-wikipedia
    -spec:
    -  hosts:
    -  - wikipedia.org
    -  location: MESH_EXTERNAL
    -  ports:
    -  - number: 80
    -    name: example-http
    -    protocol: HTTP
    -  resolution: DNS
    ----
    -apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: my-wiki-rule
    -spec:
    -  hosts:
    -  - wikipedia.org
    -  http:
    -  - timeout: 5s
    -    route:
    -    - destination:
    -        host: wikipedia.org
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: external-svc-wikipedia
    @@ -485,7 +330,7 @@ 

    Destination

    protocol: HTTP resolution: DNS --- -apiVersion: networking.istio.io/v1beta1 +apiVersion: networking.istio.io/v1 kind: VirtualService metadata: name: my-wiki-rule @@ -498,8 +343,6 @@

    Destination

    - destination: host: wikipedia.org
    -

    {{}} -{{}}

    @@ -512,7 +355,7 @@

    Destination

    - + - + - + - + - + - + - + - + - + - + - + - + - + - + + + + + + + - + - + - + - + - +
    hosthost string

    The name of a service from the service registry. Service @@ -523,7 +366,7 @@

    Destination

    Note for Kubernetes users: When short names are used (e.g. “reviews” instead of “reviews.default.svc.cluster.local”), Istio will interpret the short name based on the namespace of the rule, not the service. A -rule in the “default” namespace containing a host “reviews will be +rule in the “default” namespace containing a host “reviews” will be interpreted as “reviews.default.svc.cluster.local”, irrespective of the actual namespace associated with the reviews service. To avoid potential misconfiguration, it is recommended to always use fully @@ -535,7 +378,7 @@

    Destination

    subsetsubset string

    The name of a subset within the service. Applicable only to services @@ -548,7 +391,7 @@

    Destination

    portport PortSelector

    Specifies the port on the host that is being addressed. If a service @@ -579,7 +422,7 @@

    HTTPRoute

    namename string

    The name assigned to the route for debugging purposes. The @@ -593,7 +436,7 @@

    HTTPRoute

    matchmatch HTTPMatchRequest[]

    Match conditions to be satisfied for the rule to be @@ -607,7 +450,7 @@

    HTTPRoute

    routeroute HTTPRouteDestination[]

    A HTTP rule can either return a direct_response, redirect or forward (default) traffic. @@ -621,7 +464,7 @@

    HTTPRoute

    redirectredirect HTTPRedirect

    A HTTP rule can either return a direct_response, redirect or forward (default) traffic. @@ -635,7 +478,7 @@

    HTTPRoute

    directResponsedirectResponse HTTPDirectResponse

    A HTTP rule can either return a direct_response, redirect or forward (default) traffic. @@ -649,7 +492,7 @@

    HTTPRoute

    delegatedelegate Delegate

    Delegate is used to specify the particular VirtualService which @@ -670,7 +513,7 @@

    HTTPRoute

    rewriterewrite HTTPRewrite

    Rewrite HTTP URIs and Authority headers. Rewrite cannot be used with @@ -682,7 +525,7 @@

    HTTPRoute

    timeouttimeout Duration

    Timeout for HTTP requests, default is disabled.

    @@ -693,10 +536,15 @@

    HTTPRoute

    retriesretries HTTPRetry

    Retry policy for HTTP requests.

    +

    Note: the default cluster-wide retry policy, if not specified, is:

    +
    attempts: 2
    +retryOn: "connect-failure,refused-stream,unavailable,cancelled,503"
    +
    +

    This can be customized in Mesh Config defaultHttpRetryPolicy.

    @@ -704,7 +552,7 @@

    HTTPRoute

    faultfault HTTPFaultInjection

    Fault injection policy to apply on HTTP traffic at the client side. @@ -717,7 +565,7 @@

    HTTPRoute

    mirrormirror Destination

    Mirror HTTP traffic to a another destination in addition to forwarding @@ -727,13 +575,29 @@

    HTTPRoute

    original destination. Statistics will be generated for the mirrored destination.

    +
    +No +
    mirrorsHTTPMirrorPolicy[] +

    Specifies the destinations to mirror HTTP traffic in addition +to the original destination. Mirrored traffic is on a +best effort basis where the sidecar/gateway will not wait for the +mirrored destinations to respond before returning the response from the +original destination. Statistics will be generated for the mirrored +destination.

    +
    No
    mirrorPercentagemirrorPercentage Percent

    Percentage of the traffic to be mirrored by the mirror field. @@ -746,7 +610,7 @@

    HTTPRoute

    corsPolicycorsPolicy CorsPolicy

    Cross-Origin Resource Sharing policy (CORS). Refer to @@ -759,7 +623,7 @@

    HTTPRoute

    headersheaders Headers

    Header manipulation rules

    @@ -777,7 +641,7 @@

    Delegate

    Describes the delegate VirtualService. The following routing rules forward the traffic to /productpage by a delegate VirtualService named productpage, forward the traffic to /reviews by a delegate VirtualService named reviews.

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: bookinfo
    @@ -800,7 +664,7 @@ 

    Delegate

    name: reviews namespace: nsB
    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: productpage
    @@ -817,7 +681,7 @@ 

    Delegate

    - destination: host: productpage.nsA.svc.cluster.local
    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: reviews
    @@ -840,7 +704,7 @@ 

    Delegate

    namename string

    Name specifies the name of the delegate VirtualService.

    @@ -851,7 +715,7 @@

    Delegate

    namespacenamespace string

    Namespace specifies the namespace where the delegate VirtualService resides. @@ -874,9 +738,7 @@

    Headers

    to requests that are routed to any reviews service destination. It also removes the foo response header, but only from responses coming from the v1 subset (version) of the reviews service.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: reviews-route
    @@ -902,36 +764,6 @@ 

    Headers

    - foo weight: 75
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: reviews-route
    -spec:
    -  hosts:
    -  - reviews.prod.svc.cluster.local
    -  http:
    -  - headers:
    -      request:
    -        set:
    -          test: "true"
    -    route:
    -    - destination:
    -        host: reviews.prod.svc.cluster.local
    -        subset: v2
    -      weight: 25
    -    - destination:
    -        host: reviews.prod.svc.cluster.local
    -        subset: v1
    -      headers:
    -        response:
    -          remove:
    -          - foo
    -      weight: 75
    -
    -

    {{}} -{{}}

    @@ -944,7 +776,7 @@

    Headers

    - + - +
    requestrequest HeaderOperations

    Header manipulation rules to apply before forwarding a request @@ -956,7 +788,7 @@

    Headers

    responseresponse HeaderOperations

    Header manipulation rules to apply before returning a response @@ -976,9 +808,7 @@

    TLSRoute

    traffic (TLS/HTTPS) The following routing rule forwards unterminated TLS traffic arriving at port 443 of gateway called “mygateway” to internal services in the mesh based on the SNI value.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: bookinfo-sni
    @@ -1003,35 +833,6 @@ 

    TLSRoute

    - destination: host: reviews.prod.svc.cluster.local
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: bookinfo-sni
    -spec:
    -  hosts:
    -  - "*.bookinfo.com"
    -  gateways:
    -  - mygateway
    -  tls:
    -  - match:
    -    - port: 443
    -      sniHosts:
    -      - login.bookinfo.com
    -    route:
    -    - destination:
    -        host: login.prod.svc.cluster.local
    -  - match:
    -    - port: 443
    -      sniHosts:
    -      - reviews.bookinfo.com
    -    route:
    -    - destination:
    -        host: reviews.prod.svc.cluster.local
    -
    -

    {{}} -{{}}

    @@ -1044,7 +845,7 @@

    TLSRoute

    - + - +
    matchmatch TLSMatchAttributes[]

    Match conditions to be satisfied for the rule to be @@ -1058,7 +859,7 @@

    TLSRoute

    routeroute RouteDestination[]

    The destination to which the connection should be forwarded to.

    @@ -1076,9 +877,7 @@

    TCPRoute

    Describes match conditions and actions for routing TCP traffic. The following routing rule forwards traffic arriving at port 27017 for mongo.prod.svc.cluster.local to another Mongo server on port 5555.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: bookinfo-mongo
    @@ -1094,26 +893,6 @@ 

    TCPRoute

    port: number: 5555
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: bookinfo-mongo
    -spec:
    -  hosts:
    -  - mongo.prod.svc.cluster.local
    -  tcp:
    -  - match:
    -    - port: 27017
    -    route:
    -    - destination:
    -        host: mongo.backup.svc.cluster.local
    -        port:
    -          number: 5555
    -
    -

    {{}} -{{}}

    @@ -1126,7 +905,7 @@

    TCPRoute

    - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +
    matchmatch L4MatchAttributes[]

    Match conditions to be satisfied for the rule to be @@ -1140,7 +919,7 @@

    TCPRoute

    routeroute RouteDestination[]

    The destination to which the connection should be forwarded to.

    @@ -1155,35 +934,12 @@

    TCPRoute

    HTTPMatchRequest

    -

    HttpMatchRequest specifies a set of criterion to be met in order for the +

    HttpMatchRequest specifies a set of criteria to be met in order for the rule to be applied to the HTTP request. For example, the following restricts the rule to match only requests where the URL path starts with /ratings/v2/ and the request contains a custom end-user header with value jason.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - match:
    -    - headers:
    -        end-user:
    -          exact: jason
    -      uri:
    -        prefix: "/ratings/v2/"
    -      ignoreUriCase: true
    -    route:
    -    - destination:
    -        host: ratings.prod.svc.cluster.local
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -1202,8 +958,6 @@ 

    HTTPMatchRequest

    - destination: host: ratings.prod.svc.cluster.local
    -

    {{}} -{{}}

    HTTPMatchRequest CANNOT be empty. Note:

      @@ -1222,7 +976,7 @@

      HTTPMatchRequest

    namename string

    The name assigned to a match. The match’s name will be @@ -1235,7 +989,7 @@

    HTTPMatchRequest

    uriuri StringMatch

    URI to match @@ -1248,11 +1002,11 @@

    HTTPMatchRequest

    prefix: "value" for prefix-based match

  • -

    regex: "value" for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).

    +

    regex: "value" for RE2 style regex-based match.

  • Note: Case-insensitive matching could be enabled via the -ignore_uri_case flag.

    +ignoreUriCase flag.

    @@ -1260,7 +1014,7 @@

    HTTPMatchRequest

    schemescheme StringMatch

    URI Scheme @@ -1273,7 +1027,7 @@

    HTTPMatchRequest

    prefix: "value" for prefix-based match

  • -

    regex: "value" for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).

    +

    regex: "value" for RE2 style regex-based match.

  • @@ -1283,7 +1037,7 @@

    HTTPMatchRequest

    methodmethod StringMatch

    HTTP Method @@ -1296,7 +1050,7 @@

    HTTPMatchRequest

    prefix: "value" for prefix-based match

  • -

    regex: "value" for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).

    +

    regex: "value" for RE2 style regex-based match.

  • @@ -1306,7 +1060,7 @@

    HTTPMatchRequest

    authorityauthority StringMatch

    HTTP Authority @@ -1319,7 +1073,7 @@

    HTTPMatchRequest

    prefix: "value" for prefix-based match

  • -

    regex: "value" for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).

    +

    regex: "value" for RE2 style regex-based match.

  • @@ -1329,7 +1083,7 @@

    HTTPMatchRequest

    headersheaders map<string, StringMatch>

    The header keys must be lowercase and use hyphen as the separator, @@ -1343,7 +1097,7 @@

    HTTPMatchRequest

    prefix: "value" for prefix-based match

  • -

    regex: "value" for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).

    +

    regex: "value" for RE2 style regex-based match.

  • If the value is empty and only the name of header is specified, presence of the header is checked. @@ -1360,7 +1114,7 @@

    HTTPMatchRequest

    portport uint32

    Specifies the ports on the host that is being addressed. Many services @@ -1373,7 +1127,7 @@

    HTTPMatchRequest

    sourceLabelssourceLabels map<string, string>

    One or more labels that constrain the applicability of a rule to source (client) workloads @@ -1387,7 +1141,7 @@

    HTTPMatchRequest

    gatewaysgateways string[]

    Names of gateways where the rule should be applied. Gateway names @@ -1400,7 +1154,7 @@

    HTTPMatchRequest

    queryParamsqueryParams map<string, StringMatch>

    Query parameters for matching.

    @@ -1431,7 +1185,7 @@

    HTTPMatchRequest

    ignoreUriCaseignoreUriCase bool

    Flag to specify whether the URI matching should be case-insensitive.

    @@ -1444,7 +1198,7 @@

    HTTPMatchRequest

    withoutHeaderswithoutHeaders map<string, StringMatch>

    withoutHeader has the same syntax with the header, but has opposite meaning. @@ -1456,7 +1210,7 @@

    HTTPMatchRequest

    sourceNamespacesourceNamespace string

    Source namespace constraining the applicability of a rule to workloads in that namespace. @@ -1469,7 +1223,7 @@

    HTTPMatchRequest

    statPrefixstatPrefix string

    The human readable prefix to use when emitting statistics for this route. @@ -1495,29 +1249,7 @@

    HTTPRouteDestination

    following rule will route 25% of traffic for the “reviews” service to instances with the “v2” tag and the remaining traffic (i.e., 75%) to “v1”.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: reviews-route
    -spec:
    -  hosts:
    -  - reviews.prod.svc.cluster.local
    -  http:
    -  - route:
    -    - destination:
    -        host: reviews.prod.svc.cluster.local
    -        subset: v2
    -      weight: 25
    -    - destination:
    -        host: reviews.prod.svc.cluster.local
    -        subset: v1
    -      weight: 75
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: reviews-route
    @@ -1535,28 +1267,8 @@ 

    HTTPRouteDestination

    subset: v1 weight: 75
    -

    {{}} -{{}}

    And the associated DestinationRule

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: DestinationRule
    -metadata:
    -  name: reviews-destination
    -spec:
    -  host: reviews.prod.svc.cluster.local
    -  subsets:
    -  - name: v1
    -    labels:
    -      version: v1
    -  - name: v2
    -    labels:
    -      version: v2
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: DestinationRule
     metadata:
       name: reviews-destination
    @@ -1570,14 +1282,10 @@ 

    HTTPRouteDestination

    labels: version: v2
    -

    {{}} -{{}}

    Traffic can also be split across two entirely different services without having to define new subsets. For example, the following rule forwards 25% of traffic to reviews.com to dev.reviews.com

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: reviews-route-two-domains
    @@ -1593,26 +1301,6 @@ 

    HTTPRouteDestination

    host: reviews.com weight: 75
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: reviews-route-two-domains
    -spec:
    -  hosts:
    -  - reviews.com
    -  http:
    -  - route:
    -    - destination:
    -        host: dev.reviews.com
    -      weight: 25
    -    - destination:
    -        host: reviews.com
    -      weight: 75
    -
    -

    {{}} -{{}}

    @@ -1625,7 +1313,7 @@

    HTTPRouteDestination

    - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - +
    destinationdestination Destination

    Destination uniquely identifies the instances of a service @@ -1637,7 +1325,7 @@

    HTTPRouteDestination

    weightweight int32

    Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive weight/(sum of all weights) requests. @@ -1650,7 +1338,7 @@

    HTTPRouteDestination

    headersheaders Headers

    Header manipulation rules

    @@ -1678,7 +1366,7 @@

    RouteDestination

    destinationdestination Destination

    Destination uniquely identifies the instances of a service @@ -1690,7 +1378,7 @@

    RouteDestination

    weightweight int32

    Weight specifies the relative proportion of traffic to be forwarded to the destination. A destination will receive weight/(sum of all weights) requests. @@ -1721,7 +1409,7 @@

    L4MatchAttributes

    destinationSubnetsdestinationSubnets string[]

    IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., @@ -1733,7 +1421,7 @@

    L4MatchAttributes

    portport uint32

    Specifies the port on the host that is being addressed. Many services @@ -1746,7 +1434,7 @@

    L4MatchAttributes

    sourceLabelssourceLabels map<string, string>

    One or more labels that constrain the applicability of a rule to @@ -1760,7 +1448,7 @@

    L4MatchAttributes

    gatewaysgateways string[]

    Names of gateways where the rule should be applied. Gateway names @@ -1773,7 +1461,7 @@

    L4MatchAttributes

    sourceNamespacesourceNamespace string

    Source namespace constraining the applicability of a rule to workloads in that namespace. @@ -1803,7 +1491,7 @@

    TLSMatchAttributes

    sniHostssniHosts string[]

    SNI (server name indicator) to match on. Wildcard prefixes @@ -1817,7 +1505,7 @@

    TLSMatchAttributes

    destinationSubnetsdestinationSubnets string[]

    IPv4 or IPv6 ip addresses of destination with optional subnet. E.g., @@ -1829,7 +1517,7 @@

    TLSMatchAttributes

    portport uint32

    Specifies the port on the host that is being addressed. Many services @@ -1843,7 +1531,7 @@

    TLSMatchAttributes

    sourceLabelssourceLabels map<string, string>

    One or more labels that constrain the applicability of a rule to @@ -1857,7 +1545,7 @@

    TLSMatchAttributes

    gatewaysgateways string[]

    Names of gateways where the rule should be applied. Gateway names @@ -1870,7 +1558,7 @@

    TLSMatchAttributes

    sourceNamespacesourceNamespace string

    Source namespace constraining the applicability of a rule to workloads in that namespace. @@ -1892,9 +1580,7 @@

    HTTPRedirect

    the specified values. For example, the following rule redirects requests for /v1/getProductRatings API on the ratings service to /v1/bookRatings provided by the bookratings service.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -1910,26 +1596,6 @@ 

    HTTPRedirect

    authority: newratings.default.svc.cluster.local ...
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - match:
    -    - uri:
    -        exact: /v1/getProductRatings
    -    redirect:
    -      uri: /v1/bookRatings
    -      authority: newratings.default.svc.cluster.local
    -  ...
    -
    -

    {{}} -{{}}

    @@ -1942,7 +1608,7 @@

    HTTPRedirect

    - + - + - + - + - + - +
    uriuri string

    On a redirect, overwrite the Path portion of the URL with this @@ -1955,7 +1621,7 @@

    HTTPRedirect

    authorityauthority string

    On a redirect, overwrite the Authority/Host portion of the URL with @@ -1967,7 +1633,7 @@

    HTTPRedirect

    portport uint32 (oneof)

    On a redirect, overwrite the port portion of the URL with this value.

    @@ -1978,7 +1644,7 @@

    HTTPRedirect

    derivePortderivePort RedirectPortSelection (oneof)

    On a redirect, dynamically set the port:

    @@ -1993,7 +1659,7 @@

    HTTPRedirect

    schemescheme string

    On a redirect, overwrite the scheme portion of the URL with this value. @@ -2007,7 +1673,7 @@

    HTTPRedirect

    redirectCoderedirectCode uint32

    On a redirect, Specifies the HTTP status code to use in the redirect @@ -2026,9 +1692,7 @@

    HTTPDirectResponse

    HTTPDirectResponse can be used to send a fixed response to clients. For example, the following rule returns a fixed 503 status with a body to requests for /v1/getProductRatings API.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -2045,51 +1709,9 @@ 

    HTTPDirectResponse

    string: "unknown error" ...
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - match:
    -    - uri:
    -        exact: /v1/getProductRatings
    -    directResponse:
    -      status: 503
    -      body:
    -        string: "unknown error"
    -  ...
    -
    -

    {{}} -{{}}

    It is also possible to specify a binary response body. This is mostly useful for non text-based protocols such as gRPC.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - match:
    -    - uri:
    -        exact: /v1/getProductRatings
    -    directResponse:
    -      status: 503
    -      body:
    -        bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64
    -  ...
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -2106,37 +1728,10 @@ 

    HTTPDirectResponse

    bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 ...
    -

    {{}} -{{}}

    It is good practice to add headers in the HTTPRoute as well as the direct_response, for example to specify the returned Content-Type.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - match:
    -    - uri:
    -        exact: /v1/getProductRatings
    -    directResponse:
    -      status: 503
    -      body:
    -        string: "{\"error\": \"unknown error\"}"
    -    headers:
    -      response:
    -        set:
    -          content-type: "application/json"
    -  ...
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -2157,8 +1752,6 @@ 

    HTTPDirectResponse

    content-type: "text/plain" ...
    -

    {{}} -{{}}

    @@ -2171,7 +1764,7 @@

    HTTPDirectResponse

    - + - + - + - +
    statusstatus uint32

    Specifies the HTTP response status to be returned.

    @@ -2182,7 +1775,7 @@

    HTTPDirectResponse

    bodybody HTTPBody

    Specifies the content of the response body. If this setting is omitted, @@ -2209,7 +1802,7 @@

    HTTPBody

    stringstring string (oneof)

    response body as a string

    @@ -2220,7 +1813,7 @@

    HTTPBody

    bytesbytes bytes (oneof)

    response body as base64 encoded bytes.

    @@ -2240,29 +1833,7 @@

    HTTPRewrite

    be used only with HTTPRouteDestination. The following example demonstrates how to rewrite the URL prefix for api call (/ratings) to ratings service before making the actual API call.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - match:
    -    - uri:
    -        prefix: /ratings
    -    rewrite:
    -      uri: /v1/bookRatings
    -    route:
    -    - destination:
    -        host: ratings.prod.svc.cluster.local
    -        subset: v1
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -2280,8 +1851,6 @@ 

    HTTPRewrite

    host: ratings.prod.svc.cluster.local subset: v1
    -

    {{}} -{{}}

    @@ -2294,7 +1863,7 @@

    HTTPRewrite

    - + - + - + - + - +
    uriuri string

    rewrite the path (or the prefix) portion of the URI with this @@ -2307,7 +1876,7 @@

    HTTPRewrite

    authorityauthority string

    rewrite the Authority/Host header with this value.

    @@ -2318,7 +1887,7 @@

    HTTPRewrite

    uriRegexRewriteuriRegexRewrite RegexRewrite

    rewrite the path portion of the URI with the specified regex.

    @@ -2344,10 +1913,10 @@

    RegexRewrite

    matchmatch string -

    RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).

    +

    RE2 style regex-based match.

    @@ -2355,7 +1924,7 @@

    RegexRewrite

    rewriterewrite string

    The string that should replace into matching portions of original URI. @@ -2378,8 +1947,8 @@

    RegexRewrite

    StringMatch

    -

    Describes how to match a given string in HTTP headers. Match is -case-sensitive.

    +

    Describes how to match a given string in HTTP headers. exact and prefix matching is +case-sensitive. regex matching supports case-insensitive matches.

    @@ -2392,7 +1961,7 @@

    StringMatch

    - + - + - +
    exactexact string (oneof)

    exact string match

    @@ -2403,7 +1972,7 @@

    StringMatch

    prefixprefix string (oneof)

    prefix-based match

    @@ -2414,10 +1983,11 @@

    StringMatch

    regexregex string (oneof) -

    RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax).

    +

    RE2 style regex-based match.

    +

    Example: (?i)^aaa$ can be used to case-insensitive match a string consisting of three a’s.

    @@ -2434,28 +2004,7 @@

    HTTPRetry

    calling ratings:v1 service, with a 2s timeout per retry attempt. A retry will be attempted if there is a connect-failure, refused_stream or when the upstream server responds with Service Unavailable(503).

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - route:
    -    - destination:
    -        host: ratings.prod.svc.cluster.local
    -        subset: v1
    -    retries:
    -      attempts: 3
    -      perTryTimeout: 2s
    -      retryOn: connect-failure,refused-stream,503
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -2472,8 +2021,6 @@ 

    HTTPRetry

    perTryTimeout: 2s retryOn: gateway-error,connect-failure,refused-stream
    -

    {{}} -{{}}

    @@ -2486,22 +2033,23 @@

    HTTPRetry

    - + - + - + - +
    attemptsattempts int32

    Number of retries to be allowed for a given request. The interval between retries will be determined automatically (25ms+). When request timeout of the HTTP route or per_try_timeout is configured, the actual number of retries attempted also depends on -the specified request timeout and per_try_timeout values.

    +the specified request timeout and per_try_timeout values. MUST BE >= 0. If 0, retries will be disabled. +The maximum possible number of requests made will be 1 + attempts.

    -Yes +No
    perTryTimeoutperTryTimeout Duration

    Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. @@ -2515,14 +2063,18 @@

    HTTPRetry

    retryOnretryOn string

    Specifies the conditions under which retry takes place. One or more policies can be specified using a ‘,’ delimited list. -If retry_on specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. See the retry policies and gRPC retry policies for more details.

    +

    In addition to the policies specified above, a list of HTTP status codes can be passed, such as retryOn: "503,reset". +Note these status codes refer to the actual responses received from the destination. +For example, if a connection is reset, Istio will translate this to 503 for it’s response. +However, the destination did not return a 503 error, so this would not match "503" (it would, however, match "reset").

    +

    If not specified, this defaults to connect-failure,refused-stream,unavailable,cancelled,503.

    @@ -2530,7 +2082,7 @@

    HTTPRetry

    retryRemoteLocalitiesretryRemoteLocalities BoolValue

    Flag to specify whether the retries should retry to other localities. @@ -2553,9 +2105,7 @@

    CorsPolicy

    from example.com domain using HTTP POST/GET, and sets the Access-Control-Allow-Credentials header to false. In addition, it only exposes X-Foo-bar header and sets an expiry period of 1 day.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -2578,33 +2128,6 @@ 

    CorsPolicy

    - X-Foo-Bar maxAge: "24h"
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - route:
    -    - destination:
    -        host: ratings.prod.svc.cluster.local
    -        subset: v1
    -    corsPolicy:
    -      allowOrigins:
    -      - exact: https://example.com
    -      allowMethods:
    -      - POST
    -      - GET
    -      allowCredentials: false
    -      allowHeaders:
    -      - X-Foo-Bar
    -      maxAge: "24h"
    -
    -

    {{}} -{{}}

    @@ -2617,7 +2140,7 @@

    CorsPolicy

    - + - + - + - + - + - + + + + + + + - + - + + + + +
    allowOriginsallowOrigins StringMatch[]

    String patterns that match allowed origins. @@ -2630,7 +2153,7 @@

    CorsPolicy

    allowMethodsallowMethods string[]

    List of HTTP methods allowed to access the resource. The content will @@ -2642,7 +2165,7 @@

    CorsPolicy

    allowHeadersallowHeaders string[]

    List of HTTP headers that can be used when requesting the @@ -2654,7 +2177,7 @@

    CorsPolicy

    exposeHeadersexposeHeaders string[]

    A list of HTTP headers that the browsers are allowed to @@ -2666,7 +2189,7 @@

    CorsPolicy

    maxAgemaxAge Duration

    Specifies how long the results of a preflight request can be @@ -2678,13 +2201,26 @@

    CorsPolicy

    allowCredentialsallowCredentials BoolValue

    Indicates whether the caller is allowed to send the actual request (not the preflight) using credentials. Translates to Access-Control-Allow-Credentials header.

    +
    +No +
    unmatchedPreflightsUnmatchedPreflights +

    Indicates whether preflight requests not matching the configured +allowed origin shouldn’t be forwarded to the upstream. +Default is forward to upstream.

    +
    No @@ -2714,7 +2250,7 @@

    HTTPFaultInjection

    delaydelay Delay

    Delay requests before forwarding, emulating various failures such as @@ -2726,12 +2262,58 @@

    HTTPFaultInjection

    abortabort Abort

    Abort Http request attempts and return error codes back to downstream service, giving the impression that the upstream service is faulty.

    +
    +No +
    + +

    HTTPMirrorPolicy

    +
    +

    HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition +to the original destination. Mirrored traffic is on a +best effort basis where the sidecar/gateway will not wait for the +mirrored destinations to respond before returning the response from the +original destination. Statistics will be generated for the mirrored +destination.

    + + + + + + + + + + + + + + + + + + + + + - + - + @@ -2810,7 +2392,7 @@

    Headers.HeaderOperations

    - + - + - + - + - + - + - + - + - + - + - + - + + + + +
    FieldTypeDescriptionRequired
    destinationDestination +

    Destination specifies the target of the mirror operation.

    + +
    +Yes +
    percentagePercent +

    Percentage of the traffic to be mirrored by the destination field. +If this field is absent, all the traffic (100%) will be mirrored. +Max value is 100.

    +
    No @@ -2756,7 +2338,7 @@

    PortSelector

    numbernumber uint32

    Valid port number

    @@ -2784,7 +2366,7 @@

    Percent

    valuevalue double
    setset map<string, string>

    Overwrite the headers specified by key with the given values

    @@ -2821,7 +2403,7 @@

    Headers.HeaderOperations

    addadd map<string, string>

    Append the given values to the headers specified by keys @@ -2833,7 +2415,7 @@

    Headers.HeaderOperations

    removeremove string[]

    Remove the specified headers

    @@ -2852,32 +2434,7 @@

    HTTPFaultInjection.Delay

    forwarding path. The following example will introduce a 5 second delay in 1 out of every 1000 requests to the “v1” version of the “reviews” service from all pods with label env: prod

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: reviews-route
    -spec:
    -  hosts:
    -  - reviews.prod.svc.cluster.local
    -  http:
    -  - match:
    -    - sourceLabels:
    -        env: prod
    -    route:
    -    - destination:
    -        host: reviews.prod.svc.cluster.local
    -        subset: v1
    -    fault:
    -      delay:
    -        percentage:
    -          value: 0.1
    -        fixedDelay: 5s
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: reviews-route
    @@ -2898,8 +2455,6 @@ 

    HTTPFaultInjection.Delay

    value: 0.1 fixedDelay: 5s
    -

    {{}} -{{}}

    The fixedDelay field is used to indicate the amount of delay in seconds. The optional percentage field can be used to only delay a certain percentage of requests. If left unspecified, no request will be delayed.

    @@ -2915,7 +2470,7 @@

    HTTPFaultInjection.Delay

    fixedDelayfixedDelay Duration (oneof)

    Add a fixed delay before forwarding the request. Format: @@ -2923,11 +2478,11 @@

    HTTPFaultInjection.Delay

    -Yes +No
    percentagepercentage Percent

    Percentage of requests on which the delay will be injected. @@ -2939,7 +2494,7 @@

    HTTPFaultInjection.Delay

    percentpercent int32

    Percentage of requests on which the delay will be injected (0-100). @@ -2959,29 +2514,7 @@

    HTTPFaultInjection.Abort

    Abort specification is used to prematurely abort a request with a pre-specified error code. The following example will return an HTTP 400 error code for 1 out of every 1000 requests to the “ratings” service “v1”.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: VirtualService
    -metadata:
    -  name: ratings-route
    -spec:
    -  hosts:
    -  - ratings.prod.svc.cluster.local
    -  http:
    -  - route:
    -    - destination:
    -        host: ratings.prod.svc.cluster.local
    -        subset: v1
    -    fault:
    -      abort:
    -        percentage:
    -          value: 0.1
    -        httpStatus: 400
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: VirtualService
     metadata:
       name: ratings-route
    @@ -2999,8 +2532,6 @@ 

    HTTPFaultInjection.Abort

    value: 0.1 httpStatus: 400
    -

    {{}} -{{}}

    The httpStatus field is used to indicate the HTTP status code to return to the caller. The optional percentage field can be used to only abort a certain percentage of requests. If not specified, no request will be @@ -3017,18 +2548,18 @@

    HTTPFaultInjection.Abort

    httpStatushttpStatus int32 (oneof)

    HTTP status code to use to abort the Http request.

    -Yes +No
    grpcStatusgrpcStatus string (oneof)

    GRPC status code to use to abort the request. The supported @@ -3042,7 +2573,7 @@

    HTTPFaultInjection.Abort

    percentagepercentage Percent

    Percentage of requests to be aborted with the error code provided. @@ -3072,7 +2603,7 @@

    google.protobuf.UInt32Value

    valuevalue uint32

    The uint32 value.

    @@ -3096,13 +2627,49 @@

    HTTPRedirect.RedirectPortSelection

    FROM_PROTOCOL_DEFAULTFROM_PROTOCOL_DEFAULT
    FROM_REQUEST_PORTFROM_REQUEST_PORT +
    +
    +

    CorsPolicy.UnmatchedPreflights

    +
    + + + + + + + + + + + + + + + + + + diff --git a/vendor/istio.io/api/networking/v1alpha3/virtual_service.proto b/vendor/istio.io/api/networking/v1alpha3/virtual_service.proto index 4e29bd611..4b7641419 100644 --- a/vendor/istio.io/api/networking/v1alpha3/virtual_service.proto +++ b/vendor/istio.io/api/networking/v1alpha3/virtual_service.proto @@ -67,10 +67,8 @@ import "google/protobuf/wrappers.proto"; // be rewritten to /newcatalog and sent to pods with label "version: v2". // // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -96,65 +94,13 @@ import "google/protobuf/wrappers.proto"; // host: reviews.prod.svc.cluster.local // subset: v1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - name: "reviews-v2-routes" -// match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// - name: "reviews-v1-route" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// ``` -// {{}} -// {{}} // // A subset/version of a route destination is identified with a reference // to a named service subset which must be declared in a corresponding // `DestinationRule`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-destination @@ -168,8 +114,6 @@ import "google/protobuf/wrappers.proto"; // labels: // version: v2 // ``` -// {{}} -// {{}} // package istio.networking.v1alpha3; @@ -179,8 +123,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // -// message VirtualService { // The destination hosts to which traffic is being sent. Could // be a DNS name with wildcard prefix or an IP address. Depending on the @@ -301,7 +241,7 @@ message VirtualService { // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A -// rule in the "default" namespace containing a host "reviews will be +// rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of the // actual namespace associated with the reviews service. _To avoid potential // misconfigurations, it is recommended to always use fully qualified @@ -311,39 +251,8 @@ message VirtualService { // of the reviews service with label "version: v1" (i.e., subset v1), and // some to subset v2, in a Kubernetes environment. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: reviews-route -// namespace: foo -// spec: -// hosts: -// - reviews # interpreted as reviews.foo.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: "/wpcatalog" -// - uri: -// prefix: "/consumercatalog" -// rewrite: -// uri: "/newcatalog" -// route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v2 -// - route: -// - destination: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subset: v1 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -368,15 +277,11 @@ message VirtualService { // host: reviews # interpreted as reviews.foo.svc.cluster.local // subset: v1 // ``` -// {{}} -// {{}} // // And the associated DestinationRule // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-destination @@ -391,27 +296,6 @@ message VirtualService { // labels: // version: v2 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// namespace: foo -// spec: -// host: reviews # interpreted as reviews.foo.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// {{}} -// {{}} // // The following VirtualService sets a timeout of 5s for all calls to // productpage.prod.svc.cluster.local service in Kubernetes. Notice that @@ -423,28 +307,8 @@ message VirtualService { // productpage.prod.svc.cluster.local. Therefore the rule's namespace does // not have an impact in resolving the name of the productpage service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: my-productpage-rule -// namespace: istio-system -// spec: -// hosts: -// - productpage.prod.svc.cluster.local # ignores rule namespace -// http: -// - timeout: 5s -// route: -// - destination: -// host: productpage.prod.svc.cluster.local -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: my-productpage-rule @@ -458,8 +322,6 @@ message VirtualService { // - destination: // host: productpage.prod.svc.cluster.local // ``` -// {{}} -// {{}} // // To control routing for traffic bound to services outside the mesh, external // services must first be added to Istio's internal service registry using the @@ -467,10 +329,8 @@ message VirtualService { // bound to these external services. For example, the following rules define a // Service for wikipedia.org and set a timeout of 5s for HTTP requests. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: external-svc-wikipedia @@ -484,7 +344,7 @@ message VirtualService { // protocol: HTTP // resolution: DNS // --- -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: my-wiki-rule @@ -497,39 +357,6 @@ message VirtualService { // - destination: // host: wikipedia.org // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: external-svc-wikipedia -// spec: -// hosts: -// - wikipedia.org -// location: MESH_EXTERNAL -// ports: -// - number: 80 -// name: example-http -// protocol: HTTP -// resolution: DNS -// --- -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: my-wiki-rule -// spec: -// hosts: -// - wikipedia.org -// http: -// - timeout: 5s -// route: -// - destination: -// host: wikipedia.org -// ``` -// {{}} -// {{}} // message Destination { // The name of a service from the service registry. Service @@ -541,7 +368,7 @@ message Destination { // *Note for Kubernetes users*: When short names are used (e.g. "reviews" // instead of "reviews.default.svc.cluster.local"), Istio will interpret // the short name based on the namespace of the rule, not the service. A - // rule in the "default" namespace containing a host "reviews will be + // rule in the "default" namespace containing a host "reviews" will be // interpreted as "reviews.default.svc.cluster.local", irrespective of // the actual namespace associated with the reviews service. To avoid // potential misconfiguration, it is recommended to always use fully @@ -618,6 +445,15 @@ message HTTPRoute { google.protobuf.Duration timeout = 6; // Retry policy for HTTP requests. + // + // Note: the default cluster-wide retry policy, if not specified, is: + // + // ```yaml + // attempts: 2 + // retryOn: "connect-failure,refused-stream,unavailable,cancelled,503" + // ``` + // + // This can be customized in [`Mesh Config` `defaultHttpRetryPolicy`](https://istio.io/latest/docs/reference/config/istio.mesh.v1alpha1/#MeshConfig). HTTPRetry retries = 7; // Fault injection policy to apply on HTTP traffic at the client side. @@ -633,9 +469,6 @@ message HTTPRoute { // destination. Destination mirror = 9; - // $hide_from_docs - // Hide this from doc until implemented. - // // Specifies the destinations to mirror HTTP traffic in addition // to the original destination. Mirrored traffic is on a // best effort basis where the sidecar/gateway will not wait for the @@ -648,6 +481,7 @@ message HTTPRoute { // Use of integer `mirror_percent` value is deprecated. Use the // double `mirror_percentage` field instead // $hide_from_docs + // +kubebuilder:altName=mirror_percent google.protobuf.UInt32Value mirror_percent = 18 [deprecated=true]; // Percentage of the traffic to be mirrored by the `mirror` field. @@ -676,7 +510,7 @@ message HTTPRoute { // forward the traffic to `/reviews` by a delegate VirtualService named `reviews`. // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo @@ -701,7 +535,7 @@ message HTTPRoute { // ``` // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: productpage @@ -720,7 +554,7 @@ message HTTPRoute { // ``` // // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews @@ -748,40 +582,8 @@ message Delegate { // It also removes the `foo` response header, but only from responses // coming from the `v1` subset (version) of the `reviews` service. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - headers: -// request: -// set: -// test: "true" -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// headers: -// response: -// remove: -// - foo -// weight: 75 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -807,8 +609,6 @@ message Delegate { // - foo // weight: 75 // ``` -// {{}} -// {{}} message Headers { // Header manipulation rules to apply before forwarding a request // to the destination service @@ -834,10 +634,8 @@ message Headers { // traffic arriving at port 443 of gateway called "mygateway" to internal // services in the mesh based on the SNI value. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-sni @@ -862,37 +660,6 @@ message Headers { // - destination: // host: reviews.prod.svc.cluster.local // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-sni -// spec: -// hosts: -// - "*.bookinfo.com" -// gateways: -// - mygateway -// tls: -// - match: -// - port: 443 -// sniHosts: -// - login.bookinfo.com -// route: -// - destination: -// host: login.prod.svc.cluster.local -// - match: -// - port: 443 -// sniHosts: -// - reviews.bookinfo.com -// route: -// - destination: -// host: reviews.prod.svc.cluster.local -// ``` -// {{}} -// {{}} message TLSRoute { // Match conditions to be satisfied for the rule to be // activated. All conditions inside a single match block have AND @@ -908,10 +675,8 @@ message TLSRoute { // following routing rule forwards traffic arriving at port 27017 for // mongo.prod.svc.cluster.local to another Mongo server on port 5555. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: bookinfo-mongo @@ -927,28 +692,6 @@ message TLSRoute { // port: // number: 5555 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: bookinfo-mongo -// spec: -// hosts: -// - mongo.prod.svc.cluster.local -// tcp: -// - match: -// - port: 27017 -// route: -// - destination: -// host: mongo.backup.svc.cluster.local -// port: -// number: 5555 -// ``` -// {{}} -// {{}} message TCPRoute { // Match conditions to be satisfied for the rule to be // activated. All conditions inside a single match block have AND @@ -960,39 +703,14 @@ message TCPRoute { repeated RouteDestination route = 2; } -// HttpMatchRequest specifies a set of criterion to be met in order for the +// HttpMatchRequest specifies a set of criteria to be met in order for the // rule to be applied to the HTTP request. For example, the following // restricts the rule to match only requests where the URL path // starts with /ratings/v2/ and the request contains a custom `end-user` header // with value `jason`. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - headers: -// end-user: -// exact: jason -// uri: -// prefix: "/ratings/v2/" -// ignoreUriCase: true -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1011,8 +729,6 @@ message TCPRoute { // - destination: // host: ratings.prod.svc.cluster.local // ``` -// {{}} -// {{}} // // HTTPMatchRequest CANNOT be empty. // **Note:** @@ -1031,10 +747,10 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // // **Note:** Case-insensitive matching could be enabled via the - // `ignore_uri_case` flag. + // `ignoreUriCase` flag. StringMatch uri = 1; // URI Scheme @@ -1044,7 +760,7 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // StringMatch scheme = 2; @@ -1055,7 +771,7 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // StringMatch method = 3; @@ -1066,7 +782,7 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // StringMatch authority = 4; @@ -1079,7 +795,7 @@ message HTTPMatchRequest { // // - `prefix: "value"` for prefix-based match // - // - `regex: "value"` for RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // - `regex: "value"` for [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). // // If the value is empty and only the name of header is specified, presence of the header is checked. // To provide an empty value, use `{}`, for example: @@ -1157,10 +873,8 @@ message HTTPMatchRequest { // instances with the "v2" tag and the remaining traffic (i.e., 75%) to // "v1". // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -1178,37 +892,11 @@ message HTTPMatchRequest { // subset: v1 // weight: 75 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: reviews-route -// spec: -// hosts: -// - reviews.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v2 -// weight: 25 -// - destination: -// host: reviews.prod.svc.cluster.local -// subset: v1 -// weight: 75 -// ``` -// {{}} -// {{}} // // And the associated DestinationRule // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: DestinationRule // metadata: // name: reviews-destination @@ -1222,55 +910,13 @@ message HTTPMatchRequest { // labels: // version: v2 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: DestinationRule -// metadata: -// name: reviews-destination -// spec: -// host: reviews.prod.svc.cluster.local -// subsets: -// - name: v1 -// labels: -// version: v1 -// - name: v2 -// labels: -// version: v2 -// ``` -// {{}} -// {{}} // // Traffic can also be split across two entirely different services without // having to define new subsets. For example, the following rule forwards 25% of // traffic to reviews.com to dev.reviews.com // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: reviews-route-two-domains -// spec: -// hosts: -// - reviews.com -// http: -// - route: -// - destination: -// host: dev.reviews.com -// weight: 25 -// - destination: -// host: reviews.com -// weight: 75 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route-two-domains @@ -1286,8 +932,6 @@ message HTTPMatchRequest { // host: reviews.com // weight: 75 // ``` -// {{}} -// {{}} // message HTTPRouteDestination { // Destination uniquely identifies the instances of a service @@ -1396,10 +1040,8 @@ message TLSMatchAttributes { // requests for /v1/getProductRatings API on the ratings service to // /v1/bookRatings provided by the bookratings service. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1415,28 +1057,6 @@ message TLSMatchAttributes { // authority: newratings.default.svc.cluster.local // ... // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// redirect: -// uri: /v1/bookRatings -// authority: newratings.default.svc.cluster.local -// ... -// ``` -// {{}} -// {{}} // message HTTPRedirect { // On a redirect, overwrite the Path portion of the URL with this @@ -1476,10 +1096,8 @@ message HTTPRedirect { // For example, the following rule returns a fixed 503 status with a body // to requests for /v1/getProductRatings API. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1496,37 +1114,12 @@ message HTTPRedirect { // string: "unknown error" // ... // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "unknown error" -// ... -// ``` -// {{}} -// {{}} // // It is also possible to specify a binary response body. // This is mostly useful for non text-based protocols such as gRPC. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1543,63 +1136,13 @@ message HTTPRedirect { // bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 // ... // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// bytes: "dW5rbm93biBlcnJvcg==" # "unknown error" in base64 -// ... -// ``` -// {{}} -// {{}} // // It is good practice to add headers in the HTTPRoute // as well as the direct_response, for example to specify // the returned Content-Type. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// exact: /v1/getProductRatings -// directResponse: -// status: 503 -// body: -// string: "{\"error\": \"unknown error\"}" -// headers: -// response: -// set: -// content-type: "application/json" -// ... -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1620,8 +1163,6 @@ message HTTPRedirect { // content-type: "text/plain" // ... // ``` -// {{}} -// {{}} // message HTTPDirectResponse { // Specifies the HTTP response status to be returned. @@ -1648,10 +1189,8 @@ message HTTPBody { // demonstrates how to rewrite the URL prefix for api call (/ratings) to // ratings service before making the actual API call. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1669,30 +1208,6 @@ message HTTPBody { // host: ratings.prod.svc.cluster.local // subset: v1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - match: -// - uri: -// prefix: /ratings -// rewrite: -// uri: /v1/bookRatings -// route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// ``` -// {{}} -// {{}} // message HTTPRewrite { // rewrite the path (or the prefix) portion of the URI with this @@ -1708,7 +1223,7 @@ message HTTPRewrite { } message RegexRewrite { - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). string match = 1; // The string that should replace into matching portions of original URI. @@ -1725,8 +1240,8 @@ message RegexRewrite { string rewrite = 2; } -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. +// Describes how to match a given string in HTTP headers. `exact` and `prefix` matching is +// case-sensitive. `regex` matching supports case-insensitive matches. message StringMatch { oneof match_type { @@ -1736,7 +1251,9 @@ message StringMatch { // prefix-based match string prefix = 2; - // RE2 style regex-based match (https://github.com/google/re2/wiki/Syntax). + // [RE2 style regex-based match](https://github.com/google/re2/wiki/Syntax). + // + // Example: `(?i)^aaa$` can be used to case-insensitive match a string consisting of three a's. string regex = 3; } } @@ -1747,31 +1264,8 @@ message StringMatch { // A retry will be attempted if there is a connect-failure, refused_stream // or when the upstream server responds with Service Unavailable(503). // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// retries: -// attempts: 3 -// perTryTimeout: 2s -// retryOn: connect-failure,refused-stream,503 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1788,16 +1282,14 @@ message StringMatch { // perTryTimeout: 2s // retryOn: gateway-error,connect-failure,refused-stream // ``` -// {{}} -// {{}} -// message HTTPRetry { // Number of retries to be allowed for a given request. The interval // between retries will be determined automatically (25ms+). When request // `timeout` of the [HTTP route](https://istio.io/docs/reference/config/networking/virtual-service/#HTTPRoute) // or `per_try_timeout` is configured, the actual number of retries attempted also depends on - // the specified request `timeout` and `per_try_timeout` values. - int32 attempts = 1 [(google.api.field_behavior) = REQUIRED]; + // the specified request `timeout` and `per_try_timeout` values. MUST BE >= 0. If `0`, retries will be disabled. + // The maximum possible number of requests made will be 1 + `attempts`. + int32 attempts = 1; // Timeout per attempt for a given request, including the initial call and any retries. Format: 1h/1m/1s/1ms. MUST BE >=1ms. // Default is same value as request @@ -1807,9 +1299,15 @@ message HTTPRetry { // Specifies the conditions under which retry takes place. // One or more policies can be specified using a ‘,’ delimited list. - // If `retry_on` specifies a valid HTTP status, it will be added to retriable_status_codes retry policy. // See the [retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-on) // and [gRPC retry policies](https://www.envoyproxy.io/docs/envoy/latest/configuration/http/http_filters/router_filter#x-envoy-retry-grpc-on) for more details. + // + // In addition to the policies specified above, a list of HTTP status codes can be passed, such as `retryOn: "503,reset"`. + // Note these status codes refer to the actual responses received from the destination. + // For example, if a connection is reset, Istio will translate this to 503 for it's response. + // However, the destination did not return a 503 error, so this would not match `"503"` (it would, however, match `"reset"`). + // + // If not specified, this defaults to `connect-failure,refused-stream,unavailable,cancelled,503`. string retry_on = 3; // Flag to specify whether the retries should retry to other localities. @@ -1825,10 +1323,8 @@ message HTTPRetry { // `Access-Control-Allow-Credentials` header to false. In addition, it only // exposes `X-Foo-bar` header and sets an expiry period of 1 day. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -1851,35 +1347,6 @@ message HTTPRetry { // - X-Foo-Bar // maxAge: "24h" // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: VirtualService -// metadata: -// name: ratings-route -// spec: -// hosts: -// - ratings.prod.svc.cluster.local -// http: -// - route: -// - destination: -// host: ratings.prod.svc.cluster.local -// subset: v1 -// corsPolicy: -// allowOrigins: -// - exact: https://example.com -// allowMethods: -// - POST -// - GET -// allowCredentials: false -// allowHeaders: -// - X-Foo-Bar -// maxAge: "24h" -// ``` -// {{}} -// {{}} // message CorsPolicy { // The list of origins that are allowed to perform CORS requests. The @@ -1913,6 +1380,22 @@ message CorsPolicy { // (not the preflight) using credentials. Translates to // `Access-Control-Allow-Credentials` header. google.protobuf.BoolValue allow_credentials = 6; + + // Indicates whether preflight requests not matching the configured + // allowed origin shouldn't be forwarded to the upstream. + // Default is forward to upstream. + UnmatchedPreflights unmatched_preflights = 8; + + enum UnmatchedPreflights { + // Default to FORWARD + UNSPECIFIED = 0; + // Preflight requests not matching the configured allowed origin + // will be forwarded to the upstream. + FORWARD = 1; + // Preflight requests not matching the configured allowed origin + // will not be forwarded to the upstream. + IGNORE = 2; + } } // HTTPFaultInjection can be used to specify one or more faults to inject @@ -1937,10 +1420,8 @@ message HTTPFaultInjection { // in 1 out of every 1000 requests to the "v1" version of the "reviews" // service from all pods with label env: prod // - // {{}} - // {{}} // ```yaml - // apiVersion: networking.istio.io/v1alpha3 + // apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: reviews-route @@ -1961,33 +1442,6 @@ message HTTPFaultInjection { // value: 0.1 // fixedDelay: 5s // ``` - // {{}} - // - // {{}} - // ```yaml - // apiVersion: networking.istio.io/v1beta1 - // kind: VirtualService - // metadata: - // name: reviews-route - // spec: - // hosts: - // - reviews.prod.svc.cluster.local - // http: - // - match: - // - sourceLabels: - // env: prod - // route: - // - destination: - // host: reviews.prod.svc.cluster.local - // subset: v1 - // fault: - // delay: - // percentage: - // value: 0.1 - // fixedDelay: 5s - // ``` - // {{}} - // {{}} // // The _fixedDelay_ field is used to indicate the amount of delay in seconds. // The optional _percentage_ field can be used to only delay a certain @@ -2001,7 +1455,7 @@ message HTTPFaultInjection { oneof http_delay_type { // Add a fixed delay before forwarding the request. Format: // 1h/1m/1s/1ms. MUST be >=1ms. - google.protobuf.Duration fixed_delay = 2 [(google.api.field_behavior) = REQUIRED]; + google.protobuf.Duration fixed_delay = 2; // $hide_from_docs google.protobuf.Duration exponential_delay = 3 ; @@ -2016,32 +1470,8 @@ message HTTPFaultInjection { // pre-specified error code. The following example will return an HTTP 400 // error code for 1 out of every 1000 requests to the "ratings" service "v1". // - // {{}} - // {{}} - // ```yaml - // apiVersion: networking.istio.io/v1alpha3 - // kind: VirtualService - // metadata: - // name: ratings-route - // spec: - // hosts: - // - ratings.prod.svc.cluster.local - // http: - // - route: - // - destination: - // host: ratings.prod.svc.cluster.local - // subset: v1 - // fault: - // abort: - // percentage: - // value: 0.1 - // httpStatus: 400 - // ``` - // {{}} - // - // {{}} // ```yaml - // apiVersion: networking.istio.io/v1beta1 + // apiVersion: networking.istio.io/v1 // kind: VirtualService // metadata: // name: ratings-route @@ -2059,8 +1489,6 @@ message HTTPFaultInjection { // value: 0.1 // httpStatus: 400 // ``` - // {{}} - // {{}} // // The _httpStatus_ field is used to indicate the HTTP status code to // return to the caller. The optional _percentage_ field can be used to only @@ -2072,7 +1500,7 @@ message HTTPFaultInjection { oneof error_type { // HTTP status code to use to abort the Http request. - int32 http_status = 2 [(google.api.field_behavior) = REQUIRED]; + int32 http_status = 2; // GRPC status code to use to abort the request. The supported // codes are documented in https://github.com/grpc/grpc/blob/master/doc/statuscodes.md @@ -2090,9 +1518,6 @@ message HTTPFaultInjection { } } -// $hide_from_docs -// Hide this from doc until implemented. -// // HTTPMirrorPolicy can be used to specify the destinations to mirror HTTP traffic in addition // to the original destination. Mirrored traffic is on a // best effort basis where the sidecar/gateway will not wait for the @@ -2100,15 +1525,9 @@ message HTTPFaultInjection { // original destination. Statistics will be generated for the mirrored // destination. message HTTPMirrorPolicy { - // $hide_from_docs - // Hide this from doc until implemented. - // // Destination specifies the target of the mirror operation. Destination destination = 1 [(google.api.field_behavior) = REQUIRED]; - // $hide_from_docs - // Hide this from doc until implemented. - // // Percentage of the traffic to be mirrored by the `destination` field. // If this field is absent, all the traffic (100%) will be mirrored. // Max value is 100. diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_entry.gen.json b/vendor/istio.io/api/networking/v1alpha3/workload_entry.gen.json deleted file mode 100644 index 5ba666c1c..000000000 --- a/vendor/istio.io/api/networking/v1alpha3/workload_entry.gen.json +++ /dev/null @@ -1,51 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Configuration affecting VMs onboarded into the mesh.", - "version": "v1alpha3" - }, - "components": { - "schemas": { - "istio.networking.v1alpha3.WorkloadEntry": { - "description": "WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.", - "type": "object", - "properties": { - "address": { - "description": "Address associated with the network endpoint without the port. Domain names can be used if and only if the resolution is set to DNS, and must be fully-qualified without wildcards. Use the form unix:///absolute/path/to/socket for Unix domain socket endpoints. If address is empty, network must be specified.", - "type": "string" - }, - "ports": { - "description": "Set of ports associated with the endpoint. If the port map is specified, it must be a map of servicePortName to this endpoint's port, such that traffic to the service port will be forwarded to the endpoint port that maps to the service's portName. If omitted, and the targetPort is specified as part of the service's port specification, traffic to the service port will be forwarded to one of the endpoints on the specified `targetPort`. If both the targetPort and endpoint's port map are not specified, traffic to a service port will be forwarded to one of the endpoints on the same port.", - "type": "object", - "additionalProperties": { - "type": "integer" - } - }, - "labels": { - "description": "One or more labels associated with the endpoint.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "network": { - "description": "Network enables Istio to group endpoints resident in the same L3 domain/network. All endpoints in the same network are assumed to be directly reachable from one another. When endpoints in different networks cannot reach each other directly, an Istio Gateway can be used to establish connectivity (usually using the `AUTO_PASSTHROUGH` mode in a Gateway Server). This is an advanced configuration used typically for spanning an Istio mesh over multiple clusters. Required if address is not provided.", - "type": "string" - }, - "locality": { - "description": "The locality associated with the endpoint. A locality corresponds to a failure domain (e.g., country/region/zone). Arbitrary failure domain hierarchies can be represented by separating each encapsulating failure domain by /. For example, the locality of an an endpoint in US, in US-East-1 region, within availability zone az-1, in data center rack r11 can be represented as us/us-east-1/az-1/r11. Istio will configure the sidecar to route to endpoints within the same locality as the sidecar. If none of the endpoints in the locality are available, endpoints parent locality (but within the same network ID) will be chosen. For example, if there are two endpoints in same network (networkID \"n1\"), say e1 with locality us/us-east-1/az-1/r11 and e2 with locality us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality will prefer e1 from the same locality over e2 from a different locality. Endpoint e2 could be the IP associated with a gateway (that bridges networks n1 and n2), or the IP associated with a standard service endpoint.", - "type": "string" - }, - "weight": { - "description": "The load balancing weight associated with the endpoint. Endpoints with higher weights will receive proportionally higher traffic.", - "type": "integer" - }, - "serviceAccount": { - "description": "The service account associated with the workload if a sidecar is present in the workload. The service account must be present in the same namespace as the configuration ( WorkloadEntry or a ServiceEntry)", - "type": "string" - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.go b/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.go index cc5d5f9f1..0c6ee0de4 100644 --- a/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: networking/v1alpha3/workload_entry.proto @@ -47,10 +47,8 @@ // TLS and sent to sidecars on VMs on target port 8080, that in turn // forward it to the application on localhost on the same port. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-svc @@ -65,34 +63,11 @@ // app: details-legacy // instance-id: vm1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// {{}} -// {{}} // // and the associated service entry // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -110,30 +85,6 @@ // labels: // app: details-legacy // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// {{}} -// {{}} // // // The following example declares the same VM workload using @@ -142,29 +93,8 @@ // sidecars should dynamically resolve the DNS name at runtime before // forwarding the request. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-svc @@ -179,15 +109,11 @@ // app: details-legacy // instance-id: vm1 // ``` -// {{}} -// {{}} // // and the associated service entry // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -205,31 +131,6 @@ // labels: // app: details-legacy // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// {{}} -// {{}} -// // // The following example declares a VM workload without an address. // An alternative to having istiod read from remote API servers is @@ -238,24 +139,8 @@ // single `WorkloadEntry` with weights represent the aggregate of all // the actual workloads in a given remote network. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: foo-workloads-cluster-2 -// spec: -// serviceAccount: foo -// network: cluster-2-network -// labels: -// app: foo -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: foo-workloads-cluster-2 @@ -265,9 +150,6 @@ // labels: // app: foo // ``` -// {{}} -// {{}} -// package v1alpha3 @@ -289,8 +171,7 @@ const ( // // // // -// +// +kubebuilder:validation:XValidation:message="Address is required",rule="has(self.address) || has(self.network)" +// +kubebuilder:validation:XValidation:message="UDS may not include ports",rule="(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" type WorkloadEntry struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -323,6 +204,9 @@ type WorkloadEntry struct { // to DNS, and must be fully-qualified without wildcards. Use the form // unix:///absolute/path/to/socket for Unix domain socket endpoints. // If address is empty, network must be specified. + // +kubebuilder:validation:XValidation:message="UDS must be an absolute path or abstract socket",rule="self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + // +kubebuilder:validation:XValidation:message="UDS may not be a dir",rule="self.startsWith('unix://') ? !self.endsWith('/') : true" + // +kubebuilder:validation:MaxLength=256 Address string `protobuf:"bytes,1,opt,name=address,proto3" json:"address,omitempty"` // Set of ports associated with the endpoint. If the port map is // specified, it must be a map of servicePortName to this endpoint's @@ -338,8 +222,12 @@ type WorkloadEntry struct { // **NOTE 1:** Do not use for `unix://` addresses. // // **NOTE 2:** endpoint port map takes precedence over targetPort. + // +protoc-gen-crd:map-value-validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + // +kubebuilder:validation:MaxProperties=128 + // +kubebuilder:validation:XValidation:message="port name must be valid",rule="self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" Ports map[string]uint32 `protobuf:"bytes,2,rep,name=ports,proto3" json:"ports,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"varint,2,opt,name=value,proto3"` // One or more labels associated with the endpoint. + // +kubebuilder:validation:MaxProperties=256 Labels map[string]string `protobuf:"bytes,3,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Network enables Istio to group endpoints resident in the same L3 // domain/network. All endpoints in the same network are assumed to be @@ -349,6 +237,7 @@ type WorkloadEntry struct { // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is // an advanced configuration used typically for spanning an Istio mesh // over multiple clusters. Required if address is not provided. + // +kubebuilder:validation:MaxLength=2048 Network string `protobuf:"bytes,4,opt,name=network,proto3" json:"network,omitempty"` // The locality associated with the endpoint. A locality corresponds // to a failure domain (e.g., country/region/zone). Arbitrary failure @@ -367,6 +256,7 @@ type WorkloadEntry struct { // locality. Endpoint e2 could be the IP associated with a gateway // (that bridges networks n1 and n2), or the IP associated with a // standard service endpoint. + // +kubebuilder:validation:MaxLength=2048 Locality string `protobuf:"bytes,5,opt,name=locality,proto3" json:"locality,omitempty"` // The load balancing weight associated with the endpoint. Endpoints // with higher weights will receive proportionally higher traffic. @@ -375,16 +265,15 @@ type WorkloadEntry struct { // is present in the workload. The service account must be present // in the same namespace as the configuration ( WorkloadEntry or a // ServiceEntry) + // +kubebuilder:validation:MaxLength=253 ServiceAccount string `protobuf:"bytes,7,opt,name=service_account,json=serviceAccount,proto3" json:"service_account,omitempty"` } func (x *WorkloadEntry) Reset() { *x = WorkloadEntry{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_workload_entry_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_entry_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *WorkloadEntry) String() string { @@ -395,7 +284,7 @@ func (*WorkloadEntry) ProtoMessage() {} func (x *WorkloadEntry) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_workload_entry_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -512,7 +401,7 @@ func file_networking_v1alpha3_workload_entry_proto_rawDescGZIP() []byte { } var file_networking_v1alpha3_workload_entry_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_networking_v1alpha3_workload_entry_proto_goTypes = []interface{}{ +var file_networking_v1alpha3_workload_entry_proto_goTypes = []any{ (*WorkloadEntry)(nil), // 0: istio.networking.v1alpha3.WorkloadEntry nil, // 1: istio.networking.v1alpha3.WorkloadEntry.PortsEntry nil, // 2: istio.networking.v1alpha3.WorkloadEntry.LabelsEntry @@ -532,20 +421,6 @@ func file_networking_v1alpha3_workload_entry_proto_init() { if File_networking_v1alpha3_workload_entry_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_networking_v1alpha3_workload_entry_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadEntry); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.html b/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.html index e0a8eafa9..bcd16590e 100644 --- a/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/workload_entry.pb.html @@ -28,9 +28,7 @@ mesh. The HTTP traffic to this service is wrapped in Istio mutual TLS and sent to sidecars on VMs on target port 8080, that in turn forward it to the application on localhost on the same port.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: WorkloadEntry
     metadata:
       name: details-svc
    @@ -45,49 +43,8 @@
         app: details-legacy
         instance-id: vm1
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: WorkloadEntry
    -metadata:
    -  name: details-svc
    -spec:
    -  # use of the service account indicates that the workload has a
    -  # sidecar proxy bootstrapped with this service account. Pods with
    -  # sidecars will automatically communicate with the workload using
    -  # istio mutual TLS.
    -  serviceAccount: details-legacy
    -  address: 2.2.2.2
    -  labels:
    -    app: details-legacy
    -    instance-id: vm1
    -
    -

    {{}} -{{}}

    and the associated service entry

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: ServiceEntry
    -metadata:
    -  name: details-svc
    -spec:
    -  hosts:
    -  - details.bookinfo.com
    -  location: MESH_INTERNAL
    -  ports:
    -  - number: 80
    -    name: http
    -    protocol: HTTP
    -    targetPort: 8080
    -  resolution: STATIC
    -  workloadSelector:
    -    labels:
    -      app: details-legacy
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: details-svc
    @@ -105,16 +62,12 @@
         labels:
           app: details-legacy
     
    -

    {{}} -{{}}

    The following example declares the same VM workload using its fully qualified DNS name. The service entry’s resolution mode should be changed to DNS to indicate that the client-side sidecars should dynamically resolve the DNS name at runtime before forwarding the request.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: WorkloadEntry
     metadata:
       name: details-svc
    @@ -129,29 +82,8 @@
         app: details-legacy
         instance-id: vm1
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: WorkloadEntry
    -metadata:
    -  name: details-svc
    -spec:
    -  # use of the service account indicates that the workload has a
    -  # sidecar proxy bootstrapped with this service account. Pods with
    -  # sidecars will automatically communicate with the workload using
    -  # istio mutual TLS.
    -  serviceAccount: details-legacy
    -  address: vm1.vpc01.corp.net
    -  labels:
    -    app: details-legacy
    -    instance-id: vm1
    -
    -

    {{}} -{{}}

    and the associated service entry

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: ServiceEntry
     metadata:
       name: details-svc
    @@ -169,49 +101,13 @@
         labels:
           app: details-legacy
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: ServiceEntry
    -metadata:
    -  name: details-svc
    -spec:
    -  hosts:
    -  - details.bookinfo.com
    -  location: MESH_INTERNAL
    -  ports:
    -  - number: 80
    -    name: http
    -    protocol: HTTP
    -    targetPort: 8080
    -  resolution: DNS
    -  workloadSelector:
    -    labels:
    -      app: details-legacy
    -
    -

    {{}} -{{}}

    The following example declares a VM workload without an address. An alternative to having istiod read from remote API servers is to write a WorkloadEntry in the local cluster that represents the Workload(s) in the remote network with the given labels. A single WorkloadEntry with weights represent the aggregate of all the actual workloads in a given remote network.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    -kind: WorkloadEntry
    -metadata:
    -  name: foo-workloads-cluster-2
    -spec:
    -  serviceAccount: foo
    -  network: cluster-2-network
    -  labels:
    -    app: foo
    -
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    +
    apiVersion: networking.istio.io/v1
     kind: WorkloadEntry
     metadata:
       name: foo-workloads-cluster-2
    @@ -221,8 +117,6 @@
       labels:
         app: foo
     
    -

    {{}} -{{}}

    WorkloadEntry

    @@ -239,7 +133,7 @@

    WorkloadEntry

    - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + - + @@ -443,7 +407,7 @@

    WorkloadGroup.ObjectMeta

    - + - + - + @@ -57,11 +57,100 @@

    PortSelector

    - + + + + +
    NameDescription
    UNSPECIFIED +

    Default to FORWARD

    + +
    FORWARD +

    Preflight requests not matching the configured allowed origin +will be forwarded to the upstream.

    + +
    IGNORE +

    Preflight requests not matching the configured allowed origin +will not be forwarded to the upstream.

    +
    addressaddress string

    Address associated with the network endpoint without the @@ -254,7 +148,7 @@

    WorkloadEntry

    portsports map<string, uint32>

    Set of ports associated with the endpoint. If the port map is @@ -276,7 +170,7 @@

    WorkloadEntry

    labelslabels map<string, string>

    One or more labels associated with the endpoint.

    @@ -287,7 +181,7 @@

    WorkloadEntry

    networknetwork string

    Network enables Istio to group endpoints resident in the same L3 @@ -305,7 +199,7 @@

    WorkloadEntry

    localitylocality string

    The locality associated with the endpoint. A locality corresponds @@ -332,7 +226,7 @@

    WorkloadEntry

    weightweight uint32

    The load balancing weight associated with the endpoint. Endpoints @@ -344,7 +238,7 @@

    WorkloadEntry

    serviceAccountserviceAccount string

    The service account associated with the workload if a sidecar diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_entry.proto b/vendor/istio.io/api/networking/v1alpha3/workload_entry.proto index 2a13bc3ad..fe8df9aff 100644 --- a/vendor/istio.io/api/networking/v1alpha3/workload_entry.proto +++ b/vendor/istio.io/api/networking/v1alpha3/workload_entry.proto @@ -43,10 +43,8 @@ syntax = "proto3"; // TLS and sent to sidecars on VMs on target port 8080, that in turn // forward it to the application on localhost on the same port. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-svc @@ -61,56 +59,11 @@ syntax = "proto3"; // app: details-legacy // instance-id: vm1 // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: 2.2.2.2 -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// {{}} -// {{}} // // and the associated service entry // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: STATIC -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -128,8 +81,6 @@ syntax = "proto3"; // labels: // app: details-legacy // ``` -// {{}} -// {{}} // // // The following example declares the same VM workload using @@ -138,29 +89,8 @@ syntax = "proto3"; // sidecars should dynamically resolve the DNS name at runtime before // forwarding the request. // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: WorkloadEntry -// metadata: -// name: details-svc -// spec: -// # use of the service account indicates that the workload has a -// # sidecar proxy bootstrapped with this service account. Pods with -// # sidecars will automatically communicate with the workload using -// # istio mutual TLS. -// serviceAccount: details-legacy -// address: vm1.vpc01.corp.net -// labels: -// app: details-legacy -// instance-id: vm1 -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: details-svc @@ -175,37 +105,11 @@ syntax = "proto3"; // app: details-legacy // instance-id: vm1 // ``` -// {{}} -// {{}} // // and the associated service entry // -// {{}} -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1alpha3 -// kind: ServiceEntry -// metadata: -// name: details-svc -// spec: -// hosts: -// - details.bookinfo.com -// location: MESH_INTERNAL -// ports: -// - number: 80 -// name: http -// protocol: HTTP -// targetPort: 8080 -// resolution: DNS -// workloadSelector: -// labels: -// app: details-legacy -// ``` -// {{}} -// -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1beta1 +// apiVersion: networking.istio.io/v1 // kind: ServiceEntry // metadata: // name: details-svc @@ -223,9 +127,6 @@ syntax = "proto3"; // labels: // app: details-legacy // ``` -// {{}} -// {{}} -// // // The following example declares a VM workload without an address. // An alternative to having istiod read from remote API servers is @@ -234,10 +135,8 @@ syntax = "proto3"; // single `WorkloadEntry` with weights represent the aggregate of all // the actual workloads in a given remote network. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadEntry // metadata: // name: foo-workloads-cluster-2 @@ -247,23 +146,6 @@ syntax = "proto3"; // labels: // app: foo // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadEntry -// metadata: -// name: foo-workloads-cluster-2 -// spec: -// serviceAccount: foo -// network: cluster-2-network -// labels: -// app: foo -// ``` -// {{}} -// {{}} -// package istio.networking.v1alpha3; option go_package = "istio.io/api/networking/v1alpha3"; @@ -272,8 +154,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // // // -// +// +kubebuilder:validation:XValidation:message="Address is required",rule="has(self.address) || has(self.network)" +// +kubebuilder:validation:XValidation:message="UDS may not include ports",rule="(has(self.address) && self.address.startsWith('unix://')) ? !has(self.ports) : true" message WorkloadEntry { // Address associated with the network endpoint without the // port. Domain names can be used if and only if the resolution is set // to DNS, and must be fully-qualified without wildcards. Use the form // unix:///absolute/path/to/socket for Unix domain socket endpoints. // If address is empty, network must be specified. + // +kubebuilder:validation:XValidation:message="UDS must be an absolute path or abstract socket",rule="self.startsWith('unix://') ? (self.substring(7,8) == '/' || self.substring(7,8) == '@') : true" + // +kubebuilder:validation:XValidation:message="UDS may not be a dir",rule="self.startsWith('unix://') ? !self.endsWith('/') : true" + // +kubebuilder:validation:MaxLength=256 string address = 1; // Set of ports associated with the endpoint. If the port map is @@ -318,9 +202,13 @@ message WorkloadEntry { // **NOTE 1:** Do not use for `unix://` addresses. // // **NOTE 2:** endpoint port map takes precedence over targetPort. + // +protoc-gen-crd:map-value-validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" + // +kubebuilder:validation:MaxProperties=128 + // +kubebuilder:validation:XValidation:message="port name must be valid",rule="self.all(key, size(key) < 63 && key.matches('^[a-zA-Z0-9](?:[-a-zA-Z0-9]*[a-zA-Z0-9])?$'))" map ports = 2; // One or more labels associated with the endpoint. + // +kubebuilder:validation:MaxProperties=256 map labels = 3; // Network enables Istio to group endpoints resident in the same L3 @@ -331,6 +219,7 @@ message WorkloadEntry { // `AUTO_PASSTHROUGH` mode in a Gateway Server). This is // an advanced configuration used typically for spanning an Istio mesh // over multiple clusters. Required if address is not provided. + // +kubebuilder:validation:MaxLength=2048 string network = 4; // The locality associated with the endpoint. A locality corresponds @@ -350,6 +239,7 @@ message WorkloadEntry { // locality. Endpoint e2 could be the IP associated with a gateway // (that bridges networks n1 and n2), or the IP associated with a // standard service endpoint. + // +kubebuilder:validation:MaxLength=2048 string locality = 5; // The load balancing weight associated with the endpoint. Endpoints @@ -360,6 +250,7 @@ message WorkloadEntry { // is present in the workload. The service account must be present // in the same namespace as the configuration ( WorkloadEntry or a // ServiceEntry) + // +kubebuilder:validation:MaxLength=253 string service_account = 7; }; diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_group.gen.json b/vendor/istio.io/api/networking/v1alpha3/workload_group.gen.json deleted file mode 100644 index d7653fa05..000000000 --- a/vendor/istio.io/api/networking/v1alpha3/workload_group.gen.json +++ /dev/null @@ -1,250 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Describes a collection of workload instances.", - "version": "v1alpha3" - }, - "components": { - "schemas": { - "istio.networking.v1alpha3.ExecHealthCheckConfig": { - "type": "object", - "properties": { - "command": { - "description": "Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.", - "type": "array", - "items": { - "type": "string" - } - } - } - }, - "istio.networking.v1alpha3.HTTPHeader": { - "type": "object", - "properties": { - "name": { - "description": "The header field name", - "type": "string" - }, - "value": { - "description": "The header field value", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.HTTPHealthCheckConfig": { - "type": "object", - "properties": { - "path": { - "description": "Path to access on the HTTP server.", - "type": "string" - }, - "port": { - "description": "Port on which the endpoint lives.", - "type": "integer" - }, - "host": { - "description": "Host name to connect to, defaults to the pod IP. You probably want to set \"Host\" in httpHeaders instead.", - "type": "string" - }, - "scheme": { - "description": "HTTP or HTTPS, defaults to HTTP", - "type": "string" - }, - "httpHeaders": { - "description": "Headers the proxy will pass on to make the request. Allows repeated headers.", - "type": "array", - "items": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHeader" - } - } - } - }, - "istio.networking.v1alpha3.ReadinessProbe": { - "type": "object", - "properties": { - "initialDelaySeconds": { - "description": "Number of seconds after the container has started before readiness probes are initiated.", - "type": "integer", - "format": "int32" - }, - "timeoutSeconds": { - "description": "Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1 second.", - "type": "integer", - "format": "int32" - }, - "periodSeconds": { - "description": "How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1 second.", - "type": "integer", - "format": "int32" - }, - "successThreshold": { - "description": "Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1 second.", - "type": "integer", - "format": "int32" - }, - "failureThreshold": { - "description": "Minimum consecutive failures for the probe to be considered failed after having succeeded. Defaults to 3 seconds.", - "type": "integer", - "format": "int32" - } - }, - "oneOf": [ - { - "not": { - "anyOf": [ - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHealthCheckConfig" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPHealthCheckConfig" - } - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ExecHealthCheckConfig" - } - } - } - ] - } - }, - { - "required": [ - "httpGet" - ], - "properties": { - "httpGet": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.HTTPHealthCheckConfig" - } - } - }, - { - "required": [ - "tcpSocket" - ], - "properties": { - "tcpSocket": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.TCPHealthCheckConfig" - } - } - }, - { - "required": [ - "exec" - ], - "properties": { - "exec": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ExecHealthCheckConfig" - } - } - } - ] - }, - "istio.networking.v1alpha3.TCPHealthCheckConfig": { - "type": "object", - "properties": { - "host": { - "description": "Host to connect to, defaults to localhost", - "type": "string" - }, - "port": { - "description": "Port of host", - "type": "integer" - } - } - }, - "istio.networking.v1alpha3.WorkloadEntry": { - "description": "WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries.", - "type": "object", - "properties": { - "address": { - "description": "Address associated with the network endpoint without the port. Domain names can be used if and only if the resolution is set to DNS, and must be fully-qualified without wildcards. Use the form unix:///absolute/path/to/socket for Unix domain socket endpoints. If address is empty, network must be specified.", - "type": "string" - }, - "ports": { - "description": "Set of ports associated with the endpoint. If the port map is specified, it must be a map of servicePortName to this endpoint's port, such that traffic to the service port will be forwarded to the endpoint port that maps to the service's portName. If omitted, and the targetPort is specified as part of the service's port specification, traffic to the service port will be forwarded to one of the endpoints on the specified `targetPort`. If both the targetPort and endpoint's port map are not specified, traffic to a service port will be forwarded to one of the endpoints on the same port.", - "type": "object", - "additionalProperties": { - "type": "integer" - } - }, - "labels": { - "description": "One or more labels associated with the endpoint.", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "network": { - "description": "Network enables Istio to group endpoints resident in the same L3 domain/network. All endpoints in the same network are assumed to be directly reachable from one another. When endpoints in different networks cannot reach each other directly, an Istio Gateway can be used to establish connectivity (usually using the `AUTO_PASSTHROUGH` mode in a Gateway Server). This is an advanced configuration used typically for spanning an Istio mesh over multiple clusters. Required if address is not provided.", - "type": "string" - }, - "locality": { - "description": "The locality associated with the endpoint. A locality corresponds to a failure domain (e.g., country/region/zone). Arbitrary failure domain hierarchies can be represented by separating each encapsulating failure domain by /. For example, the locality of an an endpoint in US, in US-East-1 region, within availability zone az-1, in data center rack r11 can be represented as us/us-east-1/az-1/r11. Istio will configure the sidecar to route to endpoints within the same locality as the sidecar. If none of the endpoints in the locality are available, endpoints parent locality (but within the same network ID) will be chosen. For example, if there are two endpoints in same network (networkID \"n1\"), say e1 with locality us/us-east-1/az-1/r11 and e2 with locality us/us-east-1/az-2/r12, a sidecar from us/us-east-1/az-1/r11 locality will prefer e1 from the same locality over e2 from a different locality. Endpoint e2 could be the IP associated with a gateway (that bridges networks n1 and n2), or the IP associated with a standard service endpoint.", - "type": "string" - }, - "weight": { - "description": "The load balancing weight associated with the endpoint. Endpoints with higher weights will receive proportionally higher traffic.", - "type": "integer" - }, - "serviceAccount": { - "description": "The service account associated with the workload if a sidecar is present in the workload. The service account must be present in the same namespace as the configuration ( WorkloadEntry or a ServiceEntry)", - "type": "string" - } - } - }, - "istio.networking.v1alpha3.WorkloadGroup": { - "description": "`WorkloadGroup` enables specifying the properties of a single workload for bootstrap and provides a template for `WorkloadEntry`, similar to how `Deployment` specifies properties of workloads via `Pod` templates. A `WorkloadGroup` can have more than one `WorkloadEntry`. `WorkloadGroup` has no relationship to resources which control service registry like `ServiceEntry` and as such doesn't configure host name for these workloads.", - "type": "object", - "properties": { - "metadata": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.WorkloadGroup.ObjectMeta" - }, - "template": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.WorkloadEntry" - }, - "probe": { - "$ref": "#/components/schemas/istio.networking.v1alpha3.ReadinessProbe" - } - } - }, - "istio.networking.v1alpha3.WorkloadGroup.ObjectMeta": { - "description": "`ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. It is a subset of the supported Kubernetes metadata.", - "type": "object", - "properties": { - "labels": { - "description": "Labels to attach", - "type": "object", - "additionalProperties": { - "type": "string" - } - }, - "annotations": { - "description": "Annotations to attach", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.go b/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.go index b310834ca..4ee8ff02e 100644 --- a/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.go +++ b/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: networking/v1alpha3/workload_group.proto @@ -38,10 +38,8 @@ // will be associated with the workload group and use service account `default`. // `app.kubernetes.io/version` is just an arbitrary example of a label. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadGroup // metadata: // name: reviews @@ -71,42 +69,6 @@ // - name: Lit-Header // value: Im-The-Best // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadGroup -// metadata: -// name: reviews -// namespace: bookinfo -// spec: -// metadata: -// labels: -// app.kubernetes.io/name: reviews -// app.kubernetes.io/version: "1.3.4" -// template: -// ports: -// grpc: 3550 -// http: 8080 -// serviceAccount: default -// probe: -// initialDelaySeconds: 5 -// timeoutSeconds: 3 -// periodSeconds: 4 -// successThreshold: 3 -// failureThreshold: 3 -// httpGet: -// path: /foo/bar -// host: 127.0.0.1 -// port: 3100 -// scheme: HTTPS -// httpHeaders: -// - name: Lit-Header -// value: Im-The-Best -// ``` -// {{}} -// {{}} // package v1alpha3 @@ -134,8 +96,7 @@ const ( // // // // -// type WorkloadGroup struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -169,6 +128,7 @@ type WorkloadGroup struct { // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the // specified service account's token. Workload entries in this group will be in the same namespace as the // workload group, and inherit the labels and annotations from the above `metadata` field. + // +protoc-gen-crd:validation:IgnoreSubValidation:["Address is required"] Template *WorkloadEntry `protobuf:"bytes,2,opt,name=template,proto3" json:"template,omitempty"` // `ReadinessProbe` describes the configuration the user must provide for healthchecking on their workload. // This configuration mirrors K8S in both syntax and logic for the most part. @@ -177,11 +137,9 @@ type WorkloadGroup struct { func (x *WorkloadGroup) Reset() { *x = WorkloadGroup{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *WorkloadGroup) String() string { @@ -192,7 +150,7 @@ func (*WorkloadGroup) ProtoMessage() {} func (x *WorkloadGroup) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -234,18 +192,23 @@ type ReadinessProbe struct { unknownFields protoimpl.UnknownFields // Number of seconds after the container has started before readiness probes are initiated. + // +kubebuilder:validation:Minimum=0 InitialDelaySeconds int32 `protobuf:"varint,2,opt,name=initial_delay_seconds,json=initialDelaySeconds,proto3" json:"initial_delay_seconds,omitempty"` // Number of seconds after which the probe times out. // Defaults to 1 second. Minimum value is 1 second. + // +kubebuilder:validation:Minimum=0 TimeoutSeconds int32 `protobuf:"varint,3,opt,name=timeout_seconds,json=timeoutSeconds,proto3" json:"timeout_seconds,omitempty"` // How often (in seconds) to perform the probe. // Default to 10 seconds. Minimum value is 1 second. + // +kubebuilder:validation:Minimum=0 PeriodSeconds int32 `protobuf:"varint,4,opt,name=period_seconds,json=periodSeconds,proto3" json:"period_seconds,omitempty"` // Minimum consecutive successes for the probe to be considered successful after having failed. // Defaults to 1 second. + // +kubebuilder:validation:Minimum=0 SuccessThreshold int32 `protobuf:"varint,5,opt,name=success_threshold,json=successThreshold,proto3" json:"success_threshold,omitempty"` // Minimum consecutive failures for the probe to be considered failed after having succeeded. // Defaults to 3 seconds. + // +kubebuilder:validation:Minimum=0 FailureThreshold int32 `protobuf:"varint,6,opt,name=failure_threshold,json=failureThreshold,proto3" json:"failure_threshold,omitempty"` // Users can only provide one configuration for healthchecks (tcp, http, exec), // and this is expressed as a oneof. All of the other configuration values @@ -261,11 +224,9 @@ type ReadinessProbe struct { func (x *ReadinessProbe) Reset() { *x = ReadinessProbe{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ReadinessProbe) String() string { @@ -276,7 +237,7 @@ func (*ReadinessProbe) ProtoMessage() {} func (x *ReadinessProbe) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -388,11 +349,13 @@ type HTTPHealthCheckConfig struct { // Path to access on the HTTP server. Path string `protobuf:"bytes,1,opt,name=path,proto3" json:"path,omitempty"` // Port on which the endpoint lives. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` // Host name to connect to, defaults to the pod IP. You probably want to set // "Host" in httpHeaders instead. Host string `protobuf:"bytes,3,opt,name=host,proto3" json:"host,omitempty"` // HTTP or HTTPS, defaults to HTTP + // +kubebuilder:validation:XValidation:message="scheme must be one of [HTTP, HTTPS]",rule="self in [”, 'HTTP', 'HTTPS']" Scheme string `protobuf:"bytes,4,opt,name=scheme,proto3" json:"scheme,omitempty"` // Headers the proxy will pass on to make the request. // Allows repeated headers. @@ -401,11 +364,9 @@ type HTTPHealthCheckConfig struct { func (x *HTTPHealthCheckConfig) Reset() { *x = HTTPHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPHealthCheckConfig) String() string { @@ -416,7 +377,7 @@ func (*HTTPHealthCheckConfig) ProtoMessage() {} func (x *HTTPHealthCheckConfig) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -472,6 +433,7 @@ type HTTPHeader struct { unknownFields protoimpl.UnknownFields // The header field name + // +kubebuilder:validation:Pattern=^[-_A-Za-z0-9]+$ Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"` // The header field value Value string `protobuf:"bytes,2,opt,name=value,proto3" json:"value,omitempty"` @@ -479,11 +441,9 @@ type HTTPHeader struct { func (x *HTTPHeader) Reset() { *x = HTTPHeader{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[3] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[3] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *HTTPHeader) String() string { @@ -494,7 +454,7 @@ func (*HTTPHeader) ProtoMessage() {} func (x *HTTPHeader) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[3] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -531,16 +491,15 @@ type TCPHealthCheckConfig struct { // Host to connect to, defaults to localhost Host string `protobuf:"bytes,1,opt,name=host,proto3" json:"host,omitempty"` // Port of host + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" Port uint32 `protobuf:"varint,2,opt,name=port,proto3" json:"port,omitempty"` } func (x *TCPHealthCheckConfig) Reset() { *x = TCPHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[4] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[4] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *TCPHealthCheckConfig) String() string { @@ -551,7 +510,7 @@ func (*TCPHealthCheckConfig) ProtoMessage() {} func (x *TCPHealthCheckConfig) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[4] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -586,16 +545,15 @@ type ExecHealthCheckConfig struct { unknownFields protoimpl.UnknownFields // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. + // +protoc-gen-crd:list-value-validation:MinLength=1 Command []string `protobuf:"bytes,1,rep,name=command,proto3" json:"command,omitempty"` } func (x *ExecHealthCheckConfig) Reset() { *x = ExecHealthCheckConfig{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[5] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[5] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *ExecHealthCheckConfig) String() string { @@ -606,7 +564,7 @@ func (*ExecHealthCheckConfig) ProtoMessage() {} func (x *ExecHealthCheckConfig) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[5] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -636,18 +594,18 @@ type WorkloadGroup_ObjectMeta struct { unknownFields protoimpl.UnknownFields // Labels to attach + // +kubebuilder:validation:MaxProperties=256 Labels map[string]string `protobuf:"bytes,1,rep,name=labels,proto3" json:"labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` // Annotations to attach + // +kubebuilder:validation:MaxProperties=256 Annotations map[string]string `protobuf:"bytes,2,rep,name=annotations,proto3" json:"annotations,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *WorkloadGroup_ObjectMeta) Reset() { *x = WorkloadGroup_ObjectMeta{} - if protoimpl.UnsafeEnabled { - mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[6] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[6] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *WorkloadGroup_ObjectMeta) String() string { @@ -658,7 +616,7 @@ func (*WorkloadGroup_ObjectMeta) ProtoMessage() {} func (x *WorkloadGroup_ObjectMeta) ProtoReflect() protoreflect.Message { mi := &file_networking_v1alpha3_workload_group_proto_msgTypes[6] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -699,99 +657,99 @@ var file_networking_v1alpha3_workload_group_proto_rawDesc = []byte{ 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x1a, 0x28, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2f, 0x77, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x5f, 0x65, 0x6e, 0x74, 0x72, 0x79, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x22, 0xb7, 0x04, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, + 0x22, 0xb8, 0x04, 0x0a, 0x0d, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x4f, 0x0a, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, 0x61, 0x74, 0x61, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x33, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x52, 0x08, 0x6d, 0x65, 0x74, 0x61, 0x64, - 0x61, 0x74, 0x61, 0x12, 0x49, 0x0a, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, + 0x61, 0x74, 0x61, 0x12, 0x4a, 0x0a, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x28, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x42, - 0x03, 0xe0, 0x41, 0x02, 0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, 0x3f, - 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, - 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x1a, - 0xc8, 0x02, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, 0x57, - 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3f, + 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x08, 0x74, 0x65, 0x6d, 0x70, 0x6c, 0x61, 0x74, 0x65, 0x12, + 0x3f, 0x0a, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, 0x18, 0x03, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x29, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, - 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, - 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, - 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x66, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x69, - 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, - 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, - 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, - 0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, - 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, - 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, 0x6e, - 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, - 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, - 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xee, 0x03, 0x0a, 0x0e, 0x52, - 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x32, 0x0a, - 0x15, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, 0x73, - 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, 0x6e, - 0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, - 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, 0x63, - 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, 0x65, - 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, 0x65, - 0x72, 0x69, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x04, 0x20, 0x01, - 0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, - 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, 0x72, - 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, 0x75, - 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x2b, - 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, 0x68, - 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, 0x75, - 0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x4d, 0x0a, 0x08, 0x68, - 0x74, 0x74, 0x70, 0x5f, 0x67, 0x65, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x52, 0x65, 0x61, 0x64, 0x69, + 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x52, 0x05, 0x70, 0x72, 0x6f, 0x62, 0x65, + 0x1a, 0xc8, 0x02, 0x0a, 0x0a, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, 0x74, 0x61, 0x12, + 0x57, 0x0a, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x3f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, + 0x6c, 0x6f, 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, + 0x4d, 0x65, 0x74, 0x61, 0x2e, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x06, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x12, 0x66, 0x0a, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, + 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x44, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, - 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, - 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, - 0x00, 0x52, 0x07, 0x68, 0x74, 0x74, 0x70, 0x47, 0x65, 0x74, 0x12, 0x50, 0x0a, 0x0a, 0x74, 0x63, - 0x70, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x2f, + 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, + 0x61, 0x64, 0x47, 0x72, 0x6f, 0x75, 0x70, 0x2e, 0x4f, 0x62, 0x6a, 0x65, 0x63, 0x74, 0x4d, 0x65, + 0x74, 0x61, 0x2e, 0x41, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, + 0x74, 0x72, 0x79, 0x52, 0x0b, 0x61, 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, + 0x1a, 0x39, 0x0a, 0x0b, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x3e, 0x0a, 0x10, 0x41, + 0x6e, 0x6e, 0x6f, 0x74, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, + 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, + 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, + 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xee, 0x03, 0x0a, 0x0e, + 0x52, 0x65, 0x61, 0x64, 0x69, 0x6e, 0x65, 0x73, 0x73, 0x50, 0x72, 0x6f, 0x62, 0x65, 0x12, 0x32, + 0x0a, 0x15, 0x69, 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x5f, 0x64, 0x65, 0x6c, 0x61, 0x79, 0x5f, + 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x02, 0x20, 0x01, 0x28, 0x05, 0x52, 0x13, 0x69, + 0x6e, 0x69, 0x74, 0x69, 0x61, 0x6c, 0x44, 0x65, 0x6c, 0x61, 0x79, 0x53, 0x65, 0x63, 0x6f, 0x6e, + 0x64, 0x73, 0x12, 0x27, 0x0a, 0x0f, 0x74, 0x69, 0x6d, 0x65, 0x6f, 0x75, 0x74, 0x5f, 0x73, 0x65, + 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x03, 0x20, 0x01, 0x28, 0x05, 0x52, 0x0e, 0x74, 0x69, 0x6d, + 0x65, 0x6f, 0x75, 0x74, 0x53, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x12, 0x25, 0x0a, 0x0e, 0x70, + 0x65, 0x72, 0x69, 0x6f, 0x64, 0x5f, 0x73, 0x65, 0x63, 0x6f, 0x6e, 0x64, 0x73, 0x18, 0x04, 0x20, + 0x01, 0x28, 0x05, 0x52, 0x0d, 0x70, 0x65, 0x72, 0x69, 0x6f, 0x64, 0x53, 0x65, 0x63, 0x6f, 0x6e, + 0x64, 0x73, 0x12, 0x2b, 0x0a, 0x11, 0x73, 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x5f, 0x74, 0x68, + 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x05, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x73, + 0x75, 0x63, 0x63, 0x65, 0x73, 0x73, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, + 0x2b, 0x0a, 0x11, 0x66, 0x61, 0x69, 0x6c, 0x75, 0x72, 0x65, 0x5f, 0x74, 0x68, 0x72, 0x65, 0x73, + 0x68, 0x6f, 0x6c, 0x64, 0x18, 0x06, 0x20, 0x01, 0x28, 0x05, 0x52, 0x10, 0x66, 0x61, 0x69, 0x6c, + 0x75, 0x72, 0x65, 0x54, 0x68, 0x72, 0x65, 0x73, 0x68, 0x6f, 0x6c, 0x64, 0x12, 0x4d, 0x0a, 0x08, + 0x68, 0x74, 0x74, 0x70, 0x5f, 0x67, 0x65, 0x74, 0x18, 0x07, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, - 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x43, 0x50, 0x48, 0x65, - 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, - 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x46, 0x0a, 0x04, - 0x65, 0x78, 0x65, 0x63, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, 0x74, - 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, - 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, 0x74, - 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, 0x04, - 0x65, 0x78, 0x65, 0x63, 0x42, 0x15, 0x0a, 0x13, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, 0x63, - 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0xba, 0x01, 0x0a, 0x15, - 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, - 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, 0x20, - 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x17, 0x0a, 0x04, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x04, 0x70, 0x6f, - 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, - 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, 0x12, 0x48, - 0x0a, 0x0c, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x18, 0x05, - 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, - 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, - 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x0b, 0x68, 0x74, 0x74, - 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x36, 0x0a, 0x0a, 0x48, 0x54, 0x54, 0x50, - 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, - 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x22, 0x43, 0x0a, 0x14, 0x54, 0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, - 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x17, 0x0a, 0x04, - 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, - 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x31, 0x0a, 0x15, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, - 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x18, - 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x03, 0x28, 0x09, 0x52, - 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, - 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, - 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, - 0x6f, 0x74, 0x6f, 0x33, + 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x48, 0x00, 0x52, 0x07, 0x68, 0x74, 0x74, 0x70, 0x47, 0x65, 0x74, 0x12, 0x50, 0x0a, 0x0a, 0x74, + 0x63, 0x70, 0x5f, 0x73, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x18, 0x08, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x2f, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, + 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x54, 0x43, 0x50, 0x48, + 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, + 0x48, 0x00, 0x52, 0x09, 0x74, 0x63, 0x70, 0x53, 0x6f, 0x63, 0x6b, 0x65, 0x74, 0x12, 0x46, 0x0a, + 0x04, 0x65, 0x78, 0x65, 0x63, 0x18, 0x09, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x30, 0x2e, 0x69, 0x73, + 0x74, 0x69, 0x6f, 0x2e, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, + 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x33, 0x2e, 0x45, 0x78, 0x65, 0x63, 0x48, 0x65, 0x61, 0x6c, + 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x48, 0x00, 0x52, + 0x04, 0x65, 0x78, 0x65, 0x63, 0x42, 0x15, 0x0a, 0x13, 0x68, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x5f, + 0x63, 0x68, 0x65, 0x63, 0x6b, 0x5f, 0x6d, 0x65, 0x74, 0x68, 0x6f, 0x64, 0x22, 0xbb, 0x01, 0x0a, + 0x15, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, + 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x70, 0x61, 0x74, 0x68, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x70, 0x61, 0x74, 0x68, 0x12, 0x18, 0x0a, 0x04, 0x70, 0x6f, + 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, + 0x70, 0x6f, 0x72, 0x74, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x18, 0x03, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x16, 0x0a, 0x06, 0x73, 0x63, 0x68, 0x65, + 0x6d, 0x65, 0x18, 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x65, + 0x12, 0x48, 0x0a, 0x0c, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x68, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, + 0x18, 0x05, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x6e, + 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x33, 0x2e, 0x48, 0x54, 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x52, 0x0b, 0x68, + 0x74, 0x74, 0x70, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x73, 0x22, 0x36, 0x0a, 0x0a, 0x48, 0x54, + 0x54, 0x50, 0x48, 0x65, 0x61, 0x64, 0x65, 0x72, 0x12, 0x12, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x6e, 0x61, 0x6d, 0x65, 0x12, 0x14, 0x0a, 0x05, + 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x22, 0x44, 0x0a, 0x14, 0x54, 0x43, 0x50, 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, + 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x12, 0x12, 0x0a, 0x04, 0x68, 0x6f, + 0x73, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x04, 0x68, 0x6f, 0x73, 0x74, 0x12, 0x18, + 0x0a, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0d, 0x42, 0x04, 0xe2, 0x41, + 0x01, 0x02, 0x52, 0x04, 0x70, 0x6f, 0x72, 0x74, 0x22, 0x37, 0x0a, 0x15, 0x45, 0x78, 0x65, 0x63, + 0x48, 0x65, 0x61, 0x6c, 0x74, 0x68, 0x43, 0x68, 0x65, 0x63, 0x6b, 0x43, 0x6f, 0x6e, 0x66, 0x69, + 0x67, 0x12, 0x1e, 0x0a, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, 0x64, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x07, 0x63, 0x6f, 0x6d, 0x6d, 0x61, 0x6e, + 0x64, 0x42, 0x22, 0x5a, 0x20, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, + 0x69, 0x2f, 0x6e, 0x65, 0x74, 0x77, 0x6f, 0x72, 0x6b, 0x69, 0x6e, 0x67, 0x2f, 0x76, 0x31, 0x61, + 0x6c, 0x70, 0x68, 0x61, 0x33, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -807,7 +765,7 @@ func file_networking_v1alpha3_workload_group_proto_rawDescGZIP() []byte { } var file_networking_v1alpha3_workload_group_proto_msgTypes = make([]protoimpl.MessageInfo, 9) -var file_networking_v1alpha3_workload_group_proto_goTypes = []interface{}{ +var file_networking_v1alpha3_workload_group_proto_goTypes = []any{ (*WorkloadGroup)(nil), // 0: istio.networking.v1alpha3.WorkloadGroup (*ReadinessProbe)(nil), // 1: istio.networking.v1alpha3.ReadinessProbe (*HTTPHealthCheckConfig)(nil), // 2: istio.networking.v1alpha3.HTTPHealthCheckConfig @@ -842,93 +800,7 @@ func file_networking_v1alpha3_workload_group_proto_init() { return } file_networking_v1alpha3_workload_entry_proto_init() - if !protoimpl.UnsafeEnabled { - file_networking_v1alpha3_workload_group_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadGroup); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_workload_group_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ReadinessProbe); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_workload_group_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_workload_group_proto_msgTypes[3].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HTTPHeader); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_workload_group_proto_msgTypes[4].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TCPHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_workload_group_proto_msgTypes[5].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ExecHealthCheckConfig); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_networking_v1alpha3_workload_group_proto_msgTypes[6].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadGroup_ObjectMeta); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } - file_networking_v1alpha3_workload_group_proto_msgTypes[1].OneofWrappers = []interface{}{ + file_networking_v1alpha3_workload_group_proto_msgTypes[1].OneofWrappers = []any{ (*ReadinessProbe_HttpGet)(nil), (*ReadinessProbe_TcpSocket)(nil), (*ReadinessProbe_Exec)(nil), diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.html b/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.html index 049d79181..e6b333696 100644 --- a/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.html +++ b/vendor/istio.io/api/networking/v1alpha3/workload_group.pb.html @@ -20,9 +20,7 @@ instance during the bootstrap process, and the ports 3550 and 8080 will be associated with the workload group and use service account default. app.kubernetes.io/version is just an arbitrary example of a label.

    -

    {{}} -{{}}

    -
    apiVersion: networking.istio.io/v1alpha3
    +
    apiVersion: networking.istio.io/v1
     kind: WorkloadGroup
     metadata:
       name: reviews
    @@ -52,40 +50,6 @@
          - name: Lit-Header
            value: Im-The-Best
     
    -

    {{}}

    -

    {{}}

    -
    apiVersion: networking.istio.io/v1beta1
    -kind: WorkloadGroup
    -metadata:
    -  name: reviews
    -  namespace: bookinfo
    -spec:
    -  metadata:
    -    labels:
    -      app.kubernetes.io/name: reviews
    -      app.kubernetes.io/version: "1.3.4"
    -  template:
    -    ports:
    -      grpc: 3550
    -      http: 8080
    -    serviceAccount: default
    -  probe:
    -    initialDelaySeconds: 5
    -    timeoutSeconds: 3
    -    periodSeconds: 4
    -    successThreshold: 3
    -    failureThreshold: 3
    -    httpGet:
    -     path: /foo/bar
    -     host: 127.0.0.1
    -     port: 3100
    -     scheme: HTTPS
    -     httpHeaders:
    -     - name: Lit-Header
    -       value: Im-The-Best
    -
    -

    {{}} -{{}}

    WorkloadGroup

    @@ -106,7 +70,7 @@

    WorkloadGroup

    metadatametadata ObjectMeta

    Metadata that will be used for all corresponding WorkloadEntries. @@ -118,7 +82,7 @@

    WorkloadGroup

    templatetemplate WorkloadEntry

    Template to be used for the generation of WorkloadEntry resources that belong to this WorkloadGroup. @@ -133,7 +97,7 @@

    WorkloadGroup

    probeprobe ReadinessProbe

    ReadinessProbe describes the configuration the user must provide for healthchecking on their workload. @@ -160,7 +124,7 @@

    ReadinessProbe

    initialDelaySecondsinitialDelaySeconds int32

    Number of seconds after the container has started before readiness probes are initiated.

    @@ -171,7 +135,7 @@

    ReadinessProbe

    timeoutSecondstimeoutSeconds int32

    Number of seconds after which the probe times out. @@ -183,7 +147,7 @@

    ReadinessProbe

    periodSecondsperiodSeconds int32

    How often (in seconds) to perform the probe. @@ -195,7 +159,7 @@

    ReadinessProbe

    successThresholdsuccessThreshold int32

    Minimum consecutive successes for the probe to be considered successful after having failed. @@ -207,7 +171,7 @@

    ReadinessProbe

    failureThresholdfailureThreshold int32

    Minimum consecutive failures for the probe to be considered failed after having succeeded. @@ -219,7 +183,7 @@

    ReadinessProbe

    httpGethttpGet HTTPHealthCheckConfig (oneof)

    httpGet is performed to a given endpoint @@ -231,7 +195,7 @@

    ReadinessProbe

    tcpSockettcpSocket TCPHealthCheckConfig (oneof)

    Health is determined by if the proxy is able to connect.

    @@ -242,7 +206,7 @@

    ReadinessProbe

    execexec ExecHealthCheckConfig (oneof)

    Health is determined by how the command that is executed exited.

    @@ -268,7 +232,7 @@

    HTTPHealthCheckConfig

    pathpath string

    Path to access on the HTTP server.

    @@ -279,7 +243,7 @@

    HTTPHealthCheckConfig

    portport uint32

    Port on which the endpoint lives.

    @@ -290,7 +254,7 @@

    HTTPHealthCheckConfig

    hosthost string

    Host name to connect to, defaults to the pod IP. You probably want to set @@ -302,7 +266,7 @@

    HTTPHealthCheckConfig

    schemescheme string

    HTTP or HTTPS, defaults to HTTP

    @@ -313,7 +277,7 @@

    HTTPHealthCheckConfig

    httpHeadershttpHeaders HTTPHeader[]

    Headers the proxy will pass on to make the request. @@ -340,7 +304,7 @@

    HTTPHeader

    namename string

    The header field name

    @@ -351,7 +315,7 @@

    HTTPHeader

    valuevalue string

    The header field value

    @@ -377,7 +341,7 @@

    TCPHealthCheckConfig

    hosthost string

    Host to connect to, defaults to localhost

    @@ -388,7 +352,7 @@

    TCPHealthCheckConfig

    portport uint32

    Port of host

    @@ -414,14 +378,14 @@

    ExecHealthCheckConfig

    commandcommand string[]

    Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy.

    -No +Yes
    labelslabels map<string, string>

    Labels to attach

    @@ -454,7 +418,7 @@

    WorkloadGroup.ObjectMeta

    annotationsannotations map<string, string>

    Annotations to attach

    diff --git a/vendor/istio.io/api/networking/v1alpha3/workload_group.proto b/vendor/istio.io/api/networking/v1alpha3/workload_group.proto index eb199255a..6fa4f1bd7 100644 --- a/vendor/istio.io/api/networking/v1alpha3/workload_group.proto +++ b/vendor/istio.io/api/networking/v1alpha3/workload_group.proto @@ -37,10 +37,8 @@ import "networking/v1alpha3/workload_entry.proto"; // will be associated with the workload group and use service account `default`. // `app.kubernetes.io/version` is just an arbitrary example of a label. // -// {{}} -// {{}} // ```yaml -// apiVersion: networking.istio.io/v1alpha3 +// apiVersion: networking.istio.io/v1 // kind: WorkloadGroup // metadata: // name: reviews @@ -70,42 +68,6 @@ import "networking/v1alpha3/workload_entry.proto"; // - name: Lit-Header // value: Im-The-Best // ``` -// {{}} -// -// {{}} -// ```yaml -// apiVersion: networking.istio.io/v1beta1 -// kind: WorkloadGroup -// metadata: -// name: reviews -// namespace: bookinfo -// spec: -// metadata: -// labels: -// app.kubernetes.io/name: reviews -// app.kubernetes.io/version: "1.3.4" -// template: -// ports: -// grpc: 3550 -// http: 8080 -// serviceAccount: default -// probe: -// initialDelaySeconds: 5 -// timeoutSeconds: 3 -// periodSeconds: 4 -// successThreshold: 3 -// failureThreshold: 3 -// httpGet: -// path: /foo/bar -// host: 127.0.0.1 -// port: 3100 -// scheme: HTTPS -// httpHeaders: -// - name: Lit-Header -// value: Im-The-Best -// ``` -// {{}} -// {{}} // package istio.networking.v1alpha3; @@ -119,8 +81,7 @@ option go_package = "istio.io/api/networking/v1alpha3"; // // // // -// message WorkloadGroup { // Metadata that will be used for all corresponding `WorkloadEntries`. // User labels for a workload group should be set here in `metadata` rather than in `template`. @@ -151,15 +110,18 @@ message WorkloadGroup { // should default to `default`. The workload identities (mTLS certificates) will be bootstrapped using the // specified service account's token. Workload entries in this group will be in the same namespace as the // workload group, and inherit the labels and annotations from the above `metadata` field. + // +protoc-gen-crd:validation:IgnoreSubValidation:["Address is required"] WorkloadEntry template = 2 [(google.api.field_behavior) = REQUIRED]; // `ObjectMeta` describes metadata that will be attached to a `WorkloadEntry`. // It is a subset of the supported Kubernetes metadata. message ObjectMeta { // Labels to attach + // +kubebuilder:validation:MaxProperties=256 map labels = 1; // Annotations to attach + // +kubebuilder:validation:MaxProperties=256 map annotations = 2; } @@ -169,24 +131,28 @@ message WorkloadGroup { } message ReadinessProbe { - // Number of seconds after the container has started before readiness probes are initiated. + // +kubebuilder:validation:Minimum=0 int32 initial_delay_seconds = 2; // Number of seconds after which the probe times out. // Defaults to 1 second. Minimum value is 1 second. + // +kubebuilder:validation:Minimum=0 int32 timeout_seconds = 3; // How often (in seconds) to perform the probe. // Default to 10 seconds. Minimum value is 1 second. + // +kubebuilder:validation:Minimum=0 int32 period_seconds = 4; // Minimum consecutive successes for the probe to be considered successful after having failed. // Defaults to 1 second. + // +kubebuilder:validation:Minimum=0 int32 success_threshold = 5; // Minimum consecutive failures for the probe to be considered failed after having succeeded. // Defaults to 3 seconds. + // +kubebuilder:validation:Minimum=0 int32 failure_threshold = 6; // Users can only provide one configuration for healthchecks (tcp, http, exec), @@ -208,6 +174,7 @@ message HTTPHealthCheckConfig { string path = 1; // Port on which the endpoint lives. + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" uint32 port = 2 [(google.api.field_behavior) = REQUIRED]; // Host name to connect to, defaults to the pod IP. You probably want to set @@ -215,6 +182,7 @@ message HTTPHealthCheckConfig { string host = 3; // HTTP or HTTPS, defaults to HTTP + // +kubebuilder:validation:XValidation:message="scheme must be one of [HTTP, HTTPS]",rule="self in ['', 'HTTP', 'HTTPS']" string scheme = 4; // Headers the proxy will pass on to make the request. @@ -224,6 +192,7 @@ message HTTPHealthCheckConfig { message HTTPHeader { // The header field name + // +kubebuilder:validation:Pattern=^[-_A-Za-z0-9]+$ string name = 1; // The header field value @@ -234,11 +203,13 @@ message TCPHealthCheckConfig { // Host to connect to, defaults to localhost string host = 1; // Port of host + // +kubebuilder:validation:XValidation:message="port must be between 1-65535",rule="0 < self && self <= 65535" uint32 port = 2 [(google.api.field_behavior) = REQUIRED]; } message ExecHealthCheckConfig { // Command to run. Exit status of 0 is treated as live/healthy and non-zero is unhealthy. - repeated string command = 1; + // +protoc-gen-crd:list-value-validation:MinLength=1 + repeated string command = 1 [(google.api.field_behavior) = REQUIRED]; } diff --git a/vendor/istio.io/api/type/v1beta1/selector.gen.json b/vendor/istio.io/api/type/v1beta1/selector.gen.json deleted file mode 100644 index 28a4c060a..000000000 --- a/vendor/istio.io/api/type/v1beta1/selector.gen.json +++ /dev/null @@ -1,44 +0,0 @@ -{ - "openapi": "3.0.0", - "info": { - "title": "Definition of a workload selector.", - "version": "v1beta1" - }, - "components": { - "schemas": { - "istio.type.v1beta1.PortSelector": { - "description": "PortSelector is the criteria for specifying if a policy can be applied to a listener having a specific port.", - "type": "object", - "properties": { - "number": { - "description": "Port number", - "type": "integer" - } - } - }, - "istio.type.v1beta1.WorkloadMode": { - "description": "WorkloadMode allows selection of the role of the underlying workload in network traffic. A workload is considered as acting as a SERVER if it is the destination of the traffic (that is, traffic direction, from the perspective of the workload is *inbound*). If the workload is the source of the network traffic, it is considered to be in CLIENT mode (traffic is *outbound* from the workload).", - "type": "string", - "enum": [ - "UNDEFINED", - "CLIENT", - "SERVER", - "CLIENT_AND_SERVER" - ] - }, - "istio.type.v1beta1.WorkloadSelector": { - "description": "WorkloadSelector specifies the criteria used to determine if a policy can be applied to a proxy. The matching criteria includes the metadata associated with a proxy, workload instance info such as labels attached to the pod/VM, or any other info that the proxy provides to Istio during the initial handshake. If multiple conditions are specified, all conditions need to match in order for the workload instance to be selected. Currently, only label based selection mechanism is supported.", - "type": "object", - "properties": { - "matchLabels": { - "description": "One or more labels that indicate a specific set of pods/VMs on which a policy should be applied. The scope of label search is restricted to the configuration namespace in which the resource is present.", - "type": "object", - "additionalProperties": { - "type": "string" - } - } - } - } - } - } -} \ No newline at end of file diff --git a/vendor/istio.io/api/type/v1beta1/selector.pb.go b/vendor/istio.io/api/type/v1beta1/selector.pb.go index cfd7b2566..6a947da11 100644 --- a/vendor/istio.io/api/type/v1beta1/selector.pb.go +++ b/vendor/istio.io/api/type/v1beta1/selector.pb.go @@ -14,7 +14,7 @@ // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.31.0 +// protoc-gen-go v1.35.1 // protoc (unknown) // source: type/v1beta1/selector.proto @@ -119,16 +119,19 @@ type WorkloadSelector struct { // One or more labels that indicate a specific set of pods/VMs // on which a policy should be applied. The scope of label search is restricted to // the configuration namespace in which the resource is present. + // +kubebuilder:validation:XValidation:message="wildcard not allowed in label key match",rule="self.all(key, !key.contains('*'))" + // +kubebuilder:validation:XValidation:message="key must not be empty",rule="self.all(key, key.size() != 0)" + // +protoc-gen-crd:map-value-validation:XValidation:message="wildcard not allowed in label value match",rule="!self.contains('*')" + // +protoc-gen-crd:map-value-validation:MaxLength=63 + // +kubebuilder:validation:MaxProperties=4096 MatchLabels map[string]string `protobuf:"bytes,1,rep,name=match_labels,json=matchLabels,proto3" json:"match_labels,omitempty" protobuf_key:"bytes,1,opt,name=key,proto3" protobuf_val:"bytes,2,opt,name=value,proto3"` } func (x *WorkloadSelector) Reset() { *x = WorkloadSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_type_v1beta1_selector_proto_msgTypes[0] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_type_v1beta1_selector_proto_msgTypes[0] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *WorkloadSelector) String() string { @@ -139,7 +142,7 @@ func (*WorkloadSelector) ProtoMessage() {} func (x *WorkloadSelector) ProtoReflect() protoreflect.Message { mi := &file_type_v1beta1_selector_proto_msgTypes[0] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -169,16 +172,16 @@ type PortSelector struct { unknownFields protoimpl.UnknownFields // Port number + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 Number uint32 `protobuf:"varint,1,opt,name=number,proto3" json:"number,omitempty"` } func (x *PortSelector) Reset() { *x = PortSelector{} - if protoimpl.UnsafeEnabled { - mi := &file_type_v1beta1_selector_proto_msgTypes[1] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } + mi := &file_type_v1beta1_selector_proto_msgTypes[1] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) } func (x *PortSelector) String() string { @@ -189,7 +192,7 @@ func (*PortSelector) ProtoMessage() {} func (x *PortSelector) ProtoReflect() protoreflect.Message { mi := &file_type_v1beta1_selector_proto_msgTypes[1] - if protoimpl.UnsafeEnabled && x != nil { + if x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { ms.StoreMessageInfo(mi) @@ -211,6 +214,125 @@ func (x *PortSelector) GetNumber() uint32 { return 0 } +// PolicyTargetReference format as defined by [GEP-2648](https://gateway-api.sigs.k8s.io/geps/gep-2648/#direct-policy-design-rules). +// +// PolicyTargetReference specifies the targeted resource which the policy +// should be applied to. It must only target a single resource at a time, but it +// can be used to target larger resources such as Gateways that may apply to +// multiple child resources. The PolicyTargetReference will be used instead of +// a WorkloadSelector in the RequestAuthentication, AuthorizationPolicy, +// Telemetry, and WasmPlugin CRDs to target a Kubernetes Gateway. +// +// The following is an example of an AuthorizationPolicy bound to a waypoint proxy using +// a PolicyTargetReference. The example sets `action` to `DENY` to create a deny policy. +// It denies all the requests with `POST` method on port `8080` directed through the +// `waypoint` Gateway in the `foo` namespace. +// +// ```yaml +// apiVersion: security.istio.io/v1 +// kind: AuthorizationPolicy +// metadata: +// +// name: httpbin +// namespace: foo +// +// spec: +// +// targetRefs: +// - name: waypoint +// kind: Gateway +// group: gateway.networking.k8s.io +// action: DENY +// rules: +// - to: +// - operation: +// methods: ["POST"] +// ports: ["8080"] +// +// ``` +// +kubebuilder:validation:XValidation:message="Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway",rule="[self.group, self.kind] in [['core','Service'], [”,'Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" +type PolicyTargetReference struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // group is the group of the target resource. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` + Group string `protobuf:"bytes,1,opt,name=group,proto3" json:"group,omitempty"` + // kind is kind of the target resource. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$` + Kind string `protobuf:"bytes,2,opt,name=kind,proto3" json:"kind,omitempty"` + // name is the name of the target resource. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + Name string `protobuf:"bytes,3,opt,name=name,proto3" json:"name,omitempty"` + // namespace is the namespace of the referent. When unspecified, the local + // namespace is inferred. + // +kubebuilder:validation:XValidation:message="cross namespace referencing is not currently supported",rule="self.size() == 0" + Namespace string `protobuf:"bytes,4,opt,name=namespace,proto3" json:"namespace,omitempty"` +} + +func (x *PolicyTargetReference) Reset() { + *x = PolicyTargetReference{} + mi := &file_type_v1beta1_selector_proto_msgTypes[2] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) +} + +func (x *PolicyTargetReference) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*PolicyTargetReference) ProtoMessage() {} + +func (x *PolicyTargetReference) ProtoReflect() protoreflect.Message { + mi := &file_type_v1beta1_selector_proto_msgTypes[2] + if x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use PolicyTargetReference.ProtoReflect.Descriptor instead. +func (*PolicyTargetReference) Descriptor() ([]byte, []int) { + return file_type_v1beta1_selector_proto_rawDescGZIP(), []int{2} +} + +func (x *PolicyTargetReference) GetGroup() string { + if x != nil { + return x.Group + } + return "" +} + +func (x *PolicyTargetReference) GetKind() string { + if x != nil { + return x.Kind + } + return "" +} + +func (x *PolicyTargetReference) GetName() string { + if x != nil { + return x.Name + } + return "" +} + +func (x *PolicyTargetReference) GetNamespace() string { + if x != nil { + return x.Namespace + } + return "" +} + var File_type_v1beta1_selector_proto protoreflect.FileDescriptor var file_type_v1beta1_selector_proto_rawDesc = []byte{ @@ -219,28 +341,36 @@ var file_type_v1beta1_selector_proto_rawDesc = []byte{ 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x1a, 0x1f, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x66, 0x69, 0x65, 0x6c, 0x64, 0x5f, 0x62, 0x65, 0x68, 0x61, 0x76, 0x69, 0x6f, 0x72, 0x2e, 0x70, 0x72, 0x6f, - 0x74, 0x6f, 0x22, 0xb1, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, - 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x5d, 0x0a, 0x0c, 0x6d, 0x61, 0x74, 0x63, 0x68, + 0x74, 0x6f, 0x22, 0xac, 0x01, 0x0a, 0x10, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, + 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x58, 0x0a, 0x0c, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x5f, 0x6c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x35, 0x2e, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x74, 0x79, 0x70, 0x65, 0x2e, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x2e, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, - 0x6e, 0x74, 0x72, 0x79, 0x42, 0x03, 0xe0, 0x41, 0x02, 0x52, 0x0b, 0x6d, 0x61, 0x74, 0x63, 0x68, - 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, 0x1a, 0x3e, 0x0a, 0x10, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4c, - 0x61, 0x62, 0x65, 0x6c, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, - 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0x26, 0x0a, 0x0c, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, - 0x6c, 0x65, 0x63, 0x74, 0x6f, 0x72, 0x12, 0x16, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0d, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x2a, 0x4c, - 0x0a, 0x0c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x4d, 0x6f, 0x64, 0x65, 0x12, 0x0d, - 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, 0x0a, 0x0a, - 0x06, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x53, 0x45, 0x52, - 0x56, 0x45, 0x52, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x5f, - 0x41, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x03, 0x42, 0x1b, 0x5a, 0x19, - 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, 0x79, 0x70, - 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, - 0x33, + 0x6e, 0x74, 0x72, 0x79, 0x52, 0x0b, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x61, 0x62, 0x65, 0x6c, + 0x73, 0x1a, 0x3e, 0x0a, 0x10, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x4c, 0x61, 0x62, 0x65, 0x6c, 0x73, + 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x14, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, + 0x01, 0x22, 0x2c, 0x0a, 0x0c, 0x50, 0x6f, 0x72, 0x74, 0x53, 0x65, 0x6c, 0x65, 0x63, 0x74, 0x6f, + 0x72, 0x12, 0x1c, 0x0a, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, + 0x0d, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x06, 0x6e, 0x75, 0x6d, 0x62, 0x65, 0x72, 0x22, + 0x7f, 0x0a, 0x15, 0x50, 0x6f, 0x6c, 0x69, 0x63, 0x79, 0x54, 0x61, 0x72, 0x67, 0x65, 0x74, 0x52, + 0x65, 0x66, 0x65, 0x72, 0x65, 0x6e, 0x63, 0x65, 0x12, 0x14, 0x0a, 0x05, 0x67, 0x72, 0x6f, 0x75, + 0x70, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x05, 0x67, 0x72, 0x6f, 0x75, 0x70, 0x12, 0x18, + 0x0a, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, + 0x01, 0x02, 0x52, 0x04, 0x6b, 0x69, 0x6e, 0x64, 0x12, 0x18, 0x0a, 0x04, 0x6e, 0x61, 0x6d, 0x65, + 0x18, 0x03, 0x20, 0x01, 0x28, 0x09, 0x42, 0x04, 0xe2, 0x41, 0x01, 0x02, 0x52, 0x04, 0x6e, 0x61, + 0x6d, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, 0x18, + 0x04, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, 0x70, 0x61, 0x63, 0x65, + 0x2a, 0x4c, 0x0a, 0x0c, 0x57, 0x6f, 0x72, 0x6b, 0x6c, 0x6f, 0x61, 0x64, 0x4d, 0x6f, 0x64, 0x65, + 0x12, 0x0d, 0x0a, 0x09, 0x55, 0x4e, 0x44, 0x45, 0x46, 0x49, 0x4e, 0x45, 0x44, 0x10, 0x00, 0x12, + 0x0a, 0x0a, 0x06, 0x43, 0x4c, 0x49, 0x45, 0x4e, 0x54, 0x10, 0x01, 0x12, 0x0a, 0x0a, 0x06, 0x53, + 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x02, 0x12, 0x15, 0x0a, 0x11, 0x43, 0x4c, 0x49, 0x45, 0x4e, + 0x54, 0x5f, 0x41, 0x4e, 0x44, 0x5f, 0x53, 0x45, 0x52, 0x56, 0x45, 0x52, 0x10, 0x03, 0x42, 0x1b, + 0x5a, 0x19, 0x69, 0x73, 0x74, 0x69, 0x6f, 0x2e, 0x69, 0x6f, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x74, + 0x79, 0x70, 0x65, 0x2f, 0x76, 0x31, 0x62, 0x65, 0x74, 0x61, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( @@ -256,15 +386,16 @@ func file_type_v1beta1_selector_proto_rawDescGZIP() []byte { } var file_type_v1beta1_selector_proto_enumTypes = make([]protoimpl.EnumInfo, 1) -var file_type_v1beta1_selector_proto_msgTypes = make([]protoimpl.MessageInfo, 3) -var file_type_v1beta1_selector_proto_goTypes = []interface{}{ - (WorkloadMode)(0), // 0: istio.type.v1beta1.WorkloadMode - (*WorkloadSelector)(nil), // 1: istio.type.v1beta1.WorkloadSelector - (*PortSelector)(nil), // 2: istio.type.v1beta1.PortSelector - nil, // 3: istio.type.v1beta1.WorkloadSelector.MatchLabelsEntry +var file_type_v1beta1_selector_proto_msgTypes = make([]protoimpl.MessageInfo, 4) +var file_type_v1beta1_selector_proto_goTypes = []any{ + (WorkloadMode)(0), // 0: istio.type.v1beta1.WorkloadMode + (*WorkloadSelector)(nil), // 1: istio.type.v1beta1.WorkloadSelector + (*PortSelector)(nil), // 2: istio.type.v1beta1.PortSelector + (*PolicyTargetReference)(nil), // 3: istio.type.v1beta1.PolicyTargetReference + nil, // 4: istio.type.v1beta1.WorkloadSelector.MatchLabelsEntry } var file_type_v1beta1_selector_proto_depIdxs = []int32{ - 3, // 0: istio.type.v1beta1.WorkloadSelector.match_labels:type_name -> istio.type.v1beta1.WorkloadSelector.MatchLabelsEntry + 4, // 0: istio.type.v1beta1.WorkloadSelector.match_labels:type_name -> istio.type.v1beta1.WorkloadSelector.MatchLabelsEntry 1, // [1:1] is the sub-list for method output_type 1, // [1:1] is the sub-list for method input_type 1, // [1:1] is the sub-list for extension type_name @@ -277,39 +408,13 @@ func file_type_v1beta1_selector_proto_init() { if File_type_v1beta1_selector_proto != nil { return } - if !protoimpl.UnsafeEnabled { - file_type_v1beta1_selector_proto_msgTypes[0].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*WorkloadSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - file_type_v1beta1_selector_proto_msgTypes[1].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*PortSelector); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } - } type x struct{} out := protoimpl.TypeBuilder{ File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_type_v1beta1_selector_proto_rawDesc, NumEnums: 1, - NumMessages: 3, + NumMessages: 4, NumExtensions: 0, NumServices: 0, }, diff --git a/vendor/istio.io/api/type/v1beta1/selector.pb.html b/vendor/istio.io/api/type/v1beta1/selector.pb.html index 0fccbb7fd..8c96cc3b5 100644 --- a/vendor/istio.io/api/type/v1beta1/selector.pb.html +++ b/vendor/istio.io/api/type/v1beta1/selector.pb.html @@ -4,7 +4,7 @@ location: https://istio.io/docs/reference/config/type/workload-selector.html layout: protoc-gen-docs generator: protoc-gen-docs -number_of_entries: 3 +number_of_entries: 4 ---

    WorkloadSelector

    @@ -26,7 +26,7 @@

    WorkloadSelector

    matchLabelsmatchLabels map<string, string>

    One or more labels that indicate a specific set of pods/VMs @@ -35,7 +35,7 @@

    WorkloadSelector

    -Yes +No
    numbernumber uint32

    Port number

    +
    +Yes +
    +
    +

    PolicyTargetReference

    +
    +

    PolicyTargetReference format as defined by GEP-2648.

    +

    PolicyTargetReference specifies the targeted resource which the policy +should be applied to. It must only target a single resource at a time, but it +can be used to target larger resources such as Gateways that may apply to +multiple child resources. The PolicyTargetReference will be used instead of +a WorkloadSelector in the RequestAuthentication, AuthorizationPolicy, +Telemetry, and WasmPlugin CRDs to target a Kubernetes Gateway.

    +

    The following is an example of an AuthorizationPolicy bound to a waypoint proxy using +a PolicyTargetReference. The example sets action to DENY to create a deny policy. +It denies all the requests with POST method on port 8080 directed through the +waypoint Gateway in the foo namespace.

    +
    apiVersion: security.istio.io/v1
    +kind: AuthorizationPolicy
    +metadata:
    +  name: httpbin
    +  namespace: foo
    +spec:
    +  targetRefs:
    +  - name: waypoint
    +    kind: Gateway
    +    group: gateway.networking.k8s.io
    +  action: DENY
    +  rules:
    +  - to:
    +    - operation:
    +        methods: ["POST"]
    +        ports: ["8080"]
    +
    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - + - + - + - +
    FieldTypeDescriptionRequired
    groupstring +

    group is the group of the target resource.

    + +
    +No +
    kindstring +

    kind is kind of the target resource.

    + +
    +Yes +
    namestring +

    name is the name of the target resource.

    + +
    +Yes +
    namespacestring +

    namespace is the namespace of the referent. When unspecified, the local +namespace is inferred.

    +
    No @@ -88,14 +177,14 @@

    WorkloadMode

    UNDEFINEDUNDEFINED

    Default value, which will be interpreted by its own usage.

    CLIENTCLIENT

    Selects for scenarios when the workload is the source of the network traffic. In addition, @@ -104,7 +193,7 @@

    WorkloadMode

    SERVERSERVER

    Selects for scenarios when the workload is the destination of the network traffic.

    @@ -112,7 +201,7 @@

    WorkloadMode

    CLIENT_AND_SERVERCLIENT_AND_SERVER

    Selects for scenarios when the workload is either the source or destination of the network traffic.

    diff --git a/vendor/istio.io/api/type/v1beta1/selector.proto b/vendor/istio.io/api/type/v1beta1/selector.proto index 30cbd6275..b95fce4ea 100644 --- a/vendor/istio.io/api/type/v1beta1/selector.proto +++ b/vendor/istio.io/api/type/v1beta1/selector.proto @@ -13,14 +13,14 @@ // limitations under the License. syntax = "proto3"; -import "google/api/field_behavior.proto"; - // $title: Workload Selector // $description: Definition of a workload selector. // $location: https://istio.io/docs/reference/config/type/workload-selector.html package istio.type.v1beta1; +import "google/api/field_behavior.proto"; + option go_package="istio.io/api/type/v1beta1"; // WorkloadSelector specifies the criteria used to determine if a policy can be applied @@ -33,14 +33,21 @@ message WorkloadSelector { // One or more labels that indicate a specific set of pods/VMs // on which a policy should be applied. The scope of label search is restricted to // the configuration namespace in which the resource is present. - map match_labels = 1 [(google.api.field_behavior) = REQUIRED]; + // +kubebuilder:validation:XValidation:message="wildcard not allowed in label key match",rule="self.all(key, !key.contains('*'))" + // +kubebuilder:validation:XValidation:message="key must not be empty",rule="self.all(key, key.size() != 0)" + // +protoc-gen-crd:map-value-validation:XValidation:message="wildcard not allowed in label value match",rule="!self.contains('*')" + // +protoc-gen-crd:map-value-validation:MaxLength=63 + // +kubebuilder:validation:MaxProperties=4096 + map match_labels = 1; } // PortSelector is the criteria for specifying if a policy can be applied to // a listener having a specific port. message PortSelector { // Port number - uint32 number = 1; + // +kubebuilder:validation:Minimum=1 + // +kubebuilder:validation:Maximum=65535 + uint32 number = 1 [(google.api.field_behavior) = REQUIRED]; } // WorkloadMode allows selection of the role of the underlying workload in @@ -66,3 +73,59 @@ enum WorkloadMode { // source or destination of the network traffic. CLIENT_AND_SERVER = 3; } + +// PolicyTargetReference format as defined by [GEP-2648](https://gateway-api.sigs.k8s.io/geps/gep-2648/#direct-policy-design-rules). +// +// PolicyTargetReference specifies the targeted resource which the policy +// should be applied to. It must only target a single resource at a time, but it +// can be used to target larger resources such as Gateways that may apply to +// multiple child resources. The PolicyTargetReference will be used instead of +// a WorkloadSelector in the RequestAuthentication, AuthorizationPolicy, +// Telemetry, and WasmPlugin CRDs to target a Kubernetes Gateway. +// +// The following is an example of an AuthorizationPolicy bound to a waypoint proxy using +// a PolicyTargetReference. The example sets `action` to `DENY` to create a deny policy. +// It denies all the requests with `POST` method on port `8080` directed through the +// `waypoint` Gateway in the `foo` namespace. +// +// ```yaml +// apiVersion: security.istio.io/v1 +// kind: AuthorizationPolicy +// metadata: +// name: httpbin +// namespace: foo +// spec: +// targetRefs: +// - name: waypoint +// kind: Gateway +// group: gateway.networking.k8s.io +// action: DENY +// rules: +// - to: +// - operation: +// methods: ["POST"] +// ports: ["8080"] +// ``` +// +kubebuilder:validation:XValidation:message="Support kinds are core/Service, networking.istio.io/ServiceEntry, gateway.networking.k8s.io/Gateway",rule="[self.group, self.kind] in [['core','Service'], ['','Service'], ['gateway.networking.k8s.io','Gateway'], ['networking.istio.io','ServiceEntry']]" +message PolicyTargetReference { + // group is the group of the target resource. + // +kubebuilder:validation:MaxLength=253 + // +kubebuilder:validation:Pattern=`^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$` + string group = 1; + + // kind is kind of the target resource. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=63 + // +kubebuilder:validation:Pattern=`^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$` + string kind = 2 [(google.api.field_behavior) = REQUIRED]; + + // name is the name of the target resource. + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=253 + string name = 3 [(google.api.field_behavior) = REQUIRED]; + + // namespace is the namespace of the referent. When unspecified, the local + // namespace is inferred. + // +kubebuilder:validation:XValidation:message="cross namespace referencing is not currently supported",rule="self.size() == 0" + string namespace = 4; +} diff --git a/vendor/istio.io/api/type/v1beta1/selector_deepcopy.gen.go b/vendor/istio.io/api/type/v1beta1/selector_deepcopy.gen.go index 1d34b0b81..d9ebb472c 100644 --- a/vendor/istio.io/api/type/v1beta1/selector_deepcopy.gen.go +++ b/vendor/istio.io/api/type/v1beta1/selector_deepcopy.gen.go @@ -46,3 +46,24 @@ func (in *PortSelector) DeepCopy() *PortSelector { func (in *PortSelector) DeepCopyInterface() interface{} { return in.DeepCopy() } + +// DeepCopyInto supports using PolicyTargetReference within kubernetes types, where deepcopy-gen is used. +func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference) { + p := proto.Clone(in).(*PolicyTargetReference) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen. +func (in *PolicyTargetReference) DeepCopy() *PolicyTargetReference { + if in == nil { + return nil + } + out := new(PolicyTargetReference) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen. +func (in *PolicyTargetReference) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/vendor/istio.io/api/type/v1beta1/selector_json.gen.go b/vendor/istio.io/api/type/v1beta1/selector_json.gen.go index a42c97751..8b29ef989 100644 --- a/vendor/istio.io/api/type/v1beta1/selector_json.gen.go +++ b/vendor/istio.io/api/type/v1beta1/selector_json.gen.go @@ -28,6 +28,17 @@ func (this *PortSelector) UnmarshalJSON(b []byte) error { return SelectorUnmarshaler.Unmarshal(bytes.NewReader(b), this) } +// MarshalJSON is a custom marshaler for PolicyTargetReference +func (this *PolicyTargetReference) MarshalJSON() ([]byte, error) { + str, err := SelectorMarshaler.MarshalToString(this) + return []byte(str), err +} + +// UnmarshalJSON is a custom unmarshaler for PolicyTargetReference +func (this *PolicyTargetReference) UnmarshalJSON(b []byte) error { + return SelectorUnmarshaler.Unmarshal(bytes.NewReader(b), this) +} + var ( SelectorMarshaler = &jsonpb.Marshaler{} SelectorUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} diff --git a/vendor/modules.txt b/vendor/modules.txt index 903cabb94..c58208ebb 100644 --- a/vendor/modules.txt +++ b/vendor/modules.txt @@ -543,17 +543,16 @@ google.golang.org/api/transport/http/internal/propagation ## explicit; go 1.19 google.golang.org/genproto/googleapis/type/date google.golang.org/genproto/googleapis/type/expr -google.golang.org/genproto/internal -# google.golang.org/genproto/googleapis/api v0.0.0-20231106174013-bbf56f31fb17 +# google.golang.org/genproto/googleapis/api v0.0.0-20240513163218-0867130af1f8 ## explicit; go 1.19 google.golang.org/genproto/googleapis/api google.golang.org/genproto/googleapis/api/annotations -# google.golang.org/genproto/googleapis/rpc v0.0.0-20231106174013-bbf56f31fb17 +# google.golang.org/genproto/googleapis/rpc v0.0.0-20240513163218-0867130af1f8 ## explicit; go 1.19 google.golang.org/genproto/googleapis/rpc/code google.golang.org/genproto/googleapis/rpc/errdetails google.golang.org/genproto/googleapis/rpc/status -# google.golang.org/grpc v1.59.0 +# google.golang.org/grpc v1.64.1 ## explicit; go 1.19 google.golang.org/grpc google.golang.org/grpc/attributes @@ -601,6 +600,7 @@ google.golang.org/grpc/internal/metadata google.golang.org/grpc/internal/pretty google.golang.org/grpc/internal/resolver google.golang.org/grpc/internal/resolver/dns +google.golang.org/grpc/internal/resolver/dns/internal google.golang.org/grpc/internal/resolver/passthrough google.golang.org/grpc/internal/resolver/unix google.golang.org/grpc/internal/serviceconfig @@ -608,10 +608,12 @@ google.golang.org/grpc/internal/status google.golang.org/grpc/internal/syscall google.golang.org/grpc/internal/transport google.golang.org/grpc/internal/transport/networktype +google.golang.org/grpc/internal/xds google.golang.org/grpc/keepalive google.golang.org/grpc/metadata google.golang.org/grpc/peer google.golang.org/grpc/resolver +google.golang.org/grpc/resolver/dns google.golang.org/grpc/resolver/manual google.golang.org/grpc/serviceconfig google.golang.org/grpc/stats @@ -645,6 +647,7 @@ google.golang.org/protobuf/internal/set google.golang.org/protobuf/internal/strs google.golang.org/protobuf/internal/version google.golang.org/protobuf/proto +google.golang.org/protobuf/protoadapt google.golang.org/protobuf/reflect/protodesc google.golang.org/protobuf/reflect/protoreflect google.golang.org/protobuf/reflect/protoregistry @@ -671,8 +674,10 @@ gopkg.in/yaml.v2 # gopkg.in/yaml.v3 v3.0.1 ## explicit gopkg.in/yaml.v3 -# istio.io/api v1.19.4 -## explicit; go 1.18 +# istio.io/api v1.24.2 +## explicit; go 1.22.0 +istio.io/api/analysis/v1alpha1 +istio.io/api/meta/v1alpha1 istio.io/api/networking/v1alpha3 istio.io/api/type/v1beta1 # k8s.io/api v0.30.2 => k8s.io/api v0.28.4