proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
syntax = "proto3";
|
|
|
|
|
2022-07-13 16:03:27 +00:00
|
|
|
package hashicorp.consul.internal.configentry;
|
2022-07-11 18:44:51 +00:00
|
|
|
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
import "google/protobuf/duration.proto";
|
2022-07-01 15:15:49 +00:00
|
|
|
import "google/protobuf/timestamp.proto";
|
2022-07-11 18:44:51 +00:00
|
|
|
import "proto/pbcommon/common.proto";
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
|
|
|
|
enum Kind {
|
|
|
|
KindUnknown = 0;
|
|
|
|
KindMeshConfig = 1;
|
|
|
|
KindServiceResolver = 2;
|
|
|
|
KindIngressGateway = 3;
|
2022-07-01 15:15:49 +00:00
|
|
|
KindServiceIntentions = 4;
|
2022-10-24 18:51:05 +00:00
|
|
|
KindServiceDefaults = 5;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
message ConfigEntry {
|
|
|
|
Kind Kind = 1;
|
|
|
|
string Name = 2;
|
|
|
|
|
|
|
|
common.EnterpriseMeta EnterpriseMeta = 3;
|
|
|
|
common.RaftIndex RaftIndex = 4;
|
|
|
|
|
|
|
|
oneof Entry {
|
|
|
|
MeshConfig MeshConfig = 5;
|
|
|
|
ServiceResolver ServiceResolver = 6;
|
|
|
|
IngressGateway IngressGateway = 7;
|
2022-07-01 15:15:49 +00:00
|
|
|
ServiceIntentions ServiceIntentions = 8;
|
2022-10-24 18:51:05 +00:00
|
|
|
ServiceDefaults ServiceDefaults = 9;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.MeshConfigEntry
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
// ignore-fields=RaftIndex,EnterpriseMeta
|
|
|
|
message MeshConfig {
|
|
|
|
TransparentProxyMeshConfig TransparentProxy = 1;
|
|
|
|
MeshTLSConfig TLS = 2;
|
|
|
|
MeshHTTPConfig HTTP = 3;
|
|
|
|
map<string, string> Meta = 4;
|
2022-09-02 20:52:11 +00:00
|
|
|
PeeringMeshConfig Peering = 5;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.TransparentProxyMeshConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message TransparentProxyMeshConfig {
|
|
|
|
bool MeshDestinationsOnly = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.MeshTLSConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message MeshTLSConfig {
|
|
|
|
MeshDirectionalTLSConfig Incoming = 1;
|
|
|
|
MeshDirectionalTLSConfig Outgoing = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.MeshDirectionalTLSConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message MeshDirectionalTLSConfig {
|
|
|
|
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
|
|
|
|
string TLSMinVersion = 1;
|
|
|
|
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
|
|
|
|
string TLSMaxVersion = 2;
|
|
|
|
// mog: func-from=cipherSuitesFromStructs func-to=cipherSuitesToStructs
|
|
|
|
repeated string CipherSuites = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.MeshHTTPConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message MeshHTTPConfig {
|
|
|
|
bool SanitizeXForwardedClientCert = 1;
|
|
|
|
}
|
|
|
|
|
2022-09-02 20:52:11 +00:00
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.PeeringMeshConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message PeeringMeshConfig {
|
|
|
|
bool PeerThroughMeshGateways = 1;
|
|
|
|
}
|
|
|
|
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverConfigEntry
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
|
|
|
|
message ServiceResolver {
|
|
|
|
string DefaultSubset = 1;
|
|
|
|
map<string, ServiceResolverSubset> Subsets = 2;
|
|
|
|
ServiceResolverRedirect Redirect = 3;
|
|
|
|
map<string, ServiceResolverFailover> Failover = 4;
|
|
|
|
// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
|
|
|
|
google.protobuf.Duration ConnectTimeout = 5;
|
|
|
|
LoadBalancer LoadBalancer = 6;
|
|
|
|
map<string, string> Meta = 7;
|
2023-03-07 21:27:06 +00:00
|
|
|
// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
|
|
|
|
google.protobuf.Duration RequestTimeout = 8;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverSubset
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message ServiceResolverSubset {
|
|
|
|
string Filter = 1;
|
|
|
|
bool OnlyPassing = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverRedirect
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message ServiceResolverRedirect {
|
|
|
|
string Service = 1;
|
|
|
|
string ServiceSubset = 2;
|
|
|
|
string Namespace = 3;
|
|
|
|
string Partition = 4;
|
|
|
|
string Datacenter = 5;
|
2022-08-29 13:51:32 +00:00
|
|
|
string Peer = 6;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverFailover
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message ServiceResolverFailover {
|
|
|
|
string Service = 1;
|
|
|
|
string ServiceSubset = 2;
|
|
|
|
string Namespace = 3;
|
|
|
|
repeated string Datacenters = 4;
|
2022-08-15 13:20:25 +00:00
|
|
|
repeated ServiceResolverFailoverTarget Targets = 5;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ServiceResolverFailoverTarget
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message ServiceResolverFailoverTarget {
|
|
|
|
string Service = 1;
|
|
|
|
string ServiceSubset = 2;
|
|
|
|
string Partition = 3;
|
|
|
|
string Namespace = 4;
|
|
|
|
string Datacenter = 5;
|
|
|
|
string Peer = 6;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.LoadBalancer
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message LoadBalancer {
|
|
|
|
string Policy = 1;
|
|
|
|
RingHashConfig RingHashConfig = 2;
|
|
|
|
LeastRequestConfig LeastRequestConfig = 3;
|
|
|
|
repeated HashPolicy HashPolicies = 4;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.RingHashConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message RingHashConfig {
|
|
|
|
uint64 MinimumRingSize = 1;
|
|
|
|
uint64 MaximumRingSize = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.LeastRequestConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message LeastRequestConfig {
|
|
|
|
uint32 ChoiceCount = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.HashPolicy
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message HashPolicy {
|
|
|
|
string Field = 1;
|
|
|
|
string FieldValue = 2;
|
|
|
|
CookieConfig CookieConfig = 3;
|
|
|
|
bool SourceIP = 4;
|
|
|
|
bool Terminal = 5;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.CookieConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message CookieConfig {
|
|
|
|
bool Session = 1;
|
|
|
|
// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
|
|
|
|
google.protobuf.Duration TTL = 2;
|
|
|
|
string Path = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.IngressGatewayConfigEntry
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
|
|
|
|
message IngressGateway {
|
|
|
|
GatewayTLSConfig TLS = 1;
|
|
|
|
repeated IngressListener Listeners = 2;
|
|
|
|
map<string, string> Meta = 3;
|
2022-09-28 18:56:46 +00:00
|
|
|
IngressServiceConfig Defaults = 4;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.IngressServiceConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message IngressServiceConfig {
|
|
|
|
uint32 MaxConnections = 1;
|
|
|
|
uint32 MaxPendingRequests = 2;
|
|
|
|
uint32 MaxConcurrentRequests = 3;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.GatewayTLSConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message GatewayTLSConfig {
|
|
|
|
bool Enabled = 1;
|
|
|
|
GatewayTLSSDSConfig SDS = 2;
|
|
|
|
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
|
|
|
|
string TLSMinVersion = 3;
|
|
|
|
// mog: func-from=tlsVersionFromStructs func-to=tlsVersionToStructs
|
|
|
|
string TLSMaxVersion = 4;
|
|
|
|
// mog: func-from=cipherSuitesFromStructs func-to=cipherSuitesToStructs
|
|
|
|
repeated string CipherSuites = 5;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.GatewayTLSSDSConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message GatewayTLSSDSConfig {
|
|
|
|
string ClusterName = 1;
|
|
|
|
string CertResource = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.IngressListener
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message IngressListener {
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 Port = 1;
|
|
|
|
string Protocol = 2;
|
|
|
|
repeated IngressService Services = 3;
|
2022-07-11 18:44:51 +00:00
|
|
|
GatewayTLSConfig TLS = 4;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.IngressService
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message IngressService {
|
|
|
|
string Name = 1;
|
|
|
|
repeated string Hosts = 2;
|
|
|
|
GatewayServiceTLSConfig TLS = 3;
|
|
|
|
HTTPHeaderModifiers RequestHeaders = 4;
|
|
|
|
HTTPHeaderModifiers ResponseHeaders = 5;
|
|
|
|
map<string, string> Meta = 6;
|
|
|
|
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
|
|
|
|
common.EnterpriseMeta EnterpriseMeta = 7;
|
2022-09-28 18:56:46 +00:00
|
|
|
uint32 MaxConnections = 8;
|
|
|
|
uint32 MaxPendingRequests = 9;
|
|
|
|
uint32 MaxConcurrentRequests = 10;
|
proxycfg: server-local config entry data sources
This is the OSS portion of enterprise PR 2056.
This commit provides server-local implementations of the proxycfg.ConfigEntry
and proxycfg.ConfigEntryList interfaces, that source data from streaming events.
It makes use of the LocalMaterializer type introduced for peering replication,
adding the necessary support for authorization.
It also adds support for "wildcard" subscriptions (within a topic) to the event
publisher, as this is needed to fetch service-resolvers for all services when
configuring mesh gateways.
Currently, events will be emitted for just the ingress-gateway, service-resolver,
and mesh config entry types, as these are the only entries required by proxycfg
— the events will be emitted on topics named IngressGateway, ServiceResolver,
and MeshConfig topics respectively.
Though these events will only be consumed "locally" for now, they can also be
consumed via the gRPC endpoint (confirmed using grpcurl) so using them from
client agents should be a case of swapping the LocalMaterializer for an
RPCMaterializer.
2022-07-01 15:09:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.GatewayServiceTLSConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message GatewayServiceTLSConfig {
|
|
|
|
GatewayTLSSDSConfig SDS = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.HTTPHeaderModifiers
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message HTTPHeaderModifiers {
|
|
|
|
map<string, string> Add = 1;
|
|
|
|
map<string, string> Set = 2;
|
|
|
|
repeated string Remove = 3;
|
|
|
|
}
|
2022-07-01 15:15:49 +00:00
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ServiceIntentionsConfigEntry
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
|
|
|
|
message ServiceIntentions {
|
|
|
|
repeated SourceIntention Sources = 1;
|
|
|
|
map<string, string> Meta = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.SourceIntention
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message SourceIntention {
|
|
|
|
string Name = 1;
|
|
|
|
// mog: func-to=intentionActionToStructs func-from=intentionActionFromStructs
|
|
|
|
IntentionAction Action = 2;
|
|
|
|
repeated IntentionPermission Permissions = 3;
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 Precedence = 4;
|
|
|
|
string LegacyID = 5;
|
|
|
|
// mog: func-to=intentionSourceTypeToStructs func-from=intentionSourceTypeFromStructs
|
|
|
|
IntentionSourceType Type = 6;
|
|
|
|
string Description = 7;
|
|
|
|
map<string, string> LegacyMeta = 8;
|
|
|
|
// mog: func-to=timeToStructs func-from=timeFromStructs
|
|
|
|
google.protobuf.Timestamp LegacyCreateTime = 9;
|
|
|
|
// mog: func-to=timeToStructs func-from=timeFromStructs
|
|
|
|
google.protobuf.Timestamp LegacyUpdateTime = 10;
|
|
|
|
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
|
|
|
|
common.EnterpriseMeta EnterpriseMeta = 11;
|
|
|
|
string Peer = 12;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum IntentionAction {
|
|
|
|
Deny = 0;
|
|
|
|
Allow = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum IntentionSourceType {
|
|
|
|
Consul = 0;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.IntentionPermission
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message IntentionPermission {
|
|
|
|
// mog: func-to=intentionActionToStructs func-from=intentionActionFromStructs
|
|
|
|
IntentionAction Action = 1;
|
|
|
|
IntentionHTTPPermission HTTP = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.IntentionHTTPPermission
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message IntentionHTTPPermission {
|
|
|
|
string PathExact = 1;
|
|
|
|
string PathPrefix = 2;
|
|
|
|
string PathRegex = 3;
|
|
|
|
repeated IntentionHTTPHeaderPermission Header = 4;
|
|
|
|
repeated string Methods = 5;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.IntentionHTTPHeaderPermission
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message IntentionHTTPHeaderPermission {
|
|
|
|
string Name = 1;
|
|
|
|
bool Present = 2;
|
|
|
|
string Exact = 3;
|
|
|
|
string Prefix = 4;
|
|
|
|
string Suffix = 5;
|
|
|
|
string Regex = 6;
|
|
|
|
bool Invert = 7;
|
|
|
|
}
|
2022-10-24 18:51:05 +00:00
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ServiceConfigEntry
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
// ignore-fields=Kind,Name,RaftIndex,EnterpriseMeta
|
|
|
|
message ServiceDefaults {
|
|
|
|
string Protocol = 1;
|
|
|
|
// mog: func-to=proxyModeToStructs func-from=proxyModeFromStructs
|
|
|
|
ProxyMode Mode = 2;
|
|
|
|
TransparentProxyConfig TransparentProxy = 3;
|
|
|
|
MeshGatewayConfig MeshGateway = 4;
|
|
|
|
ExposeConfig Expose = 5;
|
|
|
|
string ExternalSNI = 6;
|
|
|
|
UpstreamConfiguration UpstreamConfig = 7;
|
|
|
|
DestinationConfig Destination = 8;
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 MaxInboundConnections = 9;
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 LocalConnectTimeoutMs = 10;
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 LocalRequestTimeoutMs = 11;
|
|
|
|
string BalanceInboundConnections = 12;
|
|
|
|
map<string, string> Meta = 13;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum ProxyMode {
|
|
|
|
ProxyModeDefault = 0;
|
|
|
|
ProxyModeTransparent = 1;
|
|
|
|
ProxyModeDirect = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.TransparentProxyConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message TransparentProxyConfig {
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 OutboundListenerPort = 1;
|
|
|
|
bool DialedDirectly = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.MeshGatewayConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message MeshGatewayConfig {
|
|
|
|
// mog: func-to=meshGatewayModeToStructs func-from=meshGatewayModeFromStructs
|
|
|
|
MeshGatewayMode Mode = 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
enum MeshGatewayMode {
|
|
|
|
MeshGatewayModeDefault = 0;
|
|
|
|
MeshGatewayModeNone = 1;
|
|
|
|
MeshGatewayModeLocal = 2;
|
|
|
|
MeshGatewayModeRemote = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ExposeConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message ExposeConfig {
|
|
|
|
bool Checks = 1;
|
|
|
|
repeated ExposePath Paths = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.ExposePath
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message ExposePath {
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 ListenerPort = 1;
|
|
|
|
string Path = 2;
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 LocalPathPort = 3;
|
|
|
|
string Protocol = 4;
|
|
|
|
bool ParsedFromCheck = 5;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.UpstreamConfiguration
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message UpstreamConfiguration {
|
|
|
|
repeated UpstreamConfig Overrides = 1;
|
|
|
|
UpstreamConfig Defaults = 2;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.UpstreamConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message UpstreamConfig {
|
|
|
|
string Name = 1;
|
|
|
|
// mog: func-to=enterpriseMetaToStructs func-from=enterpriseMetaFromStructs
|
|
|
|
common.EnterpriseMeta EnterpriseMeta = 2;
|
|
|
|
string EnvoyListenerJSON = 3;
|
|
|
|
string EnvoyClusterJSON = 4;
|
|
|
|
string Protocol = 5;
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 ConnectTimeoutMs = 6;
|
|
|
|
UpstreamLimits Limits = 7;
|
|
|
|
PassiveHealthCheck PassiveHealthCheck = 8;
|
|
|
|
MeshGatewayConfig MeshGateway = 9;
|
|
|
|
string BalanceOutboundConnections = 10;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.UpstreamLimits
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message UpstreamLimits {
|
|
|
|
// mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt
|
|
|
|
int32 MaxConnections = 1;
|
|
|
|
// mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt
|
|
|
|
int32 MaxPendingRequests = 2;
|
|
|
|
// mog: func-to=pointerToIntFromInt32 func-from=int32FromPointerToInt
|
|
|
|
int32 MaxConcurrentRequests = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.PassiveHealthCheck
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message PassiveHealthCheck {
|
|
|
|
// mog: func-to=structs.DurationFromProto func-from=structs.DurationToProto
|
|
|
|
google.protobuf.Duration Interval = 1;
|
|
|
|
uint32 MaxFailures = 2;
|
|
|
|
// mog: target=EnforcingConsecutive5xx func-to=pointerToUint32FromUint32 func-from=uint32FromPointerToUint32
|
|
|
|
uint32 EnforcingConsecutive5xx = 3;
|
|
|
|
}
|
|
|
|
|
|
|
|
// mog annotation:
|
|
|
|
//
|
|
|
|
// target=github.com/hashicorp/consul/agent/structs.DestinationConfig
|
|
|
|
// output=config_entry.gen.go
|
|
|
|
// name=Structs
|
|
|
|
message DestinationConfig {
|
|
|
|
repeated string Addresses = 1;
|
|
|
|
// mog: func-to=int func-from=int32
|
|
|
|
int32 Port = 2;
|
|
|
|
}
|