From 2c244b6f42c4277b1efcaddff82ea6ddb40d6f4f Mon Sep 17 00:00:00 2001 From: John Maguire Date: Thu, 7 Sep 2023 15:03:09 -0400 Subject: [PATCH] [APIGW] NET-5017 JWT Cleanup/Status Conditions (#18700) * Fixes issues in setting status * Update golden files for changes to xds generation to not use deprecated methods * Fixed default for validation of JWT for route --- agent/consul/gateways/controller_gateways.go | 73 ++- .../consul/gateways/controller_gateways_ce.go | 6 +- .../gateways/controller_gateways_test.go | 26 +- agent/xds/rbac.go | 39 +- agent/xds/routes.go | 39 +- ...deny-all-and-path-allow--httpfilter.golden | 50 +- ...fault-allow-deny-all-and-path-allow.golden | 64 +- ...-deny-all-and-path-deny--httpfilter.golden | 74 ++- ...efault-allow-deny-all-and-path-deny.golden | 64 +- ...ault-allow-kitchen-sink--httpfilter.golden | 102 ++-- .../rbac/default-allow-kitchen-sink.golden | 104 ++-- .../default-allow-one-deny--httpfilter.golden | 32 +- .../rbac/default-allow-one-deny.golden | 34 +- ...efault-allow-path-allow--httpfilter.golden | 10 +- .../rbac/default-allow-path-allow.golden | 34 +- ...default-allow-path-deny--httpfilter.golden | 36 +- .../rbac/default-allow-path-deny.golden | 34 +- ...w-service-wildcard-deny--httpfilter.golden | 32 +- ...default-allow-service-wildcard-deny.golden | 34 +- ...with-kitchen-sink-perms--httpfilter.golden | 266 ++++----- ...e-intention-with-kitchen-sink-perms.golden | 34 +- ...ath-deny-and-path-allow--httpfilter.golden | 54 +- ...-allow-two-path-deny-and-path-allow.golden | 34 +- ...default-deny-allow-deny--httpfilter.golden | 48 +- .../rbac/default-deny-allow-deny.golden | 50 +- ...deny-all-and-path-allow--httpfilter.golden | 34 +- ...efault-deny-deny-all-and-path-allow.golden | 12 +- ...-deny-all-and-path-deny--httpfilter.golden | 10 +- ...default-deny-deny-all-and-path-deny.golden | 12 +- ...fault-deny-kitchen-sink--httpfilter.golden | 100 ++-- .../rbac/default-deny-kitchen-sink.golden | 102 ++-- ...t-deny-mixed-precedence--httpfilter.golden | 30 +- .../rbac/default-deny-mixed-precedence.golden | 32 +- .../default-deny-one-allow--httpfilter.golden | 30 +- .../rbac/default-deny-one-allow.golden | 32 +- ...default-deny-path-allow--httpfilter.golden | 34 +- .../rbac/default-deny-path-allow.golden | 12 +- .../default-deny-path-deny--httpfilter.golden | 10 +- .../rbac/default-deny-path-deny.golden | 12 +- ...eny-peered-kitchen-sink--httpfilter.golden | 80 ++- .../default-deny-peered-kitchen-sink.golden | 62 +- ...-service-wildcard-allow--httpfilter.golden | 30 +- ...default-deny-service-wildcard-allow.golden | 32 +- ...with-kitchen-sink-perms--httpfilter.golden | 264 ++++----- ...e-intention-with-kitchen-sink-perms.golden | 12 +- ...ath-deny-and-path-allow--httpfilter.golden | 54 +- ...t-deny-two-path-deny-and-path-allow.golden | 12 +- ...jwt-with-one-permission--httpfilter.golden | 80 +-- ...y-top-level-jwt-with-one-permission.golden | 12 +- ...evel-jwt-no-permissions--httpfilter.golden | 82 +-- .../rbac/top-level-jwt-no-permissions.golden | 32 +- ...th-multiple-permissions--httpfilter.golden | 228 +++---- ...level-jwt-with-multiple-permissions.golden | 12 +- ...jwt-with-one-permission--httpfilter.golden | 156 ++--- .../top-level-jwt-with-one-permission.golden | 12 +- ...-route-timeoutfilter-one-set.latest.golden | 52 +- .../api-gateway-with-http-route.latest.golden | 62 +- ...route-and-inline-certificate.latest.golden | 6 +- ...nect-proxy-exported-to-peers.latest.golden | 6 +- ...connect-proxy-lb-in-resolver.latest.golden | 70 +-- ...nnect-proxy-resolver-with-lb.latest.golden | 30 +- ...t-proxy-route-to-lb-resolver.latest.golden | 38 +- ...ct-proxy-splitter-overweight.latest.golden | 104 ++-- ...oxy-with-chain-and-overrides.latest.golden | 32 +- ...-proxy-with-chain-and-router.latest.golden | 514 ++++++++-------- ...roxy-with-chain-and-splitter.latest.golden | 106 ++-- ...nnect-proxy-with-grpc-router.latest.golden | 38 +- ...d-upstreams-escape-overrides.latest.golden | 6 +- ...-proxy-with-peered-upstreams.latest.golden | 6 +- .../testdata/routes/defaults.latest.golden | 6 +- .../ingress-config-entry-nil.latest.golden | 6 +- .../ingress-defaults-no-chain.latest.golden | 6 +- ...gress-http-multiple-services.latest.golden | 84 +-- .../ingress-lb-in-resolver.latest.golden | 70 +-- ...itter-with-resolver-redirect.latest.golden | 42 +- ...hain-and-router-header-manip.latest.golden | 554 +++++++++--------- ...ngress-with-chain-and-router.latest.golden | 514 ++++++++-------- ...ress-with-chain-and-splitter.latest.golden | 106 ++-- ...ress-with-chain-external-sni.latest.golden | 6 +- .../routes/ingress-with-chain.latest.golden | 6 +- .../ingress-with-grpc-router.latest.golden | 38 +- ...ateway-with-peered-upstreams.latest.golden | 6 +- ...ateway-peering-control-plane.latest.golden | 6 +- ...ed-services-http-with-router.latest.golden | 58 +- ...xported-peered-services-http.latest.golden | 74 +-- ...ith-exported-peered-services.latest.golden | 6 +- ...ith-imported-peered-services.latest.golden | 6 +- ...through-mesh-gateway-enabled.latest.golden | 6 +- ...itter-with-resolver-redirect.latest.golden | 42 +- ...arent-proxy-destination-http.latest.golden | 80 +-- ...ransparent-proxy-destination.latest.golden | 6 +- ...ng-gateway-destinations-only.latest.golden | 52 +- ...-proxy-with-peered-upstreams.latest.golden | 6 +- .../routes/transparent-proxy.latest.golden | 6 +- agent/xdsv2/route_resources.go | 51 +- 95 files changed, 2950 insertions(+), 2958 deletions(-) diff --git a/agent/consul/gateways/controller_gateways.go b/agent/consul/gateways/controller_gateways.go index f5adc58ae2..24e1dd4c27 100644 --- a/agent/consul/gateways/controller_gateways.go +++ b/agent/consul/gateways/controller_gateways.go @@ -236,7 +236,17 @@ func (r *apiGatewayReconciler) reconcileGateway(_ context.Context, req controlle return err } - meta := newGatewayMeta(gateway, bound) + _, jwtProvidersConfigEntries, err := store.ConfigEntriesByKind(nil, structs.JWTProvider, wildcardMeta()) + if err != nil { + return err + } + + jwtProviders := make(map[string]*structs.JWTProviderConfigEntry, len(jwtProvidersConfigEntries)) + for _, provider := range jwtProvidersConfigEntries { + jwtProviders[provider.GetName()] = provider.(*structs.JWTProviderConfigEntry) + } + + meta := newGatewayMeta(gateway, bound, jwtProviders) certificateErrors, err := meta.checkCertificates(store) if err != nil { @@ -244,22 +254,22 @@ func (r *apiGatewayReconciler) reconcileGateway(_ context.Context, req controlle return err } - jwtErrors, err := meta.checkJWTProviders(store) + jwtErrors, err := meta.checkJWTProviders() if err != nil { logger.Warn("error checking gateway JWT Providers", "error", err) return err } - // set each listener as having valid certs, then overwrite that status condition + // set each listener as having resolved refs, then overwrite that status condition // if there are any certificate errors - meta.eachListener(func(listener *structs.APIGatewayListener, bound *structs.BoundAPIGatewayListener) error { + meta.eachListener(func(_ *structs.APIGatewayListener, bound *structs.BoundAPIGatewayListener) error { listenerRef := structs.ResourceReference{ Kind: structs.APIGateway, Name: meta.BoundGateway.Name, SectionName: bound.Name, EnterpriseMeta: meta.BoundGateway.EnterpriseMeta, } - updater.SetCondition(validCertificate(listenerRef)) + updater.SetCondition(resolvedRefs(listenerRef)) return nil }) @@ -267,9 +277,14 @@ func (r *apiGatewayReconciler) reconcileGateway(_ context.Context, req controlle updater.SetCondition(invalidCertificate(ref, err)) } + for ref, err := range jwtErrors { + updater.SetCondition(invalidJWTProvider(ref, err)) + } + if len(certificateErrors) > 0 { updater.SetCondition(invalidCertificates()) } + if len(jwtErrors) > 0 { updater.SetCondition(invalidJWTProviders()) } @@ -477,13 +492,6 @@ func (r *apiGatewayReconciler) reconcileRoute(_ context.Context, req controller. updater.SetCondition(routeNoUpstreams()) } - if httpRoute, ok := route.(*structs.HTTPRouteConfigEntry); ok { - err := validateJWTForRoute(store, updater, httpRoute) - if err != nil { - return err - } - } - // the route is valid, attempt to bind it to all gateways r.logger.Trace("binding routes to gateway") modifiedGateways, boundRefs, bindErrors := bindRoutesToGateways(route, meta...) @@ -584,6 +592,10 @@ type gatewayMeta struct { // the map values are pointers so that we can update them directly // and have the changes propagate back to the container gateways. boundListeners map[string]*structs.BoundAPIGatewayListener + // jwtProviders holds the list of all the JWT Providers in a given partition + // we expect this list to be relatively small so we're okay with holding them all + // in memory + jwtProviders map[string]*structs.JWTProviderConfigEntry } // getAllGatewayMeta returns a pre-constructed list of all valid gateway and state @@ -599,6 +611,16 @@ func getAllGatewayMeta(store *state.Store) ([]*gatewayMeta, error) { return nil, err } + _, jwtProvidersConfigEntries, err := store.ConfigEntriesByKind(nil, structs.JWTProvider, wildcardMeta()) + if err != nil { + return nil, err + } + + jwtProviders := make(map[string]*structs.JWTProviderConfigEntry, len(jwtProvidersConfigEntries)) + for _, provider := range jwtProvidersConfigEntries { + jwtProviders[provider.GetName()] = provider.(*structs.JWTProviderConfigEntry) + } + meta := make([]*gatewayMeta, 0, len(boundGateways)) for _, b := range boundGateways { bound := b.(*structs.BoundAPIGatewayConfigEntry) @@ -608,6 +630,7 @@ func getAllGatewayMeta(store *state.Store) ([]*gatewayMeta, error) { meta = append(meta, (&gatewayMeta{ BoundGateway: bound, Gateway: gateway, + jwtProviders: jwtProviders, }).initialize()) break } @@ -662,6 +685,14 @@ func (g *gatewayMeta) updateRouteBinding(route structs.BoundRoute) (bool, []stru if err != nil { errors[ref] = err } + + if httpRoute, ok := route.(*structs.HTTPRouteConfigEntry); ok { + var jwtErrors map[structs.ResourceReference]error + didBind, jwtErrors = g.validateJWTForRoute(httpRoute) + for ref, err := range jwtErrors { + errors[ref] = err + } + } if didBind { refDidBind = true listenerBound[listener.Name] = true @@ -673,6 +704,7 @@ func (g *gatewayMeta) updateRouteBinding(route structs.BoundRoute) (bool, []stru if !refDidBind && errors[ref] == nil { errors[ref] = fmt.Errorf("failed to bind route %s to gateway %s with listener '%s'", route.GetName(), g.Gateway.Name, ref.SectionName) } + if refDidBind { boundRefs = append(boundRefs, ref) } @@ -845,7 +877,7 @@ func (g *gatewayMeta) initialize() *gatewayMeta { } // newGatewayMeta returns an object that wraps the given APIGateway and BoundAPIGateway -func newGatewayMeta(gateway *structs.APIGatewayConfigEntry, bound structs.ConfigEntry) *gatewayMeta { +func newGatewayMeta(gateway *structs.APIGatewayConfigEntry, bound structs.ConfigEntry, jwtProviders map[string]*structs.JWTProviderConfigEntry) *gatewayMeta { var b *structs.BoundAPIGatewayConfigEntry if bound == nil { b = &structs.BoundAPIGatewayConfigEntry{ @@ -871,6 +903,7 @@ func newGatewayMeta(gateway *structs.APIGatewayConfigEntry, bound structs.Config return (&gatewayMeta{ BoundGateway: b, Gateway: gateway, + jwtProviders: jwtProviders, }).initialize() } @@ -888,7 +921,7 @@ func gatewayAccepted() structs.Condition { // invalidCertificate returns a condition used when a gateway references a // certificate that does not exist. It takes a ref used to scope the condition // to a given APIGateway listener. -func validCertificate(ref structs.ResourceReference) structs.Condition { +func resolvedRefs(ref structs.ResourceReference) structs.Condition { return structs.NewGatewayCondition( api.GatewayConditionResolvedRefs, api.ConditionStatusTrue, @@ -995,18 +1028,6 @@ func gatewayNotFound(ref structs.ResourceReference) structs.Condition { ) } -// jwtProviderNotFound marks a Route as having failed to bind to a referenced APIGateway due to -// one or more of the referenced JWT providers not existing (or having not been reconciled yet) -func jwtProviderNotFound(ref structs.ResourceReference, err error) structs.Condition { - return structs.NewRouteCondition( - api.RouteConditionBound, - api.ConditionStatusFalse, - api.RouteReasonGatewayNotFound, - err.Error(), - ref, - ) -} - // routeUnbound marks the route as having failed to bind to the referenced APIGateway func routeUnbound(ref structs.ResourceReference, err error) structs.Condition { return structs.NewRouteCondition( diff --git a/agent/consul/gateways/controller_gateways_ce.go b/agent/consul/gateways/controller_gateways_ce.go index d5c83bff80..44f779d4b4 100644 --- a/agent/consul/gateways/controller_gateways_ce.go +++ b/agent/consul/gateways/controller_gateways_ce.go @@ -18,10 +18,10 @@ func (r *apiGatewayReconciler) enqueueJWTProviderReferencedGatewaysAndHTTPRoutes return nil } -func (m *gatewayMeta) checkJWTProviders(_ *state.Store) (map[structs.ResourceReference]error, error) { +func (m *gatewayMeta) checkJWTProviders() (map[structs.ResourceReference]error, error) { return nil, nil } -func validateJWTForRoute(_ *state.Store, _ *structs.StatusUpdater, _ *structs.HTTPRouteConfigEntry) error { - return nil +func (m *gatewayMeta) validateJWTForRoute(_ *structs.HTTPRouteConfigEntry) (bool, map[structs.ResourceReference]error) { + return true, nil } diff --git a/agent/consul/gateways/controller_gateways_test.go b/agent/consul/gateways/controller_gateways_test.go index 7877ab357e..5acb06f041 100644 --- a/agent/consul/gateways/controller_gateways_test.go +++ b/agent/consul/gateways/controller_gateways_test.go @@ -2013,7 +2013,7 @@ func TestAPIGatewayController(t *testing.T) { EnterpriseMeta: *defaultMeta, SectionName: "listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", EnterpriseMeta: *defaultMeta, @@ -2111,7 +2111,7 @@ func TestAPIGatewayController(t *testing.T) { EnterpriseMeta: *defaultMeta, SectionName: "listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", EnterpriseMeta: *defaultMeta, @@ -2240,7 +2240,7 @@ func TestAPIGatewayController(t *testing.T) { EnterpriseMeta: *defaultMeta, SectionName: "listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", EnterpriseMeta: *defaultMeta, @@ -2389,7 +2389,7 @@ func TestAPIGatewayController(t *testing.T) { EnterpriseMeta: *defaultMeta, SectionName: "listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", EnterpriseMeta: *defaultMeta, @@ -2536,7 +2536,7 @@ func TestAPIGatewayController(t *testing.T) { EnterpriseMeta: *defaultMeta, SectionName: "listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", EnterpriseMeta: *defaultMeta, @@ -2700,12 +2700,12 @@ func TestAPIGatewayController(t *testing.T) { Name: "gateway", SectionName: "tcp-listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", SectionName: "http-listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", SectionName: "tcp-listener", @@ -3054,7 +3054,7 @@ func TestAPIGatewayController(t *testing.T) { Name: "gateway", SectionName: "http-listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", SectionName: "http-listener", @@ -3407,7 +3407,7 @@ func TestAPIGatewayController(t *testing.T) { Name: "gateway", SectionName: "http-listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", SectionName: "http-listener", @@ -3504,12 +3504,12 @@ func TestAPIGatewayController(t *testing.T) { }, Status: structs.Status{ Conditions: []structs.Condition{ - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", SectionName: "listener-1", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", SectionName: "listener-2", @@ -3728,7 +3728,7 @@ func TestAPIGatewayController(t *testing.T) { Name: "gateway", SectionName: "invalid-listener", }, errors.New("certificate \"missing certificate\" not found")), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", SectionName: "valid-listener", @@ -3834,7 +3834,7 @@ func TestAPIGatewayController(t *testing.T) { Name: "gateway", SectionName: "http-listener", }), - validCertificate(structs.ResourceReference{ + resolvedRefs(structs.ResourceReference{ Kind: structs.APIGateway, Name: "gateway", SectionName: "http-listener", diff --git a/agent/xds/rbac.go b/agent/xds/rbac.go index 68e91d2945..d8252d7cab 100644 --- a/agent/xds/rbac.go +++ b/agent/xds/rbac.go @@ -1248,21 +1248,44 @@ func convertPermission(perm *structs.IntentionPermission) *envoy_rbac_v3.Permiss switch { case hdr.Exact != "": - eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_ExactMatch{ - ExactMatch: hdr.Exact, + eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ + Exact: hdr.Exact, + }, + IgnoreCase: false, + }, } case hdr.Regex != "": - eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ - SafeRegexMatch: response.MakeEnvoyRegexMatch(hdr.Regex), + eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: response.MakeEnvoyRegexMatch(hdr.Regex), + }, + IgnoreCase: false, + }, } + case hdr.Prefix != "": - eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{ - PrefixMatch: hdr.Prefix, + eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Prefix{ + Prefix: hdr.Prefix, + }, + IgnoreCase: false, + }, } + case hdr.Suffix != "": - eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SuffixMatch{ - SuffixMatch: hdr.Suffix, + eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Suffix{ + Suffix: hdr.Suffix, + }, + IgnoreCase: false, + }, } + case hdr.Present: eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PresentMatch{ PresentMatch: true, diff --git a/agent/xds/routes.go b/agent/xds/routes.go index 18e642cf16..8c1ed9d4d2 100644 --- a/agent/xds/routes.go +++ b/agent/xds/routes.go @@ -833,21 +833,44 @@ func makeRouteMatchForDiscoveryRoute(discoveryRoute *structs.DiscoveryRoute) *en switch { case hdr.Exact != "": - eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_ExactMatch{ - ExactMatch: hdr.Exact, + eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ + Exact: hdr.Exact, + }, + IgnoreCase: false, + }, } case hdr.Regex != "": - eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ - SafeRegexMatch: response.MakeEnvoyRegexMatch(hdr.Regex), + eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: response.MakeEnvoyRegexMatch(hdr.Regex), + }, + IgnoreCase: false, + }, } + case hdr.Prefix != "": - eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{ - PrefixMatch: hdr.Prefix, + eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Prefix{ + Prefix: hdr.Prefix, + }, + IgnoreCase: false, + }, } + case hdr.Suffix != "": - eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SuffixMatch{ - SuffixMatch: hdr.Suffix, + eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Suffix{ + Suffix: hdr.Suffix, + }, + IgnoreCase: false, + }, } + case hdr.Present: eh.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PresentMatch{ PresentMatch: true, diff --git a/agent/xds/testdata/rbac/default-allow-deny-all-and-path-allow--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-deny-all-and-path-allow--httpfilter.golden index b590b7135d..c9691cb536 100644 --- a/agent/xds/testdata/rbac/default-allow-deny-all-and-path-allow--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-deny-all-and-path-allow--httpfilter.golden @@ -1,41 +1,37 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-allow-deny-all-and-path-allow.golden b/agent/xds/testdata/rbac/default-allow-deny-all-and-path-allow.golden index 51346b03fa..0e4ce28003 100644 --- a/agent/xds/testdata/rbac/default-allow-deny-all-and-path-allow.golden +++ b/agent/xds/testdata/rbac/default-allow-deny-all-and-path-allow.golden @@ -1,53 +1,47 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -60,6 +54,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-deny-all-and-path-deny--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-deny-all-and-path-deny--httpfilter.golden index 62f4ba97ea..5c1ee2c0e1 100644 --- a/agent/xds/testdata/rbac/default-allow-deny-all-and-path-deny--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-deny-all-and-path-deny--httpfilter.golden @@ -1,41 +1,37 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -46,25 +42,23 @@ } ] }, - "consul-intentions-layer7-0": { - "permissions": [ + "consul-intentions-layer7-0": { + "permissions": [ { - "urlPath": { - "path": { - "prefix": "/" + "urlPath": { + "path": { + "prefix": "/" } } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-allow-deny-all-and-path-deny.golden b/agent/xds/testdata/rbac/default-allow-deny-all-and-path-deny.golden index 51346b03fa..0e4ce28003 100644 --- a/agent/xds/testdata/rbac/default-allow-deny-all-and-path-deny.golden +++ b/agent/xds/testdata/rbac/default-allow-deny-all-and-path-deny.golden @@ -1,53 +1,47 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -60,6 +54,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-kitchen-sink--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-kitchen-sink--httpfilter.golden index 65da4d27fc..2519e57f7b 100644 --- a/agent/xds/testdata/rbac/default-allow-kitchen-sink--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-kitchen-sink--httpfilter.golden @@ -1,93 +1,81 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" } } } }, { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$" } } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" } } } diff --git a/agent/xds/testdata/rbac/default-allow-kitchen-sink.golden b/agent/xds/testdata/rbac/default-allow-kitchen-sink.golden index 21e94ee14e..fc0c34adf0 100644 --- a/agent/xds/testdata/rbac/default-allow-kitchen-sink.golden +++ b/agent/xds/testdata/rbac/default-allow-kitchen-sink.golden @@ -1,93 +1,81 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" } } } }, { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$" } } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" } } } @@ -100,6 +88,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-one-deny--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-one-deny--httpfilter.golden index f315c45e00..947648f534 100644 --- a/agent/xds/testdata/rbac/default-allow-one-deny--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-one-deny--httpfilter.golden @@ -1,25 +1,23 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-allow-one-deny.golden b/agent/xds/testdata/rbac/default-allow-one-deny.golden index 45b6965e08..569f7b6167 100644 --- a/agent/xds/testdata/rbac/default-allow-one-deny.golden +++ b/agent/xds/testdata/rbac/default-allow-one-deny.golden @@ -1,25 +1,23 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -28,6 +26,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-path-allow--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-path-allow--httpfilter.golden index e9a5280d75..dc0226c820 100644 --- a/agent/xds/testdata/rbac/default-allow-path-allow--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-path-allow--httpfilter.golden @@ -1,9 +1,9 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY" + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY" } } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-path-allow.golden b/agent/xds/testdata/rbac/default-allow-path-allow.golden index 45b6965e08..569f7b6167 100644 --- a/agent/xds/testdata/rbac/default-allow-path-allow.golden +++ b/agent/xds/testdata/rbac/default-allow-path-allow.golden @@ -1,25 +1,23 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -28,6 +26,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-path-deny--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-path-deny--httpfilter.golden index aa06ebe3d2..014edad4a6 100644 --- a/agent/xds/testdata/rbac/default-allow-path-deny--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-path-deny--httpfilter.golden @@ -1,29 +1,27 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "urlPath": { - "path": { - "prefix": "/" + "urlPath": { + "path": { + "prefix": "/" } } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-allow-path-deny.golden b/agent/xds/testdata/rbac/default-allow-path-deny.golden index 45b6965e08..569f7b6167 100644 --- a/agent/xds/testdata/rbac/default-allow-path-deny.golden +++ b/agent/xds/testdata/rbac/default-allow-path-deny.golden @@ -1,25 +1,23 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -28,6 +26,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-service-wildcard-deny--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-service-wildcard-deny--httpfilter.golden index 0c69fa8458..f8f045c5c3 100644 --- a/agent/xds/testdata/rbac/default-allow-service-wildcard-deny--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-service-wildcard-deny--httpfilter.golden @@ -1,25 +1,23 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } diff --git a/agent/xds/testdata/rbac/default-allow-service-wildcard-deny.golden b/agent/xds/testdata/rbac/default-allow-service-wildcard-deny.golden index d685342e93..6c8818eea4 100644 --- a/agent/xds/testdata/rbac/default-allow-service-wildcard-deny.golden +++ b/agent/xds/testdata/rbac/default-allow-service-wildcard-deny.golden @@ -1,25 +1,23 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } @@ -28,6 +26,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden index ba1787d12f..6dc469bb16 100644 --- a/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms--httpfilter.golden @@ -1,27 +1,27 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "prefix": "/v1" + "urlPath": { + "path": { + "prefix": "/v1" } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -30,31 +30,27 @@ } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "/v[123]" + "urlPath": { + "path": { + "safeRegex": { + "googleRe2": {}, + "regex": "/v[123]" } } } }, { - "header": { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|HEAD|OPTIONS" + "header": { + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|HEAD|OPTIONS" } } } @@ -62,19 +58,19 @@ } }, { - "notRule": { - "urlPath": { - "path": { - "prefix": "/v1" + "notRule": { + "urlPath": { + "path": { + "prefix": "/v1" } } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -83,113 +79,121 @@ } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "header": { - "name": "x-foo", - "presentMatch": true + "header": { + "name": "x-foo", + "presentMatch": true } }, { - "header": { - "name": "x-bar", - "exactMatch": "xyz" - } - }, - { - "header": { - "name": "x-dib", - "prefixMatch": "gaz" - } - }, - { - "header": { - "name": "x-gir", - "suffixMatch": "zim" - } - }, - { - "header": { - "name": "x-zim", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "gi[rR]" + "header": { + "name": "x-bar", + "stringMatch": { + "exact": "xyz" } } }, { - "header": { - "name": "z-foo", - "presentMatch": true, - "invertMatch": true + "header": { + "name": "x-dib", + "stringMatch": { + "prefix": "gaz" + } } }, { - "header": { - "name": "z-bar", - "exactMatch": "xyz", - "invertMatch": true + "header": { + "name": "x-gir", + "stringMatch": { + "suffix": "zim" + } } }, { - "header": { - "name": "z-dib", - "prefixMatch": "gaz", - "invertMatch": true + "header": { + "name": "x-zim", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "gi[rR]" + } + } } }, { - "header": { - "name": "z-gir", - "suffixMatch": "zim", - "invertMatch": true + "header": { + "name": "z-foo", + "presentMatch": true, + "invertMatch": true } }, { - "header": { - "name": "z-zim", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "gi[rR]" + "header": { + "name": "z-bar", + "stringMatch": { + "exact": "xyz" }, - "invertMatch": true + "invertMatch": true + } + }, + { + "header": { + "name": "z-dib", + "stringMatch": { + "prefix": "gaz" + }, + "invertMatch": true + } + }, + { + "header": { + "name": "z-gir", + "stringMatch": { + "suffix": "zim" + }, + "invertMatch": true + } + }, + { + "header": { + "name": "z-zim", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "gi[rR]" + } + }, + "invertMatch": true } } ] } }, { - "notRule": { - "andRules": { - "rules": [ + "notRule": { + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "/v[123]" + "urlPath": { + "path": { + "safeRegex": { + "googleRe2": {}, + "regex": "/v[123]" } } } }, { - "header": { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|HEAD|OPTIONS" + "header": { + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|HEAD|OPTIONS" } } } @@ -198,19 +202,19 @@ } }, { - "notRule": { - "urlPath": { - "path": { - "prefix": "/v1" + "notRule": { + "urlPath": { + "path": { + "prefix": "/v1" } } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -219,15 +223,13 @@ } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms.golden b/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms.golden index 45b6965e08..569f7b6167 100644 --- a/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms.golden +++ b/agent/xds/testdata/rbac/default-allow-single-intention-with-kitchen-sink-perms.golden @@ -1,25 +1,23 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -28,6 +26,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-allow-two-path-deny-and-path-allow--httpfilter.golden b/agent/xds/testdata/rbac/default-allow-two-path-deny-and-path-allow--httpfilter.golden index 98f4142098..b05a824f92 100644 --- a/agent/xds/testdata/rbac/default-allow-two-path-deny-and-path-allow--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-allow-two-path-deny-and-path-allow--httpfilter.golden @@ -1,34 +1,34 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "urlPath": { - "path": { - "exact": "/v1/secret" + "urlPath": { + "path": { + "exact": "/v1/secret" } } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "exact": "/v1/admin" + "urlPath": { + "path": { + "exact": "/v1/admin" } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -37,15 +37,13 @@ } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-allow-two-path-deny-and-path-allow.golden b/agent/xds/testdata/rbac/default-allow-two-path-deny-and-path-allow.golden index 45b6965e08..569f7b6167 100644 --- a/agent/xds/testdata/rbac/default-allow-two-path-deny-and-path-allow.golden +++ b/agent/xds/testdata/rbac/default-allow-two-path-deny-and-path-allow.golden @@ -1,25 +1,23 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "action": "DENY", - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "action": "DENY", + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -28,6 +26,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-allow-deny--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-allow-deny--httpfilter.golden index 3e48b7c566..ddc4b603bd 100644 --- a/agent/xds/testdata/rbac/default-deny-allow-deny--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-allow-deny--httpfilter.golden @@ -1,40 +1,36 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-allow-deny.golden b/agent/xds/testdata/rbac/default-deny-allow-deny.golden index d901cf42cf..d53a074f40 100644 --- a/agent/xds/testdata/rbac/default-deny-allow-deny.golden +++ b/agent/xds/testdata/rbac/default-deny-allow-deny.golden @@ -1,40 +1,36 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -47,6 +43,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-deny-all-and-path-allow--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-deny-all-and-path-allow--httpfilter.golden index 003fdb24be..0c1e634847 100644 --- a/agent/xds/testdata/rbac/default-deny-deny-all-and-path-allow--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-deny-all-and-path-allow--httpfilter.golden @@ -1,28 +1,26 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "urlPath": { - "path": { - "prefix": "/" + "urlPath": { + "path": { + "prefix": "/" } } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-deny-all-and-path-allow.golden b/agent/xds/testdata/rbac/default-deny-deny-all-and-path-allow.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/default-deny-deny-all-and-path-allow.golden +++ b/agent/xds/testdata/rbac/default-deny-deny-all-and-path-allow.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-deny-all-and-path-deny--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-deny-all-and-path-deny--httpfilter.golden index 4ccd189bc0..a591c2f8d2 100644 --- a/agent/xds/testdata/rbac/default-deny-deny-all-and-path-deny--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-deny-all-and-path-deny--httpfilter.golden @@ -1,9 +1,7 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - - } + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-deny-all-and-path-deny.golden b/agent/xds/testdata/rbac/default-deny-deny-all-and-path-deny.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/default-deny-deny-all-and-path-deny.golden +++ b/agent/xds/testdata/rbac/default-deny-deny-all-and-path-deny.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-kitchen-sink--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-kitchen-sink--httpfilter.golden index 426404d748..ca7a8e1c91 100644 --- a/agent/xds/testdata/rbac/default-deny-kitchen-sink--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-kitchen-sink--httpfilter.golden @@ -1,92 +1,80 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" } } } }, { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$" } } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-kitchen-sink.golden b/agent/xds/testdata/rbac/default-deny-kitchen-sink.golden index 912b64d95c..bfb0ed25f7 100644 --- a/agent/xds/testdata/rbac/default-deny-kitchen-sink.golden +++ b/agent/xds/testdata/rbac/default-deny-kitchen-sink.golden @@ -1,92 +1,80 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" } } } }, { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/unsafe$" } } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/cron$" } } } @@ -99,6 +87,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-mixed-precedence--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-mixed-precedence--httpfilter.golden index c4795f46ef..9a6b57edf9 100644 --- a/agent/xds/testdata/rbac/default-deny-mixed-precedence--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-mixed-precedence--httpfilter.golden @@ -1,24 +1,22 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-mixed-precedence.golden b/agent/xds/testdata/rbac/default-deny-mixed-precedence.golden index 3fc78b2955..e6c47feebd 100644 --- a/agent/xds/testdata/rbac/default-deny-mixed-precedence.golden +++ b/agent/xds/testdata/rbac/default-deny-mixed-precedence.golden @@ -1,24 +1,22 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -27,6 +25,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-one-allow--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-one-allow--httpfilter.golden index c4795f46ef..9a6b57edf9 100644 --- a/agent/xds/testdata/rbac/default-deny-one-allow--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-one-allow--httpfilter.golden @@ -1,24 +1,22 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-one-allow.golden b/agent/xds/testdata/rbac/default-deny-one-allow.golden index 3fc78b2955..e6c47feebd 100644 --- a/agent/xds/testdata/rbac/default-deny-one-allow.golden +++ b/agent/xds/testdata/rbac/default-deny-one-allow.golden @@ -1,24 +1,22 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -27,6 +25,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-path-allow--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-path-allow--httpfilter.golden index 003fdb24be..0c1e634847 100644 --- a/agent/xds/testdata/rbac/default-deny-path-allow--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-path-allow--httpfilter.golden @@ -1,28 +1,26 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "urlPath": { - "path": { - "prefix": "/" + "urlPath": { + "path": { + "prefix": "/" } } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-path-allow.golden b/agent/xds/testdata/rbac/default-deny-path-allow.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/default-deny-path-allow.golden +++ b/agent/xds/testdata/rbac/default-deny-path-allow.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-path-deny--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-path-deny--httpfilter.golden index 4ccd189bc0..a591c2f8d2 100644 --- a/agent/xds/testdata/rbac/default-deny-path-deny--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-path-deny--httpfilter.golden @@ -1,9 +1,7 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - - } + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": {} } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-path-deny.golden b/agent/xds/testdata/rbac/default-deny-path-deny.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/default-deny-path-deny.golden +++ b/agent/xds/testdata/rbac/default-deny-path-deny.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-peered-kitchen-sink--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-peered-kitchen-sink--httpfilter.golden index 2ffed83910..9ae21c3b07 100644 --- a/agent/xds/testdata/rbac/default-deny-peered-kitchen-sink--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-peered-kitchen-sink--httpfilter.golden @@ -1,69 +1,61 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/gateway/mesh/dc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/gateway/mesh/dc/[^/]+$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "header": { - "name": "x-forwarded-client-cert", - "stringMatch": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^[^,]+;URI=spiffe://peer1.domain/ap/part1/ns/default/dc/[^/]+/svc/[^/]+(?:,.*)?$" + "header": { + "name": "x-forwarded-client-cert", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "^[^,]+;URI=spiffe://peer1.domain/ap/part1/ns/default/dc/[^/]+/svc/[^/]+(?:,.*)?$" } } } }, { - "notId": { - "header": { - "name": "x-forwarded-client-cert", - "stringMatch": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^[^,]+;URI=spiffe://peer1.domain/ap/part1/ns/default/dc/[^/]+/svc/web(?:,.*)?$" + "notId": { + "header": { + "name": "x-forwarded-client-cert", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "^[^,]+;URI=spiffe://peer1.domain/ap/part1/ns/default/dc/[^/]+/svc/web(?:,.*)?$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-peered-kitchen-sink.golden b/agent/xds/testdata/rbac/default-deny-peered-kitchen-sink.golden index eb48015940..af5c6d642d 100644 --- a/agent/xds/testdata/rbac/default-deny-peered-kitchen-sink.golden +++ b/agent/xds/testdata/rbac/default-deny-peered-kitchen-sink.golden @@ -1,52 +1,46 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://peer1.domain/ap/part1/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://peer1.domain/ap/part1/ns/default/dc/[^/]+/svc/[^/]+$" } } } }, { - "notId": { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://peer1.domain/ap/part1/ns/default/dc/[^/]+/svc/web$" + "notId": { + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://peer1.domain/ap/part1/ns/default/dc/[^/]+/svc/web$" } } } @@ -59,6 +53,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-service-wildcard-allow--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-service-wildcard-allow--httpfilter.golden index a65162f24f..8010e5a025 100644 --- a/agent/xds/testdata/rbac/default-deny-service-wildcard-allow--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-service-wildcard-allow--httpfilter.golden @@ -1,24 +1,22 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-service-wildcard-allow.golden b/agent/xds/testdata/rbac/default-deny-service-wildcard-allow.golden index 3780a9079e..dfafaf7503 100644 --- a/agent/xds/testdata/rbac/default-deny-service-wildcard-allow.golden +++ b/agent/xds/testdata/rbac/default-deny-service-wildcard-allow.golden @@ -1,24 +1,22 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/[^/]+$" } } } @@ -27,6 +25,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden index f23112071b..ef815cc8cf 100644 --- a/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms--httpfilter.golden @@ -1,26 +1,26 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "prefix": "/v1" + "urlPath": { + "path": { + "prefix": "/v1" } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -29,31 +29,27 @@ } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "/v[123]" + "urlPath": { + "path": { + "safeRegex": { + "googleRe2": {}, + "regex": "/v[123]" } } } }, { - "header": { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|HEAD|OPTIONS" + "header": { + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|HEAD|OPTIONS" } } } @@ -61,19 +57,19 @@ } }, { - "notRule": { - "urlPath": { - "path": { - "prefix": "/v1" + "notRule": { + "urlPath": { + "path": { + "prefix": "/v1" } } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -82,113 +78,121 @@ } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "header": { - "name": "x-foo", - "presentMatch": true + "header": { + "name": "x-foo", + "presentMatch": true } }, { - "header": { - "name": "x-bar", - "exactMatch": "xyz" - } - }, - { - "header": { - "name": "x-dib", - "prefixMatch": "gaz" - } - }, - { - "header": { - "name": "x-gir", - "suffixMatch": "zim" - } - }, - { - "header": { - "name": "x-zim", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "gi[rR]" + "header": { + "name": "x-bar", + "stringMatch": { + "exact": "xyz" } } }, { - "header": { - "name": "z-foo", - "presentMatch": true, - "invertMatch": true + "header": { + "name": "x-dib", + "stringMatch": { + "prefix": "gaz" + } } }, { - "header": { - "name": "z-bar", - "exactMatch": "xyz", - "invertMatch": true + "header": { + "name": "x-gir", + "stringMatch": { + "suffix": "zim" + } } }, { - "header": { - "name": "z-dib", - "prefixMatch": "gaz", - "invertMatch": true + "header": { + "name": "x-zim", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "gi[rR]" + } + } } }, { - "header": { - "name": "z-gir", - "suffixMatch": "zim", - "invertMatch": true + "header": { + "name": "z-foo", + "presentMatch": true, + "invertMatch": true } }, { - "header": { - "name": "z-zim", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "gi[rR]" + "header": { + "name": "z-bar", + "stringMatch": { + "exact": "xyz" }, - "invertMatch": true + "invertMatch": true + } + }, + { + "header": { + "name": "z-dib", + "stringMatch": { + "prefix": "gaz" + }, + "invertMatch": true + } + }, + { + "header": { + "name": "z-gir", + "stringMatch": { + "suffix": "zim" + }, + "invertMatch": true + } + }, + { + "header": { + "name": "z-zim", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "gi[rR]" + } + }, + "invertMatch": true } } ] } }, { - "notRule": { - "andRules": { - "rules": [ + "notRule": { + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "/v[123]" + "urlPath": { + "path": { + "safeRegex": { + "googleRe2": {}, + "regex": "/v[123]" } } } }, { - "header": { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|HEAD|OPTIONS" + "header": { + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|HEAD|OPTIONS" } } } @@ -197,19 +201,19 @@ } }, { - "notRule": { - "urlPath": { - "path": { - "prefix": "/v1" + "notRule": { + "urlPath": { + "path": { + "prefix": "/v1" } } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -218,15 +222,13 @@ } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms.golden b/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms.golden +++ b/agent/xds/testdata/rbac/default-deny-single-intention-with-kitchen-sink-perms.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/default-deny-two-path-deny-and-path-allow--httpfilter.golden b/agent/xds/testdata/rbac/default-deny-two-path-deny-and-path-allow--httpfilter.golden index 75534cb10a..c8d671afed 100644 --- a/agent/xds/testdata/rbac/default-deny-two-path-deny-and-path-allow--httpfilter.golden +++ b/agent/xds/testdata/rbac/default-deny-two-path-deny-and-path-allow--httpfilter.golden @@ -1,35 +1,35 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "prefix": "/" + "urlPath": { + "path": { + "prefix": "/" } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/admin" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/admin" } } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -38,15 +38,13 @@ } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/default-deny-two-path-deny-and-path-allow.golden b/agent/xds/testdata/rbac/default-deny-two-path-deny-and-path-allow.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/default-deny-two-path-deny-and-path-allow.golden +++ b/agent/xds/testdata/rbac/default-deny-two-path-deny-and-path-allow.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden b/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden index f5eb4bdbcb..5c95332c59 100644 --- a/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden +++ b/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission--httpfilter.golden @@ -1,48 +1,56 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "prefix": "some-path" + "urlPath": { + "path": { + "prefix": "some-path" } } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "metadata": { - "filter": "envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_okta"}, - {"key": "iss"} + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_okta" + }, + { + "key": "iss" + } ], - "value": { - "stringMatch": { - "exact": "mytest.okta-issuer" + "value": { + "stringMatch": { + "exact": "mytest.okta-issuer" } } } }, { - "metadata": { - "filter": "envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_okta"}, - {"key": "roles"} + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_okta" + }, + { + "key": "roles" + } ], - "value": { - "stringMatch": { - "exact": "testing" + "value": { + "stringMatch": { + "exact": "testing" } } } @@ -54,13 +62,13 @@ } } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": {}, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } diff --git a/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission.golden b/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission.golden +++ b/agent/xds/testdata/rbac/empty-top-level-jwt-with-one-permission.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/top-level-jwt-no-permissions--httpfilter.golden b/agent/xds/testdata/rbac/top-level-jwt-no-permissions--httpfilter.golden index efa9293f3c..c66113c990 100644 --- a/agent/xds/testdata/rbac/top-level-jwt-no-permissions--httpfilter.golden +++ b/agent/xds/testdata/rbac/top-level-jwt-no-permissions--httpfilter.golden @@ -1,58 +1,64 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ - { - "metadata": { - "filter":"envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_okta"}, - {"key": "iss"} + "andIds": { + "ids": [ + { + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_okta" + }, + { + "key": "iss" + } ], - "value": { - "stringMatch": { - "exact": "mytest.okta-issuer" + "value": { + "stringMatch": { + "exact": "mytest.okta-issuer" } } } }, - { - "metadata": { - "filter":"envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_okta"}, - {"key": "roles"} + { + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_okta" + }, + { + "key": "roles" + } ], - "value": { - "stringMatch": { - "exact": "testing" + "value": { + "stringMatch": { + "exact": "testing" } } } diff --git a/agent/xds/testdata/rbac/top-level-jwt-no-permissions.golden b/agent/xds/testdata/rbac/top-level-jwt-no-permissions.golden index 3fc78b2955..e6c47feebd 100644 --- a/agent/xds/testdata/rbac/top-level-jwt-no-permissions.golden +++ b/agent/xds/testdata/rbac/top-level-jwt-no-permissions.golden @@ -1,24 +1,22 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer4": { - "permissions": [ + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer4": { + "permissions": [ { - "any": true + "any": true } ], - "principals": [ + "principals": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } @@ -27,6 +25,6 @@ } } }, - "statPrefix": "connect_authz" + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions--httpfilter.golden b/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions--httpfilter.golden index 6ce0662e3b..ddf2c9a56d 100644 --- a/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions--httpfilter.golden +++ b/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions--httpfilter.golden @@ -1,49 +1,59 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "exact": "/v1/secret" + "urlPath": { + "path": { + "exact": "/v1/secret" } } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "metadata": { - "filter": "envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_auth0"}, - {"key": "iss"} + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_auth0" + }, + { + "key": "iss" + } ], - "value": { - "stringMatch": { - "exact": "mytest.auth0-issuer" + "value": { + "stringMatch": { + "exact": "mytest.auth0-issuer" } } } }, { - "metadata": { - "filter": "envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_auth0"}, - {"key": "perms"}, - {"key": "role"} + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_auth0" + }, + { + "key": "perms" + }, + { + "key": "role" + } ], - "value": { - "stringMatch": { - "exact": "admin" + "value": { + "stringMatch": { + "exact": "admin" } } } @@ -55,23 +65,23 @@ } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "exact": "/v1/admin" + "urlPath": { + "path": { + "exact": "/v1/admin" } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -80,87 +90,103 @@ } }, { - "andRules": { - "rules": [ - { - "metadata": { - "filter": "envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_auth0"}, - {"key": "iss"} - ], - "value": { - "stringMatch": { - "exact": "mytest.auth0-issuer" - } + "andRules": { + "rules": [ + { + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_auth0" + }, + { + "key": "iss" } - } - }, - { - "metadata": { - "filter": "envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_auth0"}, - {"key": "perms"}, - {"key": "role"} - ], - "value": { - "stringMatch": { - "exact": "admin" - } + ], + "value": { + "stringMatch": { + "exact": "mytest.auth0-issuer" } } } - ] - } + }, + { + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_auth0" + }, + { + "key": "perms" + }, + { + "key": "role" + } + ], + "value": { + "stringMatch": { + "exact": "admin" + } + } + } + } + ] + } } ] } } ], - "principals": [ + "principals": [ { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ - { - "metadata": { - "filter":"envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_okta"}, - {"key": "iss"} + "andIds": { + "ids": [ + { + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_okta" + }, + { + "key": "iss" + } ], - "value": { - "stringMatch": { - "exact": "mytest.okta-issuer" + "value": { + "stringMatch": { + "exact": "mytest.okta-issuer" } } } }, - { - "metadata": { - "filter":"envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_okta"}, - {"key": "roles"} + { + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_okta" + }, + { + "key": "roles" + } ], - "value": { - "stringMatch": { - "exact": "testing" + "value": { + "stringMatch": { + "exact": "testing" } } } diff --git a/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions.golden b/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions.golden +++ b/agent/xds/testdata/rbac/top-level-jwt-with-multiple-permissions.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/rbac/top-level-jwt-with-one-permission--httpfilter.golden b/agent/xds/testdata/rbac/top-level-jwt-with-one-permission--httpfilter.golden index 36ba23c293..4aa1b11752 100644 --- a/agent/xds/testdata/rbac/top-level-jwt-with-one-permission--httpfilter.golden +++ b/agent/xds/testdata/rbac/top-level-jwt-with-one-permission--httpfilter.golden @@ -1,49 +1,59 @@ { - "name": "envoy.filters.http.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", - "rules": { - "policies": { - "consul-intentions-layer7-0": { - "permissions": [ + "name": "envoy.filters.http.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC", + "rules": { + "policies": { + "consul-intentions-layer7-0": { + "permissions": [ { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "exact": "/v1/secret" + "urlPath": { + "path": { + "exact": "/v1/secret" } } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "metadata": { - "filter": "envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_auth0"}, - {"key": "iss"} + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_auth0" + }, + { + "key": "iss" + } ], - "value": { - "stringMatch": { - "exact": "mytest.auth0-issuer" + "value": { + "stringMatch": { + "exact": "mytest.auth0-issuer" } } } }, { - "metadata": { - "filter": "envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_auth0"}, - {"key": "perms"}, - {"key": "role"} + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_auth0" + }, + { + "key": "perms" + }, + { + "key": "role" + } ], - "value": { - "stringMatch": { - "exact": "admin" + "value": { + "stringMatch": { + "exact": "admin" } } } @@ -55,20 +65,20 @@ } }, { - "andRules": { - "rules": [ + "andRules": { + "rules": [ { - "urlPath": { - "path": { - "exact": "/v1/admin" + "urlPath": { + "path": { + "exact": "/v1/admin" } } }, { - "notRule": { - "urlPath": { - "path": { - "exact": "/v1/secret" + "notRule": { + "urlPath": { + "path": { + "exact": "/v1/secret" } } } @@ -77,49 +87,55 @@ } } ], - "principals": [ + "principals": [ { - "andIds": { - "ids": [ + "andIds": { + "ids": [ { - "authenticated": { - "principalName": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" + "authenticated": { + "principalName": { + "safeRegex": { + "googleRe2": {}, + "regex": "^spiffe://test.consul/ns/default/dc/[^/]+/svc/web$" } } } }, { - "andIds": { - "ids": [ - { - "metadata": { - "filter":"envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_okta"}, - {"key": "iss"} + "andIds": { + "ids": [ + { + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_okta" + }, + { + "key": "iss" + } ], - "value": { - "stringMatch": { - "exact": "mytest.okta-issuer" + "value": { + "stringMatch": { + "exact": "mytest.okta-issuer" } } } }, - { - "metadata": { - "filter":"envoy.filters.http.jwt_authn", - "path": [ - {"key": "jwt_payload_okta"}, - {"key": "roles"} + { + "metadata": { + "filter": "envoy.filters.http.jwt_authn", + "path": [ + { + "key": "jwt_payload_okta" + }, + { + "key": "roles" + } ], - "value": { - "stringMatch": { - "exact": "testing" + "value": { + "stringMatch": { + "exact": "testing" } } } diff --git a/agent/xds/testdata/rbac/top-level-jwt-with-one-permission.golden b/agent/xds/testdata/rbac/top-level-jwt-with-one-permission.golden index 92c7f921ad..9b67b1ebab 100644 --- a/agent/xds/testdata/rbac/top-level-jwt-with-one-permission.golden +++ b/agent/xds/testdata/rbac/top-level-jwt-with-one-permission.golden @@ -1,10 +1,8 @@ { - "name": "envoy.filters.network.rbac", - "typedConfig": { - "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", - "rules": { - - }, - "statPrefix": "connect_authz" + "name": "envoy.filters.network.rbac", + "typedConfig": { + "@type": "type.googleapis.com/envoy.extensions.filters.network.rbac.v3.RBAC", + "rules": {}, + "statPrefix": "connect_authz" } } \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden index 4a41a6d6df..39de914cf4 100644 --- a/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden +++ b/agent/xds/testdata/routes/api-gateway-with-http-route-timeoutfilter-one-set.latest.golden @@ -1,51 +1,51 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "api-gateway-listener-9b9265b", - "domains": [ + "name": "api-gateway-listener-9b9265b", + "domains": [ "*", "*:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "idleTimeout": "30s" + "route": { + "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "idleTimeout": "30s" }, - "requestHeadersToAdd": [ + "requestHeadersToAdd": [ { - "header": { - "key": "X-Header-Add", - "value": "added" + "header": { + "key": "X-Header-Add", + "value": "added" }, - "append": true + "append": true }, { - "header": { - "key": "X-Header-Set", - "value": "set" + "header": { + "key": "X-Header-Set", + "value": "set" }, - "append": false + "append": false } ], - "requestHeadersToRemove": [ + "requestHeadersToRemove": [ "X-Header-Remove" ] } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden b/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden index c79697246f..8723375586 100644 --- a/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden +++ b/agent/xds/testdata/routes/api-gateway-with-http-route.latest.golden @@ -1,59 +1,59 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "api-gateway-listener-9b9265b", - "domains": [ + "name": "api-gateway-listener-9b9265b", + "domains": [ "*", "*:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "30s", - "idleTimeout": "30s", - "retryPolicy": { - "retryOn": "cancelled,connect-failure,retriable-status-codes", - "numRetries": 3, - "retriableStatusCodes": [ + "route": { + "cluster": "service.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "30s", + "idleTimeout": "30s", + "retryPolicy": { + "retryOn": "cancelled,connect-failure,retriable-status-codes", + "numRetries": 3, + "retriableStatusCodes": [ 500 ] } }, - "requestHeadersToAdd": [ + "requestHeadersToAdd": [ { - "header": { - "key": "X-Header-Add", - "value": "added" + "header": { + "key": "X-Header-Add", + "value": "added" }, - "append": true + "append": true }, { - "header": { - "key": "X-Header-Set", - "value": "set" + "header": { + "key": "X-Header-Set", + "value": "set" }, - "append": false + "append": false } ], - "requestHeadersToRemove": [ + "requestHeadersToRemove": [ "X-Header-Remove" ] } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/api-gateway-with-tcp-route-and-inline-certificate.latest.golden b/agent/xds/testdata/routes/api-gateway-with-tcp-route-and-inline-certificate.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/api-gateway-with-tcp-route-and-inline-certificate.latest.golden +++ b/agent/xds/testdata/routes/api-gateway-with-tcp-route-and-inline-certificate.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-exported-to-peers.latest.golden b/agent/xds/testdata/routes/connect-proxy-exported-to-peers.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/connect-proxy-exported-to-peers.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-exported-to-peers.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden b/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden index 75fe8ccc35..1849f6d278 100644 --- a/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-lb-in-resolver.latest.golden @@ -1,62 +1,62 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "something-else.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 9550 + "name": "something-else.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 9550 }, { - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 450 + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 450 } ], - "totalWeight": 10000 + "totalWeight": 10000 }, - "hashPolicy": [ + "hashPolicy": [ { - "cookie": { - "name": "chocolate-chip" + "cookie": { + "name": "chocolate-chip" }, - "terminal": true + "terminal": true }, { - "cookie": { - "name": "chocolate-chip", - "ttl": "0s" + "cookie": { + "name": "chocolate-chip", + "ttl": "0s" } }, { - "header": { - "headerName": "x-user-id" + "header": { + "headerName": "x-user-id" } }, { - "queryParameter": { - "name": "my-pretty-param" + "queryParameter": { + "name": "my-pretty-param" } }, { - "connectionProperties": { - "sourceIp": true + "connectionProperties": { + "sourceIp": true }, - "terminal": true + "terminal": true } ] } @@ -64,9 +64,9 @@ ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden b/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden index 547b923b0d..44ea4f2fd7 100644 --- a/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-resolver-with-lb.latest.golden @@ -1,30 +1,30 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden b/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden index b364c9f9d0..ff6c09f963 100644 --- a/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-route-to-lb-resolver.latest.golden @@ -1,38 +1,38 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/web" + "match": { + "prefix": "/web" }, - "route": { - "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "web.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden b/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden index 776509501f..eb4eb770a0 100644 --- a/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-splitter-overweight.latest.golden @@ -1,86 +1,86 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 10000, - "requestHeadersToAdd": [ + "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 10000, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "big" + "header": { + "key": "x-split-leg", + "value": "big" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "big" + "header": { + "key": "x-split-leg", + "value": "big" }, - "append": false + "append": false } ] }, { - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 10000, - "requestHeadersToAdd": [ + "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 10000, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "goldilocks" + "header": { + "key": "x-split-leg", + "value": "goldilocks" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "goldilocks" + "header": { + "key": "x-split-leg", + "value": "goldilocks" }, - "append": false + "append": false } ] }, { - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 10000, - "requestHeadersToAdd": [ + "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 10000, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "small" + "header": { + "key": "x-split-leg", + "value": "small" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "small" + "header": { + "key": "x-split-leg", + "value": "small" }, - "append": false + "append": false } ] } @@ -91,9 +91,9 @@ ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.latest.golden index c40cfe9e90..d739e15c1d 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-chain-and-overrides.latest.golden @@ -1,31 +1,31 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "78ebd528~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "33s" + "route": { + "cluster": "78ebd528~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "33s" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden index d34194b932..22be5634ec 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-chain-and-router.latest.golden @@ -1,322 +1,322 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/prefix" }, - "route": { - "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "path": "/exact" + "match": { + "path": "/exact" }, - "route": { - "cluster": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "/regex" + "match": { + "safeRegex": { + "googleRe2": {}, + "regex": "/regex" } }, - "route": { - "cluster": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "presentMatch": true + "name": "x-debug", + "presentMatch": true } ] }, - "route": { - "cluster": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "presentMatch": true, - "invertMatch": true + "name": "x-debug", + "presentMatch": true, + "invertMatch": true } ] }, - "route": { - "cluster": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "exactMatch": "exact" - } - ] - }, - "route": { - "cluster": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "prefixMatch": "prefix" - } - ] - }, - "route": { - "cluster": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "suffixMatch": "suffix" - } - ] - }, - "route": { - "cluster": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "regex" + "name": "x-debug", + "stringMatch": { + "exact": "exact" } } ] }, - "route": { - "cluster": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|PUT" + "name": "x-debug", + "stringMatch": { + "prefix": "prefix" } } ] }, - "route": { - "cluster": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "exactMatch": "exact" - }, - { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|PUT" + "name": "x-debug", + "stringMatch": { + "suffix": "suffix" } } ] }, - "route": { - "cluster": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "queryParameters": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "secretparam1", - "stringMatch": { - "exact": "exact" - } - } - ] - }, - "route": { - "cluster": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "queryParameters": [ - { - "name": "secretparam2", - "stringMatch": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "regex" + "name": "x-debug", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "regex" } } } ] }, - "route": { - "cluster": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "queryParameters": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "secretparam3", - "presentMatch": true + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|PUT" + } } ] }, - "route": { - "cluster": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "headers": [ + { + "name": "x-debug", + "stringMatch": { + "exact": "exact" + } + }, + { + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|PUT" + } + } + ] }, - "route": { - "cluster": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam1", + "stringMatch": { + "exact": "exact" + } + } + ] }, - "route": { - "cluster": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam2", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "regex" + } + } + } + ] }, - "route": { - "cluster": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam3", + "presentMatch": true + } + ] }, - "route": { - "cluster": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "prefixRewrite": "/" + "route": { + "cluster": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/" }, - "route": { - "cluster": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "prefixRewrite": "/nested/newlocation" + "route": { + "cluster": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/timeout" + "match": { + "prefix": "/" }, - "route": { - "cluster": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "33s" + "route": { + "cluster": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/idle-timeout" + "match": { + "prefix": "/" }, - "route": { - "cluster": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "idleTimeout": "33s" + "route": { + "cluster": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/retry-connect" + "match": { + "prefix": "/prefix" }, - "route": { - "cluster": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "connect-failure", - "numRetries": 15 + "route": { + "cluster": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "prefixRewrite": "/" + } + }, + { + "match": { + "prefix": "/prefix" + }, + "route": { + "cluster": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "prefixRewrite": "/nested/newlocation" + } + }, + { + "match": { + "prefix": "/timeout" + }, + "route": { + "cluster": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "33s" + } + }, + { + "match": { + "prefix": "/idle-timeout" + }, + "route": { + "cluster": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "idleTimeout": "33s" + } + }, + { + "match": { + "prefix": "/retry-connect" + }, + "route": { + "cluster": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "connect-failure", + "numRetries": 15 } } }, { - "match": { - "prefix": "/retry-reset" + "match": { + "prefix": "/retry-reset" }, - "route": { - "cluster": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "reset", - "numRetries": 15 + "route": { + "cluster": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "reset", + "numRetries": 15 } } }, { - "match": { - "prefix": "/retry-codes" + "match": { + "prefix": "/retry-codes" }, - "route": { - "cluster": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "retriable-status-codes", - "numRetries": 15, - "retriableStatusCodes": [ + "route": { + "cluster": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "retriable-status-codes", + "numRetries": 15, + "retriableStatusCodes": [ 401, 409, 451 @@ -325,14 +325,14 @@ } }, { - "match": { - "prefix": "/retry-all" + "match": { + "prefix": "/retry-all" }, - "route": { - "cluster": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "5xx,gateway-error,reset,connect-failure,envoy-ratelimited,retriable-4xx,refused-stream,cancelled,deadline-exceeded,internal,resource-exhausted,unavailable,retriable-status-codes", - "retriableStatusCodes": [ + "route": { + "cluster": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "5xx,gateway-error,reset,connect-failure,envoy-ratelimited,retriable-4xx,refused-stream,cancelled,deadline-exceeded,internal,resource-exhausted,unavailable,retriable-status-codes", + "retriableStatusCodes": [ 401, 409, 451 @@ -341,89 +341,89 @@ } }, { - "match": { - "prefix": "/split-3-ways" + "match": { + "prefix": "/split-3-ways" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 9550 + "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 9550 }, { - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 400 + "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 400 }, { - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 50 + "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 50 } ], - "totalWeight": 10000 + "totalWeight": 10000 } } }, { - "match": { - "path": "/header-manip" + "match": { + "path": "/header-manip" }, - "route": { - "cluster": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, - "requestHeadersToAdd": [ + "requestHeadersToAdd": [ { - "header": { - "key": "request", - "value": "bar" + "header": { + "key": "request", + "value": "bar" }, - "append": true + "append": true }, { - "header": { - "key": "bar", - "value": "baz" + "header": { + "key": "bar", + "value": "baz" }, - "append": false + "append": false } ], - "requestHeadersToRemove": [ + "requestHeadersToRemove": [ "qux" ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "response", - "value": "bar" + "header": { + "key": "response", + "value": "bar" }, - "append": true + "append": true }, { - "header": { - "key": "bar", - "value": "baz" + "header": { + "key": "bar", + "value": "baz" }, - "append": false + "append": false } ], - "responseHeadersToRemove": [ + "responseHeadersToRemove": [ "qux" ] }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.latest.golden index 9dde104442..5263c539c9 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-chain-and-splitter.latest.golden @@ -1,100 +1,100 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 9550, - "requestHeadersToAdd": [ + "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 9550, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "big" + "header": { + "key": "x-split-leg", + "value": "big" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "big" + "header": { + "key": "x-split-leg", + "value": "big" }, - "append": false + "append": false } ] }, { - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 400, - "requestHeadersToAdd": [ + "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 400, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "goldilocks" + "header": { + "key": "x-split-leg", + "value": "goldilocks" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "goldilocks" + "header": { + "key": "x-split-leg", + "value": "goldilocks" }, - "append": false + "append": false } ] }, { - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 50, - "requestHeadersToAdd": [ + "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 50, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "small" + "header": { + "key": "x-split-leg", + "value": "small" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "small" + "header": { + "key": "x-split-leg", + "value": "small" }, - "append": false + "append": false } ] } ], - "totalWeight": 10000 + "totalWeight": 10000 } } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-grpc-router.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-grpc-router.latest.golden index c042006a5f..22a9cff44b 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-grpc-router.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-grpc-router.latest.golden @@ -1,38 +1,38 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "path": "/fgrpc.PingServer/Ping" + "match": { + "path": "/fgrpc.PingServer/Ping" }, - "route": { - "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams-escape-overrides.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams.latest.golden +++ b/agent/xds/testdata/routes/connect-proxy-with-peered-upstreams.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/defaults.latest.golden b/agent/xds/testdata/routes/defaults.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/defaults.latest.golden +++ b/agent/xds/testdata/routes/defaults.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-config-entry-nil.latest.golden b/agent/xds/testdata/routes/ingress-config-entry-nil.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/ingress-config-entry-nil.latest.golden +++ b/agent/xds/testdata/routes/ingress-config-entry-nil.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-defaults-no-chain.latest.golden b/agent/xds/testdata/routes/ingress-defaults-no-chain.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/ingress-defaults-no-chain.latest.golden +++ b/agent/xds/testdata/routes/ingress-defaults-no-chain.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-http-multiple-services.latest.golden b/agent/xds/testdata/routes/ingress-http-multiple-services.latest.golden index 507c66a46d..863576d0ce 100644 --- a/agent/xds/testdata/routes/ingress-http-multiple-services.latest.golden +++ b/agent/xds/testdata/routes/ingress-http-multiple-services.latest.golden @@ -1,93 +1,93 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "443", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "443", + "virtualHosts": [ { - "name": "baz", - "domains": [ + "name": "baz", + "domains": [ "baz.ingress.*", "baz.ingress.*:443" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "baz.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "baz.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] }, { - "name": "qux", - "domains": [ + "name": "qux", + "domains": [ "qux.ingress.*", "qux.ingress.*:443" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "qux.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "qux.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true }, { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "foo", - "domains": [ + "name": "foo", + "domains": [ "test1.example.com", "test2.example.com", "test2.example.com:8080", "test1.example.com:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "22s" + "route": { + "cluster": "foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "22s" } } ] }, { - "name": "bar", - "domains": [ + "name": "bar", + "domains": [ "bar.ingress.*", "bar.ingress.*:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "22s" + "route": { + "cluster": "bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "22s" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden b/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden index 959cc72d4e..aa96e27969 100644 --- a/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden +++ b/agent/xds/testdata/routes/ingress-lb-in-resolver.latest.golden @@ -1,63 +1,63 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "db.ingress.*", "db.ingress.*:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "something-else.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 9550 + "name": "something-else.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 9550 }, { - "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 450 + "name": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 450 } ], - "totalWeight": 10000 + "totalWeight": 10000 }, - "hashPolicy": [ + "hashPolicy": [ { - "cookie": { - "name": "chocolate-chip" + "cookie": { + "name": "chocolate-chip" }, - "terminal": true + "terminal": true }, { - "cookie": { - "name": "chocolate-chip", - "ttl": "0s" + "cookie": { + "name": "chocolate-chip", + "ttl": "0s" } }, { - "header": { - "headerName": "x-user-id" + "header": { + "headerName": "x-user-id" } }, { - "queryParameter": { - "name": "my-pretty-param" + "queryParameter": { + "name": "my-pretty-param" } }, { - "connectionProperties": { - "sourceIp": true + "connectionProperties": { + "sourceIp": true }, - "terminal": true + "terminal": true } ] } @@ -65,9 +65,9 @@ ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.latest.golden index 4c3fee303c..b0e47ded2f 100644 --- a/agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.latest.golden +++ b/agent/xds/testdata/routes/ingress-splitter-with-resolver-redirect.latest.golden @@ -1,43 +1,43 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "db.ingress.*", "db.ingress.*:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "v1.db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 5000 + "name": "v1.db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 5000 }, { - "name": "v2.db.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 5000 + "name": "v2.db.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 5000 } ], - "totalWeight": 10000 + "totalWeight": 10000 } } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden b/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden index 1fa06838f8..580253536d 100644 --- a/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-chain-and-router-header-manip.latest.golden @@ -1,323 +1,323 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "db.ingress.*", "db.ingress.*:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/prefix" }, - "route": { - "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "path": "/exact" + "match": { + "path": "/exact" }, - "route": { - "cluster": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "/regex" + "match": { + "safeRegex": { + "googleRe2": {}, + "regex": "/regex" } }, - "route": { - "cluster": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "presentMatch": true + "name": "x-debug", + "presentMatch": true } ] }, - "route": { - "cluster": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "presentMatch": true, - "invertMatch": true + "name": "x-debug", + "presentMatch": true, + "invertMatch": true } ] }, - "route": { - "cluster": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "exactMatch": "exact" - } - ] - }, - "route": { - "cluster": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "prefixMatch": "prefix" - } - ] - }, - "route": { - "cluster": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "suffixMatch": "suffix" - } - ] - }, - "route": { - "cluster": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "regex" + "name": "x-debug", + "stringMatch": { + "exact": "exact" } } ] }, - "route": { - "cluster": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|PUT" + "name": "x-debug", + "stringMatch": { + "prefix": "prefix" } } ] }, - "route": { - "cluster": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "exactMatch": "exact" - }, - { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|PUT" + "name": "x-debug", + "stringMatch": { + "suffix": "suffix" } } ] }, - "route": { - "cluster": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "queryParameters": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "secretparam1", - "stringMatch": { - "exact": "exact" - } - } - ] - }, - "route": { - "cluster": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "queryParameters": [ - { - "name": "secretparam2", - "stringMatch": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "regex" + "name": "x-debug", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "regex" } } } ] }, - "route": { - "cluster": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "queryParameters": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "secretparam3", - "presentMatch": true + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|PUT" + } } ] }, - "route": { - "cluster": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "headers": [ + { + "name": "x-debug", + "stringMatch": { + "exact": "exact" + } + }, + { + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|PUT" + } + } + ] }, - "route": { - "cluster": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam1", + "stringMatch": { + "exact": "exact" + } + } + ] }, - "route": { - "cluster": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam2", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "regex" + } + } + } + ] }, - "route": { - "cluster": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam3", + "presentMatch": true + } + ] }, - "route": { - "cluster": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "prefixRewrite": "/" + "route": { + "cluster": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/" }, - "route": { - "cluster": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "prefixRewrite": "/nested/newlocation" + "route": { + "cluster": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/timeout" + "match": { + "prefix": "/" }, - "route": { - "cluster": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "33s" + "route": { + "cluster": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/idle-timeout" + "match": { + "prefix": "/" }, - "route": { - "cluster": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "idleTimeout": "33s" + "route": { + "cluster": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/retry-connect" + "match": { + "prefix": "/prefix" }, - "route": { - "cluster": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "connect-failure", - "numRetries": 15 + "route": { + "cluster": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "prefixRewrite": "/" + } + }, + { + "match": { + "prefix": "/prefix" + }, + "route": { + "cluster": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "prefixRewrite": "/nested/newlocation" + } + }, + { + "match": { + "prefix": "/timeout" + }, + "route": { + "cluster": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "33s" + } + }, + { + "match": { + "prefix": "/idle-timeout" + }, + "route": { + "cluster": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "idleTimeout": "33s" + } + }, + { + "match": { + "prefix": "/retry-connect" + }, + "route": { + "cluster": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "connect-failure", + "numRetries": 15 } } }, { - "match": { - "prefix": "/retry-reset" + "match": { + "prefix": "/retry-reset" }, - "route": { - "cluster": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "reset", - "numRetries": 15 + "route": { + "cluster": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "reset", + "numRetries": 15 } } }, { - "match": { - "prefix": "/retry-codes" + "match": { + "prefix": "/retry-codes" }, - "route": { - "cluster": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "retriable-status-codes", - "numRetries": 15, - "retriableStatusCodes": [ + "route": { + "cluster": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "retriable-status-codes", + "numRetries": 15, + "retriableStatusCodes": [ 401, 409, 451 @@ -326,14 +326,14 @@ } }, { - "match": { - "prefix": "/retry-all" + "match": { + "prefix": "/retry-all" }, - "route": { - "cluster": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "5xx,gateway-error,reset,connect-failure,envoy-ratelimited,retriable-4xx,refused-stream,cancelled,deadline-exceeded,internal,resource-exhausted,unavailable,retriable-status-codes", - "retriableStatusCodes": [ + "route": { + "cluster": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "5xx,gateway-error,reset,connect-failure,envoy-ratelimited,retriable-4xx,refused-stream,cancelled,deadline-exceeded,internal,resource-exhausted,unavailable,retriable-status-codes", + "retriableStatusCodes": [ 401, 409, 451 @@ -342,127 +342,127 @@ } }, { - "match": { - "prefix": "/split-3-ways" + "match": { + "prefix": "/split-3-ways" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 9550 + "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 9550 }, { - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 400 + "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 400 }, { - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 50 + "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 50 } ], - "totalWeight": 10000 + "totalWeight": 10000 } } }, { - "match": { - "path": "/header-manip" + "match": { + "path": "/header-manip" }, - "route": { - "cluster": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, - "requestHeadersToAdd": [ + "requestHeadersToAdd": [ { - "header": { - "key": "request", - "value": "bar" + "header": { + "key": "request", + "value": "bar" }, - "append": true + "append": true }, { - "header": { - "key": "bar", - "value": "baz" + "header": { + "key": "bar", + "value": "baz" }, - "append": false + "append": false } ], - "requestHeadersToRemove": [ + "requestHeadersToRemove": [ "qux" ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "response", - "value": "bar" + "header": { + "key": "response", + "value": "bar" }, - "append": true + "append": true }, { - "header": { - "key": "bar", - "value": "baz" + "header": { + "key": "bar", + "value": "baz" }, - "append": false + "append": false } ], - "responseHeadersToRemove": [ + "responseHeadersToRemove": [ "qux" ] }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ], - "requestHeadersToAdd": [ + "requestHeadersToAdd": [ { - "header": { - "key": "foo", - "value": "bar" + "header": { + "key": "foo", + "value": "bar" }, - "append": true + "append": true }, { - "header": { - "key": "bar", - "value": "baz" + "header": { + "key": "bar", + "value": "baz" }, - "append": false + "append": false } ], - "requestHeadersToRemove": [ + "requestHeadersToRemove": [ "qux" ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "foo", - "value": "bar" + "header": { + "key": "foo", + "value": "bar" }, - "append": true + "append": true }, { - "header": { - "key": "bar", - "value": "baz" + "header": { + "key": "bar", + "value": "baz" }, - "append": false + "append": false } ], - "responseHeadersToRemove": [ + "responseHeadersToRemove": [ "qux" ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden b/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden index ffe7313996..ee02633e4a 100644 --- a/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-chain-and-router.latest.golden @@ -1,323 +1,323 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "db.ingress.*", "db.ingress.*:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/prefix" }, - "route": { - "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "path": "/exact" + "match": { + "path": "/exact" }, - "route": { - "cluster": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "/regex" + "match": { + "safeRegex": { + "googleRe2": {}, + "regex": "/regex" } }, - "route": { - "cluster": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "presentMatch": true + "name": "x-debug", + "presentMatch": true } ] }, - "route": { - "cluster": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "presentMatch": true, - "invertMatch": true + "name": "x-debug", + "presentMatch": true, + "invertMatch": true } ] }, - "route": { - "cluster": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-not-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "exactMatch": "exact" - } - ] - }, - "route": { - "cluster": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "prefixMatch": "prefix" - } - ] - }, - "route": { - "cluster": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "suffixMatch": "suffix" - } - ] - }, - "route": { - "cluster": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "headers": [ - { - "name": "x-debug", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "regex" + "name": "x-debug", + "stringMatch": { + "exact": "exact" } } ] }, - "route": { - "cluster": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|PUT" + "name": "x-debug", + "stringMatch": { + "prefix": "prefix" } } ] }, - "route": { - "cluster": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "headers": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "x-debug", - "exactMatch": "exact" - }, - { - "name": ":method", - "safeRegexMatch": { - "googleRe2": { - - }, - "regex": "GET|PUT" + "name": "x-debug", + "stringMatch": { + "suffix": "suffix" } } ] }, - "route": { - "cluster": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-suffix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "queryParameters": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "secretparam1", - "stringMatch": { - "exact": "exact" - } - } - ] - }, - "route": { - "cluster": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" - } - }, - { - "match": { - "prefix": "/", - "queryParameters": [ - { - "name": "secretparam2", - "stringMatch": { - "safeRegex": { - "googleRe2": { - - }, - "regex": "regex" + "name": "x-debug", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "regex" } } } ] }, - "route": { - "cluster": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/", - "queryParameters": [ + "match": { + "prefix": "/", + "headers": [ { - "name": "secretparam3", - "presentMatch": true + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|PUT" + } } ] }, - "route": { - "cluster": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "just-methods.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "headers": [ + { + "name": "x-debug", + "stringMatch": { + "exact": "exact" + } + }, + { + "name": ":method", + "safeRegexMatch": { + "googleRe2": {}, + "regex": "GET|PUT" + } + } + ] }, - "route": { - "cluster": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "hdr-exact-with-method.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam1", + "stringMatch": { + "exact": "exact" + } + } + ] }, - "route": { - "cluster": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prm-exact.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam2", + "stringMatch": { + "safeRegex": { + "googleRe2": {}, + "regex": "regex" + } + } + } + ] }, - "route": { - "cluster": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prm-regex.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/", + "queryParameters": [ + { + "name": "secretparam3", + "presentMatch": true + } + ] }, - "route": { - "cluster": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "prefixRewrite": "/" + "route": { + "cluster": "prm-present.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/prefix" + "match": { + "prefix": "/" }, - "route": { - "cluster": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "prefixRewrite": "/nested/newlocation" + "route": { + "cluster": "nil-match.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/timeout" + "match": { + "prefix": "/" }, - "route": { - "cluster": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "timeout": "33s" + "route": { + "cluster": "empty-match-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/idle-timeout" + "match": { + "prefix": "/" }, - "route": { - "cluster": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "idleTimeout": "33s" + "route": { + "cluster": "empty-match-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/retry-connect" + "match": { + "prefix": "/prefix" }, - "route": { - "cluster": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "connect-failure", - "numRetries": 15 + "route": { + "cluster": "prefix-rewrite-1.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "prefixRewrite": "/" + } + }, + { + "match": { + "prefix": "/prefix" + }, + "route": { + "cluster": "prefix-rewrite-2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "prefixRewrite": "/nested/newlocation" + } + }, + { + "match": { + "prefix": "/timeout" + }, + "route": { + "cluster": "req-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "timeout": "33s" + } + }, + { + "match": { + "prefix": "/idle-timeout" + }, + "route": { + "cluster": "idle-timeout.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "idleTimeout": "33s" + } + }, + { + "match": { + "prefix": "/retry-connect" + }, + "route": { + "cluster": "retry-connect.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "connect-failure", + "numRetries": 15 } } }, { - "match": { - "prefix": "/retry-reset" + "match": { + "prefix": "/retry-reset" }, - "route": { - "cluster": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "reset", - "numRetries": 15 + "route": { + "cluster": "retry-reset.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "reset", + "numRetries": 15 } } }, { - "match": { - "prefix": "/retry-codes" + "match": { + "prefix": "/retry-codes" }, - "route": { - "cluster": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "retriable-status-codes", - "numRetries": 15, - "retriableStatusCodes": [ + "route": { + "cluster": "retry-codes.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "retriable-status-codes", + "numRetries": 15, + "retriableStatusCodes": [ 401, 409, 451 @@ -326,14 +326,14 @@ } }, { - "match": { - "prefix": "/retry-all" + "match": { + "prefix": "/retry-all" }, - "route": { - "cluster": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "retryPolicy": { - "retryOn": "5xx,gateway-error,reset,connect-failure,envoy-ratelimited,retriable-4xx,refused-stream,cancelled,deadline-exceeded,internal,resource-exhausted,unavailable,retriable-status-codes", - "retriableStatusCodes": [ + "route": { + "cluster": "retry-all.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "retryPolicy": { + "retryOn": "5xx,gateway-error,reset,connect-failure,envoy-ratelimited,retriable-4xx,refused-stream,cancelled,deadline-exceeded,internal,resource-exhausted,unavailable,retriable-status-codes", + "retriableStatusCodes": [ 401, 409, 451 @@ -342,89 +342,89 @@ } }, { - "match": { - "prefix": "/split-3-ways" + "match": { + "prefix": "/split-3-ways" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 9550 + "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 9550 }, { - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 400 + "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 400 }, { - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 50 + "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 50 } ], - "totalWeight": 10000 + "totalWeight": 10000 } } }, { - "match": { - "path": "/header-manip" + "match": { + "path": "/header-manip" }, - "route": { - "cluster": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "header-manip.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" }, - "requestHeadersToAdd": [ + "requestHeadersToAdd": [ { - "header": { - "key": "request", - "value": "bar" + "header": { + "key": "request", + "value": "bar" }, - "append": true + "append": true }, { - "header": { - "key": "bar", - "value": "baz" + "header": { + "key": "bar", + "value": "baz" }, - "append": false + "append": false } ], - "requestHeadersToRemove": [ + "requestHeadersToRemove": [ "qux" ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "response", - "value": "bar" + "header": { + "key": "response", + "value": "bar" }, - "append": true + "append": true }, { - "header": { - "key": "bar", - "value": "baz" + "header": { + "key": "bar", + "value": "baz" }, - "append": false + "append": false } ], - "responseHeadersToRemove": [ + "responseHeadersToRemove": [ "qux" ] }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain-and-splitter.latest.golden b/agent/xds/testdata/routes/ingress-with-chain-and-splitter.latest.golden index 820de54764..268aff97d9 100644 --- a/agent/xds/testdata/routes/ingress-with-chain-and-splitter.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-chain-and-splitter.latest.golden @@ -1,101 +1,101 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "db.ingress.*", "db.ingress.*:8080" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 9550, - "requestHeadersToAdd": [ + "name": "big-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 9550, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "big" + "header": { + "key": "x-split-leg", + "value": "big" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "big" + "header": { + "key": "x-split-leg", + "value": "big" }, - "append": false + "append": false } ] }, { - "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 400, - "requestHeadersToAdd": [ + "name": "goldilocks-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 400, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "goldilocks" + "header": { + "key": "x-split-leg", + "value": "goldilocks" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "goldilocks" + "header": { + "key": "x-split-leg", + "value": "goldilocks" }, - "append": false + "append": false } ] }, { - "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 50, - "requestHeadersToAdd": [ + "name": "lil-bit-side.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 50, + "requestHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "small" + "header": { + "key": "x-split-leg", + "value": "small" }, - "append": false + "append": false } ], - "responseHeadersToAdd": [ + "responseHeadersToAdd": [ { - "header": { - "key": "x-split-leg", - "value": "small" + "header": { + "key": "x-split-leg", + "value": "small" }, - "append": false + "append": false } ] } ], - "totalWeight": 10000 + "totalWeight": 10000 } } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain-external-sni.latest.golden b/agent/xds/testdata/routes/ingress-with-chain-external-sni.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/ingress-with-chain-external-sni.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-chain-external-sni.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-chain.latest.golden b/agent/xds/testdata/routes/ingress-with-chain.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/ingress-with-chain.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-chain.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/ingress-with-grpc-router.latest.golden b/agent/xds/testdata/routes/ingress-with-grpc-router.latest.golden index bc6d021fbb..7a3534261e 100644 --- a/agent/xds/testdata/routes/ingress-with-grpc-router.latest.golden +++ b/agent/xds/testdata/routes/ingress-with-grpc-router.latest.golden @@ -1,39 +1,39 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "8080", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "8080", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "db.ingress.*", "db.ingress.*:8080" ], - "routes": [ + "routes": [ { - "match": { - "path": "/fgrpc.PingServer/Ping" + "match": { + "path": "/fgrpc.PingServer/Ping" }, - "route": { - "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "prefix.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/local-mesh-gateway-with-peered-upstreams.latest.golden b/agent/xds/testdata/routes/local-mesh-gateway-with-peered-upstreams.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/local-mesh-gateway-with-peered-upstreams.latest.golden +++ b/agent/xds/testdata/routes/local-mesh-gateway-with-peered-upstreams.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-peering-control-plane.latest.golden b/agent/xds/testdata/routes/mesh-gateway-peering-control-plane.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/mesh-gateway-peering-control-plane.latest.golden +++ b/agent/xds/testdata/routes/mesh-gateway-peering-control-plane.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden b/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden index ce1c0ad2d5..e295056e07 100644 --- a/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden +++ b/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http-with-router.latest.golden @@ -1,58 +1,58 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/split" + "match": { + "prefix": "/split" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "exported~alt.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 6000 + "name": "exported~alt.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 6000 }, { - "name": "exported~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 4000 + "name": "exported~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 4000 } ], - "totalWeight": 10000 + "totalWeight": 10000 } } }, { - "match": { - "prefix": "/api" + "match": { + "prefix": "/api" }, - "route": { - "cluster": "exported~v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "exported~v2.api.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } }, { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "exported~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "exported~db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http.latest.golden b/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http.latest.golden index 5b64a2c7ed..862b1d868d 100644 --- a/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http.latest.golden +++ b/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services-http.latest.golden @@ -1,76 +1,76 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "bar", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "bar", + "virtualHosts": [ { - "name": "bar", - "domains": [ + "name": "bar", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "exported~bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "exported~bar.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true }, { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "foo", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "foo", + "virtualHosts": [ { - "name": "foo", - "domains": [ + "name": "foo", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "exported~foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "exported~foo.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true }, { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "gir", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "gir", + "virtualHosts": [ { - "name": "gir", - "domains": [ + "name": "gir", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "exported~gir.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "exported~gir.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services.latest.golden b/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services.latest.golden +++ b/agent/xds/testdata/routes/mesh-gateway-with-exported-peered-services.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-with-imported-peered-services.latest.golden b/agent/xds/testdata/routes/mesh-gateway-with-imported-peered-services.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/mesh-gateway-with-imported-peered-services.latest.golden +++ b/agent/xds/testdata/routes/mesh-gateway-with-imported-peered-services.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden b/agent/xds/testdata/routes/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden +++ b/agent/xds/testdata/routes/mesh-gateway-with-peer-through-mesh-gateway-enabled.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/splitter-with-resolver-redirect.latest.golden b/agent/xds/testdata/routes/splitter-with-resolver-redirect.latest.golden index dec26fd159..d1af260a9e 100644 --- a/agent/xds/testdata/routes/splitter-with-resolver-redirect.latest.golden +++ b/agent/xds/testdata/routes/splitter-with-resolver-redirect.latest.golden @@ -1,42 +1,42 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "db", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "db", + "virtualHosts": [ { - "name": "db", - "domains": [ + "name": "db", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "weightedClusters": { - "clusters": [ + "route": { + "weightedClusters": { + "clusters": [ { - "name": "v1.db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 5000 + "name": "v1.db.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 5000 }, { - "name": "v2.db.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul", - "weight": 5000 + "name": "v2.db.default.dc2.internal.11111111-2222-3333-4444-555555555555.consul", + "weight": 5000 } ], - "totalWeight": 10000 + "totalWeight": 10000 } } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-destination-http.latest.golden b/agent/xds/testdata/routes/transparent-proxy-destination-http.latest.golden index 173aa56476..bbd24a6b42 100644 --- a/agent/xds/testdata/routes/transparent-proxy-destination-http.latest.golden +++ b/agent/xds/testdata/routes/transparent-proxy-destination-http.latest.golden @@ -1,85 +1,85 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "destination.443.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ { - "name": "destination.www-google-com.google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "domains": [ + "name": "destination.www-google-com.google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ "www.google.com" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "destination.www-google-com.google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "destination.www-google-com.google.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true }, { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "destination.9093.~http.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ { - "name": "destination.192-168-2-3.kafka2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "domains": [ + "name": "destination.192-168-2-3.kafka2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ "192.168.2.3" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "destination.192-168-2-3.kafka2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "destination.192-168-2-3.kafka2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] }, { - "name": "destination.192-168-2-2.kafka2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "domains": [ + "name": "destination.192-168-2-2.kafka2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ "192.168.2.2" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "destination.192-168-2-2.kafka2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "destination.192-168-2-2.kafka2.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] }, { - "name": "destination.192-168-2-1.kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "domains": [ + "name": "destination.192-168-2-1.kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ "192.168.2.1" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "destination.192-168-2-1.kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "destination.192-168-2-1.kafka.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-destination.latest.golden b/agent/xds/testdata/routes/transparent-proxy-destination.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/transparent-proxy-destination.latest.golden +++ b/agent/xds/testdata/routes/transparent-proxy-destination.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-terminating-gateway-destinations-only.latest.golden b/agent/xds/testdata/routes/transparent-proxy-terminating-gateway-destinations-only.latest.golden index 37cf2c0b00..7d3756dd29 100644 --- a/agent/xds/testdata/routes/transparent-proxy-terminating-gateway-destinations-only.latest.golden +++ b/agent/xds/testdata/routes/transparent-proxy-terminating-gateway-destinations-only.latest.golden @@ -1,53 +1,53 @@ { - "versionInfo": "00000001", - "resources": [ + "versionInfo": "00000001", + "resources": [ { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ { - "name": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "domains": [ + "name": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "destination.192-168-0-2.external-IP-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true }, { - "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "name": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "virtualHosts": [ + "@type": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "name": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "virtualHosts": [ { - "name": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", - "domains": [ + "name": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul", + "domains": [ "*" ], - "routes": [ + "routes": [ { - "match": { - "prefix": "/" + "match": { + "prefix": "/" }, - "route": { - "cluster": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" + "route": { + "cluster": "destination.httpbin-org.external-hostname-HTTP.default.dc1.internal.11111111-2222-3333-4444-555555555555.consul" } } ] } ], - "validateClusters": true + "validateClusters": true } ], - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy-with-peered-upstreams.latest.golden b/agent/xds/testdata/routes/transparent-proxy-with-peered-upstreams.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/transparent-proxy-with-peered-upstreams.latest.golden +++ b/agent/xds/testdata/routes/transparent-proxy-with-peered-upstreams.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xds/testdata/routes/transparent-proxy.latest.golden b/agent/xds/testdata/routes/transparent-proxy.latest.golden index 9c050cbe6b..306f5220e7 100644 --- a/agent/xds/testdata/routes/transparent-proxy.latest.golden +++ b/agent/xds/testdata/routes/transparent-proxy.latest.golden @@ -1,5 +1,5 @@ { - "versionInfo": "00000001", - "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", - "nonce": "00000001" + "versionInfo": "00000001", + "typeUrl": "type.googleapis.com/envoy.config.route.v3.RouteConfiguration", + "nonce": "00000001" } \ No newline at end of file diff --git a/agent/xdsv2/route_resources.go b/agent/xdsv2/route_resources.go index 931d48f260..fbba0eb3a4 100644 --- a/agent/xdsv2/route_resources.go +++ b/agent/xdsv2/route_resources.go @@ -5,13 +5,15 @@ package xdsv2 import ( "fmt" + "strings" + envoy_core_v3 "github.com/envoyproxy/go-control-plane/envoy/config/core/v3" envoy_matcher_v3 "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3" + "google.golang.org/protobuf/types/known/wrapperspb" + "github.com/hashicorp/consul/agent/xds/response" "github.com/hashicorp/consul/envoyextensions/xdscommon" "github.com/hashicorp/consul/proto-public/pbmesh/v1alpha1/pbproxystate" - "google.golang.org/protobuf/types/known/wrapperspb" - "strings" envoy_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" "google.golang.org/protobuf/proto" @@ -37,7 +39,6 @@ func (pr *ProxyResources) makeEnvoyRoute(name string) (*envoy_route_v3.RouteConf if !ok { // This should not happen with a valid proxy state. return nil, fmt.Errorf("could not find route in ProxyState: %s", name) - } return route, nil } @@ -45,7 +46,6 @@ func (pr *ProxyResources) makeEnvoyRoute(name string) (*envoy_route_v3.RouteConf // makeEnvoyRouteConfigFromProxystateRoute converts the proxystate representation of a Route into Envoy proto message // form. We don't throw any errors here, since the proxystate has already been validated. func (pr *ProxyResources) makeEnvoyRouteConfigFromProxystateRoute(name string, psRoute *pbproxystate.Route) *envoy_route_v3.RouteConfiguration { - envoyRouteConfig := &envoy_route_v3.RouteConfiguration{ Name: name, // ValidateClusters defaults to true when defined statically and false @@ -158,21 +158,44 @@ func makeEnvoyHeaderMatcherFromProxystateHeaderMatch(psMatch *pbproxystate.Heade switch psMatch.Match.(type) { case *pbproxystate.HeaderMatch_Exact: - envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_ExactMatch{ - ExactMatch: psMatch.GetExact(), + envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Exact{ + Exact: psMatch.GetExact(), + }, + IgnoreCase: false, + }, } + case *pbproxystate.HeaderMatch_Regex: - envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SafeRegexMatch{ - SafeRegexMatch: makeEnvoyRegexMatch(psMatch.GetRegex()), + envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_SafeRegex{ + SafeRegex: response.MakeEnvoyRegexMatch(psMatch.GetRegex()), + }, + IgnoreCase: false, + }, } + case *pbproxystate.HeaderMatch_Prefix: - envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PrefixMatch{ - PrefixMatch: psMatch.GetPrefix(), + envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Prefix{ + Prefix: psMatch.GetPrefix(), + }, + IgnoreCase: false, + }, } case *pbproxystate.HeaderMatch_Suffix: - envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_SuffixMatch{ - SuffixMatch: psMatch.GetSuffix(), + envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_StringMatch{ + StringMatch: &envoy_matcher_v3.StringMatcher{ + MatchPattern: &envoy_matcher_v3.StringMatcher_Suffix{ + Suffix: psMatch.GetSuffix(), + }, + IgnoreCase: false, + }, } + case *pbproxystate.HeaderMatch_Present: envoyHeaderMatcher.HeaderMatchSpecifier = &envoy_route_v3.HeaderMatcher_PresentMatch{ PresentMatch: true, @@ -308,7 +331,6 @@ func makeEnvoyClusterWeightFromProxystateWeightedCluster(cluster *pbproxystate.L } func injectEnvoyClusterWeightWithProxystateHeaderMutation(envoyClusterWeight *envoy_route_v3.WeightedCluster_ClusterWeight, mutation *pbproxystate.HeaderMutation) { - mutation.GetAction() switch mutation.GetAction().(type) { case *pbproxystate.HeaderMutation_RequestHeaderAdd: @@ -374,7 +396,6 @@ func injectEnvoyRouteActionWithProxystateDestinationConfig(envoyAction *envoy_ro } func makeEnvoyHashPolicyFromProxystateLBHashPolicy(psPolicy *pbproxystate.LoadBalancerHashPolicy) *envoy_route_v3.RouteAction_HashPolicy { - switch psPolicy.GetPolicy().(type) { case *pbproxystate.LoadBalancerHashPolicy_ConnectionProperties: return &envoy_route_v3.RouteAction_HashPolicy{ @@ -433,7 +454,6 @@ func makeEnvoyRetryPolicyFromProxystateRetryPolicy(psRetryPolicy *pbproxystate.R } func injectEnvoyRouteRuleWithProxystateHeaderMutation(envoyRouteRule *envoy_route_v3.Route, mutation *pbproxystate.HeaderMutation) { - mutation.GetAction() switch mutation.GetAction().(type) { case *pbproxystate.HeaderMutation_RequestHeaderAdd: @@ -479,7 +499,6 @@ func injectEnvoyRouteRuleWithProxystateHeaderMutation(envoyRouteRule *envoy_rout } func injectEnvoyVirtualHostWithProxystateHeaderMutation(envoyVirtualHost *envoy_route_v3.VirtualHost, mutation *pbproxystate.HeaderMutation) { - mutation.GetAction() switch mutation.GetAction().(type) { case *pbproxystate.HeaderMutation_RequestHeaderAdd: