From 04865a345ff4906ff9945bddfe32e4ffef650809 Mon Sep 17 00:00:00 2001 From: wuyan-dushang <1550693033@qq.com> Date: Thu, 17 Aug 2023 16:49:06 +0800 Subject: [PATCH] fix dubbo-admin --- api/mesh/snp.pb.go | 142 +- api/mesh/snp.proto | 6 +- api/mesh/snp_grpc.pb.go | 12 +- api/resource/v1alpha1/authentication.pb.go | 550 +++++++- api/resource/v1alpha1/authentication.proto | 10 + api/resource/v1alpha1/authorization.pb.go | 1034 +++++++++++++-- api/resource/v1alpha1/authorization.proto | 18 + api/resource/v1alpha1/servicemapping.pb.go | 267 +++- api/resource/v1alpha1/servicemapping.proto | 5 + .../v1alpha1/servicemapping_deepcopy.go | 11 +- api/resource/v1alpha1/toClient_deepcopy.go | 77 ++ api/resource/v1alpha1/traffic.pb.go | 1155 ++++++++++++++--- api/resource/v1alpha1/traffic.proto | 18 +- conf/admin.yml | 1 + pkg/authority/server/authority.go | 16 +- pkg/config/app/dubbo-cp/dubbo-cp.default.yaml | 1 + pkg/core/cert/provider/client.go | 54 +- pkg/core/cert/provider/storage.go | 88 +- pkg/core/cert/provider/util.go | 26 +- pkg/core/model/model.go | 12 +- pkg/core/tools/endpoint/endpoint.go | 2 +- pkg/core/tools/generate/key.go | 25 + pkg/cp-server/server/server.go | 10 +- pkg/dds/kube/crdclient/client.go | 20 +- pkg/dds/kube/crdclient/handler.go | 36 +- pkg/dds/kube/crdclient/handler_test.go | 44 +- pkg/dds/server/server.go | 8 +- pkg/dds/storage/generate.go | 83 +- pkg/dds/storage/storage.go | 71 +- pkg/dds/storage/storage_test.go | 66 +- pkg/dds/storage/validate_test.go | 184 +-- pkg/snp/server/servicemapping.go | 38 +- pkg/snp/setup.go | 2 + test/testclient/ddsc.go | 411 ++++++ test/testclient/test.yml | 64 + 35 files changed, 3814 insertions(+), 753 deletions(-) create mode 100644 api/resource/v1alpha1/toClient_deepcopy.go create mode 100644 pkg/core/tools/generate/key.go create mode 100644 test/testclient/ddsc.go create mode 100644 test/testclient/test.yml diff --git a/api/mesh/snp.pb.go b/api/mesh/snp.pb.go index e29b1ccd5..5f48aa97c 100644 --- a/api/mesh/snp.pb.go +++ b/api/mesh/snp.pb.go @@ -1,7 +1,23 @@ +// +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + // Code generated by protoc-gen-go. DO NOT EDIT. // versions: -// protoc-gen-go v1.28.1 -// protoc v3.21.5 +// protoc-gen-go v1.31.0 +// protoc v3.21.9 // source: snp.proto package mesh @@ -21,13 +37,13 @@ const ( ) // When dubbo provider start up, it reports its applicationName and its interfaceName, -// and Dubbo consumer will get the service name mapping info by xDS. +// and Dubbo consumer will get the service name mapping info by dds. type ServiceMappingRequest struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields - // This is namespace of proxyless dubbo server + // This is namespace of dubbo server Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` ApplicationName string `protobuf:"bytes,2,opt,name=applicationName,proto3" json:"applicationName,omitempty"` InterfaceNames []string `protobuf:"bytes,3,rep,name=interfaceNames,proto3" json:"interfaceNames,omitempty"` @@ -90,6 +106,9 @@ type ServiceMappingResponse struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache unknownFields protoimpl.UnknownFields + + Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"` + Message string `protobuf:"bytes,2,opt,name=message,proto3" json:"message,omitempty"` } func (x *ServiceMappingResponse) Reset() { @@ -124,70 +143,20 @@ func (*ServiceMappingResponse) Descriptor() ([]byte, []int) { return file_snp_proto_rawDescGZIP(), []int{1} } -type ServiceMappingXdsResponse struct { - state protoimpl.MessageState - sizeCache protoimpl.SizeCache - unknownFields protoimpl.UnknownFields - - // This is namespace of proxyless dubbo server - Namespace string `protobuf:"bytes,1,opt,name=namespace,proto3" json:"namespace,omitempty"` - InterfaceName string `protobuf:"bytes,2,opt,name=interfaceName,proto3" json:"interfaceName,omitempty"` - ApplicationNames []string `protobuf:"bytes,3,rep,name=applicationNames,proto3" json:"applicationNames,omitempty"` -} - -func (x *ServiceMappingXdsResponse) Reset() { - *x = ServiceMappingXdsResponse{} - if protoimpl.UnsafeEnabled { - mi := &file_snp_proto_msgTypes[2] - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - ms.StoreMessageInfo(mi) - } -} - -func (x *ServiceMappingXdsResponse) String() string { - return protoimpl.X.MessageStringOf(x) -} - -func (*ServiceMappingXdsResponse) ProtoMessage() {} - -func (x *ServiceMappingXdsResponse) ProtoReflect() protoreflect.Message { - mi := &file_snp_proto_msgTypes[2] - if protoimpl.UnsafeEnabled && x != nil { - ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) - if ms.LoadMessageInfo() == nil { - ms.StoreMessageInfo(mi) - } - return ms - } - return mi.MessageOf(x) -} - -// Deprecated: Use ServiceMappingXdsResponse.ProtoReflect.Descriptor instead. -func (*ServiceMappingXdsResponse) Descriptor() ([]byte, []int) { - return file_snp_proto_rawDescGZIP(), []int{2} -} - -func (x *ServiceMappingXdsResponse) GetNamespace() string { +func (x *ServiceMappingResponse) GetSuccess() bool { if x != nil { - return x.Namespace + return x.Success } - return "" + return false } -func (x *ServiceMappingXdsResponse) GetInterfaceName() string { +func (x *ServiceMappingResponse) GetMessage() string { if x != nil { - return x.InterfaceName + return x.Message } return "" } -func (x *ServiceMappingXdsResponse) GetApplicationNames() []string { - if x != nil { - return x.ApplicationNames - } - return nil -} - var File_snp_proto protoreflect.FileDescriptor var file_snp_proto_rawDesc = []byte{ @@ -201,26 +170,20 @@ var file_snp_proto_rawDesc = []byte{ 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x26, 0x0a, 0x0e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x0e, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x22, - 0x18, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, - 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x8b, 0x01, 0x0a, 0x19, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x58, 0x64, 0x73, 0x52, - 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x1c, 0x0a, 0x09, 0x6e, 0x61, 0x6d, 0x65, 0x73, - 0x70, 0x61, 0x63, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x09, 0x6e, 0x61, 0x6d, 0x65, - 0x73, 0x70, 0x61, 0x63, 0x65, 0x12, 0x24, 0x0a, 0x0d, 0x69, 0x6e, 0x74, 0x65, 0x72, 0x66, 0x61, - 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x0d, 0x69, 0x6e, - 0x74, 0x65, 0x72, 0x66, 0x61, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x12, 0x2a, 0x0a, 0x10, 0x61, - 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x18, - 0x03, 0x20, 0x03, 0x28, 0x09, 0x52, 0x10, 0x61, 0x70, 0x70, 0x6c, 0x69, 0x63, 0x61, 0x74, 0x69, - 0x6f, 0x6e, 0x4e, 0x61, 0x6d, 0x65, 0x73, 0x32, 0x7b, 0x0a, 0x19, 0x53, 0x65, 0x72, 0x76, 0x69, - 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x12, 0x5e, 0x0a, 0x19, 0x72, 0x65, 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, - 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x70, 0x70, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, - 0x67, 0x12, 0x1f, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, - 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, - 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, 0x61, 0x31, 0x2e, 0x53, 0x65, - 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, - 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x04, 0x5a, 0x02, 0x2e, 0x2f, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, - 0x6f, 0x33, + 0x4c, 0x0a, 0x16, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x12, 0x18, 0x0a, 0x07, 0x73, 0x75, 0x63, + 0x63, 0x65, 0x73, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x08, 0x52, 0x07, 0x73, 0x75, 0x63, 0x63, + 0x65, 0x73, 0x73, 0x12, 0x18, 0x0a, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x07, 0x6d, 0x65, 0x73, 0x73, 0x61, 0x67, 0x65, 0x32, 0x7b, 0x0a, + 0x19, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4e, 0x61, 0x6d, 0x65, 0x4d, 0x61, 0x70, 0x70, + 0x69, 0x6e, 0x67, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5e, 0x0a, 0x19, 0x72, 0x65, + 0x67, 0x69, 0x73, 0x74, 0x65, 0x72, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x41, 0x70, 0x70, + 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, 0x67, 0x12, 0x1f, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, 0x68, + 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, 0x6e, + 0x67, 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x20, 0x2e, 0x76, 0x31, 0x61, 0x6c, 0x70, + 0x68, 0x61, 0x31, 0x2e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x4d, 0x61, 0x70, 0x70, 0x69, + 0x6e, 0x67, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x42, 0x04, 0x5a, 0x02, 0x2e, 0x2f, + 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -235,11 +198,10 @@ func file_snp_proto_rawDescGZIP() []byte { return file_snp_proto_rawDescData } -var file_snp_proto_msgTypes = make([]protoimpl.MessageInfo, 3) +var file_snp_proto_msgTypes = make([]protoimpl.MessageInfo, 2) var file_snp_proto_goTypes = []interface{}{ - (*ServiceMappingRequest)(nil), // 0: v1alpha1.ServiceMappingRequest - (*ServiceMappingResponse)(nil), // 1: v1alpha1.ServiceMappingResponse - (*ServiceMappingXdsResponse)(nil), // 2: v1alpha1.ServiceMappingXdsResponse + (*ServiceMappingRequest)(nil), // 0: v1alpha1.ServiceMappingRequest + (*ServiceMappingResponse)(nil), // 1: v1alpha1.ServiceMappingResponse } var file_snp_proto_depIdxs = []int32{ 0, // 0: v1alpha1.ServiceNameMappingService.registerServiceAppMapping:input_type -> v1alpha1.ServiceMappingRequest @@ -281,18 +243,6 @@ func file_snp_proto_init() { return nil } } - file_snp_proto_msgTypes[2].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*ServiceMappingXdsResponse); i { - case 0: - return &v.state - case 1: - return &v.sizeCache - case 2: - return &v.unknownFields - default: - return nil - } - } } type x struct{} out := protoimpl.TypeBuilder{ @@ -300,7 +250,7 @@ func file_snp_proto_init() { GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_snp_proto_rawDesc, NumEnums: 0, - NumMessages: 3, + NumMessages: 2, NumExtensions: 0, NumServices: 1, }, diff --git a/api/mesh/snp.proto b/api/mesh/snp.proto index 4d80dc811..20c0fb0e0 100644 --- a/api/mesh/snp.proto +++ b/api/mesh/snp.proto @@ -28,9 +28,9 @@ service ServiceNameMappingService{ } // When dubbo provider start up, it reports its applicationName and its interfaceName, -// and Dubbo consumer will get the service name mapping info by xDS. +// and Dubbo consumer will get the service name mapping info by dds. message ServiceMappingRequest{ - // This is namespace of proxyless dubbo server + // This is namespace of dubbo server string namespace = 1; string applicationName = 2; @@ -39,4 +39,6 @@ message ServiceMappingRequest{ } message ServiceMappingResponse{ + bool success = 1; + string message = 2; } diff --git a/api/mesh/snp_grpc.pb.go b/api/mesh/snp_grpc.pb.go index 2e84accd4..4647ae1b5 100644 --- a/api/mesh/snp_grpc.pb.go +++ b/api/mesh/snp_grpc.pb.go @@ -1,7 +1,7 @@ // Code generated by protoc-gen-go-grpc. DO NOT EDIT. // versions: -// - protoc-gen-go-grpc v1.3.0 -// - protoc v3.21.5 +// - protoc-gen-go-grpc v1.2.0 +// - protoc v3.21.9 // source: snp.proto package mesh @@ -18,10 +18,6 @@ import ( // Requires gRPC-Go v1.32.0 or later. const _ = grpc.SupportPackageIsVersion7 -const ( - ServiceNameMappingService_RegisterServiceAppMapping_FullMethodName = "/v1alpha1.ServiceNameMappingService/registerServiceAppMapping" -) - // ServiceNameMappingServiceClient is the client API for ServiceNameMappingService service. // // For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream. @@ -39,7 +35,7 @@ func NewServiceNameMappingServiceClient(cc grpc.ClientConnInterface) ServiceName func (c *serviceNameMappingServiceClient) RegisterServiceAppMapping(ctx context.Context, in *ServiceMappingRequest, opts ...grpc.CallOption) (*ServiceMappingResponse, error) { out := new(ServiceMappingResponse) - err := c.cc.Invoke(ctx, ServiceNameMappingService_RegisterServiceAppMapping_FullMethodName, in, out, opts...) + err := c.cc.Invoke(ctx, "/v1alpha1.ServiceNameMappingService/registerServiceAppMapping", in, out, opts...) if err != nil { return nil, err } @@ -85,7 +81,7 @@ func _ServiceNameMappingService_RegisterServiceAppMapping_Handler(srv interface{ } info := &grpc.UnaryServerInfo{ Server: srv, - FullMethod: ServiceNameMappingService_RegisterServiceAppMapping_FullMethodName, + FullMethod: "/v1alpha1.ServiceNameMappingService/registerServiceAppMapping", } handler := func(ctx context.Context, req interface{}) (interface{}, error) { return srv.(ServiceNameMappingServiceServer).RegisterServiceAppMapping(ctx, req.(*ServiceMappingRequest)) diff --git a/api/resource/v1alpha1/authentication.pb.go b/api/resource/v1alpha1/authentication.pb.go index 0669612c3..abe1ca435 100644 --- a/api/resource/v1alpha1/authentication.pb.go +++ b/api/resource/v1alpha1/authentication.pb.go @@ -22,7 +22,7 @@ package dubbo_apache_org_v1alpha1 import ( fmt "fmt" - proto "github.com/gogo/protobuf/proto" + proto "github.com/golang/protobuf/proto" io "io" math "math" math_bits "math/bits" @@ -37,7 +37,117 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +type AuthenticationPolicyToClient struct { + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Spec *AuthenticationSpecToClient `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AuthenticationPolicyToClient) Reset() { *m = AuthenticationPolicyToClient{} } +func (m *AuthenticationPolicyToClient) String() string { return proto.CompactTextString(m) } +func (*AuthenticationPolicyToClient) ProtoMessage() {} +func (*AuthenticationPolicyToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_d0dbc99083440df2, []int{0} +} +func (m *AuthenticationPolicyToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AuthenticationPolicyToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AuthenticationPolicyToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AuthenticationPolicyToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_AuthenticationPolicyToClient.Merge(m, src) +} +func (m *AuthenticationPolicyToClient) XXX_Size() int { + return m.Size() +} +func (m *AuthenticationPolicyToClient) XXX_DiscardUnknown() { + xxx_messageInfo_AuthenticationPolicyToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_AuthenticationPolicyToClient proto.InternalMessageInfo + +func (m *AuthenticationPolicyToClient) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +func (m *AuthenticationPolicyToClient) GetSpec() *AuthenticationSpecToClient { + if m != nil { + return m.Spec + } + return nil +} + +type AuthenticationSpecToClient struct { + Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty"` + PortLevel []*AuthenticationPolicyPortLevel `protobuf:"bytes,2,rep,name=portLevel,proto3" json:"portLevel,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AuthenticationSpecToClient) Reset() { *m = AuthenticationSpecToClient{} } +func (m *AuthenticationSpecToClient) String() string { return proto.CompactTextString(m) } +func (*AuthenticationSpecToClient) ProtoMessage() {} +func (*AuthenticationSpecToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_d0dbc99083440df2, []int{1} +} +func (m *AuthenticationSpecToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AuthenticationSpecToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AuthenticationSpecToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AuthenticationSpecToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_AuthenticationSpecToClient.Merge(m, src) +} +func (m *AuthenticationSpecToClient) XXX_Size() int { + return m.Size() +} +func (m *AuthenticationSpecToClient) XXX_DiscardUnknown() { + xxx_messageInfo_AuthenticationSpecToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_AuthenticationSpecToClient proto.InternalMessageInfo + +func (m *AuthenticationSpecToClient) GetAction() string { + if m != nil { + return m.Action + } + return "" +} + +func (m *AuthenticationSpecToClient) GetPortLevel() []*AuthenticationPolicyPortLevel { + if m != nil { + return m.PortLevel + } + return nil +} type AuthenticationPolicy struct { Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty"` @@ -52,7 +162,7 @@ func (m *AuthenticationPolicy) Reset() { *m = AuthenticationPolicy{} } func (m *AuthenticationPolicy) String() string { return proto.CompactTextString(m) } func (*AuthenticationPolicy) ProtoMessage() {} func (*AuthenticationPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_d0dbc99083440df2, []int{0} + return fileDescriptor_d0dbc99083440df2, []int{2} } func (m *AuthenticationPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -120,7 +230,7 @@ func (m *AuthenticationPolicySelector) Reset() { *m = AuthenticationPoli func (m *AuthenticationPolicySelector) String() string { return proto.CompactTextString(m) } func (*AuthenticationPolicySelector) ProtoMessage() {} func (*AuthenticationPolicySelector) Descriptor() ([]byte, []int) { - return fileDescriptor_d0dbc99083440df2, []int{1} + return fileDescriptor_d0dbc99083440df2, []int{3} } func (m *AuthenticationPolicySelector) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -217,7 +327,7 @@ func (m *AuthenticationPolicyPortLevel) Reset() { *m = AuthenticationPol func (m *AuthenticationPolicyPortLevel) String() string { return proto.CompactTextString(m) } func (*AuthenticationPolicyPortLevel) ProtoMessage() {} func (*AuthenticationPolicyPortLevel) Descriptor() ([]byte, []int) { - return fileDescriptor_d0dbc99083440df2, []int{2} + return fileDescriptor_d0dbc99083440df2, []int{4} } func (m *AuthenticationPolicyPortLevel) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -272,7 +382,7 @@ func (m *AuthenticationPolicyExtend) Reset() { *m = AuthenticationPolicy func (m *AuthenticationPolicyExtend) String() string { return proto.CompactTextString(m) } func (*AuthenticationPolicyExtend) ProtoMessage() {} func (*AuthenticationPolicyExtend) Descriptor() ([]byte, []int) { - return fileDescriptor_d0dbc99083440df2, []int{3} + return fileDescriptor_d0dbc99083440df2, []int{5} } func (m *AuthenticationPolicyExtend) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -316,6 +426,8 @@ func (m *AuthenticationPolicyExtend) GetValue() string { } func init() { + proto.RegisterType((*AuthenticationPolicyToClient)(nil), "dubbo.apache.org.v1alpha1.AuthenticationPolicyToClient") + proto.RegisterType((*AuthenticationSpecToClient)(nil), "dubbo.apache.org.v1alpha1.AuthenticationSpecToClient") proto.RegisterType((*AuthenticationPolicy)(nil), "dubbo.apache.org.v1alpha1.AuthenticationPolicy") proto.RegisterType((*AuthenticationPolicySelector)(nil), "dubbo.apache.org.v1alpha1.AuthenticationPolicySelector") proto.RegisterType((*AuthenticationPolicyPortLevel)(nil), "dubbo.apache.org.v1alpha1.AuthenticationPolicyPortLevel") @@ -325,31 +437,129 @@ func init() { func init() { proto.RegisterFile("authentication.proto", fileDescriptor_d0dbc99083440df2) } var fileDescriptor_d0dbc99083440df2 = []byte{ - // 377 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x93, 0xcf, 0x4a, 0xeb, 0x40, - 0x14, 0xc6, 0x99, 0xa6, 0xff, 0x72, 0xca, 0xbd, 0x5c, 0x86, 0x72, 0xc9, 0x2d, 0xd7, 0x10, 0x82, - 0x8b, 0xae, 0x02, 0x55, 0x44, 0xb7, 0x16, 0xbb, 0x10, 0x45, 0x43, 0x8a, 0xee, 0xa7, 0xd3, 0xc1, - 0x86, 0x8e, 0x33, 0x43, 0x32, 0x2d, 0xf6, 0x2d, 0x7c, 0x2c, 0x97, 0xee, 0xdd, 0x48, 0x9f, 0x44, - 0x32, 0x4d, 0x9b, 0x14, 0x6c, 0xa1, 0xb8, 0x9b, 0xf3, 0xcd, 0x39, 0xbf, 0x7c, 0xcc, 0xf9, 0x02, - 0x6d, 0x32, 0xd3, 0x13, 0x26, 0x74, 0x4c, 0x89, 0x8e, 0xa5, 0x08, 0x54, 0x22, 0xb5, 0xc4, 0xff, - 0xc6, 0xb3, 0xd1, 0x48, 0x06, 0x44, 0x11, 0x3a, 0x61, 0x81, 0x4c, 0x9e, 0x82, 0x79, 0x8f, 0x70, - 0x35, 0x21, 0x3d, 0xff, 0x03, 0x41, 0xfb, 0x72, 0x6b, 0x26, 0x94, 0x3c, 0xa6, 0x0b, 0xfc, 0x17, - 0xea, 0x84, 0x66, 0xb5, 0x83, 0x3c, 0xd4, 0xb5, 0xa3, 0xbc, 0xc2, 0x43, 0x68, 0xa6, 0x8c, 0x33, - 0xaa, 0x65, 0xe2, 0x54, 0x3c, 0xab, 0xdb, 0x3a, 0x39, 0x0f, 0x76, 0xe2, 0x83, 0xef, 0xd0, 0xc3, - 0x7c, 0x3c, 0xda, 0x80, 0xf0, 0x23, 0xd8, 0x4a, 0x26, 0xfa, 0x96, 0xcd, 0x19, 0x77, 0x2c, 0x43, - 0xbd, 0x38, 0x90, 0x1a, 0xae, 0xe7, 0xa3, 0x02, 0xe5, 0xbf, 0x5a, 0xf0, 0x7f, 0x9f, 0x05, 0xec, - 0x02, 0x08, 0xf2, 0xcc, 0x52, 0x45, 0x28, 0x4b, 0x1d, 0xe4, 0x59, 0x5d, 0x3b, 0x2a, 0x29, 0xf8, - 0x18, 0x7e, 0x09, 0xa9, 0xef, 0x8a, 0x96, 0x8a, 0x69, 0xd9, 0x16, 0x71, 0x07, 0x9a, 0xb1, 0xea, - 0x73, 0x49, 0xa7, 0xa9, 0x71, 0x6f, 0x47, 0x9b, 0x1a, 0x7b, 0xd0, 0x12, 0x52, 0x5f, 0xaf, 0xaf, - 0xab, 0xe6, 0xba, 0x2c, 0x65, 0x1e, 0x54, 0x12, 0x0b, 0x1a, 0x2b, 0xc2, 0x53, 0xa7, 0xb6, 0xf2, - 0x50, 0x28, 0xb9, 0x87, 0xb0, 0x68, 0xa9, 0x6f, 0x3c, 0x14, 0x22, 0xbe, 0x87, 0x06, 0x7b, 0xd1, - 0x4c, 0x8c, 0x53, 0xa7, 0x61, 0x1e, 0xf0, 0xec, 0xc0, 0x07, 0x1c, 0x98, 0xe9, 0x68, 0x4d, 0xc1, - 0x0f, 0x00, 0x42, 0xea, 0x41, 0xce, 0x6c, 0xfe, 0x84, 0x59, 0x02, 0xf9, 0x37, 0x70, 0xb4, 0x77, - 0x7d, 0x18, 0x43, 0x35, 0x5b, 0xa0, 0x89, 0x5d, 0x2d, 0x32, 0xe7, 0x52, 0x18, 0x2b, 0xe5, 0x30, - 0xfa, 0x57, 0xd0, 0xd9, 0xfd, 0x59, 0xfc, 0x07, 0xac, 0x29, 0x5b, 0xe4, 0xf9, 0xcd, 0x8e, 0xb8, - 0x0d, 0xb5, 0x39, 0xe1, 0x33, 0x96, 0x63, 0x56, 0x45, 0xff, 0xf7, 0xdb, 0xd2, 0x45, 0xef, 0x4b, - 0x17, 0x7d, 0x2e, 0x5d, 0x14, 0xa2, 0x51, 0xdd, 0xfc, 0x35, 0xa7, 0x5f, 0x01, 0x00, 0x00, 0xff, - 0xff, 0x36, 0x39, 0xa9, 0x31, 0x4d, 0x03, 0x00, 0x00, + // 438 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x94, 0xc1, 0x8e, 0xd3, 0x30, + 0x10, 0x86, 0x71, 0xd2, 0x76, 0x9b, 0xa9, 0x90, 0x90, 0x55, 0xa1, 0xb0, 0x82, 0x28, 0x8a, 0x38, + 0xe4, 0x14, 0x69, 0x17, 0xad, 0xe0, 0xca, 0xc2, 0x1e, 0x56, 0x20, 0x88, 0x5c, 0xe0, 0xee, 0xba, + 0x16, 0x8d, 0x6a, 0x6c, 0x2b, 0x71, 0x2b, 0x2a, 0x5e, 0x81, 0x03, 0x47, 0x1e, 0x89, 0x23, 0x77, + 0x2e, 0xa8, 0xbc, 0x08, 0x8a, 0x9b, 0x34, 0x09, 0x6a, 0x11, 0x15, 0x7b, 0x8b, 0x7f, 0xcf, 0x7c, + 0xfe, 0xc7, 0x33, 0x0e, 0x8c, 0xe9, 0xd2, 0xcc, 0xb9, 0x34, 0x19, 0xa3, 0x26, 0x53, 0x32, 0xd1, + 0xb9, 0x32, 0x0a, 0xdf, 0x9b, 0x2d, 0xa7, 0x53, 0x95, 0x50, 0x4d, 0xd9, 0x9c, 0x27, 0x2a, 0x7f, + 0x9f, 0xac, 0xce, 0xa8, 0xd0, 0x73, 0x7a, 0x16, 0x7d, 0x82, 0xfb, 0x4f, 0x3b, 0x29, 0xa9, 0x12, + 0x19, 0x5b, 0xbf, 0x51, 0xcf, 0x44, 0xc6, 0xa5, 0xc1, 0x77, 0xc0, 0x5d, 0xf0, 0xb5, 0x8f, 0x42, + 0x14, 0x7b, 0xa4, 0xfc, 0xc4, 0xd7, 0xd0, 0x2b, 0x34, 0x67, 0xbe, 0x13, 0xa2, 0x78, 0x74, 0x7e, + 0x91, 0x1c, 0x64, 0x27, 0x5d, 0xf0, 0x44, 0x73, 0x56, 0x63, 0x89, 0x45, 0x44, 0x9f, 0x11, 0x9c, + 0x1e, 0x0e, 0xc2, 0x77, 0x61, 0x40, 0x59, 0xa9, 0x56, 0xc7, 0x57, 0x2b, 0xfc, 0x0e, 0x3c, 0xad, + 0x72, 0xf3, 0x92, 0xaf, 0xb8, 0xf0, 0x9d, 0xd0, 0x8d, 0x47, 0xe7, 0x4f, 0xfe, 0xd9, 0xc6, 0xb6, + 0xbe, 0xb4, 0xce, 0x27, 0x0d, 0x2a, 0xfa, 0x81, 0x60, 0xbc, 0x2f, 0xf8, 0xa0, 0x91, 0x09, 0x0c, + 0x0b, 0x2e, 0x38, 0x33, 0x2a, 0xaf, 0x7c, 0x3c, 0x3e, 0xd2, 0xc7, 0xa4, 0x4a, 0x27, 0x3b, 0x50, + 0xb7, 0x3a, 0xf7, 0xe6, 0xaa, 0xfb, 0xe2, 0xee, 0x6f, 0x75, 0x6d, 0x01, 0x07, 0x00, 0x92, 0x7e, + 0xe0, 0x85, 0xa6, 0x8c, 0x17, 0x3e, 0x0a, 0xdd, 0xd8, 0x23, 0x2d, 0x05, 0x3f, 0x84, 0xdb, 0x52, + 0x99, 0x57, 0x4d, 0x88, 0x63, 0x43, 0xba, 0x22, 0x3e, 0x85, 0x61, 0xa6, 0x2f, 0x85, 0x62, 0x8b, + 0xc2, 0xba, 0xf7, 0xc8, 0x6e, 0x8d, 0x43, 0x18, 0x49, 0x65, 0xae, 0xeb, 0xed, 0x9e, 0xdd, 0x6e, + 0x4b, 0xa5, 0x07, 0x9d, 0x67, 0x92, 0x65, 0x9a, 0x8a, 0xc2, 0xef, 0x6f, 0x3d, 0x34, 0x4a, 0xe5, + 0x21, 0x6d, 0x42, 0x06, 0x3b, 0x0f, 0x8d, 0x88, 0x5f, 0xc3, 0x09, 0xff, 0x68, 0xb8, 0x9c, 0x15, + 0xfe, 0x89, 0xbd, 0xc0, 0x8b, 0x23, 0x2f, 0xf0, 0xca, 0x66, 0x93, 0x9a, 0x82, 0xdf, 0x02, 0x48, + 0x65, 0xae, 0x2a, 0xe6, 0xf0, 0x7f, 0x98, 0x2d, 0x50, 0xf4, 0x02, 0x1e, 0xfc, 0xb5, 0x7d, 0x18, + 0x43, 0xaf, 0x6c, 0xa0, 0x1d, 0xbb, 0x3e, 0xb1, 0xdf, 0xad, 0x61, 0x74, 0xda, 0xc3, 0x18, 0x3d, + 0xff, 0xf3, 0x2d, 0xb5, 0x8f, 0xdd, 0xf3, 0x8e, 0xc7, 0xd0, 0x5f, 0x51, 0xb1, 0xe4, 0x15, 0x66, + 0xbb, 0xb8, 0xc4, 0xdf, 0x36, 0x01, 0xfa, 0xbe, 0x09, 0xd0, 0xcf, 0x4d, 0x80, 0xbe, 0xfe, 0x0a, + 0x6e, 0xa5, 0x68, 0x3a, 0xb0, 0x7f, 0x91, 0x47, 0xbf, 0x03, 0x00, 0x00, 0xff, 0xff, 0x5f, 0x05, + 0xef, 0xb0, 0x5d, 0x04, 0x00, 0x00, +} + +func (m *AuthenticationPolicyToClient) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AuthenticationPolicyToClient) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuthenticationPolicyToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Spec != nil { + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthentication(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.Key) > 0 { + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintAuthentication(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *AuthenticationSpecToClient) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AuthenticationSpecToClient) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuthenticationSpecToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.PortLevel) > 0 { + for iNdEx := len(m.PortLevel) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.PortLevel[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthentication(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + } + if len(m.Action) > 0 { + i -= len(m.Action) + copy(dAtA[i:], m.Action) + i = encodeVarintAuthentication(dAtA, i, uint64(len(m.Action))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil } func (m *AuthenticationPolicy) Marshal() (dAtA []byte, err error) { @@ -614,6 +824,48 @@ func encodeVarintAuthentication(dAtA []byte, offset int, v uint64) int { dAtA[offset] = uint8(v) return base } +func (m *AuthenticationPolicyToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + if l > 0 { + n += 1 + l + sovAuthentication(uint64(l)) + } + if m.Spec != nil { + l = m.Spec.Size() + n += 1 + l + sovAuthentication(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *AuthenticationSpecToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Action) + if l > 0 { + n += 1 + l + sovAuthentication(uint64(l)) + } + if len(m.PortLevel) > 0 { + for _, e := range m.PortLevel { + l = e.Size() + n += 1 + l + sovAuthentication(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *AuthenticationPolicy) Size() (n int) { if m == nil { return 0 @@ -747,6 +999,242 @@ func sovAuthentication(x uint64) (n int) { func sozAuthentication(x uint64) (n int) { return sovAuthentication(uint64((x << 1) ^ uint64((int64(x) >> 63)))) } +func (m *AuthenticationPolicyToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthentication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AuthenticationPolicyToClient: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AuthenticationPolicyToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthentication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthentication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthentication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthentication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthentication + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthentication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Spec == nil { + m.Spec = &AuthenticationSpecToClient{} + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthentication(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthentication + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AuthenticationSpecToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthentication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AuthenticationSpecToClient: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AuthenticationSpecToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthentication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthentication + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthentication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Action = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field PortLevel", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthentication + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthentication + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthentication + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.PortLevel = append(m.PortLevel, &AuthenticationPolicyPortLevel{}) + if err := m.PortLevel[len(m.PortLevel)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthentication(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthentication + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *AuthenticationPolicy) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/api/resource/v1alpha1/authentication.proto b/api/resource/v1alpha1/authentication.proto index 46cf89377..672595d36 100644 --- a/api/resource/v1alpha1/authentication.proto +++ b/api/resource/v1alpha1/authentication.proto @@ -21,6 +21,16 @@ package dubbo.apache.org.v1alpha1; option java_multiple_files = true; +message AuthenticationPolicyToClient { + string key = 1; + AuthenticationSpecToClient spec = 2; +} + +message AuthenticationSpecToClient { + string action = 1; + repeated AuthenticationPolicyPortLevel portLevel = 2; +} + message AuthenticationPolicy { string action = 1; repeated AuthenticationPolicySelector selector = 2; diff --git a/api/resource/v1alpha1/authorization.pb.go b/api/resource/v1alpha1/authorization.pb.go index 83136c21c..b2432f5b0 100644 --- a/api/resource/v1alpha1/authorization.pb.go +++ b/api/resource/v1alpha1/authorization.pb.go @@ -23,7 +23,7 @@ package dubbo_apache_org_v1alpha1 import ( encoding_binary "encoding/binary" fmt "fmt" - proto "github.com/gogo/protobuf/proto" + proto "github.com/golang/protobuf/proto" io "io" math "math" math_bits "math/bits" @@ -38,7 +38,196 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +type AuthorizationPolicyToClient struct { + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Spec *AuthorizationPolicySpecToClient `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AuthorizationPolicyToClient) Reset() { *m = AuthorizationPolicyToClient{} } +func (m *AuthorizationPolicyToClient) String() string { return proto.CompactTextString(m) } +func (*AuthorizationPolicyToClient) ProtoMessage() {} +func (*AuthorizationPolicyToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_1dbbe58d1e51a797, []int{0} +} +func (m *AuthorizationPolicyToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AuthorizationPolicyToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AuthorizationPolicyToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AuthorizationPolicyToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_AuthorizationPolicyToClient.Merge(m, src) +} +func (m *AuthorizationPolicyToClient) XXX_Size() int { + return m.Size() +} +func (m *AuthorizationPolicyToClient) XXX_DiscardUnknown() { + xxx_messageInfo_AuthorizationPolicyToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_AuthorizationPolicyToClient proto.InternalMessageInfo + +func (m *AuthorizationPolicyToClient) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +func (m *AuthorizationPolicyToClient) GetSpec() *AuthorizationPolicySpecToClient { + if m != nil { + return m.Spec + } + return nil +} + +type AuthorizationPolicySpecToClient struct { + Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty"` + Rules []*AuthorizationPolicyRuleToClient `protobuf:"bytes,2,rep,name=rules,proto3" json:"rules,omitempty"` + Samples float32 `protobuf:"fixed32,3,opt,name=samples,proto3" json:"samples,omitempty"` + Order float32 `protobuf:"fixed32,4,opt,name=order,proto3" json:"order,omitempty"` + MatchType string `protobuf:"bytes,5,opt,name=matchType,proto3" json:"matchType,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AuthorizationPolicySpecToClient) Reset() { *m = AuthorizationPolicySpecToClient{} } +func (m *AuthorizationPolicySpecToClient) String() string { return proto.CompactTextString(m) } +func (*AuthorizationPolicySpecToClient) ProtoMessage() {} +func (*AuthorizationPolicySpecToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_1dbbe58d1e51a797, []int{1} +} +func (m *AuthorizationPolicySpecToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AuthorizationPolicySpecToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AuthorizationPolicySpecToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AuthorizationPolicySpecToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_AuthorizationPolicySpecToClient.Merge(m, src) +} +func (m *AuthorizationPolicySpecToClient) XXX_Size() int { + return m.Size() +} +func (m *AuthorizationPolicySpecToClient) XXX_DiscardUnknown() { + xxx_messageInfo_AuthorizationPolicySpecToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_AuthorizationPolicySpecToClient proto.InternalMessageInfo + +func (m *AuthorizationPolicySpecToClient) GetAction() string { + if m != nil { + return m.Action + } + return "" +} + +func (m *AuthorizationPolicySpecToClient) GetRules() []*AuthorizationPolicyRuleToClient { + if m != nil { + return m.Rules + } + return nil +} + +func (m *AuthorizationPolicySpecToClient) GetSamples() float32 { + if m != nil { + return m.Samples + } + return 0 +} + +func (m *AuthorizationPolicySpecToClient) GetOrder() float32 { + if m != nil { + return m.Order + } + return 0 +} + +func (m *AuthorizationPolicySpecToClient) GetMatchType() string { + if m != nil { + return m.MatchType + } + return "" +} + +type AuthorizationPolicyRuleToClient struct { + From *AuthorizationPolicySource `protobuf:"bytes,1,opt,name=from,proto3" json:"from,omitempty"` + When *AuthorizationPolicyCondition `protobuf:"bytes,2,opt,name=when,proto3" json:"when,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *AuthorizationPolicyRuleToClient) Reset() { *m = AuthorizationPolicyRuleToClient{} } +func (m *AuthorizationPolicyRuleToClient) String() string { return proto.CompactTextString(m) } +func (*AuthorizationPolicyRuleToClient) ProtoMessage() {} +func (*AuthorizationPolicyRuleToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_1dbbe58d1e51a797, []int{2} +} +func (m *AuthorizationPolicyRuleToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *AuthorizationPolicyRuleToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_AuthorizationPolicyRuleToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *AuthorizationPolicyRuleToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_AuthorizationPolicyRuleToClient.Merge(m, src) +} +func (m *AuthorizationPolicyRuleToClient) XXX_Size() int { + return m.Size() +} +func (m *AuthorizationPolicyRuleToClient) XXX_DiscardUnknown() { + xxx_messageInfo_AuthorizationPolicyRuleToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_AuthorizationPolicyRuleToClient proto.InternalMessageInfo + +func (m *AuthorizationPolicyRuleToClient) GetFrom() *AuthorizationPolicySource { + if m != nil { + return m.From + } + return nil +} + +func (m *AuthorizationPolicyRuleToClient) GetWhen() *AuthorizationPolicyCondition { + if m != nil { + return m.When + } + return nil +} type AuthorizationPolicy struct { Action string `protobuf:"bytes,1,opt,name=action,proto3" json:"action,omitempty"` @@ -55,7 +244,7 @@ func (m *AuthorizationPolicy) Reset() { *m = AuthorizationPolicy{} } func (m *AuthorizationPolicy) String() string { return proto.CompactTextString(m) } func (*AuthorizationPolicy) ProtoMessage() {} func (*AuthorizationPolicy) Descriptor() ([]byte, []int) { - return fileDescriptor_1dbbe58d1e51a797, []int{0} + return fileDescriptor_1dbbe58d1e51a797, []int{3} } func (m *AuthorizationPolicy) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -132,7 +321,7 @@ func (m *AuthorizationPolicyRule) Reset() { *m = AuthorizationPolicyRule func (m *AuthorizationPolicyRule) String() string { return proto.CompactTextString(m) } func (*AuthorizationPolicyRule) ProtoMessage() {} func (*AuthorizationPolicyRule) Descriptor() ([]byte, []int) { - return fileDescriptor_1dbbe58d1e51a797, []int{1} + return fileDescriptor_1dbbe58d1e51a797, []int{4} } func (m *AuthorizationPolicyRule) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -200,7 +389,7 @@ func (m *AuthorizationPolicySource) Reset() { *m = AuthorizationPolicySo func (m *AuthorizationPolicySource) String() string { return proto.CompactTextString(m) } func (*AuthorizationPolicySource) ProtoMessage() {} func (*AuthorizationPolicySource) Descriptor() ([]byte, []int) { - return fileDescriptor_1dbbe58d1e51a797, []int{2} + return fileDescriptor_1dbbe58d1e51a797, []int{5} } func (m *AuthorizationPolicySource) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -303,7 +492,7 @@ func (m *AuthorizationPolicyTarget) Reset() { *m = AuthorizationPolicyTa func (m *AuthorizationPolicyTarget) String() string { return proto.CompactTextString(m) } func (*AuthorizationPolicyTarget) ProtoMessage() {} func (*AuthorizationPolicyTarget) Descriptor() ([]byte, []int) { - return fileDescriptor_1dbbe58d1e51a797, []int{3} + return fileDescriptor_1dbbe58d1e51a797, []int{6} } func (m *AuthorizationPolicyTarget) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -401,7 +590,7 @@ func (m *AuthorizationPolicyCondition) Reset() { *m = AuthorizationPolic func (m *AuthorizationPolicyCondition) String() string { return proto.CompactTextString(m) } func (*AuthorizationPolicyCondition) ProtoMessage() {} func (*AuthorizationPolicyCondition) Descriptor() ([]byte, []int) { - return fileDescriptor_1dbbe58d1e51a797, []int{4} + return fileDescriptor_1dbbe58d1e51a797, []int{7} } func (m *AuthorizationPolicyCondition) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -463,7 +652,7 @@ func (m *AuthorizationPolicyMatch) Reset() { *m = AuthorizationPolicyMat func (m *AuthorizationPolicyMatch) String() string { return proto.CompactTextString(m) } func (*AuthorizationPolicyMatch) ProtoMessage() {} func (*AuthorizationPolicyMatch) Descriptor() ([]byte, []int) { - return fileDescriptor_1dbbe58d1e51a797, []int{5} + return fileDescriptor_1dbbe58d1e51a797, []int{8} } func (m *AuthorizationPolicyMatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -518,7 +707,7 @@ func (m *AuthorizationPolicyExtend) Reset() { *m = AuthorizationPolicyEx func (m *AuthorizationPolicyExtend) String() string { return proto.CompactTextString(m) } func (*AuthorizationPolicyExtend) ProtoMessage() {} func (*AuthorizationPolicyExtend) Descriptor() ([]byte, []int) { - return fileDescriptor_1dbbe58d1e51a797, []int{6} + return fileDescriptor_1dbbe58d1e51a797, []int{9} } func (m *AuthorizationPolicyExtend) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -562,6 +751,9 @@ func (m *AuthorizationPolicyExtend) GetValue() string { } func init() { + proto.RegisterType((*AuthorizationPolicyToClient)(nil), "dubbo.apache.org.v1alpha1.AuthorizationPolicyToClient") + proto.RegisterType((*AuthorizationPolicySpecToClient)(nil), "dubbo.apache.org.v1alpha1.AuthorizationPolicySpecToClient") + proto.RegisterType((*AuthorizationPolicyRuleToClient)(nil), "dubbo.apache.org.v1alpha1.AuthorizationPolicyRuleToClient") proto.RegisterType((*AuthorizationPolicy)(nil), "dubbo.apache.org.v1alpha1.AuthorizationPolicy") proto.RegisterType((*AuthorizationPolicyRule)(nil), "dubbo.apache.org.v1alpha1.AuthorizationPolicyRule") proto.RegisterType((*AuthorizationPolicySource)(nil), "dubbo.apache.org.v1alpha1.AuthorizationPolicySource") @@ -574,42 +766,93 @@ func init() { func init() { proto.RegisterFile("authorization.proto", fileDescriptor_1dbbe58d1e51a797) } var fileDescriptor_1dbbe58d1e51a797 = []byte{ - // 507 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x95, 0xdf, 0x6a, 0xdb, 0x30, - 0x14, 0xc6, 0x91, 0x9d, 0x3f, 0xcd, 0x09, 0x1b, 0xe3, 0x74, 0x6c, 0xea, 0x28, 0x21, 0x84, 0x5d, - 0xe4, 0xca, 0xd0, 0x74, 0xb0, 0xeb, 0xf5, 0x0f, 0x74, 0x94, 0x95, 0x4c, 0x0b, 0xbb, 0x57, 0x1c, - 0xad, 0x36, 0x75, 0x24, 0x23, 0xcb, 0xdd, 0xb2, 0x57, 0xd8, 0x73, 0x0d, 0x76, 0xd9, 0x47, 0x18, - 0x79, 0x88, 0x5d, 0x0f, 0xc9, 0x4e, 0x9c, 0x41, 0x3c, 0x48, 0x07, 0xbb, 0xea, 0x9d, 0xbf, 0xcf, - 0x47, 0xbf, 0x7c, 0xd2, 0x51, 0x8e, 0x61, 0x9f, 0xe7, 0x26, 0x52, 0x3a, 0xfe, 0xca, 0x4d, 0xac, - 0x64, 0x90, 0x6a, 0x65, 0x14, 0x1e, 0xcc, 0xf2, 0xe9, 0x54, 0x05, 0x3c, 0xe5, 0x61, 0x24, 0x02, - 0xa5, 0xaf, 0x83, 0xdb, 0x23, 0x9e, 0xa4, 0x11, 0x3f, 0x1a, 0x7c, 0x27, 0xb0, 0xff, 0x66, 0x73, - 0xc9, 0x58, 0x25, 0x71, 0xb8, 0xc0, 0x67, 0xd0, 0xe2, 0xa1, 0xd5, 0x94, 0xf4, 0xc9, 0xb0, 0xc3, - 0x4a, 0x85, 0x17, 0xd0, 0xd4, 0x79, 0x22, 0x32, 0xea, 0xf5, 0xfd, 0x61, 0x77, 0x34, 0x0a, 0x6a, - 0xd1, 0xc1, 0x16, 0x2c, 0xcb, 0x13, 0xc1, 0x0a, 0x00, 0x52, 0x68, 0x67, 0x7c, 0x9e, 0x5a, 0x96, - 0xdf, 0x27, 0x43, 0x8f, 0xad, 0x24, 0x3e, 0x85, 0xa6, 0xd2, 0x33, 0xa1, 0x69, 0xc3, 0xf9, 0x85, - 0xc0, 0x43, 0xe8, 0xcc, 0xb9, 0x09, 0xa3, 0xc9, 0x22, 0x15, 0xb4, 0xe9, 0x42, 0x55, 0xc6, 0xe0, - 0x17, 0x81, 0xe7, 0x35, 0x3f, 0x88, 0x17, 0xd0, 0xf8, 0xa4, 0xd5, 0xdc, 0xed, 0xa4, 0x3b, 0x7a, - 0xb5, 0x5b, 0xe4, 0x0f, 0x2a, 0xd7, 0xa1, 0x60, 0x8e, 0x80, 0x67, 0xe0, 0x19, 0x45, 0xbd, 0xfb, - 0x70, 0x26, 0x5c, 0x5f, 0x0b, 0xc3, 0x3c, 0xa3, 0xf0, 0x12, 0x1a, 0x9f, 0x23, 0x21, 0xdd, 0xb6, - 0xbb, 0xa3, 0xd7, 0xbb, 0x71, 0x4e, 0x95, 0x9c, 0xc5, 0x56, 0x32, 0x07, 0x19, 0x7c, 0xf3, 0xe1, - 0xa0, 0x36, 0x36, 0xf6, 0x00, 0x24, 0x9f, 0x8b, 0x2c, 0xe5, 0xa1, 0xc8, 0x28, 0xe9, 0xfb, 0xc3, - 0x0e, 0xdb, 0x70, 0xf0, 0x25, 0x3c, 0x92, 0xca, 0x5c, 0x55, 0x25, 0x9e, 0x2b, 0xf9, 0xd3, 0xc4, - 0x17, 0xb0, 0x17, 0xa7, 0x27, 0x89, 0x0a, 0x6f, 0x6c, 0xaf, 0x6c, 0xc1, 0x5a, 0x63, 0x1f, 0xba, - 0x52, 0x99, 0xb7, 0xab, 0xd7, 0x0d, 0xf7, 0x7a, 0xd3, 0xb2, 0x19, 0x52, 0x1d, 0xcb, 0x30, 0x4e, - 0x79, 0x92, 0xd1, 0x66, 0x91, 0xa1, 0x72, 0xca, 0x0c, 0xe3, 0xaa, 0xa4, 0xb5, 0xce, 0x50, 0x99, - 0x78, 0x05, 0x6d, 0xf1, 0xc5, 0x08, 0x39, 0xcb, 0x68, 0xdb, 0x5d, 0xbd, 0x1d, 0xcf, 0xff, 0xdc, - 0x2d, 0x66, 0x2b, 0x08, 0x4e, 0x00, 0xa4, 0x32, 0xe7, 0x25, 0x72, 0xef, 0x1f, 0x90, 0x1b, 0x9c, - 0xba, 0x6e, 0x14, 0xcd, 0x7f, 0xe8, 0xc6, 0x7f, 0xee, 0xc6, 0x1d, 0x81, 0xc3, 0xbf, 0xfd, 0x85, - 0xf0, 0x09, 0xf8, 0x37, 0x62, 0x51, 0x8e, 0x38, 0xfb, 0x88, 0x97, 0xd0, 0xba, 0xe5, 0x49, 0xbe, - 0x1e, 0x70, 0xc7, 0xbb, 0x85, 0x78, 0x67, 0x07, 0x12, 0x2b, 0x11, 0xf8, 0x1e, 0x3a, 0x52, 0x99, - 0x8f, 0x05, 0xcf, 0xbf, 0x3f, 0xaf, 0xa2, 0x0c, 0xce, 0x80, 0xd6, 0x95, 0x21, 0x42, 0xc3, 0xd8, - 0xe1, 0x58, 0x6c, 0xc7, 0x3d, 0xdb, 0x59, 0xea, 0xc2, 0xb8, 0xa1, 0xd5, 0x61, 0x85, 0x18, 0x9c, - 0x6e, 0xbd, 0xa5, 0xc5, 0xb1, 0x6d, 0x39, 0x94, 0xad, 0x90, 0x93, 0xc7, 0x3f, 0x96, 0x3d, 0x72, - 0xb7, 0xec, 0x91, 0x9f, 0xcb, 0x1e, 0x19, 0x93, 0x69, 0xcb, 0x7d, 0x6c, 0x8e, 0x7f, 0x07, 0x00, - 0x00, 0xff, 0xff, 0xff, 0x5f, 0xd4, 0xe1, 0x83, 0x06, 0x00, 0x00, + // 581 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xec, 0x96, 0x41, 0x6f, 0xd3, 0x30, + 0x14, 0xc7, 0x71, 0x92, 0xb6, 0xeb, 0xab, 0x90, 0x90, 0x87, 0x20, 0x83, 0xa9, 0x44, 0x11, 0x87, + 0x9e, 0x22, 0xad, 0x43, 0x42, 0xe2, 0xc6, 0xba, 0x49, 0x43, 0x13, 0x55, 0x31, 0x15, 0x77, 0x37, + 0x35, 0x6b, 0xb4, 0xd4, 0xb6, 0x12, 0x67, 0x50, 0x2e, 0x7c, 0x00, 0xbe, 0x00, 0x1f, 0x85, 0x2f, + 0x80, 0xc4, 0x71, 0x57, 0x6e, 0xa8, 0x7c, 0x07, 0xce, 0x28, 0x4e, 0xda, 0x74, 0x52, 0x02, 0x0a, + 0x0c, 0x4e, 0xbb, 0xe5, 0x3d, 0xbf, 0xfc, 0xfc, 0xf7, 0xfb, 0xbb, 0xaf, 0x81, 0x6d, 0x9a, 0xa8, + 0x99, 0x88, 0x82, 0x77, 0x54, 0x05, 0x82, 0x7b, 0x32, 0x12, 0x4a, 0xe0, 0x9d, 0x69, 0x32, 0x99, + 0x08, 0x8f, 0x4a, 0xea, 0xcf, 0x98, 0x27, 0xa2, 0x53, 0xef, 0x7c, 0x8f, 0x86, 0x72, 0x46, 0xf7, + 0xdc, 0xf7, 0x70, 0xff, 0xe9, 0xe6, 0x1b, 0x23, 0x11, 0x06, 0xfe, 0x62, 0x2c, 0x06, 0x61, 0xc0, + 0xb8, 0xc2, 0xb7, 0xc0, 0x3c, 0x63, 0x0b, 0x1b, 0x39, 0xa8, 0xd7, 0x26, 0xe9, 0x23, 0x1e, 0x82, + 0x15, 0x4b, 0xe6, 0xdb, 0x86, 0x83, 0x7a, 0x9d, 0xfe, 0x13, 0xaf, 0x12, 0xed, 0x95, 0x70, 0x5f, + 0x4a, 0xe6, 0xaf, 0xd8, 0x44, 0x73, 0xdc, 0xaf, 0x08, 0x1e, 0xfc, 0xa6, 0x12, 0xdf, 0x81, 0x26, + 0xf5, 0xd3, 0xb5, 0x5c, 0x48, 0x1e, 0xe1, 0x11, 0x34, 0xa2, 0x24, 0x64, 0xb1, 0x6d, 0x38, 0x66, + 0x7d, 0x31, 0x24, 0x09, 0xd9, 0x5a, 0x4c, 0x06, 0xc2, 0x36, 0xb4, 0x62, 0x3a, 0x97, 0x29, 0xd3, + 0x74, 0x50, 0xcf, 0x20, 0xab, 0x10, 0xdf, 0x86, 0x86, 0x88, 0xa6, 0x2c, 0xb2, 0x2d, 0x9d, 0xcf, + 0x02, 0xbc, 0x0b, 0xed, 0x39, 0x55, 0xfe, 0x6c, 0xbc, 0x90, 0xcc, 0x6e, 0x68, 0x71, 0x45, 0xc2, + 0xfd, 0x54, 0x7e, 0xb6, 0xcd, 0x8d, 0xf1, 0x31, 0x58, 0xaf, 0x23, 0x31, 0xd7, 0x27, 0xeb, 0xf4, + 0x1f, 0xd5, 0xec, 0xa7, 0x48, 0x22, 0x9f, 0x11, 0x4d, 0xc0, 0x27, 0x60, 0xbd, 0x99, 0x31, 0x9e, + 0x3b, 0xf3, 0xb8, 0x1e, 0x69, 0x20, 0xf8, 0x34, 0x48, 0x43, 0xa2, 0x21, 0xee, 0x67, 0x04, 0xdb, + 0x25, 0x65, 0x95, 0x56, 0x1c, 0x5f, 0xb6, 0xa2, 0x5f, 0xdf, 0x8a, 0x7f, 0x63, 0xc1, 0x0f, 0x04, + 0x77, 0x2b, 0x36, 0xbc, 0xc2, 0xd6, 0x1f, 0x82, 0xa1, 0x44, 0xde, 0xf8, 0x9a, 0x9c, 0x31, 0x8d, + 0x4e, 0x99, 0x22, 0x86, 0x12, 0x6b, 0x03, 0xcd, 0xab, 0x30, 0xf0, 0x83, 0x09, 0x3b, 0x95, 0xb2, + 0x71, 0x17, 0x80, 0xd3, 0x39, 0x8b, 0x25, 0xf5, 0x59, 0x6c, 0x23, 0xc7, 0xec, 0xb5, 0xc9, 0x46, + 0x06, 0x3f, 0x84, 0x9b, 0x5c, 0xa8, 0x61, 0x51, 0x62, 0xe8, 0x92, 0xcb, 0x49, 0x7c, 0x0f, 0xb6, + 0x02, 0x79, 0x10, 0x0a, 0xff, 0x2c, 0xf5, 0x2a, 0x2d, 0x58, 0xc7, 0xd8, 0x81, 0x0e, 0x17, 0xea, + 0xd9, 0x6a, 0xd9, 0xd2, 0xcb, 0x9b, 0xa9, 0x54, 0x83, 0x8c, 0x02, 0xee, 0x07, 0x92, 0x86, 0xb1, + 0xdd, 0xc8, 0x34, 0x14, 0x99, 0x5c, 0xc3, 0xa8, 0x28, 0x69, 0xae, 0x35, 0x14, 0x49, 0x3c, 0x84, + 0x16, 0x7b, 0xab, 0x18, 0x9f, 0xc6, 0x76, 0x4b, 0x5f, 0xbd, 0x9a, 0xfd, 0x3f, 0xd2, 0x2f, 0x93, + 0x15, 0x04, 0x8f, 0x01, 0xb8, 0x50, 0x47, 0x39, 0x72, 0xeb, 0x2f, 0x90, 0x1b, 0x9c, 0x2a, 0x37, + 0x32, 0xf3, 0xaf, 0xdd, 0xf8, 0xcf, 0x6e, 0x5c, 0x20, 0xd8, 0xfd, 0xd5, 0x4f, 0xa8, 0xe4, 0x6f, + 0xef, 0x04, 0x9a, 0xe7, 0x34, 0x4c, 0xd6, 0x03, 0x6e, 0xbf, 0x9e, 0x88, 0xe7, 0xe9, 0x40, 0x22, + 0x39, 0x02, 0xbf, 0x80, 0x36, 0x17, 0xea, 0x55, 0xc6, 0x33, 0xff, 0x9c, 0x57, 0x50, 0xdc, 0x43, + 0xb0, 0xab, 0xca, 0x30, 0x06, 0x4b, 0xa5, 0xc3, 0x31, 0x3b, 0x8e, 0x7e, 0x4e, 0x67, 0xa9, 0x16, + 0xa3, 0x87, 0x56, 0x9b, 0x64, 0x81, 0x3b, 0x28, 0xbd, 0xa5, 0x59, 0xdb, 0x4a, 0x9a, 0x52, 0x0a, + 0x39, 0xc0, 0x5f, 0x96, 0x5d, 0x74, 0xb1, 0xec, 0xa2, 0x6f, 0xcb, 0x2e, 0xfa, 0xf8, 0xbd, 0x7b, + 0x63, 0x84, 0x26, 0x4d, 0xfd, 0x21, 0xb2, 0xff, 0x33, 0x00, 0x00, 0xff, 0xff, 0xef, 0x81, 0x9b, + 0x00, 0x9f, 0x08, 0x00, 0x00, +} + +func (m *AuthorizationPolicyToClient) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil } -func (m *AuthorizationPolicy) Marshal() (dAtA []byte, err error) { +func (m *AuthorizationPolicyToClient) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuthorizationPolicyToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Spec != nil { + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthorization(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.Key) > 0 { + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *AuthorizationPolicySpecToClient) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -619,12 +862,12 @@ func (m *AuthorizationPolicy) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AuthorizationPolicy) MarshalTo(dAtA []byte) (int, error) { +func (m *AuthorizationPolicySpecToClient) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AuthorizationPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AuthorizationPolicySpecToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -676,7 +919,7 @@ func (m *AuthorizationPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) { return len(dAtA) - i, nil } -func (m *AuthorizationPolicyRule) Marshal() (dAtA []byte, err error) { +func (m *AuthorizationPolicyRuleToClient) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -686,12 +929,12 @@ func (m *AuthorizationPolicyRule) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AuthorizationPolicyRule) MarshalTo(dAtA []byte) (int, error) { +func (m *AuthorizationPolicyRuleToClient) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AuthorizationPolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AuthorizationPolicyRuleToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -710,18 +953,6 @@ func (m *AuthorizationPolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) i = encodeVarintAuthorization(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x1a - } - if m.To != nil { - { - size, err := m.To.MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthorization(dAtA, i, uint64(size)) - } - i-- dAtA[i] = 0x12 } if m.From != nil { @@ -739,7 +970,7 @@ func (m *AuthorizationPolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) return len(dAtA) - i, nil } -func (m *AuthorizationPolicySource) Marshal() (dAtA []byte, err error) { +func (m *AuthorizationPolicy) Marshal() (dAtA []byte, err error) { size := m.Size() dAtA = make([]byte, size) n, err := m.MarshalToSizedBuffer(dAtA[:size]) @@ -749,12 +980,12 @@ func (m *AuthorizationPolicySource) Marshal() (dAtA []byte, err error) { return dAtA[:n], nil } -func (m *AuthorizationPolicySource) MarshalTo(dAtA []byte) (int, error) { +func (m *AuthorizationPolicy) MarshalTo(dAtA []byte) (int, error) { size := m.Size() return m.MarshalToSizedBuffer(dAtA[:size]) } -func (m *AuthorizationPolicySource) MarshalToSizedBuffer(dAtA []byte) (int, error) { +func (m *AuthorizationPolicy) MarshalToSizedBuffer(dAtA []byte) (int, error) { i := len(dAtA) _ = i var l int @@ -763,24 +994,29 @@ func (m *AuthorizationPolicySource) MarshalToSizedBuffer(dAtA []byte) (int, erro i -= len(m.XXX_unrecognized) copy(dAtA[i:], m.XXX_unrecognized) } - if len(m.NotExtends) > 0 { - for iNdEx := len(m.NotExtends) - 1; iNdEx >= 0; iNdEx-- { - { - size, err := m.NotExtends[iNdEx].MarshalToSizedBuffer(dAtA[:i]) - if err != nil { - return 0, err - } - i -= size - i = encodeVarintAuthorization(dAtA, i, uint64(size)) - } - i-- - dAtA[i] = 0x42 - } + if len(m.MatchType) > 0 { + i -= len(m.MatchType) + copy(dAtA[i:], m.MatchType) + i = encodeVarintAuthorization(dAtA, i, uint64(len(m.MatchType))) + i-- + dAtA[i] = 0x2a } - if len(m.Extends) > 0 { - for iNdEx := len(m.Extends) - 1; iNdEx >= 0; iNdEx-- { + if m.Order != 0 { + i -= 4 + encoding_binary.LittleEndian.PutUint32(dAtA[i:], uint32(math.Float32bits(float32(m.Order)))) + i-- + dAtA[i] = 0x25 + } + if m.Samples != 0 { + i -= 4 + encoding_binary.LittleEndian.PutUint32(dAtA[i:], uint32(math.Float32bits(float32(m.Samples)))) + i-- + dAtA[i] = 0x1d + } + if len(m.Rules) > 0 { + for iNdEx := len(m.Rules) - 1; iNdEx >= 0; iNdEx-- { { - size, err := m.Extends[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + size, err := m.Rules[iNdEx].MarshalToSizedBuffer(dAtA[:i]) if err != nil { return 0, err } @@ -788,24 +1024,149 @@ func (m *AuthorizationPolicySource) MarshalToSizedBuffer(dAtA []byte) (int, erro i = encodeVarintAuthorization(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x3a + dAtA[i] = 0x12 } } - if len(m.NotPrincipals) > 0 { - for iNdEx := len(m.NotPrincipals) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.NotPrincipals[iNdEx]) - copy(dAtA[i:], m.NotPrincipals[iNdEx]) - i = encodeVarintAuthorization(dAtA, i, uint64(len(m.NotPrincipals[iNdEx]))) - i-- - dAtA[i] = 0x32 - } + if len(m.Action) > 0 { + i -= len(m.Action) + copy(dAtA[i:], m.Action) + i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Action))) + i-- + dAtA[i] = 0xa } - if len(m.Principals) > 0 { - for iNdEx := len(m.Principals) - 1; iNdEx >= 0; iNdEx-- { - i -= len(m.Principals[iNdEx]) - copy(dAtA[i:], m.Principals[iNdEx]) - i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Principals[iNdEx]))) - i-- + return len(dAtA) - i, nil +} + +func (m *AuthorizationPolicyRule) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AuthorizationPolicyRule) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuthorizationPolicyRule) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.When != nil { + { + size, err := m.When.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthorization(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x1a + } + if m.To != nil { + { + size, err := m.To.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthorization(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if m.From != nil { + { + size, err := m.From.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthorization(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *AuthorizationPolicySource) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *AuthorizationPolicySource) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *AuthorizationPolicySource) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if len(m.NotExtends) > 0 { + for iNdEx := len(m.NotExtends) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.NotExtends[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthorization(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x42 + } + } + if len(m.Extends) > 0 { + for iNdEx := len(m.Extends) - 1; iNdEx >= 0; iNdEx-- { + { + size, err := m.Extends[iNdEx].MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintAuthorization(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x3a + } + } + if len(m.NotPrincipals) > 0 { + for iNdEx := len(m.NotPrincipals) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.NotPrincipals[iNdEx]) + copy(dAtA[i:], m.NotPrincipals[iNdEx]) + i = encodeVarintAuthorization(dAtA, i, uint64(len(m.NotPrincipals[iNdEx]))) + i-- + dAtA[i] = 0x32 + } + } + if len(m.Principals) > 0 { + for iNdEx := len(m.Principals) - 1; iNdEx >= 0; iNdEx-- { + i -= len(m.Principals[iNdEx]) + copy(dAtA[i:], m.Principals[iNdEx]) + i = encodeVarintAuthorization(dAtA, i, uint64(len(m.Principals[iNdEx]))) + i-- dAtA[i] = 0x2a } } @@ -1112,6 +1473,78 @@ func encodeVarintAuthorization(dAtA []byte, offset int, v uint64) int { dAtA[offset] = uint8(v) return base } +func (m *AuthorizationPolicyToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + if l > 0 { + n += 1 + l + sovAuthorization(uint64(l)) + } + if m.Spec != nil { + l = m.Spec.Size() + n += 1 + l + sovAuthorization(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *AuthorizationPolicySpecToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Action) + if l > 0 { + n += 1 + l + sovAuthorization(uint64(l)) + } + if len(m.Rules) > 0 { + for _, e := range m.Rules { + l = e.Size() + n += 1 + l + sovAuthorization(uint64(l)) + } + } + if m.Samples != 0 { + n += 5 + } + if m.Order != 0 { + n += 5 + } + l = len(m.MatchType) + if l > 0 { + n += 1 + l + sovAuthorization(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *AuthorizationPolicyRuleToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.From != nil { + l = m.From.Size() + n += 1 + l + sovAuthorization(uint64(l)) + } + if m.When != nil { + l = m.When.Size() + n += 1 + l + sovAuthorization(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *AuthorizationPolicy) Size() (n int) { if m == nil { return 0 @@ -1362,6 +1795,419 @@ func sovAuthorization(x uint64) (n int) { func sozAuthorization(x uint64) (n int) { return sovAuthorization(uint64((x << 1) ^ uint64((int64(x) >> 63)))) } +func (m *AuthorizationPolicyToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AuthorizationPolicyToClient: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AuthorizationPolicyToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthorization + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthorization + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthorization + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthorization + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Spec == nil { + m.Spec = &AuthorizationPolicySpecToClient{} + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthorization(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthorization + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AuthorizationPolicySpecToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AuthorizationPolicySpecToClient: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AuthorizationPolicySpecToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Action", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthorization + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthorization + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Action = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Rules", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthorization + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthorization + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Rules = append(m.Rules, &AuthorizationPolicyRuleToClient{}) + if err := m.Rules[len(m.Rules)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 3: + if wireType != 5 { + return fmt.Errorf("proto: wrong wireType = %d for field Samples", wireType) + } + var v uint32 + if (iNdEx + 4) > l { + return io.ErrUnexpectedEOF + } + v = uint32(encoding_binary.LittleEndian.Uint32(dAtA[iNdEx:])) + iNdEx += 4 + m.Samples = float32(math.Float32frombits(v)) + case 4: + if wireType != 5 { + return fmt.Errorf("proto: wrong wireType = %d for field Order", wireType) + } + var v uint32 + if (iNdEx + 4) > l { + return io.ErrUnexpectedEOF + } + v = uint32(encoding_binary.LittleEndian.Uint32(dAtA[iNdEx:])) + iNdEx += 4 + m.Order = float32(math.Float32frombits(v)) + case 5: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field MatchType", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthAuthorization + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthAuthorization + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.MatchType = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthorization(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthorization + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *AuthorizationPolicyRuleToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: AuthorizationPolicyRuleToClient: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: AuthorizationPolicyRuleToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field From", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthorization + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthorization + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.From == nil { + m.From = &AuthorizationPolicySource{} + } + if err := m.From.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field When", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowAuthorization + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthAuthorization + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthAuthorization + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.When == nil { + m.When = &AuthorizationPolicyCondition{} + } + if err := m.When.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipAuthorization(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthAuthorization + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *AuthorizationPolicy) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/api/resource/v1alpha1/authorization.proto b/api/resource/v1alpha1/authorization.proto index e596da916..53982571d 100644 --- a/api/resource/v1alpha1/authorization.proto +++ b/api/resource/v1alpha1/authorization.proto @@ -21,6 +21,24 @@ package dubbo.apache.org.v1alpha1; option java_multiple_files = true; +message AuthorizationPolicyToClient { + string key = 1; + AuthorizationPolicySpecToClient spec = 2; +} + +message AuthorizationPolicySpecToClient { + string action = 1; + repeated AuthorizationPolicyRuleToClient rules = 2; + float samples = 3; + float order = 4; + string matchType = 5; +} + +message AuthorizationPolicyRuleToClient { + AuthorizationPolicySource from = 1; + AuthorizationPolicyCondition when = 2; +} + message AuthorizationPolicy { string action = 1; repeated AuthorizationPolicyRule rules = 2; diff --git a/api/resource/v1alpha1/servicemapping.pb.go b/api/resource/v1alpha1/servicemapping.pb.go index 3dbca5cd8..c04d579ad 100644 --- a/api/resource/v1alpha1/servicemapping.pb.go +++ b/api/resource/v1alpha1/servicemapping.pb.go @@ -22,7 +22,7 @@ package dubbo_apache_org_v1alpha1 import ( fmt "fmt" - proto "github.com/gogo/protobuf/proto" + proto "github.com/golang/protobuf/proto" io "io" math "math" math_bits "math/bits" @@ -37,7 +37,62 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +type ServiceNameMappingToClient struct { + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Spec *ServiceNameMapping `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ServiceNameMappingToClient) Reset() { *m = ServiceNameMappingToClient{} } +func (m *ServiceNameMappingToClient) String() string { return proto.CompactTextString(m) } +func (*ServiceNameMappingToClient) ProtoMessage() {} +func (*ServiceNameMappingToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_4c0ebb678408b52a, []int{0} +} +func (m *ServiceNameMappingToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ServiceNameMappingToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ServiceNameMappingToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ServiceNameMappingToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_ServiceNameMappingToClient.Merge(m, src) +} +func (m *ServiceNameMappingToClient) XXX_Size() int { + return m.Size() +} +func (m *ServiceNameMappingToClient) XXX_DiscardUnknown() { + xxx_messageInfo_ServiceNameMappingToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_ServiceNameMappingToClient proto.InternalMessageInfo + +func (m *ServiceNameMappingToClient) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +func (m *ServiceNameMappingToClient) GetSpec() *ServiceNameMapping { + if m != nil { + return m.Spec + } + return nil +} type ServiceNameMapping struct { InterfaceName string `protobuf:"bytes,1,opt,name=interfaceName,proto3" json:"interfaceName,omitempty"` @@ -51,7 +106,7 @@ func (m *ServiceNameMapping) Reset() { *m = ServiceNameMapping{} } func (m *ServiceNameMapping) String() string { return proto.CompactTextString(m) } func (*ServiceNameMapping) ProtoMessage() {} func (*ServiceNameMapping) Descriptor() ([]byte, []int) { - return fileDescriptor_4c0ebb678408b52a, []int{0} + return fileDescriptor_4c0ebb678408b52a, []int{1} } func (m *ServiceNameMapping) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -95,23 +150,74 @@ func (m *ServiceNameMapping) GetApplicationNames() []string { } func init() { + proto.RegisterType((*ServiceNameMappingToClient)(nil), "dubbo.apache.org.v1alpha1.ServiceNameMappingToClient") proto.RegisterType((*ServiceNameMapping)(nil), "dubbo.apache.org.v1alpha1.ServiceNameMapping") } func init() { proto.RegisterFile("servicemapping.proto", fileDescriptor_4c0ebb678408b52a) } var fileDescriptor_4c0ebb678408b52a = []byte{ - // 158 bytes of a gzipped FileDescriptorProto + // 213 bytes of a gzipped FileDescriptorProto 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xe2, 0x12, 0x29, 0x4e, 0x2d, 0x2a, 0xcb, 0x4c, 0x4e, 0xcd, 0x4d, 0x2c, 0x28, 0xc8, 0xcc, 0x4b, 0xd7, 0x2b, 0x28, 0xca, 0x2f, 0xc9, 0x17, 0x92, 0x4c, 0x29, 0x4d, 0x4a, 0xca, 0xd7, 0x4b, 0x2c, 0x48, 0x4c, 0xce, 0x48, 0xd5, 0xcb, - 0x2f, 0x4a, 0xd7, 0x2b, 0x33, 0x4c, 0xcc, 0x29, 0xc8, 0x48, 0x34, 0x54, 0x4a, 0xe3, 0x12, 0x0a, - 0x86, 0x68, 0xf1, 0x4b, 0xcc, 0x4d, 0xf5, 0x85, 0x68, 0x13, 0x52, 0xe1, 0xe2, 0xcd, 0xcc, 0x2b, - 0x49, 0x2d, 0x4a, 0x4b, 0x84, 0x88, 0x4b, 0x30, 0x2a, 0x30, 0x6a, 0x70, 0x06, 0xa1, 0x0a, 0x0a, - 0x69, 0x71, 0x09, 0x24, 0x16, 0x14, 0xe4, 0x64, 0x26, 0x27, 0x96, 0x64, 0xe6, 0xe7, 0x81, 0x84, - 0x8a, 0x25, 0x98, 0x14, 0x98, 0x35, 0x38, 0x83, 0x30, 0xc4, 0x9d, 0xf8, 0x4e, 0x3c, 0x92, 0x63, - 0xbc, 0xf0, 0x48, 0x8e, 0xf1, 0xc1, 0x23, 0x39, 0xc6, 0x00, 0xc6, 0x24, 0x36, 0xb0, 0xcb, 0x8c, - 0x01, 0x01, 0x00, 0x00, 0xff, 0xff, 0x2e, 0x9d, 0x48, 0x0f, 0xb1, 0x00, 0x00, 0x00, + 0x2f, 0x4a, 0xd7, 0x2b, 0x33, 0x4c, 0xcc, 0x29, 0xc8, 0x48, 0x34, 0x54, 0x2a, 0xe4, 0x92, 0x0a, + 0x86, 0x68, 0xf1, 0x4b, 0xcc, 0x4d, 0xf5, 0x85, 0x68, 0x0b, 0xc9, 0x77, 0xce, 0xc9, 0x4c, 0xcd, + 0x2b, 0x11, 0x12, 0xe0, 0x62, 0xce, 0x4e, 0xad, 0x94, 0x60, 0x54, 0x60, 0xd4, 0xe0, 0x0c, 0x02, + 0x31, 0x85, 0x1c, 0xb9, 0x58, 0x8a, 0x0b, 0x52, 0x93, 0x25, 0x98, 0x14, 0x18, 0x35, 0xb8, 0x8d, + 0x74, 0xf5, 0x70, 0x9a, 0xac, 0x87, 0x69, 0x6c, 0x10, 0x58, 0xab, 0x52, 0x1a, 0x97, 0x10, 0xa6, + 0x9c, 0x90, 0x0a, 0x17, 0x6f, 0x66, 0x5e, 0x49, 0x6a, 0x51, 0x5a, 0x22, 0x44, 0x1c, 0x6a, 0x29, + 0xaa, 0xa0, 0x90, 0x16, 0x97, 0x40, 0x62, 0x41, 0x41, 0x4e, 0x66, 0x72, 0x62, 0x49, 0x66, 0x7e, + 0x1e, 0x48, 0xa8, 0x58, 0x82, 0x49, 0x81, 0x59, 0x83, 0x33, 0x08, 0x43, 0xdc, 0x49, 0xe8, 0xc4, + 0x23, 0x39, 0xc6, 0x0b, 0x8f, 0xe4, 0x18, 0x1f, 0x3c, 0x92, 0x63, 0x9c, 0xf1, 0x58, 0x8e, 0x21, + 0x80, 0x31, 0x89, 0x0d, 0x1c, 0x20, 0xc6, 0x80, 0x00, 0x00, 0x00, 0xff, 0xff, 0x8b, 0xa6, 0x0b, + 0x9d, 0x28, 0x01, 0x00, 0x00, +} + +func (m *ServiceNameMappingToClient) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ServiceNameMappingToClient) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ServiceNameMappingToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Spec != nil { + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintServicemapping(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.Key) > 0 { + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintServicemapping(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil } func (m *ServiceNameMapping) Marshal() (dAtA []byte, err error) { @@ -168,6 +274,26 @@ func encodeVarintServicemapping(dAtA []byte, offset int, v uint64) int { dAtA[offset] = uint8(v) return base } +func (m *ServiceNameMappingToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + if l > 0 { + n += 1 + l + sovServicemapping(uint64(l)) + } + if m.Spec != nil { + l = m.Spec.Size() + n += 1 + l + sovServicemapping(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *ServiceNameMapping) Size() (n int) { if m == nil { return 0 @@ -196,6 +322,125 @@ func sovServicemapping(x uint64) (n int) { func sozServicemapping(x uint64) (n int) { return sovServicemapping(uint64((x << 1) ^ uint64((int64(x) >> 63)))) } +func (m *ServiceNameMappingToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowServicemapping + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ServiceNameMappingToClient: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ServiceNameMappingToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowServicemapping + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthServicemapping + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthServicemapping + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowServicemapping + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthServicemapping + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthServicemapping + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Spec == nil { + m.Spec = &ServiceNameMapping{} + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipServicemapping(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthServicemapping + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} func (m *ServiceNameMapping) Unmarshal(dAtA []byte) error { l := len(dAtA) iNdEx := 0 diff --git a/api/resource/v1alpha1/servicemapping.proto b/api/resource/v1alpha1/servicemapping.proto index 5525c16ba..96279e981 100644 --- a/api/resource/v1alpha1/servicemapping.proto +++ b/api/resource/v1alpha1/servicemapping.proto @@ -21,6 +21,11 @@ package dubbo.apache.org.v1alpha1; option java_multiple_files = true; +message ServiceNameMappingToClient { + string key = 1; + ServiceNameMapping spec = 2; +} + message ServiceNameMapping { string interfaceName = 1; repeated string applicationNames = 2; diff --git a/api/resource/v1alpha1/servicemapping_deepcopy.go b/api/resource/v1alpha1/servicemapping_deepcopy.go index 21cb81bb7..b42c58808 100644 --- a/api/resource/v1alpha1/servicemapping_deepcopy.go +++ b/api/resource/v1alpha1/servicemapping_deepcopy.go @@ -21,15 +21,18 @@ package dubbo_apache_org_v1alpha1 import ( fmt "fmt" + math "math" + proto "github.com/gogo/protobuf/proto" _ "github.com/gogo/protobuf/types" - math "math" ) // Reference imports to suppress errors if they are not otherwise used. -var _ = proto.Marshal -var _ = fmt.Errorf -var _ = math.Inf +var ( + _ = proto.Marshal + _ = fmt.Errorf + _ = math.Inf +) // DeepCopyInto supports using ServiceNameMapping within kubernetes types, where deepcopy-gen is used. func (in *ServiceNameMapping) DeepCopyInto(out *ServiceNameMapping) { diff --git a/api/resource/v1alpha1/toClient_deepcopy.go b/api/resource/v1alpha1/toClient_deepcopy.go new file mode 100644 index 000000000..9985db8e3 --- /dev/null +++ b/api/resource/v1alpha1/toClient_deepcopy.go @@ -0,0 +1,77 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +// Code generated by tools/generate_deepcopy_types.go. DO NOT EDIT! + +package dubbo_apache_org_v1alpha1 + +import ( + fmt "fmt" + math "math" + + proto "github.com/gogo/protobuf/proto" + _ "github.com/gogo/protobuf/types" +) + +// Reference imports to suppress errors if they are not otherwise used. +var ( + _ = proto.Marshal + _ = fmt.Errorf + _ = math.Inf +) + +// DeepCopyInto supports using AuthorizationPolicySource within kubernetes types, where deepcopy-gen is used. +func (in *AuthorizationPolicySource) DeepCopyInto(out *AuthorizationPolicySource) { + p := proto.Clone(in).(*AuthorizationPolicySource) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationPolicySource. +func (in *AuthorizationPolicySource) DeepCopy() *AuthorizationPolicySource { + if in == nil { + return nil + } + out := new(AuthorizationPolicySource) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationPolicySource. +func (in *AuthorizationPolicySource) DeepCopyInterface() interface{} { + return in.DeepCopy() +} + +// DeepCopyInto supports using AuthorizationPolicyCondition within kubernetes types, where deepcopy-gen is used. +func (in *AuthorizationPolicyCondition) DeepCopyInto(out *AuthorizationPolicyCondition) { + p := proto.Clone(in).(*AuthorizationPolicyCondition) + *out = *p +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationPolicyCondition. +func (in *AuthorizationPolicyCondition) DeepCopy() *AuthorizationPolicyCondition { + if in == nil { + return nil + } + out := new(AuthorizationPolicyCondition) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new AuthorizationPolicyCondition. +func (in *AuthorizationPolicyCondition) DeepCopyInterface() interface{} { + return in.DeepCopy() +} diff --git a/api/resource/v1alpha1/traffic.pb.go b/api/resource/v1alpha1/traffic.pb.go index eb5790a8b..102945f1e 100644 --- a/api/resource/v1alpha1/traffic.pb.go +++ b/api/resource/v1alpha1/traffic.pb.go @@ -16,13 +16,13 @@ */ // Code generated by protoc-gen-gogo. DO NOT EDIT. -// source: resource.proto +// source: traffic.proto package dubbo_apache_org_v1alpha1 import ( fmt "fmt" - proto "github.com/gogo/protobuf/proto" + proto "github.com/golang/protobuf/proto" io "io" math "math" math_bits "math/bits" @@ -37,7 +37,172 @@ var _ = math.Inf // is compatible with the proto package it is being compiled against. // A compilation error at this line likely means your copy of the // proto package needs to be updated. -const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package +const _ = proto.ProtoPackageIsVersion3 // please upgrade the proto package + +type ConditionRouteToClient struct { + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Spec *ConditionRoute `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *ConditionRouteToClient) Reset() { *m = ConditionRouteToClient{} } +func (m *ConditionRouteToClient) String() string { return proto.CompactTextString(m) } +func (*ConditionRouteToClient) ProtoMessage() {} +func (*ConditionRouteToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_50e185a42cb2d3c6, []int{0} +} +func (m *ConditionRouteToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *ConditionRouteToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_ConditionRouteToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *ConditionRouteToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_ConditionRouteToClient.Merge(m, src) +} +func (m *ConditionRouteToClient) XXX_Size() int { + return m.Size() +} +func (m *ConditionRouteToClient) XXX_DiscardUnknown() { + xxx_messageInfo_ConditionRouteToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_ConditionRouteToClient proto.InternalMessageInfo + +func (m *ConditionRouteToClient) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +func (m *ConditionRouteToClient) GetSpec() *ConditionRoute { + if m != nil { + return m.Spec + } + return nil +} + +type DynamicConfigToClient struct { + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Spec *DynamicConfig `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *DynamicConfigToClient) Reset() { *m = DynamicConfigToClient{} } +func (m *DynamicConfigToClient) String() string { return proto.CompactTextString(m) } +func (*DynamicConfigToClient) ProtoMessage() {} +func (*DynamicConfigToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_50e185a42cb2d3c6, []int{1} +} +func (m *DynamicConfigToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *DynamicConfigToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_DynamicConfigToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *DynamicConfigToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_DynamicConfigToClient.Merge(m, src) +} +func (m *DynamicConfigToClient) XXX_Size() int { + return m.Size() +} +func (m *DynamicConfigToClient) XXX_DiscardUnknown() { + xxx_messageInfo_DynamicConfigToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_DynamicConfigToClient proto.InternalMessageInfo + +func (m *DynamicConfigToClient) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +func (m *DynamicConfigToClient) GetSpec() *DynamicConfig { + if m != nil { + return m.Spec + } + return nil +} + +type TagRouteToClient struct { + Key string `protobuf:"bytes,1,opt,name=key,proto3" json:"key,omitempty"` + Spec *TagRoute `protobuf:"bytes,2,opt,name=spec,proto3" json:"spec,omitempty"` + XXX_NoUnkeyedLiteral struct{} `json:"-"` + XXX_unrecognized []byte `json:"-"` + XXX_sizecache int32 `json:"-"` +} + +func (m *TagRouteToClient) Reset() { *m = TagRouteToClient{} } +func (m *TagRouteToClient) String() string { return proto.CompactTextString(m) } +func (*TagRouteToClient) ProtoMessage() {} +func (*TagRouteToClient) Descriptor() ([]byte, []int) { + return fileDescriptor_50e185a42cb2d3c6, []int{2} +} +func (m *TagRouteToClient) XXX_Unmarshal(b []byte) error { + return m.Unmarshal(b) +} +func (m *TagRouteToClient) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) { + if deterministic { + return xxx_messageInfo_TagRouteToClient.Marshal(b, m, deterministic) + } else { + b = b[:cap(b)] + n, err := m.MarshalToSizedBuffer(b) + if err != nil { + return nil, err + } + return b[:n], nil + } +} +func (m *TagRouteToClient) XXX_Merge(src proto.Message) { + xxx_messageInfo_TagRouteToClient.Merge(m, src) +} +func (m *TagRouteToClient) XXX_Size() int { + return m.Size() +} +func (m *TagRouteToClient) XXX_DiscardUnknown() { + xxx_messageInfo_TagRouteToClient.DiscardUnknown(m) +} + +var xxx_messageInfo_TagRouteToClient proto.InternalMessageInfo + +func (m *TagRouteToClient) GetKey() string { + if m != nil { + return m.Key + } + return "" +} + +func (m *TagRouteToClient) GetSpec() *TagRoute { + if m != nil { + return m.Spec + } + return nil +} type ConditionRoute struct { Priority int32 `protobuf:"varint,1,opt,name=priority,proto3" json:"priority,omitempty"` @@ -57,7 +222,7 @@ func (m *ConditionRoute) Reset() { *m = ConditionRoute{} } func (m *ConditionRoute) String() string { return proto.CompactTextString(m) } func (*ConditionRoute) ProtoMessage() {} func (*ConditionRoute) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{0} + return fileDescriptor_50e185a42cb2d3c6, []int{3} } func (m *ConditionRoute) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -157,7 +322,7 @@ func (m *DynamicConfig) Reset() { *m = DynamicConfig{} } func (m *DynamicConfig) String() string { return proto.CompactTextString(m) } func (*DynamicConfig) ProtoMessage() {} func (*DynamicConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{1} + return fileDescriptor_50e185a42cb2d3c6, []int{4} } func (m *DynamicConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -240,7 +405,7 @@ func (m *OverrideConfig) Reset() { *m = OverrideConfig{} } func (m *OverrideConfig) String() string { return proto.CompactTextString(m) } func (*OverrideConfig) ProtoMessage() {} func (*OverrideConfig) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{2} + return fileDescriptor_50e185a42cb2d3c6, []int{5} } func (m *OverrideConfig) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -346,7 +511,7 @@ func (m *ConditionMatch) Reset() { *m = ConditionMatch{} } func (m *ConditionMatch) String() string { return proto.CompactTextString(m) } func (*ConditionMatch) ProtoMessage() {} func (*ConditionMatch) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{3} + return fileDescriptor_50e185a42cb2d3c6, []int{6} } func (m *ConditionMatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -416,7 +581,7 @@ func (m *AddressMatch) Reset() { *m = AddressMatch{} } func (m *AddressMatch) String() string { return proto.CompactTextString(m) } func (*AddressMatch) ProtoMessage() {} func (*AddressMatch) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{4} + return fileDescriptor_50e185a42cb2d3c6, []int{7} } func (m *AddressMatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -477,7 +642,7 @@ func (m *ListStringMatch) Reset() { *m = ListStringMatch{} } func (m *ListStringMatch) String() string { return proto.CompactTextString(m) } func (*ListStringMatch) ProtoMessage() {} func (*ListStringMatch) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{5} + return fileDescriptor_50e185a42cb2d3c6, []int{8} } func (m *ListStringMatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -529,7 +694,7 @@ func (m *StringMatch) Reset() { *m = StringMatch{} } func (m *StringMatch) String() string { return proto.CompactTextString(m) } func (*StringMatch) ProtoMessage() {} func (*StringMatch) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{6} + return fileDescriptor_50e185a42cb2d3c6, []int{9} } func (m *StringMatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -612,7 +777,7 @@ func (m *ParamMatch) Reset() { *m = ParamMatch{} } func (m *ParamMatch) String() string { return proto.CompactTextString(m) } func (*ParamMatch) ProtoMessage() {} func (*ParamMatch) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{7} + return fileDescriptor_50e185a42cb2d3c6, []int{10} } func (m *ParamMatch) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -661,7 +826,8 @@ type TagRoute struct { Runtime bool `protobuf:"varint,3,opt,name=runtime,proto3" json:"runtime,omitempty"` Key string `protobuf:"bytes,4,opt,name=key,proto3" json:"key,omitempty"` ConfigVersion string `protobuf:"bytes,5,opt,name=configVersion,proto3" json:"configVersion,omitempty"` - Tags []*Tag `protobuf:"bytes,6,rep,name=tags,proto3" json:"tags,omitempty"` + Force bool `protobuf:"varint,6,opt,name=force,proto3" json:"force,omitempty"` + Tags []*Tag `protobuf:"bytes,7,rep,name=tags,proto3" json:"tags,omitempty"` XXX_NoUnkeyedLiteral struct{} `json:"-"` XXX_unrecognized []byte `json:"-"` XXX_sizecache int32 `json:"-"` @@ -671,7 +837,7 @@ func (m *TagRoute) Reset() { *m = TagRoute{} } func (m *TagRoute) String() string { return proto.CompactTextString(m) } func (*TagRoute) ProtoMessage() {} func (*TagRoute) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{8} + return fileDescriptor_50e185a42cb2d3c6, []int{11} } func (m *TagRoute) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -735,6 +901,13 @@ func (m *TagRoute) GetConfigVersion() string { return "" } +func (m *TagRoute) GetForce() bool { + if m != nil { + return m.Force + } + return false +} + func (m *TagRoute) GetTags() []*Tag { if m != nil { return m.Tags @@ -755,7 +928,7 @@ func (m *Tag) Reset() { *m = Tag{} } func (m *Tag) String() string { return proto.CompactTextString(m) } func (*Tag) ProtoMessage() {} func (*Tag) Descriptor() ([]byte, []int) { - return fileDescriptor_50e185a42cb2d3c6, []int{9} + return fileDescriptor_50e185a42cb2d3c6, []int{12} } func (m *Tag) XXX_Unmarshal(b []byte) error { return m.Unmarshal(b) @@ -806,6 +979,9 @@ func (m *Tag) GetMatch() []*ParamMatch { } func init() { + proto.RegisterType((*ConditionRouteToClient)(nil), "dubbo.apache.org.v1alpha1.ConditionRouteToClient") + proto.RegisterType((*DynamicConfigToClient)(nil), "dubbo.apache.org.v1alpha1.DynamicConfigToClient") + proto.RegisterType((*TagRouteToClient)(nil), "dubbo.apache.org.v1alpha1.TagRouteToClient") proto.RegisterType((*ConditionRoute)(nil), "dubbo.apache.org.v1alpha1.ConditionRoute") proto.RegisterType((*DynamicConfig)(nil), "dubbo.apache.org.v1alpha1.DynamicConfig") proto.RegisterType((*OverrideConfig)(nil), "dubbo.apache.org.v1alpha1.OverrideConfig") @@ -819,57 +995,200 @@ func init() { proto.RegisterType((*Tag)(nil), "dubbo.apache.org.v1alpha1.Tag") } -func init() { proto.RegisterFile("resource.proto", fileDescriptor_50e185a42cb2d3c6) } +func init() { proto.RegisterFile("traffic.proto", fileDescriptor_50e185a42cb2d3c6) } var fileDescriptor_50e185a42cb2d3c6 = []byte{ - // 751 bytes of a gzipped FileDescriptorProto - 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xa4, 0x55, 0xcb, 0x6e, 0x13, 0x4b, - 0x10, 0x55, 0x7b, 0x3c, 0x7e, 0x94, 0xf3, 0xb8, 0xb7, 0x75, 0x75, 0xd5, 0x37, 0xba, 0xb2, 0xac, - 0x11, 0x0f, 0x83, 0x90, 0xa5, 0x98, 0x0d, 0x90, 0x20, 0x14, 0x12, 0x76, 0x41, 0x89, 0x86, 0x08, - 0x09, 0x89, 0x4d, 0x7b, 0xa6, 0xed, 0xb4, 0xb0, 0xa7, 0x47, 0x3d, 0x6d, 0x13, 0x7f, 0x0c, 0x3b, - 0x7e, 0x02, 0x89, 0x35, 0x62, 0xc9, 0x27, 0xa0, 0x88, 0x0f, 0x41, 0x53, 0xf3, 0x48, 0x3b, 0x31, - 0x0e, 0x11, 0xbb, 0xae, 0x9a, 0xaa, 0xd3, 0xa7, 0x4e, 0xd5, 0x54, 0xc3, 0xba, 0xd1, 0x7c, 0x38, - 0x94, 0x41, 0x2f, 0xd6, 0xca, 0x28, 0xfa, 0x5f, 0x38, 0x1d, 0x0c, 0x54, 0x8f, 0xc7, 0x3c, 0x38, - 0x15, 0x3d, 0xa5, 0x47, 0xbd, 0xd9, 0x36, 0x1f, 0xc7, 0xa7, 0x7c, 0xdb, 0xfb, 0x41, 0x60, 0x63, - 0x5f, 0x45, 0xa1, 0x34, 0x52, 0x45, 0xbe, 0x9a, 0x1a, 0x41, 0xb7, 0xa0, 0x11, 0x6b, 0xa9, 0xb4, - 0x34, 0x73, 0x46, 0x3a, 0xa4, 0xeb, 0xfa, 0xa5, 0x4d, 0x19, 0xd4, 0x45, 0xc4, 0x07, 0x63, 0x11, - 0xb2, 0x4a, 0x87, 0x74, 0x1b, 0x7e, 0x61, 0xd2, 0x7f, 0xc0, 0x1d, 0x2a, 0x1d, 0x08, 0xe6, 0xa0, - 0x3f, 0x33, 0xd2, 0x78, 0x3d, 0x8d, 0x8c, 0x9c, 0x08, 0x56, 0xcd, 0xe2, 0x73, 0x93, 0xfe, 0x05, - 0xce, 0x3b, 0x31, 0x67, 0x6e, 0x87, 0x74, 0x9b, 0x7e, 0x7a, 0x4c, 0x11, 0x92, 0x40, 0xc5, 0x82, - 0xd5, 0xd0, 0x97, 0x19, 0xb4, 0x0d, 0x10, 0x14, 0xfc, 0x12, 0x56, 0xef, 0x38, 0xdd, 0xa6, 0x6f, - 0x79, 0xe8, 0x2d, 0x58, 0x0f, 0x54, 0x34, 0x94, 0xa3, 0xd7, 0x42, 0x27, 0x52, 0x45, 0xac, 0x81, - 0xd9, 0x8b, 0x4e, 0xef, 0x33, 0x81, 0xf5, 0x83, 0x79, 0xc4, 0x27, 0x32, 0xd8, 0xc7, 0x0f, 0xc5, - 0xfd, 0x64, 0xc9, 0xfd, 0x15, 0xfb, 0xfe, 0x2b, 0xf8, 0xce, 0x12, 0x7c, 0x5b, 0x97, 0xea, 0xa2, - 0x2e, 0xfb, 0x50, 0xcf, 0x42, 0x13, 0xe6, 0x76, 0x9c, 0x6e, 0xab, 0x7f, 0xaf, 0xf7, 0xcb, 0x6e, - 0xf4, 0x8e, 0x66, 0x42, 0x6b, 0x19, 0x8a, 0x8c, 0xa3, 0x5f, 0x64, 0x7a, 0x9f, 0x1c, 0xd8, 0x58, - 0xfc, 0x46, 0x29, 0x54, 0x13, 0x19, 0x8a, 0xbc, 0x00, 0x3c, 0xd3, 0xff, 0xa1, 0xc9, 0xc3, 0x50, - 0x8b, 0x24, 0x11, 0x09, 0xab, 0xa0, 0x54, 0x17, 0x0e, 0xfa, 0x00, 0xfe, 0x8e, 0xb5, 0x9a, 0xc9, - 0x50, 0xe8, 0xbd, 0x32, 0xca, 0xc1, 0xa8, 0xab, 0x1f, 0xe8, 0x1b, 0x80, 0x98, 0x6b, 0x3e, 0x11, - 0x46, 0xe8, 0x84, 0x55, 0x91, 0xfa, 0xe3, 0xdf, 0xa6, 0xde, 0x3b, 0x2e, 0x73, 0x5f, 0x44, 0x46, - 0xcf, 0x7d, 0x0b, 0x8c, 0x7a, 0xb0, 0xc6, 0xe3, 0x78, 0x2c, 0x03, 0x9e, 0x35, 0xd5, 0x45, 0x0e, - 0x0b, 0xbe, 0x74, 0x08, 0x13, 0xa1, 0x67, 0x32, 0x10, 0x09, 0xab, 0xe1, 0xf7, 0xd2, 0x4e, 0x4b, - 0x37, 0xf3, 0x58, 0xb0, 0x7a, 0x56, 0x7a, 0x7a, 0xb6, 0x1b, 0xd0, 0x58, 0x6c, 0xc0, 0x33, 0x70, - 0x27, 0xdc, 0x04, 0xa7, 0xac, 0xd9, 0x21, 0xd7, 0xc8, 0x5f, 0xfe, 0x08, 0x2f, 0xd3, 0x04, 0x3f, - 0xcb, 0xdb, 0x7a, 0x0a, 0x9b, 0x97, 0xaa, 0x59, 0x3e, 0x3c, 0x33, 0x3e, 0x9e, 0x96, 0xc3, 0x83, - 0xc6, 0x93, 0xca, 0x23, 0xe2, 0x7d, 0xac, 0x58, 0x7f, 0x18, 0x02, 0xd3, 0x3d, 0xa8, 0xe7, 0x6d, - 0x41, 0x88, 0x56, 0xff, 0xee, 0x0a, 0x52, 0x79, 0x4b, 0x32, 0x4a, 0x45, 0x1e, 0x3d, 0x80, 0x7a, - 0xae, 0x07, 0xde, 0xd8, 0xea, 0xdf, 0x5f, 0x01, 0x71, 0x28, 0x13, 0xf3, 0xca, 0x68, 0x19, 0x8d, - 0x72, 0x94, 0x3c, 0x95, 0x1e, 0x42, 0xcb, 0x52, 0x1d, 0x47, 0xfb, 0x66, 0x48, 0x76, 0x3a, 0xdd, - 0x01, 0x17, 0xbb, 0x9c, 0x4f, 0xcb, 0xed, 0x15, 0x38, 0x28, 0x68, 0xae, 0x32, 0xe6, 0x78, 0x27, - 0xb0, 0x66, 0x57, 0x9a, 0x0e, 0xc0, 0x7b, 0x39, 0x0e, 0x03, 0xae, 0xc3, 0x5c, 0xe7, 0xd2, 0x4e, - 0x07, 0x20, 0x90, 0x3a, 0xcc, 0xb5, 0xc6, 0x73, 0xda, 0x00, 0x71, 0xc6, 0x03, 0x93, 0xff, 0x9f, - 0x99, 0xe1, 0x1d, 0xc1, 0xe6, 0x25, 0xca, 0x74, 0x17, 0x5c, 0x15, 0x09, 0x35, 0x64, 0x04, 0x59, - 0xde, 0x59, 0xc1, 0xd2, 0xae, 0x34, 0x4b, 0xf2, 0x3e, 0x10, 0x68, 0xd9, 0x68, 0xe5, 0xb5, 0xc4, - 0xba, 0x96, 0xfe, 0x0b, 0xb5, 0x58, 0x8b, 0xa1, 0x3c, 0xcb, 0x29, 0xe6, 0x56, 0x1a, 0xad, 0xc5, - 0x48, 0x9c, 0x15, 0x24, 0xd1, 0x48, 0x67, 0x37, 0x52, 0x62, 0x12, 0x9b, 0x39, 0x2e, 0x8f, 0xa6, - 0x5f, 0x98, 0x88, 0x8e, 0x7e, 0x37, 0x47, 0x47, 0xaf, 0x2d, 0x4d, 0x6d, 0x51, 0x1a, 0xef, 0x2d, - 0xc0, 0x85, 0xb6, 0x4b, 0xe6, 0x74, 0xd7, 0x9e, 0xd3, 0x1b, 0x54, 0x8f, 0x49, 0xde, 0x17, 0x02, - 0x8d, 0x13, 0x3e, 0xfa, 0x93, 0x77, 0xc2, 0x7a, 0x11, 0x9c, 0xa5, 0x2f, 0x42, 0xf5, 0x82, 0xec, - 0x95, 0xdd, 0xeb, 0x2e, 0xdb, 0xbd, 0x7d, 0xa8, 0x1a, 0x3e, 0xca, 0xd6, 0x44, 0xab, 0xdf, 0x5e, - 0x51, 0x51, 0x4a, 0x1d, 0x63, 0x3d, 0x03, 0xce, 0x09, 0xc7, 0x25, 0x1a, 0xf1, 0x49, 0xb9, 0x44, - 0xd3, 0xf3, 0x35, 0x4b, 0x74, 0xa7, 0xd8, 0x26, 0xce, 0x8d, 0x66, 0x1c, 0x73, 0x9e, 0x6f, 0x7c, - 0x3d, 0x6f, 0x93, 0x6f, 0xe7, 0x6d, 0xf2, 0xfd, 0xbc, 0x4d, 0x8e, 0xc9, 0xa0, 0x86, 0xcf, 0xf3, - 0xc3, 0x9f, 0x01, 0x00, 0x00, 0xff, 0xff, 0xa4, 0x9b, 0x1f, 0x09, 0xaf, 0x07, 0x00, 0x00, + // 820 bytes of a gzipped FileDescriptorProto + 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0x9c, 0x56, 0xdd, 0x6e, 0xd3, 0x4a, + 0x10, 0x3e, 0x8e, 0xe3, 0xfc, 0x4c, 0xfa, 0x77, 0x56, 0x3d, 0x95, 0x4f, 0x75, 0x14, 0x45, 0x3e, + 0xfc, 0x04, 0x84, 0x22, 0x35, 0x5c, 0xf0, 0xd3, 0x56, 0xa8, 0xa4, 0xdc, 0x15, 0xb5, 0x32, 0x11, + 0x12, 0x12, 0x5c, 0x6c, 0xec, 0x4d, 0xba, 0x22, 0xf1, 0x5a, 0xeb, 0x4d, 0x68, 0xde, 0x84, 0x1b, + 0xee, 0x78, 0x09, 0x24, 0x1e, 0x80, 0x4b, 0x1e, 0x80, 0x0b, 0x54, 0x78, 0x10, 0xe4, 0xf5, 0xda, + 0x59, 0xb7, 0x21, 0x69, 0xb9, 0xdb, 0x19, 0xef, 0x7c, 0x33, 0xf3, 0xcd, 0xec, 0x8c, 0x61, 0x55, + 0x70, 0xdc, 0xef, 0x53, 0xaf, 0x15, 0x72, 0x26, 0x18, 0xfa, 0xd7, 0x1f, 0xf7, 0x7a, 0xac, 0x85, + 0x43, 0xec, 0x9d, 0x92, 0x16, 0xe3, 0x83, 0xd6, 0x64, 0x07, 0x0f, 0xc3, 0x53, 0xbc, 0xe3, 0x50, + 0xd8, 0xea, 0xb0, 0xc0, 0xa7, 0x82, 0xb2, 0xc0, 0x65, 0x63, 0x41, 0xba, 0xac, 0x33, 0xa4, 0x24, + 0x10, 0x68, 0x03, 0xcc, 0xb7, 0x64, 0x6a, 0x1b, 0x0d, 0xa3, 0x59, 0x75, 0xe3, 0x23, 0xda, 0x87, + 0x62, 0x14, 0x12, 0xcf, 0x2e, 0x34, 0x8c, 0x66, 0xad, 0x7d, 0xa7, 0xf5, 0x5b, 0xd4, 0x56, 0x1e, + 0xd2, 0x95, 0x66, 0xce, 0x00, 0xfe, 0x39, 0x9c, 0x06, 0x78, 0x44, 0xbd, 0x0e, 0x0b, 0xfa, 0x74, + 0xb0, 0xc0, 0xd3, 0x5e, 0xce, 0x53, 0x73, 0x81, 0xa7, 0x1c, 0xa2, 0x72, 0xf4, 0x06, 0x36, 0xba, + 0x78, 0xb0, 0x2c, 0x9b, 0x07, 0x39, 0x1f, 0xff, 0x2f, 0xf0, 0x91, 0x82, 0x29, 0xf8, 0x9f, 0x06, + 0xac, 0xe5, 0x13, 0x44, 0xdb, 0x50, 0x09, 0x39, 0x65, 0x9c, 0x8a, 0xc4, 0x85, 0xe5, 0x66, 0x32, + 0xb2, 0xa1, 0x4c, 0x02, 0xdc, 0x1b, 0x12, 0x5f, 0xba, 0xaa, 0xb8, 0xa9, 0x88, 0x36, 0xc1, 0xea, + 0x33, 0xee, 0x11, 0xdb, 0x94, 0xfa, 0x44, 0x88, 0xef, 0xf3, 0x71, 0x20, 0xe8, 0x88, 0xd8, 0xc5, + 0xe4, 0xbe, 0x12, 0xd3, 0x1c, 0xac, 0x59, 0x0e, 0x9b, 0x60, 0x45, 0x1e, 0x0b, 0x89, 0x5d, 0x92, + 0xba, 0x44, 0x40, 0x75, 0x00, 0x2f, 0x8d, 0x2f, 0xb2, 0xcb, 0x0d, 0xb3, 0x59, 0x75, 0x35, 0x0d, + 0xba, 0x01, 0xab, 0x9e, 0xe4, 0xeb, 0x25, 0xe1, 0x11, 0x65, 0x81, 0x5d, 0x91, 0xd6, 0x79, 0xa5, + 0xf3, 0xd9, 0x80, 0xd5, 0x1c, 0xbb, 0x73, 0x38, 0xcc, 0xfc, 0x17, 0x74, 0xff, 0x97, 0xf0, 0xcd, + 0x39, 0xf8, 0x3a, 0x2f, 0xc5, 0x3c, 0x2f, 0x1d, 0x28, 0x27, 0x57, 0x23, 0xdb, 0x6a, 0x98, 0x4b, + 0x5a, 0xed, 0x78, 0x42, 0x38, 0xa7, 0x3e, 0x51, 0x1d, 0x90, 0x5a, 0x3a, 0x9f, 0x4c, 0x58, 0xcb, + 0x7f, 0x43, 0x08, 0x8a, 0x11, 0xf5, 0x89, 0x4a, 0x40, 0x9e, 0xd1, 0x7f, 0x50, 0xc5, 0xbe, 0xcf, + 0x49, 0x14, 0x91, 0xc8, 0x2e, 0x48, 0xaa, 0x66, 0x0a, 0x74, 0x0f, 0xfe, 0x0e, 0x39, 0x9b, 0x50, + 0x9f, 0xf0, 0x83, 0xec, 0x96, 0x29, 0x6f, 0x5d, 0xfe, 0x80, 0x5e, 0x01, 0x84, 0x98, 0xe3, 0x11, + 0x11, 0x84, 0x47, 0x76, 0x51, 0x86, 0xfe, 0xe8, 0xca, 0xa1, 0xb7, 0x4e, 0x32, 0xdb, 0x67, 0x81, + 0xe0, 0x53, 0x57, 0x03, 0x43, 0x0e, 0xac, 0xe0, 0x30, 0x1c, 0x52, 0x0f, 0x27, 0x45, 0xb5, 0x64, + 0x0c, 0x39, 0x5d, 0xdc, 0x84, 0x11, 0xe1, 0x13, 0xea, 0x91, 0xc8, 0x2e, 0xc9, 0xef, 0x99, 0x1c, + 0xa7, 0x2e, 0xa6, 0x21, 0xb1, 0xcb, 0x49, 0xea, 0xf1, 0x59, 0x2f, 0x40, 0x25, 0x5f, 0x80, 0x27, + 0x60, 0x8d, 0xb0, 0xf0, 0x4e, 0xed, 0xea, 0xd5, 0x5f, 0xfa, 0xf3, 0xd8, 0xc0, 0x4d, 0xec, 0xb6, + 0xf7, 0x61, 0xfd, 0x42, 0x36, 0xf3, 0x9b, 0x67, 0x82, 0x87, 0xe3, 0xac, 0x79, 0xa4, 0xf0, 0xb8, + 0xf0, 0xd0, 0x70, 0x3e, 0x16, 0xb4, 0x17, 0x26, 0x81, 0xd1, 0x01, 0x94, 0x55, 0x59, 0x24, 0x44, + 0xad, 0x7d, 0x7b, 0x41, 0x50, 0xaa, 0x24, 0x49, 0x48, 0xa9, 0x1d, 0x3a, 0x84, 0xb2, 0xe2, 0x43, + 0xbd, 0xf9, 0xbb, 0x0b, 0x20, 0x8e, 0x68, 0x24, 0x5e, 0x08, 0x4e, 0x83, 0x81, 0x42, 0x51, 0xa6, + 0xe8, 0x08, 0x6a, 0x1a, 0xeb, 0xb2, 0xb5, 0xaf, 0x87, 0xa4, 0x9b, 0xa3, 0x5d, 0xb0, 0x64, 0x95, + 0x55, 0xb7, 0xdc, 0x5c, 0x80, 0x23, 0x09, 0x55, 0x2c, 0x4b, 0x1b, 0xa7, 0x0b, 0x2b, 0x7a, 0xa6, + 0x71, 0x03, 0xbc, 0xa3, 0x43, 0xdf, 0xc3, 0xdc, 0x57, 0x3c, 0x67, 0x72, 0xdc, 0x00, 0x1e, 0xe5, + 0xbe, 0xe2, 0x5a, 0x9e, 0xe3, 0x02, 0x90, 0x33, 0xec, 0x09, 0xf5, 0x3e, 0x13, 0xc1, 0x39, 0x86, + 0xf5, 0x0b, 0x21, 0xa3, 0x3d, 0xb0, 0x58, 0x40, 0x58, 0xdf, 0x36, 0x64, 0x94, 0xb7, 0x16, 0x44, + 0xa9, 0x67, 0x9a, 0x18, 0x39, 0x1f, 0x0c, 0xa8, 0xe9, 0x68, 0x99, 0x5b, 0x43, 0x73, 0x8b, 0xb6, + 0xa0, 0x14, 0x72, 0xd2, 0xa7, 0x67, 0x2a, 0x44, 0x25, 0xc5, 0xb7, 0x39, 0x19, 0x90, 0xb3, 0x34, + 0x48, 0x29, 0xc4, 0xbd, 0x1b, 0x30, 0x32, 0x0a, 0xc5, 0x54, 0x0e, 0x8f, 0xaa, 0x9b, 0x8a, 0x12, + 0x5d, 0xea, 0x2d, 0x85, 0x2e, 0xb5, 0x3a, 0x35, 0xa5, 0x3c, 0x35, 0xce, 0x6b, 0x80, 0x19, 0xb7, + 0x73, 0x97, 0x91, 0xd6, 0xa7, 0xd7, 0xc8, 0x5e, 0x1a, 0x39, 0xdf, 0x0c, 0xa8, 0xa4, 0x0b, 0xe4, + 0x0f, 0xf7, 0x84, 0xb6, 0x11, 0xcc, 0xb9, 0x1b, 0xa1, 0x38, 0x0b, 0xf6, 0xd2, 0xec, 0xb5, 0xe6, + 0xcd, 0xde, 0x6c, 0xf3, 0x94, 0xf4, 0xcd, 0xd3, 0x86, 0xa2, 0xc0, 0x83, 0x64, 0x63, 0xd4, 0xda, + 0xf5, 0x25, 0x1b, 0x51, 0xde, 0x75, 0x04, 0x98, 0x5d, 0x2c, 0x47, 0x6b, 0x80, 0x47, 0xd9, 0x68, + 0x8d, 0xcf, 0x4b, 0x46, 0xeb, 0x6e, 0x3a, 0x63, 0xcc, 0x6b, 0x75, 0xbe, 0xb4, 0x79, 0x8a, 0xbe, + 0x9c, 0xd7, 0x8d, 0xaf, 0xe7, 0x75, 0xe3, 0xfb, 0x79, 0xdd, 0x78, 0xff, 0xa3, 0xfe, 0xd7, 0x89, + 0xd1, 0x2b, 0xc9, 0x7f, 0x9d, 0xfb, 0xbf, 0x02, 0x00, 0x00, 0xff, 0xff, 0x4e, 0x95, 0x23, 0x1d, + 0xfc, 0x08, 0x00, 0x00, +} + +func (m *ConditionRouteToClient) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *ConditionRouteToClient) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *ConditionRouteToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Spec != nil { + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTraffic(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.Key) > 0 { + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintTraffic(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *DynamicConfigToClient) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *DynamicConfigToClient) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *DynamicConfigToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Spec != nil { + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTraffic(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.Key) > 0 { + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintTraffic(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil +} + +func (m *TagRouteToClient) Marshal() (dAtA []byte, err error) { + size := m.Size() + dAtA = make([]byte, size) + n, err := m.MarshalToSizedBuffer(dAtA[:size]) + if err != nil { + return nil, err + } + return dAtA[:n], nil +} + +func (m *TagRouteToClient) MarshalTo(dAtA []byte) (int, error) { + size := m.Size() + return m.MarshalToSizedBuffer(dAtA[:size]) +} + +func (m *TagRouteToClient) MarshalToSizedBuffer(dAtA []byte) (int, error) { + i := len(dAtA) + _ = i + var l int + _ = l + if m.XXX_unrecognized != nil { + i -= len(m.XXX_unrecognized) + copy(dAtA[i:], m.XXX_unrecognized) + } + if m.Spec != nil { + { + size, err := m.Spec.MarshalToSizedBuffer(dAtA[:i]) + if err != nil { + return 0, err + } + i -= size + i = encodeVarintTraffic(dAtA, i, uint64(size)) + } + i-- + dAtA[i] = 0x12 + } + if len(m.Key) > 0 { + i -= len(m.Key) + copy(dAtA[i:], m.Key) + i = encodeVarintTraffic(dAtA, i, uint64(len(m.Key))) + i-- + dAtA[i] = 0xa + } + return len(dAtA) - i, nil } func (m *ConditionRoute) Marshal() (dAtA []byte, err error) { @@ -1470,17 +1789,27 @@ func (m *TagRoute) MarshalToSizedBuffer(dAtA []byte) (int, error) { i = encodeVarintTraffic(dAtA, i, uint64(size)) } i-- - dAtA[i] = 0x32 + dAtA[i] = 0x3a } } - if len(m.ConfigVersion) > 0 { - i -= len(m.ConfigVersion) - copy(dAtA[i:], m.ConfigVersion) - i = encodeVarintTraffic(dAtA, i, uint64(len(m.ConfigVersion))) + if m.Force { i-- - dAtA[i] = 0x2a - } - if len(m.Key) > 0 { + if m.Force { + dAtA[i] = 1 + } else { + dAtA[i] = 0 + } + i-- + dAtA[i] = 0x30 + } + if len(m.ConfigVersion) > 0 { + i -= len(m.ConfigVersion) + copy(dAtA[i:], m.ConfigVersion) + i = encodeVarintTraffic(dAtA, i, uint64(len(m.ConfigVersion))) + i-- + dAtA[i] = 0x2a + } + if len(m.Key) > 0 { i -= len(m.Key) copy(dAtA[i:], m.Key) i = encodeVarintTraffic(dAtA, i, uint64(len(m.Key))) @@ -1583,6 +1912,66 @@ func encodeVarintTraffic(dAtA []byte, offset int, v uint64) int { dAtA[offset] = uint8(v) return base } +func (m *ConditionRouteToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + if m.Spec != nil { + l = m.Spec.Size() + n += 1 + l + sovTraffic(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *DynamicConfigToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + if m.Spec != nil { + l = m.Spec.Size() + n += 1 + l + sovTraffic(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *TagRouteToClient) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + if m.Spec != nil { + l = m.Spec.Size() + n += 1 + l + sovTraffic(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + func (m *ConditionRoute) Size() (n int) { if m == nil { return 0 @@ -1783,136 +2172,496 @@ func (m *ListStringMatch) Size() (n int) { n += 1 + l + sovTraffic(uint64(l)) } } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *StringMatch) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Exact) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - l = len(m.Prefix) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - l = len(m.Regex) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - l = len(m.Noempty) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - l = len(m.Empty) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - l = len(m.Wildcard) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *StringMatch) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Exact) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + l = len(m.Prefix) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + l = len(m.Regex) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + l = len(m.Noempty) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + l = len(m.Empty) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + l = len(m.Wildcard) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *ParamMatch) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Key) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + if m.Value != nil { + l = m.Value.Size() + n += 1 + l + sovTraffic(uint64(l)) + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *TagRoute) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + if m.Priority != 0 { + n += 1 + sovTraffic(uint64(m.Priority)) + } + if m.Enabled { + n += 2 + } + if m.Runtime { + n += 2 + } + l = len(m.Key) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + l = len(m.ConfigVersion) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + if m.Force { + n += 2 + } + if len(m.Tags) > 0 { + for _, e := range m.Tags { + l = e.Size() + n += 1 + l + sovTraffic(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func (m *Tag) Size() (n int) { + if m == nil { + return 0 + } + var l int + _ = l + l = len(m.Name) + if l > 0 { + n += 1 + l + sovTraffic(uint64(l)) + } + if len(m.Addresses) > 0 { + for _, s := range m.Addresses { + l = len(s) + n += 1 + l + sovTraffic(uint64(l)) + } + } + if len(m.Match) > 0 { + for _, e := range m.Match { + l = e.Size() + n += 1 + l + sovTraffic(uint64(l)) + } + } + if m.XXX_unrecognized != nil { + n += len(m.XXX_unrecognized) + } + return n +} + +func sovTraffic(x uint64) (n int) { + return (math_bits.Len64(x|1) + 6) / 7 +} +func sozTraffic(x uint64) (n int) { + return sovTraffic(uint64((x << 1) ^ uint64((int64(x) >> 63)))) +} +func (m *ConditionRouteToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: ConditionRouteToClient: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: ConditionRouteToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTraffic + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTraffic + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTraffic + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTraffic + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Spec == nil { + m.Spec = &ConditionRoute{} + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTraffic(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTraffic + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } + + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil +} +func (m *DynamicConfigToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: DynamicConfigToClient: wiretype end group for non-group") + } + if fieldNum <= 0 { + return fmt.Errorf("proto: DynamicConfigToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTraffic + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTraffic + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTraffic + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTraffic + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Spec == nil { + m.Spec = &DynamicConfig{} + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTraffic(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTraffic + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy + } + } -func (m *ParamMatch) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Key) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - if m.Value != nil { - l = m.Value.Size() - n += 1 + l + sovTraffic(uint64(l)) - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) + if iNdEx > l { + return io.ErrUnexpectedEOF } - return n + return nil } - -func (m *TagRoute) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - if m.Priority != 0 { - n += 1 + sovTraffic(uint64(m.Priority)) - } - if m.Enabled { - n += 2 - } - if m.Runtime { - n += 2 - } - l = len(m.Key) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - l = len(m.ConfigVersion) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - if len(m.Tags) > 0 { - for _, e := range m.Tags { - l = e.Size() - n += 1 + l + sovTraffic(uint64(l)) +func (m *TagRouteToClient) Unmarshal(dAtA []byte) error { + l := len(dAtA) + iNdEx := 0 + for iNdEx < l { + preIndex := iNdEx + var wire uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + wire |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } } - } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} - -func (m *Tag) Size() (n int) { - if m == nil { - return 0 - } - var l int - _ = l - l = len(m.Name) - if l > 0 { - n += 1 + l + sovTraffic(uint64(l)) - } - if len(m.Addresses) > 0 { - for _, s := range m.Addresses { - l = len(s) - n += 1 + l + sovTraffic(uint64(l)) + fieldNum := int32(wire >> 3) + wireType := int(wire & 0x7) + if wireType == 4 { + return fmt.Errorf("proto: TagRouteToClient: wiretype end group for non-group") } - } - if len(m.Match) > 0 { - for _, e := range m.Match { - l = e.Size() - n += 1 + l + sovTraffic(uint64(l)) + if fieldNum <= 0 { + return fmt.Errorf("proto: TagRouteToClient: illegal tag %d (wire type %d)", fieldNum, wire) + } + switch fieldNum { + case 1: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Key", wireType) + } + var stringLen uint64 + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + stringLen |= uint64(b&0x7F) << shift + if b < 0x80 { + break + } + } + intStringLen := int(stringLen) + if intStringLen < 0 { + return ErrInvalidLengthTraffic + } + postIndex := iNdEx + intStringLen + if postIndex < 0 { + return ErrInvalidLengthTraffic + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + m.Key = string(dAtA[iNdEx:postIndex]) + iNdEx = postIndex + case 2: + if wireType != 2 { + return fmt.Errorf("proto: wrong wireType = %d for field Spec", wireType) + } + var msglen int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + msglen |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + if msglen < 0 { + return ErrInvalidLengthTraffic + } + postIndex := iNdEx + msglen + if postIndex < 0 { + return ErrInvalidLengthTraffic + } + if postIndex > l { + return io.ErrUnexpectedEOF + } + if m.Spec == nil { + m.Spec = &TagRoute{} + } + if err := m.Spec.Unmarshal(dAtA[iNdEx:postIndex]); err != nil { + return err + } + iNdEx = postIndex + default: + iNdEx = preIndex + skippy, err := skipTraffic(dAtA[iNdEx:]) + if err != nil { + return err + } + if (skippy < 0) || (iNdEx+skippy) < 0 { + return ErrInvalidLengthTraffic + } + if (iNdEx + skippy) > l { + return io.ErrUnexpectedEOF + } + m.XXX_unrecognized = append(m.XXX_unrecognized, dAtA[iNdEx:iNdEx+skippy]...) + iNdEx += skippy } } - if m.XXX_unrecognized != nil { - n += len(m.XXX_unrecognized) - } - return n -} -func sovTraffic(x uint64) (n int) { - return (math_bits.Len64(x|1) + 6) / 7 -} -func sozTraffic(x uint64) (n int) { - return sovTraffic(uint64((x << 1) ^ uint64((int64(x) >> 63)))) + if iNdEx > l { + return io.ErrUnexpectedEOF + } + return nil } func (m *ConditionRoute) Unmarshal(dAtA []byte) error { l := len(dAtA) @@ -3739,6 +4488,26 @@ func (m *TagRoute) Unmarshal(dAtA []byte) error { m.ConfigVersion = string(dAtA[iNdEx:postIndex]) iNdEx = postIndex case 6: + if wireType != 0 { + return fmt.Errorf("proto: wrong wireType = %d for field Force", wireType) + } + var v int + for shift := uint(0); ; shift += 7 { + if shift >= 64 { + return ErrIntOverflowTraffic + } + if iNdEx >= l { + return io.ErrUnexpectedEOF + } + b := dAtA[iNdEx] + iNdEx++ + v |= int(b&0x7F) << shift + if b < 0x80 { + break + } + } + m.Force = bool(v != 0) + case 7: if wireType != 2 { return fmt.Errorf("proto: wrong wireType = %d for field Tags", wireType) } diff --git a/api/resource/v1alpha1/traffic.proto b/api/resource/v1alpha1/traffic.proto index 9849ab98c..e81ace210 100644 --- a/api/resource/v1alpha1/traffic.proto +++ b/api/resource/v1alpha1/traffic.proto @@ -22,6 +22,21 @@ package dubbo.apache.org.v1alpha1; option java_multiple_files = true; +message ConditionRouteToClient { + string key = 1; + ConditionRoute spec = 2; +} + +message DynamicConfigToClient { + string key = 1; + DynamicConfig spec = 2; +} + +message TagRouteToClient { + string key = 1; + TagRoute spec = 2; +} + message ConditionRoute { int32 priority = 1; bool enabled = 2; @@ -90,7 +105,8 @@ message TagRoute { bool runtime = 3; string key = 4; string configVersion = 5; - repeated Tag tags = 6; + bool force = 6; + repeated Tag tags = 7; } message Tag { diff --git a/conf/admin.yml b/conf/admin.yml index 33098601e..f02f216f8 100644 --- a/conf/admin.yml +++ b/conf/admin.yml @@ -30,6 +30,7 @@ security: enable-oidc-check: true webhook-port: 30080 webhook-allow-on-err: true + is-trust-anyone: false kube-config: namespace: dubbo-system service-name: dubbo-cp diff --git a/pkg/authority/server/authority.go b/pkg/authority/server/authority.go index 63f97f19f..387184862 100644 --- a/pkg/authority/server/authority.go +++ b/pkg/authority/server/authority.go @@ -49,13 +49,13 @@ func (s *AuthorityService) Start(stop <-chan struct{}) error { errChan := make(chan error) if s.Options.KubeConfig.InPodEnv { go func() { - err := s.WebhookServer.Server.ListenAndServe() + err := s.WebhookServer.Server.ListenAndServeTLS("", "") if err != nil { switch err { case http.ErrServerClosed: - logger.Sugar().Info("shutting down HTTP Server") + logger.Sugar().Info("[Webhook] shutting down HTTP Server") default: - logger.Sugar().Error(err, "could not start an HTTP Server") + logger.Sugar().Error(err, "[Webhook] could not start an HTTP Server") errChan <- err } } @@ -63,7 +63,7 @@ func (s *AuthorityService) Start(stop <-chan struct{}) error { s.CertClient.UpdateWebhookConfig(s.Options, s.CertStorage) select { case <-stop: - logger.Sugar().Info("stopping admin") + logger.Sugar().Info("[Webhook] stopping Authority") if s.WebhookServer.Server != nil { return s.WebhookServer.Server.Shutdown(context.Background()) } @@ -102,7 +102,7 @@ func (s *AuthorityService) CreateIdentity( p, _ := peer.FromContext(c) endpoint, err := endpoint.ExactEndpoint(c, s.CertStorage, s.Options, s.CertClient) if err != nil { - logger.Sugar().Warnf("Failed to exact endpoint from context: %v. RemoteAddr: %s", err, p.Addr.String()) + logger.Sugar().Warnf("[Authority] Failed to exact endpoint from context: %v. RemoteAddr: %s", err, p.Addr.String()) return &ca.IdentityResponse{ Success: false, @@ -112,7 +112,7 @@ func (s *AuthorityService) CreateIdentity( certPem, err := cert.SignFromCSR(csr, endpoint, s.CertStorage.GetAuthorityCert(), s.Options.Security.CertValidity) if err != nil { - logger.Sugar().Warnf("Failed to sign certificate from csr: %v. RemoteAddr: %s", err, p.Addr.String()) + logger.Sugar().Warnf("[Authority] Failed to sign certificate from csr: %v. RemoteAddr: %s", err, p.Addr.String()) return &ca.IdentityResponse{ Success: false, @@ -120,11 +120,11 @@ func (s *AuthorityService) CreateIdentity( }, nil } - logger.Sugar().Infof("Success to sign certificate from csr. RemoteAddr: %s", p.Addr.String()) + logger.Sugar().Infof("[Authority] Success to sign certificate from csr. RemoteAddr: %s", p.Addr.String()) token, err := jwt.NewClaims(endpoint.SpiffeID, endpoint.ToString(), endpoint.ID, s.Options.Security.CertValidity).Sign(s.CertStorage.GetAuthorityCert().PrivateKey) if err != nil { - logger.Sugar().Warnf("Failed to sign jwt token: %v. RemoteAddr: %s", err, p.Addr.String()) + logger.Sugar().Warnf("[Authority] Failed to sign jwt token: %v. RemoteAddr: %s", err, p.Addr.String()) return &ca.IdentityResponse{ Success: false, diff --git a/pkg/config/app/dubbo-cp/dubbo-cp.default.yaml b/pkg/config/app/dubbo-cp/dubbo-cp.default.yaml index 127b9e8ef..3cc9f0d06 100644 --- a/pkg/config/app/dubbo-cp/dubbo-cp.default.yaml +++ b/pkg/config/app/dubbo-cp/dubbo-cp.default.yaml @@ -30,6 +30,7 @@ security: enable-oidc-check: true webhook-port: 30080 webhook-allow-on-err: true + is-trust-anyone: false kube-config: namespace: dubbo-system service-name: dubbo-ca diff --git a/pkg/core/cert/provider/client.go b/pkg/core/cert/provider/client.go index 3f525ecd3..b66f3ff74 100644 --- a/pkg/core/cert/provider/client.go +++ b/pkg/core/cert/provider/client.go @@ -55,7 +55,7 @@ func NewClient(kubeClient kubernetes.Interface) Client { func (c *ClientImpl) GetAuthorityCert(namespace string) (string, string) { s, err := c.kubeClient.CoreV1().Secrets(namespace).Get(context.TODO(), "dubbo-ca-secret", metav1.GetOptions{}) if err != nil { - logger.Sugar().Warnf("Unable to get authority cert secret from kubernetes. " + err.Error()) + logger.Sugar().Warnf("[Authority] Unable to get authority cert secret from kubernetes. " + err.Error()) } return string(s.Data["cert.pem"]), string(s.Data["pri.pem"]) } @@ -63,7 +63,7 @@ func (c *ClientImpl) GetAuthorityCert(namespace string) (string, string) { func (c *ClientImpl) UpdateAuthorityCert(cert string, pri string, namespace string) { s, err := c.kubeClient.CoreV1().Secrets(namespace).Get(context.TODO(), "dubbo-ca-secret", metav1.GetOptions{}) if err != nil { - logger.Sugar().Warnf("Unable to get ca secret from kubernetes. Will try to create. " + err.Error()) + logger.Sugar().Warnf("[Authority] Unable to get ca secret from kubernetes. Will try to create. " + err.Error()) s = &v1.Secret{ Data: map[string][]byte{ "cert.pem": []byte(cert), @@ -73,14 +73,14 @@ func (c *ClientImpl) UpdateAuthorityCert(cert string, pri string, namespace stri s.Name = "dubbo-ca-secret" _, err = c.kubeClient.CoreV1().Secrets(namespace).Create(context.TODO(), s, metav1.CreateOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to create ca secret to kubernetes. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to create ca secret to kubernetes. " + err.Error()) } else { - logger.Sugar().Info("Create ca secret to kubernetes success. ") + logger.Sugar().Info("[Authority] Create ca secret to kubernetes success. ") } } if string(s.Data["cert.pem"]) == cert && string(s.Data["pri.pem"]) == pri { - logger.Sugar().Info("Ca secret in kubernetes is already the newest vesion.") + logger.Sugar().Info("[Authority] Ca secret in kubernetes is already the newest version.") return } @@ -88,16 +88,16 @@ func (c *ClientImpl) UpdateAuthorityCert(cert string, pri string, namespace stri s.Data["pri.pem"] = []byte(pri) _, err = c.kubeClient.CoreV1().Secrets(namespace).Update(context.TODO(), s, metav1.UpdateOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to update ca secret to kubernetes. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to update ca secret to kubernetes. " + err.Error()) } else { - logger.Sugar().Info("Update ca secret to kubernetes success. ") + logger.Sugar().Info("[Authority] Update ca secret to kubernetes success. ") } } func (c *ClientImpl) UpdateAuthorityPublicKey(cert string) bool { ns, err := c.kubeClient.CoreV1().Namespaces().List(context.TODO(), metav1.ListOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to get namespaces. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to get namespaces. " + err.Error()) return false } for _, n := range ns.Items { @@ -106,7 +106,7 @@ func (c *ClientImpl) UpdateAuthorityPublicKey(cert string) bool { } cm, err := c.kubeClient.CoreV1().ConfigMaps(n.Name).Get(context.TODO(), "dubbo-ca-cert", metav1.GetOptions{}) if err != nil { - logger.Sugar().Warnf("Unable to find dubbo-ca-cert in " + n.Name + ". Will create config map. " + err.Error()) + logger.Sugar().Warnf("[Authority] Unable to find dubbo-ca-cert in " + n.Name + ". Will create config map. " + err.Error()) cm = &v1.ConfigMap{ Data: map[string]string{ "ca.crt": cert, @@ -115,23 +115,23 @@ func (c *ClientImpl) UpdateAuthorityPublicKey(cert string) bool { cm.Name = "dubbo-ca-cert" _, err = c.kubeClient.CoreV1().ConfigMaps(n.Name).Create(context.TODO(), cm, metav1.CreateOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to create config map for " + n.Name + ". " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to create config map for " + n.Name + ". " + err.Error()) return false } else { - logger.Sugar().Info("Create ca config map for " + n.Name + " success.") + logger.Sugar().Info("[Authority] Create ca config map for " + n.Name + " success.") } } if cm.Data["ca.crt"] == cert { - logger.Sugar().Info("Ignore override ca to " + n.Name + ". Cause: Already exist.") + logger.Sugar().Info("[Authority] Ignore override ca to " + n.Name + ". Cause: Already exist.") continue } cm.Data["ca.crt"] = cert _, err = c.kubeClient.CoreV1().ConfigMaps(n.Name).Update(context.TODO(), cm, metav1.UpdateOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to update config map for " + n.Name + ". " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to update config map for " + n.Name + ". " + err.Error()) return false } else { - logger.Sugar().Info("Update ca config map for " + n.Name + " success.") + logger.Sugar().Info("[Authority] Update ca config map for " + n.Name + " success.") } } return true @@ -140,7 +140,7 @@ func (c *ClientImpl) UpdateAuthorityPublicKey(cert string) bool { func (c *ClientImpl) GetNamespaceLabels(namespace string) map[string]string { ns, err := c.kubeClient.CoreV1().Namespaces().Get(context.TODO(), namespace, metav1.GetOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to validate token. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to validate token. " + err.Error()) return map[string]string{} } if ns.Labels != nil { @@ -169,18 +169,18 @@ func (c *ClientImpl) VerifyServiceAccount(token string, authorizationType string reviewRes, err := c.kubeClient.AuthenticationV1().TokenReviews().Create( context.TODO(), tokenReview, metav1.CreateOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to validate token. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to validate token. " + err.Error()) return nil, false } if reviewRes.Status.Error != "" { - logger.Sugar().Warnf("Failed to validate token. " + reviewRes.Status.Error) + logger.Sugar().Warnf("[Authority] Failed to validate token. " + reviewRes.Status.Error) return nil, false } names := strings.Split(reviewRes.Status.User.Username, ":") if len(names) != 4 { - logger.Sugar().Warnf("Token is not a pod service account. " + reviewRes.Status.User.Username) + logger.Sugar().Warnf("[Authority] Token is not a pod service account. " + reviewRes.Status.User.Username) return nil, false } @@ -189,18 +189,18 @@ func (c *ClientImpl) VerifyServiceAccount(token string, authorizationType string podUid := reviewRes.Status.User.Extra["authentication.kubernetes.io/pod-uid"] if len(podName) != 1 || len(podUid) != 1 { - logger.Sugar().Warnf("Token is not a pod service account. " + reviewRes.Status.User.Username) + logger.Sugar().Warnf("[Authority] Token is not a pod service account. " + reviewRes.Status.User.Username) return nil, false } pod, err := c.kubeClient.CoreV1().Pods(namespace).Get(context.TODO(), podName[0], metav1.GetOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to get pod. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to get pod. " + err.Error()) return nil, false } if pod.UID != types.UID(podUid[0]) { - logger.Sugar().Warnf("Token is not a pod service account. " + reviewRes.Status.User.Username) + logger.Sugar().Warnf("[Authority] Token is not a pod service account. " + reviewRes.Status.User.Username) return nil, false } @@ -239,7 +239,7 @@ func (c *ClientImpl) UpdateWebhookConfig(options *dubbo_cp.Config, storage *Cert bundle := storage.GetAuthorityCert().CertPem mwConfig, err := c.kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Get(context.TODO(), "dubbo-ca", metav1.GetOptions{}) if err != nil { - logger.Sugar().Warnf("Unable to find dubbo-ca webhook config. Will create. " + err.Error()) + logger.Sugar().Warnf("[Webhook] Unable to find dubbo-ca webhook config. Will create. " + err.Error()) mwConfig = &admissionregistrationV1.MutatingWebhookConfiguration{ ObjectMeta: metav1.ObjectMeta{ Name: "dubbo-ca", @@ -287,24 +287,24 @@ func (c *ClientImpl) UpdateWebhookConfig(options *dubbo_cp.Config, storage *Cert _, err := c.kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Create(context.TODO(), mwConfig, metav1.CreateOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to create webhook config. " + err.Error()) + logger.Sugar().Warnf("[Webhook] Failed to create webhook config. " + err.Error()) } else { - logger.Sugar().Info("Create webhook config success.") + logger.Sugar().Info("[Webhook] Create webhook config success.") } return } if reflect.DeepEqual(mwConfig.Webhooks[0].ClientConfig.CABundle, []byte(bundle)) { - logger.Sugar().Info("Ignore override webhook config. Cause: Already exist.") + logger.Sugar().Info("[Webhook] Ignore override webhook config. Cause: Already exist.") return } mwConfig.Webhooks[0].ClientConfig.CABundle = []byte(bundle) _, err = c.kubeClient.AdmissionregistrationV1().MutatingWebhookConfigurations().Update(context.TODO(), mwConfig, metav1.UpdateOptions{}) if err != nil { - logger.Sugar().Warnf("Failed to update webhook config. " + err.Error()) + logger.Sugar().Warnf("[Webhook] Failed to update webhook config. " + err.Error()) } else { - logger.Sugar().Info("Update webhook config success.") + logger.Sugar().Info("[Webhook] Update webhook config success.") } } diff --git a/pkg/core/cert/provider/storage.go b/pkg/core/cert/provider/storage.go index 018f20a02..1de874bb3 100644 --- a/pkg/core/cert/provider/storage.go +++ b/pkg/core/cert/provider/storage.go @@ -43,37 +43,41 @@ type CertStorage struct { serverCerts *Cert } +func calculateInterval(caValidity int64) time.Duration { + interval := math.Max(math.Min(float64(caValidity/100), 10_000), 1) + return time.Duration(interval) * time.Millisecond +} + func (s *CertStorage) Start(stop <-chan struct{}) error { go s.RefreshServerCert(stop) go func(stop <-chan struct{}) { - interval := math.Min(math.Floor(float64(s.config.Security.CaValidity)/100), 10_000) - for { - time.Sleep(time.Duration(interval) * time.Millisecond) - if s.GetAuthorityCert().NeedRefresh() { - logger.Sugar().Infof("Authority cert is invalid, refresh it.") - // TODO lock if multi cp-server - // TODO refresh signed cert - - err := NewleaderElection().Election(s, s.config, s.certClient.GetKubClient()) - if err != nil { - return - } - if s.config.KubeConfig.IsKubernetesConnected { - s.certClient.UpdateAuthorityCert(s.GetAuthorityCert().CertPem, EncodePrivateKey(s.GetAuthorityCert().PrivateKey), s.config.KubeConfig.Namespace) - s.certClient.UpdateWebhookConfig(s.config, s) - if s.certClient.UpdateAuthorityPublicKey(s.GetAuthorityCert().CertPem) { - logger.Sugar().Infof("Write ca to config maps success.") - } else { - logger.Sugar().Warnf("Write ca to config maps failed.") - } - } - } + ticker := time.NewTicker(calculateInterval(s.config.Security.CaValidity)) + defer ticker.Stop() + for { select { case <-stop: return - default: - continue + case <-ticker.C: + if s.GetAuthorityCert().NeedRefresh() { + logger.Sugar().Infof("[Authority] Authority cert is invalid, refresh it.") + // TODO lock if multi cp-server + // TODO refresh signed cert + + err := NewleaderElection().Election(s, s.config, s.certClient.GetKubClient()) + if err != nil { + logger.Sugar().Error("[Authority] Leader Election failed") + } + if s.config.KubeConfig.IsKubernetesConnected { + s.certClient.UpdateAuthorityCert(s.GetAuthorityCert().CertPem, EncodePrivateKey(s.GetAuthorityCert().PrivateKey), s.config.KubeConfig.Namespace) + s.certClient.UpdateWebhookConfig(s.config, s) + if s.certClient.UpdateAuthorityPublicKey(s.GetAuthorityCert().CertPem) { + logger.Sugar().Infof("[Authority] Write ca to config maps success.") + } else { + logger.Sugar().Warnf("[Authority] Write ca to config maps failed.") + } + } + } } } }(stop) @@ -146,34 +150,34 @@ func (c *Cert) GetTlsCert() *tls.Certificate { } tlsCert, err := tls.X509KeyPair([]byte(c.CertPem), []byte(EncodePrivateKey(c.PrivateKey))) if err != nil { - logger.Sugar().Warnf("Failed to load x509 cert. %v", err) + logger.Sugar().Warnf("[Authority] Failed to load x509 cert. %v", err) } c.tlsCert = &tlsCert return c.tlsCert } func (s *CertStorage) RefreshServerCert(stop <-chan struct{}) { - interval := math.Min(math.Floor(float64(s.config.Security.CertValidity)/100), 10_000) - for true { + interval := math.Max(math.Min(math.Floor(float64(s.config.Security.CertValidity)/100), 10_000), 1) + ticker := time.NewTicker(time.Duration(interval) * time.Millisecond) + defer ticker.Stop() + for { select { case <-stop: return - default: + case <-ticker.C: + func() { + s.mutex.Lock() + defer s.mutex.Unlock() + if s.authorityCert == nil || !s.authorityCert.IsValid() { + // ignore if authority cert is invalid + return + } + if s.serverCerts == nil || !s.serverCerts.IsValid() { + logger.Sugar().Infof("[Authority] Server cert is invalid, refresh it.") + s.serverCerts = SignServerCert(s.authorityCert, s.serverNames, s.config.Security.CertValidity) + } + }() } - - time.Sleep(time.Duration(interval) * time.Millisecond) - func() { - s.mutex.Lock() - defer s.mutex.Unlock() - if s.authorityCert == nil || !s.authorityCert.IsValid() { - // ignore if authority cert is invalid - return - } - if s.serverCerts == nil || !s.serverCerts.IsValid() { - logger.Sugar().Infof("Server cert is invalid, refresh it.") - s.serverCerts = SignServerCert(s.authorityCert, s.serverNames, s.config.Security.CertValidity) - } - }() } } diff --git a/pkg/core/cert/provider/util.go b/pkg/core/cert/provider/util.go index 7e5da0f6c..ddd9a73bd 100644 --- a/pkg/core/cert/provider/util.go +++ b/pkg/core/cert/provider/util.go @@ -44,12 +44,12 @@ var oidSubjectAlternativeName = asn1.ObjectIdentifier{2, 5, 29, 17} func DecodeCert(cert string) *x509.Certificate { block, _ := pem.Decode([]byte(cert)) if block == nil { - logger.Sugar().Warnf("Failed to parse public key.") + logger.Sugar().Warnf("[Authority] Failed to parse public key.") return nil } p, err := x509.ParseCertificate(block.Bytes) if err != nil { - logger.Sugar().Warnf("Failed to parse public key. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to parse public key. " + err.Error()) return nil } return p @@ -58,12 +58,12 @@ func DecodeCert(cert string) *x509.Certificate { func DecodePrivateKey(cert string) *ecdsa.PrivateKey { block, _ := pem.Decode([]byte(cert)) if block == nil { - logger.Sugar().Warnf("Failed to parse private key.") + logger.Sugar().Warnf("[Authority] Failed to parse private key.") return nil } p, err := x509.ParseECPrivateKey(block.Bytes) if err != nil { - logger.Sugar().Warnf("Failed to parse private key. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to parse private key. " + err.Error()) return nil } return p @@ -104,7 +104,7 @@ func GenerateAuthorityCert(rootCert *Cert, caValidity int64) *Cert { Bytes: caBytes, }) if err != nil { - logger.Sugar().Warnf("Failed to encode certificate. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to encode certificate. " + err.Error()) panic(err) } @@ -146,7 +146,7 @@ func SignServerCert(authorityCert *Cert, serverName []string, certValidity int64 Bytes: c, }) if err != nil { - logger.Sugar().Warnf("Failed to encode certificate. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to encode certificate. " + err.Error()) panic(err) } return &Cert{ @@ -182,7 +182,7 @@ func GenerateCSR() (string, *ecdsa.PrivateKey, error) { }) if err != nil { - logger.Sugar().Warnf("Failed to encode certificate. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to encode certificate. " + err.Error()) return "", nil, err } return csr.String(), privateKey, nil @@ -244,7 +244,7 @@ func AppendEndpoint(endpoint *endpoint.Endpoint, cert *x509.Certificate) { if endpoint.SpiffeID != "" { spiffeId, err := url.Parse(endpoint.SpiffeID) if err != nil { - logger.Sugar().Warnf("failed to parse the spiffe id (err: %s)", err) + logger.Sugar().Warnf("[Authority] failed to parse the spiffe id (err: %s)", err) return } cert.URIs = append(cert.URIs, spiffeId) @@ -255,7 +255,7 @@ func EncodePrivateKey(caPrivKey *ecdsa.PrivateKey) string { caPrivKeyPEM := new(bytes.Buffer) pri, err := x509.MarshalECPrivateKey(caPrivKey) if err != nil { - logger.Sugar().Warnf("Failed to marshal EC private key. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to marshal EC private key. " + err.Error()) return "" } err = pem.Encode(caPrivKeyPEM, &pem.Block{ @@ -263,7 +263,7 @@ func EncodePrivateKey(caPrivKey *ecdsa.PrivateKey) string { Bytes: pri, }) if err != nil { - logger.Sugar().Warnf("Failed to encode private key. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to encode private key. " + err.Error()) return "" } return caPrivKeyPEM.String() @@ -273,13 +273,13 @@ func EncodePublicKey(pub *ecdsa.PublicKey) (res string) { caPrivKeyPEM := new(bytes.Buffer) defer func() { if err := recover(); err != nil { - logger.Sugar().Warnf("Failed to marshal EC public key. %v", err) + logger.Sugar().Warnf("[Authority] Failed to marshal EC public key. %v", err) res = "" } }() pri, err := x509.MarshalPKIXPublicKey(pub) if err != nil { - logger.Sugar().Warnf("Failed to marshal EC public key. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to marshal EC public key. " + err.Error()) return "" } err = pem.Encode(caPrivKeyPEM, &pem.Block{ @@ -287,7 +287,7 @@ func EncodePublicKey(pub *ecdsa.PublicKey) (res string) { Bytes: pri, }) if err != nil { - logger.Sugar().Warnf("Failed to encode public key. " + err.Error()) + logger.Sugar().Warnf("[Authority] Failed to encode public key. " + err.Error()) return "" } return caPrivKeyPEM.String() diff --git a/pkg/core/model/model.go b/pkg/core/model/model.go index 47e27fd0c..ecdff1924 100644 --- a/pkg/core/model/model.go +++ b/pkg/core/model/model.go @@ -35,12 +35,12 @@ import ( const ( ApiTypePrefix = "type.googleapis.com/" - AuthenticationTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.AuthenticationPolicy" - AuthorizationTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.AuthorizationPolicy" - TagRouteTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.TagRoute" - DynamicConfigTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.DynamicConfig" - ServiceMappingTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.ServiceNameMapping" - ConditionRouteTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.ConditionRoute" + AuthenticationTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.AuthenticationPolicyToClient" + AuthorizationTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.AuthorizationPolicyToClient" + TagRouteTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.TagRouteToClient" + DynamicConfigTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.DynamicConfigToClient" + ServiceMappingTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.ServiceNameMappingToClient" + ConditionRouteTypeUrl = ApiTypePrefix + "dubbo.apache.org.v1alpha1.ConditionRouteToClient" ) // Meta is metadata attached to each configuration unit. diff --git a/pkg/core/tools/endpoint/endpoint.go b/pkg/core/tools/endpoint/endpoint.go index 2788aa88d..924504566 100644 --- a/pkg/core/tools/endpoint/endpoint.go +++ b/pkg/core/tools/endpoint/endpoint.go @@ -54,7 +54,7 @@ func ExactEndpoint(c context.Context, certStorage *provider.CertStorage, options } if !options.Security.IsTrustAnyone && connectionErr != nil { - return nil, fmt.Errorf("Failed to get endpoint from header: %s. Failed to get endpoint from storage: %s. RemoteAddr: %s", + return nil, fmt.Errorf("failed to get endpoint from header: %s. Failed to get endpoint from storage: %s. RemoteAddr: %s", endpointErr.Error(), connectionErr.Error(), p.Addr.String()) } diff --git a/pkg/core/tools/generate/key.go b/pkg/core/tools/generate/key.go new file mode 100644 index 000000000..a51179382 --- /dev/null +++ b/pkg/core/tools/generate/key.go @@ -0,0 +1,25 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package generate + +func GenerateKey(name, namespace string) string { + if namespace != "" { + return name + "/" + namespace + } + return name +} diff --git a/pkg/cp-server/server/server.go b/pkg/cp-server/server/server.go index 8f0ed25c9..eae888566 100644 --- a/pkg/cp-server/server/server.go +++ b/pkg/cp-server/server/server.go @@ -81,25 +81,25 @@ func (d *GrpcServer) Start(stop <-chan struct{}) error { go func() { defer close(plainErrChan) if err = d.PlainServer.Serve(plainLis); err != nil { - logger.Sugar().Error(err, "terminated with an error") + logger.Sugar().Error(err, "[cp-server] terminated with an error") plainErrChan <- err } else { - logger.Sugar().Info("terminated normally") + logger.Sugar().Info("[cp-server] terminated normally") } }() go func() { defer close(secureErrChan) if err = d.SecureServer.Serve(secureLis); err != nil { - logger.Sugar().Error(err, "terminated with an error") + logger.Sugar().Error(err, "[cp-server] terminated with an error") secureErrChan <- err } else { - logger.Sugar().Info("terminated normally") + logger.Sugar().Info("[cp-server] terminated normally") } }() select { case <-stop: - logger.Sugar().Info("stopping gracefully") + logger.Sugar().Info("[cp-server] stopping gracefully") d.PlainServer.GracefulStop() d.SecureServer.GracefulStop() return nil diff --git a/pkg/dds/kube/crdclient/client.go b/pkg/dds/kube/crdclient/client.go index 4ecef6962..dcdb2fdf4 100644 --- a/pkg/dds/kube/crdclient/client.go +++ b/pkg/dds/kube/crdclient/client.go @@ -102,7 +102,7 @@ func getObjectMetadata(config model.Config) metav1.ObjectMeta { func (cl *Client) HasSynced() bool { for kind, ctl := range cl.kinds { if !ctl.informer.HasSynced() { - logger.Sugar().Infof("controller %q is syncing...", kind) + logger.Sugar().Infof("[DDS] controller %q is syncing...", kind) return false } } @@ -112,16 +112,16 @@ func (cl *Client) HasSynced() bool { // Start the queue and all informers. Callers should wait for HasSynced() before depending on results. func (cl *Client) Start(stop <-chan struct{}) error { t0 := time.Now() - logger.Sugar().Info("Starting Rule K8S CRD controller") + logger.Sugar().Info("[DDS] Starting Rule K8S CRD controller") go func() { cache.WaitForCacheSync(stop, cl.HasSynced) - logger.Sugar().Info("Rule K8S CRD controller synced", time.Since(t0)) + logger.Sugar().Info("[DDS] Rule K8S CRD controller synced", time.Since(t0)) cl.queue.Run(stop) }() <-stop - logger.Sugar().Info("controller terminated") + logger.Sugar().Info("[DDS] controller terminated") return nil } @@ -141,7 +141,7 @@ func (cl *Client) checkReadyForEvents(curr interface{}) error { } _, err := cache.DeletionHandlingMetaNamespaceKeyFunc(curr) if err != nil { - logger.Sugar().Infof("Error retrieving key: %v", err) + logger.Sugar().Infof("[DDS] Error retrieving key: %v", err) } return nil } @@ -157,7 +157,7 @@ func knownCRDs(crdClient apiextensionsclient.Interface) map[string]struct{} { if err == nil { break } - logger.Sugar().Errorf("failed to list CRDs: %v", err) + logger.Sugar().Errorf("[DDS] failed to list CRDs: %v", err) time.Sleep(delay) delay *= 2 if delay > maxDelay { @@ -198,13 +198,13 @@ func (cl *Client) Schemas() collection.Schemas { func (cl *Client) Get(typ model.GroupVersionKind, name, namespace string) *model.Config { h, f := cl.kinds[typ] if !f { - logger.Sugar().Warnf("unknown type: %s", typ) + logger.Sugar().Warnf("[DDS] unknown type: %s", typ) return nil } obj, err := h.lister(namespace).Get(name) if err != nil { - logger.Sugar().Warnf("error on get %v/%v: %v", name, namespace, err) + logger.Sugar().Warnf("[DDS] error on get %v/%v: %v", name, namespace, err) return nil } @@ -215,7 +215,7 @@ func (cl *Client) Get(typ model.GroupVersionKind, name, namespace string) *model func TranslateObject(r runtime.Object, gvk model.GroupVersionKind, domainSuffix string) *model.Config { translateFunc, f := translationMap[gvk] if !f { - logger.Sugar().Errorf("unknown type %v", gvk) + logger.Sugar().Errorf("[DDS] unknown type %v", gvk) return nil } c := translateFunc(r) @@ -248,7 +248,7 @@ func NewForSchemas(client *client.KubeClient, domainSuffix string, schemas colle } out.kinds[s.Resource().GroupVersionKind()] = createCacheHandler(out, s, i) } else { - logger.Sugar().Warnf("Skipping CRD %v as it is not present", s.Resource().GroupVersionKind()) + logger.Sugar().Warnf("[DDS] Skipping CRD %v as it is not present", s.Resource().GroupVersionKind()) } } diff --git a/pkg/dds/kube/crdclient/handler.go b/pkg/dds/kube/crdclient/handler.go index 485e60eeb..259322c43 100644 --- a/pkg/dds/kube/crdclient/handler.go +++ b/pkg/dds/kube/crdclient/handler.go @@ -51,13 +51,12 @@ func NewHandler(storage *storage.Storage, rootNamespace string, cache ConfigStor } } -// nolint func (p *PushContext) NotifyWithIndex(schema collection.Schema) error { gvk := schema.Resource().GroupVersionKind() configs, err := p.cache.List(gvk, NamespaceAll) data := make([]model.Config, 0) if err != nil { - logger.Sugar().Error("fail to get the cache from client-go Index") + logger.Sugar().Error("[DDS] fail to get the cache from client-go Index") return err } if gvk.String() == gvks.Authorization { @@ -98,21 +97,21 @@ func (p *PushContext) NotifyWithIndex(schema collection.Schema) error { func authorization(config model.Config, rootNamespace string) model.Config { deepCopy := config.DeepCopy() policy := deepCopy.Spec.(*api.AuthorizationPolicy) - if rootNamespace != config.Namespace { - if len(policy.Rules) == 0 { - policy.Rules = append(policy.Rules, &api.AuthorizationPolicyRule{ - To: &api.AuthorizationPolicyTarget{ - Namespaces: []string{config.Namespace}, - }, - }) - } else { - for _, rule := range policy.Rules { - if rule.To != nil { - rule.To = &api.AuthorizationPolicyTarget{} - } - if !slices.Contains(rule.To.Namespaces, config.Namespace) { - rule.To.Namespaces = append(rule.To.Namespaces, config.Namespace) - } + if rootNamespace == deepCopy.Namespace { + return deepCopy + } + if policy.GetRules() == nil { + policy.Rules = []*api.AuthorizationPolicyRule{} + policy.Rules = append(policy.Rules, &api.AuthorizationPolicyRule{ + To: &api.AuthorizationPolicyTarget{ + Namespaces: []string{deepCopy.Namespace}, + }, + }) + } else { + for _, rule := range policy.Rules { + rule.To = &api.AuthorizationPolicyTarget{} + if !slices.Contains(rule.To.Namespaces, deepCopy.Namespace) { + rule.To.Namespaces = append(rule.To.Namespaces, deepCopy.Namespace) } } } @@ -123,7 +122,8 @@ func authentication(config model.Config, rootNamespace string) model.Config { deepCopy := config.DeepCopy() policy := deepCopy.Spec.(*api.AuthenticationPolicy) if rootNamespace != config.Namespace { - if len(policy.Selector) == 0 { + if policy.GetSelector() == nil { + policy.Selector = []*api.AuthenticationPolicySelector{} policy.Selector = append(policy.Selector, &api.AuthenticationPolicySelector{ Namespaces: []string{config.Namespace}, }) diff --git a/pkg/dds/kube/crdclient/handler_test.go b/pkg/dds/kube/crdclient/handler_test.go index ee8fbd36e..2898f34d7 100644 --- a/pkg/dds/kube/crdclient/handler_test.go +++ b/pkg/dds/kube/crdclient/handler_test.go @@ -186,7 +186,49 @@ func TestAuthorization(t *testing.T) { }) } -// nolint +func TestAuthorizationNilField(t *testing.T) { + configName := "name" + configNamespace := "namespace" + c := collections.DubboCAV1Alpha1Authorization + name := c.Resource().Kind() + t.Run(name, func(t *testing.T) { + r := c.Resource() + configMeta := model.Meta{ + GroupVersionKind: r.GroupVersionKind(), + Name: configName, + } + if !r.IsClusterScoped() { + configMeta.Namespace = configNamespace + } + + pb, err := r.NewInstance() + if err != nil { + t.Fatal(err) + } + authorizationPolicy := pb.(*dubbo_apache_org_v1alpha1.AuthorizationPolicy) + authorizationPolicy.Action = "DENY" + authorizationPolicy.Rules = []*dubbo_apache_org_v1alpha1.AuthorizationPolicyRule{ + { + From: &dubbo_apache_org_v1alpha1.AuthorizationPolicySource{ + Namespaces: []string{"dubbo-system"}, + }, + To: &dubbo_apache_org_v1alpha1.AuthorizationPolicyTarget{ + Namespaces: []string{"ns"}, + }, + }, + } + + config := model.Config{ + Meta: configMeta, + Spec: authorizationPolicy, + } + + m := authorization(config, "dubbo-system") + afterPolicy := m.Spec.(*dubbo_apache_org_v1alpha1.AuthorizationPolicy) + assert.Equal(t, afterPolicy.Rules[0].To.Namespaces[0], configNamespace) + }) +} + func TestNotifyWithIndex(t *testing.T) { store := makeClient(t, collections.Rule) configName := "name" diff --git a/pkg/dds/server/server.go b/pkg/dds/server/server.go index 46f5e9b96..c1b31cd78 100644 --- a/pkg/dds/server/server.go +++ b/pkg/dds/server/server.go @@ -64,19 +64,19 @@ func (s *DdsServer) Observe(stream dds.RuleService_ObserveServer) error { p, ok := peer.FromContext(stream.Context()) if !ok { - logger.Sugar().Errorf("failed to get peer from context") + logger.Sugar().Errorf("[DDS] failed to get peer from context") return fmt.Errorf("failed to get peer from context") } endpoints, err := endpoint2.ExactEndpoint(stream.Context(), s.CertStorage, s.Config, s.CertClient) if err != nil { - logger.Sugar().Errorf("failed to get endpoint from context: %v. RemoteAddr: %s", err, p.Addr) + logger.Sugar().Errorf("[DDS] failed to get endpoint from context: %v. RemoteAddr: %s", err, p.Addr) return err } c.endpoint = endpoints - logger.Sugar().Infof("New observe storage from %s", endpoints) + logger.Sugar().Infof("[DDS] New observe storage from %s", endpoints) s.Storage.Connected(endpoints, c) <-c.stopChan @@ -114,7 +114,7 @@ func (c *GrpcEndpointConnection) Send(targetRule *storage.VersionedRule, cr *sto select { case <-t.C: - logger.Infof("Timeout writing %s", c.endpoint.ID) + logger.Infof("[DDS] Timeout writing %s", c.endpoint.ID) return status.Errorf(codes.DeadlineExceeded, "timeout sending") case err := <-errChan: if err == nil { diff --git a/pkg/dds/storage/generate.go b/pkg/dds/storage/generate.go index ea9a9e21e..58f968fd7 100644 --- a/pkg/dds/storage/generate.go +++ b/pkg/dds/storage/generate.go @@ -21,6 +21,7 @@ import ( api "github.com/apache/dubbo-admin/api/resource/v1alpha1" "github.com/apache/dubbo-admin/pkg/core/endpoint" "github.com/apache/dubbo-admin/pkg/core/model" + "github.com/apache/dubbo-admin/pkg/core/tools/generate" "google.golang.org/protobuf/types/known/anypb" ) @@ -33,8 +34,12 @@ type AuthenticationGenerator struct{} func (g *AuthenticationGenerator) Generate(data []model.Config, endpoint *endpoint.Endpoint) ([]*anypb.Any, error) { res := make([]*anypb.Any, 0) for _, v := range data { - deepCopy := v.DeepCopy() - policy := deepCopy.Spec.(*api.AuthenticationPolicy) + policy := v.Spec.(*api.AuthenticationPolicy) + toClient := &api.AuthenticationPolicyToClient{ + Spec: &api.AuthenticationSpecToClient{}, + } + key := generate.GenerateKey(v.Name, v.Namespace) + toClient.Key = key if policy.GetSelector() != nil { match := true for _, selector := range policy.Selector { @@ -47,8 +52,18 @@ func (g *AuthenticationGenerator) Generate(data []model.Config, endpoint *endpoi continue } } - policy.Selector = nil - gogo, err := model.ToProtoGogo(policy) + toClient.Spec.Action = policy.Action + if policy.GetPortLevel() != nil { + toClient.Spec.PortLevel = make([]*api.AuthenticationPolicyPortLevel, 0, len(policy.PortLevel)) + for _, portLevel := range policy.PortLevel { + toClient.Spec.PortLevel = append(toClient.Spec.PortLevel, &api.AuthenticationPolicyPortLevel{ + Port: portLevel.Port, + Action: portLevel.Action, + }) + } + } + + gogo, err := model.ToProtoGogo(toClient) if err != nil { return nil, err } @@ -62,22 +77,50 @@ type AuthorizationGenerator struct{} func (g *AuthorizationGenerator) Generate(data []model.Config, endpoint *endpoint.Endpoint) ([]*anypb.Any, error) { res := make([]*anypb.Any, 0) for _, v := range data { - deepCopy := v.DeepCopy() - policy := deepCopy.Spec.(*api.AuthorizationPolicy) + policy := v.Spec.(*api.AuthorizationPolicy) + toClient := &api.AuthorizationPolicyToClient{} + key := generate.GenerateKey(v.Name, v.Namespace) + toClient.Key = key if policy.GetRules() != nil { match := true for _, policyRule := range policy.Rules { + if policyRule.GetTo() == nil { + policyRule.To = &api.AuthorizationPolicyTarget{} + } if !MatchAuthrSelector(policyRule.To, endpoint) { match = false break } - policyRule.To = nil } if !match { continue } + + toClient.Spec = &api.AuthorizationPolicySpecToClient{} + + toClient.Spec.Action = policy.Action + toClient.Spec.Samples = policy.Samples + toClient.Spec.Order = policy.Order + toClient.Spec.MatchType = policy.MatchType + + if policy.Rules != nil { + toClient.Spec.Rules = make([]*api.AuthorizationPolicyRuleToClient, 0, len(policy.Rules)) + for _, rule := range policy.Rules { + if rule.GetFrom() == nil { + rule.From = &api.AuthorizationPolicySource{} + } + if rule.GetWhen() == nil { + rule.When = &api.AuthorizationPolicyCondition{} + } + ruleToClient := &api.AuthorizationPolicyRuleToClient{ + From: rule.From.DeepCopy(), + When: rule.When.DeepCopy(), + } + toClient.Spec.Rules = append(toClient.Spec.Rules, ruleToClient) + } + } } - gogo, err := model.ToProtoGogo(policy) + gogo, err := model.ToProtoGogo(toClient) if err != nil { return nil, err } @@ -91,7 +134,11 @@ type ConditionRoutesGenerator struct{} func (g *ConditionRoutesGenerator) Generate(data []model.Config, endpoint *endpoint.Endpoint) ([]*anypb.Any, error) { res := make([]*anypb.Any, 0) for _, config := range data { - gogo, err := model.ToProtoGogo(config.Spec.(*api.ConditionRoute)) + toClient := &api.ConditionRouteToClient{} + key := generate.GenerateKey(config.Name, config.Namespace) + toClient.Key = key + toClient.Spec = config.Spec.(*api.ConditionRoute) + gogo, err := model.ToProtoGogo(toClient) if err != nil { return nil, err } @@ -105,7 +152,11 @@ type DynamicConfigsGenerator struct{} func (g *DynamicConfigsGenerator) Generate(data []model.Config, endpoint *endpoint.Endpoint) ([]*anypb.Any, error) { res := make([]*anypb.Any, 0) for _, config := range data { - gogo, err := model.ToProtoGogo(config.Spec.(*api.DynamicConfig)) + toClient := &api.DynamicConfigToClient{} + key := generate.GenerateKey(config.Name, config.Namespace) + toClient.Key = key + toClient.Spec = config.Spec.(*api.DynamicConfig) + gogo, err := model.ToProtoGogo(toClient) if err != nil { return nil, err } @@ -119,7 +170,11 @@ type ServiceMappingGenerator struct{} func (g *ServiceMappingGenerator) Generate(data []model.Config, endpoint *endpoint.Endpoint) ([]*anypb.Any, error) { res := make([]*anypb.Any, 0) for _, config := range data { - gogo, err := model.ToProtoGogo(config.Spec.(*api.ServiceNameMapping)) + toClient := &api.ServiceNameMappingToClient{} + key := generate.GenerateKey(config.Name, config.Namespace) + toClient.Key = key + toClient.Spec = config.Spec.(*api.ServiceNameMapping) + gogo, err := model.ToProtoGogo(toClient) if err != nil { return nil, err } @@ -133,7 +188,11 @@ type TagRoutesGenerator struct{} func (g *TagRoutesGenerator) Generate(data []model.Config, endpoint *endpoint.Endpoint) ([]*anypb.Any, error) { res := make([]*anypb.Any, 0) for _, config := range data { - gogo, err := model.ToProtoGogo(config.Spec.(*api.TagRoute)) + toClient := &api.TagRouteToClient{} + key := generate.GenerateKey(config.Name, config.Namespace) + toClient.Key = key + toClient.Spec = config.Spec.(*api.TagRoute) + gogo, err := model.ToProtoGogo(toClient) if err != nil { return nil, err } diff --git a/pkg/dds/storage/storage.go b/pkg/dds/storage/storage.go index 3324b7e4b..ddb9afb28 100644 --- a/pkg/dds/storage/storage.go +++ b/pkg/dds/storage/storage.go @@ -84,8 +84,6 @@ func (s *Storage) Connected(endpoint *endpoint.Endpoint, connection EndpointConn RawRuleQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "raw-dds"), ExpectedRules: map[string]*VersionedRule{}, ClientRules: map[string]*ClientStatus{}, - DdsBlockMaxTime: s.Config.Options.DdsBlockMaxTime, - BlockedPushed: make([]Origin, 0), blockedPushedMutex: &sync.RWMutex{}, Generator: s.Generators, } @@ -124,13 +122,13 @@ func (s *Storage) listenConnection(c *Connection) { func (s *Storage) HandleRequest(c *Connection, req *dds.ObserveRequest) { if req.Type == "" { - logger.Sugar().Errorf("Empty request type from %v", c.Endpoint.ID) + logger.Sugar().Errorf("[DDS] Empty request type from %v", c.Endpoint.ID) return } if !TypeSupported(req.Type) { - logger.Sugar().Errorf("Unsupported request type %s from %s", req.Type, c.Endpoint.ID) + logger.Sugar().Errorf("[DDS] Unsupported request type %s from %s", req.Type, c.Endpoint.ID) return } @@ -141,13 +139,13 @@ func (s *Storage) HandleRequest(c *Connection, req *dds.ObserveRequest) { cr := c.ClientRules[req.Type] if cr == nil { - logger.Sugar().Errorf("Unexpected request type %s with nonce %s from %s", req.Type, req.Nonce, c.Endpoint.ID) + logger.Sugar().Errorf("[DDS] Unexpected request type %s with nonce %s from %s", req.Type, req.Nonce, c.Endpoint.ID) return } if cr.PushingStatus == Pushing { if cr.LastPushNonce != req.Nonce { - logger.Sugar().Errorf("Unexpected request nonce %s from %s", req.Nonce, c.Endpoint.ID) + logger.Sugar().Errorf("[DDS] Unexpected request nonce %s from %s", req.Nonce, c.Endpoint.ID) return } @@ -155,21 +153,13 @@ func (s *Storage) HandleRequest(c *Connection, req *dds.ObserveRequest) { cr.ClientVersion = cr.LastPushedVersion cr.PushingStatus = Pushed - cr.StatusChan <- struct{}{} - logger.Sugar().Infof("Client %s pushed %s dds %d success", c.Endpoint.Ips, req.Type, cr.ClientVersion.Revision) - // At this time, we should judge whether there is a blocked request in the blocking queue, - // and if so, it should be sent to the dubbo side - for len(c.BlockedPushed) > 0 { - rule := c.BlockedPushed[0] - c.RawRuleQueue.Add(rule) - c.BlockedPushed = c.BlockedPushed[1:] - } + logger.Sugar().Infof("[DDS] Client %s pushed %s dds %d success", c.Endpoint.Ips, req.Type, cr.ClientVersion.Revision) } return } if _, ok := c.TypeListened[req.Type]; !ok { - logger.Sugar().Infof("Client %s listen %s dds", c.Endpoint.Ips, req.Type) + logger.Sugar().Infof("[DDS] Client %s listen %s dds", c.Endpoint.Ips, req.Type) c.TypeListened[req.Type] = true c.ClientRules[req.Type] = &ClientStatus{ PushingStatus: Pushed, @@ -181,10 +171,7 @@ func (s *Storage) HandleRequest(c *Connection, req *dds.ObserveRequest) { LastPushedTime: 0, LastPushedVersion: nil, LastPushNonce: "", - StatusChan: make(chan struct{}, 1), } - cr := c.ClientRules[req.Type] - cr.StatusChan <- struct{}{} latestRule := s.LatestRules[req.Type] if latestRule != nil { c.RawRuleQueue.Add(latestRule) @@ -207,18 +194,18 @@ func (c *Connection) listenRule() { var ok bool if key, ok = obj.(Origin); !ok { - logger.Sugar().Errorf("expected dds.Origin in workqueue but got %#v", obj) + logger.Sugar().Errorf("[DDS] expected dds.Origin in workqueue but got %#v", obj) return } if err := c.handleRule(key); err != nil { - logger.Sugar().Errorf("error syncing '%s': %s", key, err.Error()) + logger.Sugar().Errorf("[DDS] error syncing '%s': %s", key, err.Error()) return } - logger.Sugar().Infof("Successfully synced '%s'", key) + logger.Sugar().Infof("[DDS] Successfully synced '%s'", key) }(obj) } } @@ -235,30 +222,17 @@ func (c *Connection) handleRule(rawRule Origin) error { cr := c.ClientRules[targetRule.Type] - maxBlockingTime := c.DdsBlockMaxTime - - // can be modified via environment - t := time.NewTimer(maxBlockingTime) - select { - case <-t.C: + // TODO how to improve this one + for cr.PushingStatus == Pushing { cr.PushQueued = true - // dds has been blocked for too long, perhaps because the dubbo side is very busy now, - // and we have not received the ACK of the last push. - // so, instead of pushing now, which may overload dubbo, - // we will wait until the last push is ACK and trigger the push - logger.Sugar().Warnf("QUEUE for node:%s", c.Endpoint.ID) - c.blockedPushedMutex.Lock() - c.BlockedPushed = append(c.BlockedPushed, rawRule) - c.blockedPushedMutex.Unlock() - // then we should return this function - return nil - case <-cr.StatusChan: - cr.PushQueued = false + time.Sleep(1 * time.Second) + logger.Sugar().Infof("[DDS] Client %s %s rule is pushing, wait for 1 second", c.Endpoint.Ips, targetRule.Type) } + cr.PushQueued = false if cr.ClientVersion.Data != nil && (reflect.DeepEqual(cr.ClientVersion.Data, targetRule.Data) || cr.ClientVersion.Revision >= targetRule.Revision) { - logger.Sugar().Infof("Client %s %s dds is up to date", c.Endpoint.Ips, targetRule.Type) + logger.Sugar().Infof("[DDS] Client %s %s dds is up to date", c.Endpoint.Ips, targetRule.Type) return nil } newVersion := atomic.AddInt64(&cr.NonceInc, 1) @@ -269,7 +243,7 @@ func (c *Connection) handleRule(rawRule Origin) error { Data: targetRule.Data, } - logger.Sugar().Infof("Receive new version dds. Client %s %s dds is pushing.", c.Endpoint.Ips, targetRule.Type) + logger.Sugar().Infof("[DDS] Receive new version dds. Client %s %s dds is pushing.", c.Endpoint.Ips, targetRule.Type) return c.EndpointConnection.Send(targetRule, cr, r) } @@ -309,15 +283,9 @@ type Connection struct { TypeListened map[string]bool - RawRuleQueue workqueue.RateLimitingInterface - ExpectedRules map[string]*VersionedRule - ClientRules map[string]*ClientStatus - DdsBlockMaxTime time.Duration - - // blockedPushes is a map of TypeUrl to push request. This is set when we attempt to push to a busy Dubbo - // (last push not ACKed). When we get an ACK from Dubbo, if the type is populated here, we will trigger - // the push. - BlockedPushed []Origin + RawRuleQueue workqueue.RateLimitingInterface + ExpectedRules map[string]*VersionedRule + ClientRules map[string]*ClientStatus blockedPushedMutex *sync.RWMutex } @@ -338,7 +306,6 @@ type ClientStatus struct { sync.RWMutex PushQueued bool PushingStatus PushingStatus - StatusChan chan struct{} NonceInc int64 diff --git a/pkg/dds/storage/storage_test.go b/pkg/dds/storage/storage_test.go index f92b6716d..fa411f3ff 100644 --- a/pkg/dds/storage/storage_test.go +++ b/pkg/dds/storage/storage_test.go @@ -25,6 +25,8 @@ import ( "testing" "time" + "github.com/apache/dubbo-admin/pkg/config/option" + "github.com/apache/dubbo-admin/api/dds" dubboapacheorgv1alpha1 "github.com/apache/dubbo-admin/api/resource/v1alpha1" dubbocp "github.com/apache/dubbo-admin/pkg/config/app/dubbo-cp" @@ -77,7 +79,11 @@ func (f *fakeConnection) Disconnect() { func TestStorage_CloseEOF(t *testing.T) { t.Parallel() - s := storage.NewStorage(&dubbocp.Config{}) + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) fake := &fakeConnection{ recvChan: make(chan recvResult, 1), } @@ -103,7 +109,11 @@ func TestStorage_CloseEOF(t *testing.T) { func TestStorage_CloseErr(t *testing.T) { t.Parallel() - s := storage.NewStorage(&dubbocp.Config{}) + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) fake := &fakeConnection{ recvChan: make(chan recvResult, 1), } @@ -129,7 +139,11 @@ func TestStorage_CloseErr(t *testing.T) { func TestStorage_UnknowType(t *testing.T) { t.Parallel() - s := storage.NewStorage(&dubbocp.Config{}) + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) fake := &fakeConnection{ recvChan: make(chan recvResult, 1), } @@ -173,7 +187,11 @@ func TestStorage_UnknowType(t *testing.T) { func TestStorage_StartNonEmptyNonce(t *testing.T) { t.Parallel() - s := storage.NewStorage(&dubbocp.Config{}) + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) fake := &fakeConnection{ recvChan: make(chan recvResult, 1), } @@ -208,7 +226,11 @@ func TestStorage_StartNonEmptyNonce(t *testing.T) { func TestStorage_Listen(t *testing.T) { t.Parallel() - s := storage.NewStorage(&dubbocp.Config{}) + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) fake := &fakeConnection{ recvChan: make(chan recvResult, 1), } @@ -315,7 +337,11 @@ func TestStorage_PreNotify(t *testing.T) { } return nil }, timeout) - s := storage.NewStorage(&dubbocp.Config{}) + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) handler := crdclient.NewHandler(s, "dubbo-demo", store) err = handler.NotifyWithIndex(c) @@ -437,8 +463,11 @@ func TestStorage_AfterNotify(t *testing.T) { } return nil }, timeout) - s := storage.NewStorage(&dubbocp.Config{}) - + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) handler := crdclient.NewHandler(s, "dubbo-demo", store) fake := &fakeConnection{ @@ -565,8 +594,11 @@ func TestStore_MissNotify(t *testing.T) { t.Fatalf("Create(%v) => got %v", tag.Kind(), err) } - s := storage.NewStorage(&dubbocp.Config{}) - + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) tagHanlder := crdclient.NewHandler(s, "dubbo-demo", store) conditionHandler := crdclient.NewHandler(s, "dubbo-demo", store) @@ -690,8 +722,11 @@ func (e errOrigin) Exact(gen map[string]storage.DdsResourceGenerator, endpoint * func TestStorage_MulitiNotify(t *testing.T) { t.Parallel() - s := storage.NewStorage(&dubbocp.Config{}) - + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) fake := &fakeConnection{ recvChan: make(chan recvResult, 1), } @@ -877,8 +912,11 @@ func TestStorage_ReturnMisNonce(t *testing.T) { t.Fatalf("Create(%v) => got %v", tag.Kind(), err) } - s := storage.NewStorage(&dubbocp.Config{}) - + s := storage.NewStorage(&dubbocp.Config{ + Options: option.Options{ + DdsBlockMaxTime: 15000000000, + }, + }) tagHanlder := crdclient.NewHandler(s, "dubbo-system", store) err = tagHanlder.NotifyWithIndex(collections.DubboNetWorkV1Alpha1TagRoute) if err != nil { diff --git a/pkg/dds/storage/validate_test.go b/pkg/dds/storage/validate_test.go index 061b49497..196b14785 100644 --- a/pkg/dds/storage/validate_test.go +++ b/pkg/dds/storage/validate_test.go @@ -84,14 +84,15 @@ func TestAuthenticationSelect_Empty(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) - assert.Equal(t, 1, len(authentication.PortLevel)) - assert.Equal(t, "DENY", authentication.PortLevel[0].Action) + assert.Equal(t, "name/ns", authentication.Key) + assert.Equal(t, "ALLOW", authentication.Spec.Action) + assert.Equal(t, 1, len(authentication.Spec.PortLevel)) + assert.Equal(t, "DENY", authentication.Spec.PortLevel[0].Action) } } } @@ -147,12 +148,13 @@ func TestAuthenticationSelect_NoSelector(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "name/ns", authentication.Key) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } } @@ -213,12 +215,12 @@ func TestAuthenticationSelect_Namespace(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } @@ -286,12 +288,12 @@ func TestAuthenticationSelect_EndpointNil(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } } @@ -352,7 +354,7 @@ func TestAuthenticationSelect_NotNamespace(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -375,12 +377,12 @@ func TestAuthenticationSelect_NotNamespace(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } } @@ -439,7 +441,7 @@ func TestAuthenticationSelect_IpBlocks_ErrFmt(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -461,7 +463,7 @@ func TestAuthenticationSelect_IpBlocks_ErrFmt(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -524,12 +526,12 @@ func TestAuthenticationSelect_IpBlocks(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } @@ -547,7 +549,7 @@ func TestAuthenticationSelect_IpBlocks(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -611,12 +613,12 @@ func TestAuthenticationSelect_NotIpBlocks_ErrFmt(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } @@ -634,12 +636,12 @@ func TestAuthenticationSelect_NotIpBlocks_ErrFmt(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } } @@ -698,7 +700,7 @@ func TestAuthenticationSelect_Principals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -721,12 +723,12 @@ func TestAuthenticationSelect_Principals(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } @@ -742,12 +744,12 @@ func TestAuthenticationSelect_Principals(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } } @@ -806,12 +808,12 @@ func TestAuthenticationSelect_NotPrincipals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } @@ -829,7 +831,7 @@ func TestAuthenticationSelect_NotPrincipals(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -850,7 +852,7 @@ func TestAuthenticationSelect_NotPrincipals(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -921,12 +923,12 @@ func TestAuthenticationSelect_Extends(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } @@ -944,7 +946,7 @@ func TestAuthenticationSelect_Extends(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -965,7 +967,7 @@ func TestAuthenticationSelect_Extends(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -1036,7 +1038,7 @@ func TestAuthenticationSelect_NotExtends(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) @@ -1061,12 +1063,12 @@ func TestAuthenticationSelect_NotExtends(t *testing.T) { for _, anyMessage := range data1 { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthenticationTypeUrl { - authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicy{} + authentication := &dubbo_apache_org_v1alpha1.AuthenticationPolicyToClient{} err := proto.Unmarshal(valBytes, authentication) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authentication.Action) + assert.Equal(t, "ALLOW", authentication.Spec.Action) } } } @@ -1119,12 +1121,12 @@ func TestAuthorization_Empty(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } } @@ -1185,12 +1187,12 @@ func TestAuthorization_Namespace(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1211,7 +1213,7 @@ func TestAuthorization_Namespace(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1235,7 +1237,7 @@ func TestAuthorization_Namespace(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1307,12 +1309,12 @@ func TestAuthorization_NotNamespace(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1333,7 +1335,7 @@ func TestAuthorization_NotNamespace(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1357,12 +1359,12 @@ func TestAuthorization_NotNamespace(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } } @@ -1427,12 +1429,12 @@ func TestAuthorization_IPBlocks(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1451,7 +1453,7 @@ func TestAuthorization_IPBlocks(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1475,7 +1477,7 @@ func TestAuthorization_IPBlocks(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1497,7 +1499,7 @@ func TestAuthorization_IPBlocks(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1567,7 +1569,7 @@ func TestAuthorization_ErrFmt(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1591,7 +1593,7 @@ func TestAuthorization_ErrFmt(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1613,7 +1615,7 @@ func TestAuthorization_ErrFmt(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1683,12 +1685,12 @@ func TestAuthorization_NotIPBlocks(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1707,12 +1709,12 @@ func TestAuthorization_NotIPBlocks(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1731,7 +1733,7 @@ func TestAuthorization_NotIPBlocks(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1801,12 +1803,12 @@ func TestAuthorization_NotIPBlocks_ErrFmt(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1825,12 +1827,12 @@ func TestAuthorization_NotIPBlocks_ErrFmt(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1847,12 +1849,12 @@ func TestAuthorization_NotIPBlocks_ErrFmt(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } } @@ -1917,12 +1919,12 @@ func TestAuthorization_Principals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1941,12 +1943,12 @@ func TestAuthorization_Principals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -1965,7 +1967,7 @@ func TestAuthorization_Principals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -1987,7 +1989,7 @@ func TestAuthorization_Principals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -2057,12 +2059,12 @@ func TestAuthorization_NotPrincipals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -2081,12 +2083,12 @@ func TestAuthorization_NotPrincipals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -2105,7 +2107,7 @@ func TestAuthorization_NotPrincipals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -2129,7 +2131,7 @@ func TestAuthorization_NotPrincipals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -2151,12 +2153,12 @@ func TestAuthorization_NotPrincipals(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } } @@ -2228,12 +2230,12 @@ func TestAuthorization_Extends(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -2254,7 +2256,7 @@ func TestAuthorization_Extends(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -2276,7 +2278,7 @@ func TestAuthorization_Extends(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -2353,12 +2355,12 @@ func TestAuthorization_NotExtends(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } @@ -2379,7 +2381,7 @@ func TestAuthorization_NotExtends(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) @@ -2401,12 +2403,12 @@ func TestAuthorization_NotExtends(t *testing.T) { for _, anyMessage := range data { valBytes := anyMessage.Value if anyMessage.TypeUrl == model.AuthorizationTypeUrl { - authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicy{} + authorization := &dubbo_apache_org_v1alpha1.AuthorizationPolicyToClient{} err := proto.Unmarshal(valBytes, authorization) if err != nil { t.Fatal(err) } - assert.Equal(t, "ALLOW", authorization.Action) + assert.Equal(t, "ALLOW", authorization.Spec.Action) } } } diff --git a/pkg/snp/server/servicemapping.go b/pkg/snp/server/servicemapping.go index 8910a86fa..65afd6823 100644 --- a/pkg/snp/server/servicemapping.go +++ b/pkg/snp/server/servicemapping.go @@ -24,6 +24,10 @@ import ( "time" "github.com/apache/dubbo-admin/api/mesh" + cert "github.com/apache/dubbo-admin/pkg/core/cert/provider" + endpoint2 "github.com/apache/dubbo-admin/pkg/core/tools/endpoint" + "google.golang.org/grpc/peer" + api "github.com/apache/dubbo-admin/api/resource/v1alpha1" dubbo_cp "github.com/apache/dubbo-admin/pkg/config/app/dubbo-cp" apisv1alpha1 "github.com/apache/dubbo-admin/pkg/core/gen/apis/dubbo.apache.org/v1alpha1" @@ -42,8 +46,11 @@ type RegisterRequest struct { type Snp struct { mesh.UnimplementedServiceNameMappingServiceServer - queue chan *RegisterRequest - config *dubbo_cp.Config + queue chan *RegisterRequest + config *dubbo_cp.Config + CertClient cert.Client + CertStorage *cert.CertStorage + KubeClient versioned.Interface } @@ -61,6 +68,16 @@ func (s *Snp) RegisterServiceAppMapping(ctx context.Context, req *mesh.ServiceMa interfaces := req.GetInterfaceNames() applicationName := req.GetApplicationName() + p, _ := peer.FromContext(ctx) + _, err := endpoint2.ExactEndpoint(ctx, s.CertStorage, s.config, s.CertClient) + if err != nil { + logger.Sugar().Warnf("[ServiceMapping] Failed to exact endpoint from context: %v. RemoteAddr: %s", err, p.Addr.String()) + return &mesh.ServiceMappingResponse{ + Success: false, + Message: err.Error(), + }, nil + } + registerReq := &RegisterRequest{ConfigsUpdated: map[model.ConfigKey]map[string]struct{}{}} for _, interfaceName := range interfaces { key := model.ConfigKey{ @@ -74,7 +91,10 @@ func (s *Snp) RegisterServiceAppMapping(ctx context.Context, req *mesh.ServiceMa } s.queue <- registerReq - return &mesh.ServiceMappingResponse{}, nil + return &mesh.ServiceMappingResponse{ + Success: true, + Message: "success", + }, nil } func NewSnp(config *dubbo_cp.Config, kubeClient versioned.Interface) *Snp { @@ -108,7 +128,7 @@ func (s *Snp) push(req *RegisterRequest) { } for i := 0; i < 3; i++ { if err := tryRegister(s.KubeClient, key.Namespace, key.Name, appNames); err != nil { - logger.Errorf(" register [%v] failed: %v, try again later", key, err) + logger.Errorf("[ServiceMapping] register [%v] failed: %v, try again later", key, err) } else { break } @@ -143,7 +163,7 @@ func (s *Snp) debounce(stopCh <-chan struct{}, pushFn func(req *RegisterRequest) pushCounter++ if req.ConfigsUpdated != nil { - logger.Infof(" Push debounce stable[%d] %d for config %s: %v since last change, %v since last push", + logger.Infof("[ServiceMapping] Push debounce stable[%d] %d for config %s: %v since last change, %v since last push", pushCounter, debouncedEvents, configsUpdated(req), quietTime, eventDelay) } @@ -226,10 +246,10 @@ func getOrCreateSnp(kubeClient versioned.Interface, namespace string, interfaceN } func tryRegister(kubeClient versioned.Interface, namespace, interfaceName string, newApps []string) error { - logger.Debugf("try register [%s] in namespace [%s] with [%v] apps", interfaceName, namespace, len(newApps)) + logger.Debugf("[ServiceMapping] try register [%s] in namespace [%s] with [%v] apps", interfaceName, namespace, len(newApps)) snp, created, err := getOrCreateSnp(kubeClient, namespace, interfaceName, newApps) if created { - logger.Debugf("register success, revision:%s", snp.ResourceVersion) + logger.Debugf("[ServiceMapping] register success, revision:%s", snp.ResourceVersion) return nil } if err != nil { @@ -245,7 +265,7 @@ func tryRegister(kubeClient versioned.Interface, namespace, interfaceName string previousAppNames[newApp] = struct{}{} } if len(previousAppNames) == previousLen { - logger.Debugf("[%s] has been registered: %v", interfaceName, newApps) + logger.Debugf("[ServiceMapping] [%s] has been registered: %v", interfaceName, newApps) return nil } @@ -259,7 +279,7 @@ func tryRegister(kubeClient versioned.Interface, namespace, interfaceName string if err != nil { return errors.Wrap(err, " update failed") } - logger.Debugf("register update success, revision:%s", snp.ResourceVersion) + logger.Debugf("[ServiceMapping] register update success, revision:%s", snp.ResourceVersion) return nil } diff --git a/pkg/snp/setup.go b/pkg/snp/setup.go index 592c31e5a..47bb3b9b5 100644 --- a/pkg/snp/setup.go +++ b/pkg/snp/setup.go @@ -29,6 +29,8 @@ func Setup(rt core_runtime.Runtime) error { return nil } snp := server.NewSnp(rt.Config(), rt.KubeClient().DubboClientSet()) + snp.CertStorage = rt.CertStorage() + snp.CertClient = rt.CertClient() mesh.RegisterServiceNameMappingServiceServer(rt.GrpcServer().SecureServer, snp) mesh.RegisterServiceNameMappingServiceServer(rt.GrpcServer().PlainServer, snp) if err := rt.Add(snp); err != nil { diff --git a/test/testclient/ddsc.go b/test/testclient/ddsc.go new file mode 100644 index 000000000..0bc56a08f --- /dev/null +++ b/test/testclient/ddsc.go @@ -0,0 +1,411 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more + * contributor license agreements. See the NOTICE file distributed with + * this work for additional information regarding copyright ownership. + * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use this file except in compliance with + * the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package main + +import ( + "context" + "fmt" + "net" + "sync" + "time" + + "github.com/apache/dubbo-admin/api/mesh" + gvks "github.com/apache/dubbo-admin/pkg/core/schema/gvk" + + "github.com/apache/dubbo-admin/api/dds" + api "github.com/apache/dubbo-admin/api/resource/v1alpha1" + "github.com/apache/dubbo-admin/pkg/core/logger" + "github.com/cenkalti/backoff" + "github.com/gogo/protobuf/proto" + "google.golang.org/grpc" +) + +var ( + // use plain server to test + grpcAddr = "127.0.0.1:30060" + grpcUpstreamAddr = grpcAddr +) + +type Config struct { + // InitialDiscoveryRequests is a list of resources to watch at first, represented as URLs (for new DDS resource naming) + // or type URLs. + InitialDiscoveryRequest []*dds.ObserveRequest + // BackoffPolicy determines the reconnect policy. Based on ddsclient. + BackoffPolicy backoff.BackOff + GrpcOpts []grpc.DialOption + + Namespace string + + // It is sent by ddsclient, must match a known endpoint IP. + IP string +} + +// DDSC implements a basic ddsclient for DDS, for use in stress tests and tools +// or libraries that need to connect to Dubbo admin or other DDS servers. +// Currently only for testing! +type DDSC struct { + // Stream is the GRPC connection stream, allowing direct GRPC send operations. + // Set after Dial is called. + stream dds.RuleService_ObserveClient + // dds ddsclient used to create a stream + ddsclient dds.RuleServiceClient + snpclient mesh.ServiceNameMappingServiceClient + conn *grpc.ClientConn + + // Indicates if the DDSC ddsclient is closed + closed bool + + // NodeID is the node identity sent to Admin + nodeID string + + url string + + authentication []*api.AuthenticationPolicyToClient + authorization []*api.AuthorizationPolicyToClient + conditionRoute []*api.ConditionRouteToClient + tagRoute []*api.TagRouteToClient + dynamicConfig []*api.DynamicConfigToClient + serviceMapping []*api.ServiceNameMappingToClient + + // Last received message, by type + Received map[string]*dds.ObserveResponse + + mutex sync.RWMutex + + // RecvWg is for letting goroutines know when the goroutine handling the DDS stream finishes. + RecvWg sync.WaitGroup + + cfg *Config +} + +func New(discoveryAddr string, opts *Config) (*DDSC, error) { + if opts == nil { + opts = &Config{} + } + // We want to recreate stream + if opts.BackoffPolicy == nil { + opts.BackoffPolicy = backoff.NewExponentialBackOff() + } + ddsc := &DDSC{ + url: discoveryAddr, + cfg: opts, + Received: map[string]*dds.ObserveResponse{}, + RecvWg: sync.WaitGroup{}, + } + + if opts.IP == "" { + opts.IP = getPrivateIPIfAvailable().String() + } + + ddsc.nodeID = fmt.Sprintf("%s~%s", opts.IP, opts.Namespace) + + if err := ddsc.Dial(); err != nil { + return nil, err + } + return ddsc, nil +} + +// Dial connects to a dds server +// nolint +func (a *DDSC) Dial() error { + opts := a.cfg + var err error + grpcDialOptions := opts.GrpcOpts + if len(grpcDialOptions) == 0 { + // Only disable transport security if the user didn't supply custom dial options + grpcDialOptions = append(grpcDialOptions, grpc.WithInsecure()) + } + + a.conn, err = grpc.Dial(a.url, grpcDialOptions...) + if err != nil { + return err + } + return nil +} + +func getPrivateIPIfAvailable() net.IP { + addrs, _ := net.InterfaceAddrs() + for _, addr := range addrs { + var ip net.IP + switch v := addr.(type) { + case *net.IPNet: + ip = v.IP + case *net.IPAddr: + ip = v.IP + default: + continue + } + if !ip.IsLoopback() { + return ip + } + } + return net.IPv4zero +} + +// reconnect will create a new stream +func (a *DDSC) reconnect() { + a.mutex.RLock() + if a.closed { + a.mutex.RUnlock() + return + } + a.mutex.RUnlock() + + err := a.Run() + if err == nil { + a.cfg.BackoffPolicy.Reset() + } else { + time.AfterFunc(a.cfg.BackoffPolicy.NextBackOff(), a.reconnect) + } +} + +func (a *DDSC) Run() error { + var err error + a.ddsclient = dds.NewRuleServiceClient(a.conn) + a.snpclient = mesh.NewServiceNameMappingServiceClient(a.conn) + a.stream, err = a.ddsclient.Observe(context.Background()) + if err != nil { + return err + } + // Send the snp message + a.sendSnp() + // Send the initial requests + for _, r := range a.cfg.InitialDiscoveryRequest { + err := a.Send(r) + if err != nil { + return err + } + } + // by default, we assume 1 goroutine decrements the waitgroup (go a.handleRecv()). + // for synchronizing when the goroutine finishes reading from the gRPC stream. + a.RecvWg.Add(1) + go a.handleRecv() + return nil +} + +func (a *DDSC) sendSnp() { + res, err := a.snpclient.RegisterServiceAppMapping(context.Background(), &mesh.ServiceMappingRequest{ + Namespace: "dubbo-system", + ApplicationName: "test-app", + InterfaceNames: []string{ + "test-interface1", + "test-interface2", + }, + }) + if err != nil || !res.Success { + a.sendSnp() + } +} + +// Send Raw send of request +func (a *DDSC) Send(req *dds.ObserveRequest) error { + return a.stream.Send(req) +} + +func (a *DDSC) handleRecv() { + for { + var err error + msg, err := a.stream.Recv() + if err != nil { + a.RecvWg.Done() + logger.Sugar().Infof("Connection closed for node %v with err: %v", a.nodeID, err) + // if 'reconnect' enabled - schedule a new Run + if a.cfg.BackoffPolicy != nil { + time.AfterFunc(a.cfg.BackoffPolicy.NextBackOff(), a.reconnect) + } else { + a.Close() + } + return + } + logger.Sugar().Info("Received ", a.url, " type ", msg.Type, + "nonce= ", msg.Nonce) + + // Process the resources + var authentication []*api.AuthenticationPolicyToClient + var authorization []*api.AuthorizationPolicyToClient + var serviceMapping []*api.ServiceNameMappingToClient + var conditionRoute []*api.ConditionRouteToClient + var tagRoute []*api.TagRouteToClient + var dynamicConfig []*api.DynamicConfigToClient + switch msg.Type { + case gvks.Authentication: + for _, d := range msg.Data { + valBytes := d.Value + auth := &api.AuthenticationPolicyToClient{} + err := proto.Unmarshal(valBytes, auth) + if err != nil { + return + } + authentication = append(authentication, auth) + a.handleAuthentication(authentication) + } + case gvks.Authorization: + for _, d := range msg.Data { + valBytes := d.Value + auth := &api.AuthorizationPolicyToClient{} + err := proto.Unmarshal(valBytes, auth) + if err != nil { + return + } + authorization = append(authorization, auth) + a.handleAuthorization(authorization) + } + case gvks.ServiceMapping: + for _, d := range msg.Data { + valBytes := d.Value + auth := &api.ServiceNameMappingToClient{} + err := proto.Unmarshal(valBytes, auth) + if err != nil { + return + } + serviceMapping = append(serviceMapping, auth) + a.handleServiceNameMapping(serviceMapping) + } + case gvks.ConditionRoute: + for _, d := range msg.Data { + valBytes := d.Value + auth := &api.ConditionRouteToClient{} + err := proto.Unmarshal(valBytes, auth) + if err != nil { + return + } + conditionRoute = append(conditionRoute, auth) + a.handleConditionRoute(conditionRoute) + } + case gvks.DynamicConfig: + for _, d := range msg.Data { + valBytes := d.Value + auth := &api.DynamicConfigToClient{} + err := proto.Unmarshal(valBytes, auth) + if err != nil { + return + } + dynamicConfig = append(dynamicConfig, auth) + a.handleDynamicConfig(dynamicConfig) + } + case gvks.TagRoute: + for _, d := range msg.Data { + valBytes := d.Value + auth := &api.TagRouteToClient{} + err := proto.Unmarshal(valBytes, auth) + if err != nil { + return + } + tagRoute = append(tagRoute, auth) + a.handleTagRoute(tagRoute) + } + } + + a.mutex.Lock() + a.Received[msg.Type] = msg + err = a.ack(msg) + if err != nil { + return + } + a.mutex.Unlock() + } +} + +func (a *DDSC) ack(msg *dds.ObserveResponse) error { + return a.stream.Send(&dds.ObserveRequest{ + Nonce: msg.Nonce, + Type: msg.Type, + }) +} + +// Close the stream +func (a *DDSC) Close() { + a.mutex.Lock() + err := a.conn.Close() + if err != nil { + return + } + a.closed = true + a.mutex.Unlock() +} + +func (a *DDSC) handleAuthentication(ll []*api.AuthenticationPolicyToClient) { + a.authentication = ll + logger.Sugar().Info(ll) +} + +func (a *DDSC) handleAuthorization(ll []*api.AuthorizationPolicyToClient) { + a.authorization = ll + logger.Sugar().Info(ll) +} + +func (a *DDSC) handleServiceNameMapping(ll []*api.ServiceNameMappingToClient) { + a.serviceMapping = ll + logger.Sugar().Info(ll) +} + +func (a *DDSC) handleConditionRoute(ll []*api.ConditionRouteToClient) { + a.conditionRoute = ll + logger.Sugar().Info(ll) +} + +func (a *DDSC) handleTagRoute(ll []*api.TagRouteToClient) { + a.tagRoute = ll + logger.Sugar().Info(ll) +} + +func (a *DDSC) handleDynamicConfig(ll []*api.DynamicConfigToClient) { + a.dynamicConfig = ll + logger.Sugar().Info(ll) +} + +func main() { + initialWatch := []*dds.ObserveRequest{ + { + Nonce: "", + Type: gvks.Authorization, + }, + { + Nonce: "", + Type: gvks.Authentication, + }, + { + Nonce: "", + Type: gvks.DynamicConfig, + }, + { + Nonce: "", + Type: gvks.TagRoute, + }, + { + Nonce: "", + Type: gvks.ConditionRoute, + }, + { + Nonce: "", + Type: gvks.ServiceMapping, + }, + } + ddscConn, err := New(grpcUpstreamAddr, &Config{ + InitialDiscoveryRequest: initialWatch, + Namespace: "dubbo-system", + }) + if err != nil { + panic(err) + } + err = ddscConn.Run() + if err != nil { + panic("DDSC: failed running") + } + ddscConn.RecvWg.Wait() +} diff --git a/test/testclient/test.yml b/test/testclient/test.yml new file mode 100644 index 000000000..cc88d3ae7 --- /dev/null +++ b/test/testclient/test.yml @@ -0,0 +1,64 @@ +# Licensed to the Apache Software Foundation (ASF) under one or more +# contributor license agreements. See the NOTICE file distributed with +# this work for additional information regarding copyright ownership. +# The ASF licenses this file to You under the Apache License, Version 2.0 +# (the "License"); you may not use this file except in compliance with +# the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +# It is only for test + +admin: + admin-port: 38080 + config-center: nacos://127.0.0.1:8848 + metadata-report: + address: nacos://127.0.0.1:8848 + registry: + address: nacos://127.0.0.1:8848 + prometheus: + ip: 127.0.0.1 + port: 9090 + monitor-port: 22222 +# mysql-dsn: root:password@tcp(127.0.0.1:3306)/dubbo-admin?charset=utf8&parseTime=true +security: + ca-validity: 2592000000 #30 * 24 * 60 * 60 * 1000ms + cert-validity: 3600000 #1 * 60 * 60 * 1000ms + enable-oidc-check: true + webhook-port: 30080 + webhook-allow-on-err: true + # we trust anyone when test + is-trust-anyone: true +kube-config: + namespace: dubbo-system + service-name: dubbo-cp + in-pod-env: false + rest-config-qps: 50 + rest-config-burst: 100 + kube-file-config: "" + domain-suffix: cluster.local +grpc-cp-server: + plain-server-port: 30060 + secure-server-port: 30062 + debug-port: 30070 +options: + debounce-after: 100000000 + debounce-max: 10000000000 + enable-debounce: true + send-timeout: 5000000000 + dds-block-max-time: 15000000000 +dubbo: + registries: + demoZK: + protocol: zookeeper + address: 127.0.0.1:2181 + protocols: + triple: + name: tri + port: 20000 \ No newline at end of file