Commit Graph

362 Commits (eda961f4a2a04f951d15a5a3a73bf75a73c0e649)

Author SHA1 Message Date
Matt Keeler 123bc95e1a
Add Common Controller Caching Infrastructure (#19767)
12 months ago
Ganesh S 90010587f0
Move enterprise multicluster types to Register function (#19913)
12 months ago
Ganesh S 173fe11c2b
Refactor exported services controller tests (#19906)
12 months ago
Tauhid Anjum 1484c6db47
NET-6771 - Adding sameness group protobuff in consul CE (#19883)
12 months ago
Matt Keeler bfad6a4e07
Ensure that the default namespace always exists even prior to resource creation (#19852)
12 months ago
Matt Keeler efe279f802
Retry lint fixes (#19151)
12 months ago
Semir Patel c1bbda8128
resource: block default namespace deletion + test refactorings (#19822)
12 months ago
lornasong edf4610ed9
[Cloud][CC-6925] Updates to pushing server state (#19682)
12 months ago
aahel 7936e55807
added node health resource (#19803)
1 year ago
Ashesh Vidyut 82f6a8d7f3
Net 6585 (#19797)
1 year ago
aahel ac9261ac3e
made node parition scoped (#19794)
1 year ago
Semir Patel 2d1f308138
resource: add v2tenancy feature flag to deployer tests (#19774)
1 year ago
Michael Zalimeni d1f2fa1841
[NET-6725] test: Address occasional flakes in sidecarproxy/controller_test.go (#19760)
1 year ago
Thomas Eckert 419677cc9e
[NET-6420] Add MeshConfiguration Controller stub (#19745)
1 year ago
Chris S. Kim 5107764115
Move test setup out of subtest (#19753)
1 year ago
Semir Patel 5930748cb0
resource: ListByOwner returns empty list on non-existent tenancy (#19742)
1 year ago
Ganesh S ba2422596f
Add tenancy tests for routes controller (#19706)
1 year ago
Semir Patel 0fdc2ac5e9
v2tenancy: namespace deletion using finalizers (#19714)
1 year ago
aahel a28f4b7f37
optimized fetching services in exported service controller (#19695)
1 year ago
Michael Zalimeni 58cc6eded4
[SECVULN-1532] chore: Remove TODO comments for OIDC/JWT auth (#19700)
1 year ago
Semir Patel 75c2def1ca
resource: preserve deferred deletion metadata on non-CAS writes (#19674)
1 year ago
Ganesh S c061168aca
Add tests for traffic permissions controller (#19672)
1 year ago
John Murret 2591318c82
Skip tests with p95 greater than 30 seconds outside of main and release branches. (#19628)
1 year ago
Semir Patel 1eed205286
resource: freeze resources after marked for deletion (4 of 5) (#19603)
1 year ago
Ganesh S 4020c002d6
Add tenancy tests for proxy cfg controller (#19649)
1 year ago
Ganesh S 2e28aecff8
Added tenancy tests for endpoints controller (#19650)
1 year ago
Ashesh Vidyut d68a23aa85
NET 6539 - Add tenancy tests for folder - internal/mesh/internal/controllers/sidecarproxy (#19646)
1 year ago
Ashesh Vidyut 443461318a
NET 6525 (#19645)
1 year ago
Ashesh Vidyut fbc2a58733
NET 6442 - Add tenancy to explicit destinations controller (#19644)
1 year ago
R.B. Boyer b21851c903
test: add test helper to detect if the current build is enterprise (#19201)
1 year ago
Kumar Kavish 68e7f27fd2
[NET-6438] Add tenancy to xDS Tests (#19551)
1 year ago
aahel 005e1b9926
added exported svc controller (#19589)
1 year ago
Nathan Coleman 40c57f10a0
NET-6391 Initialize controller for MeshGateway resource (#19552)
1 year ago
Kumar Kavish 3df8b58479
[NET-6444] Add tenancy to Reaper Tests (#19550)
1 year ago
Kumar Kavish f09dbb99e9
[NET-6356] Add tenancy to Failover Tests (#19547)
1 year ago
Ashesh Vidyut 515eed8c7c
Net 6439 (#19517)
1 year ago
Matt Keeler a7774a9538
Introduce randomized timings and reproducible randomization into controller integration tests. (#19393)
1 year ago
Ashesh Vidyut 985aa76da3
NET 6354 - Add tenancy in Node Health Controller (#19457)
1 year ago
John Murret caaff73337
add DeliverLatest as common function for use by Manager and ProxyTracker Open (#19564)
1 year ago
Semir Patel 2da7dd077a
v2tenancy: register tenancy controller deps (#19531)
1 year ago
Ganesh S 5352ff945c
Added tenancy tests for WorkloadHealth controller (#19530)
1 year ago
Poonam Jadhav c3c836edae
Net-6291/fix/watch resources (#19467)
1 year ago
John Murret d94d316204
NET-6319 - L7 routes have statePrefix of upstream. and should have a full path (#19473)
1 year ago
Semir Patel aaac20f4a8
resource: misc finalizer apis (#19474)
1 year ago
John Murret 77e9a50f8b
Source / local_app golden tests to include all protocols. (#19436)
1 year ago
skpratt 896d8f5ec5
temporarily disallow L7 traffic permissions (#19322)
1 year ago
Semir Patel 0abd96c0d9
resource: resource service now checks for `v2tenancy` feature flag (#19400)
1 year ago
Matt Keeler 5698353652
Resource Hook Pre-Decode Utilities (#18548)
1 year ago
Ashesh Vidyut 0295b959c9
Net 5875 - Create the Exported Services Resources (#19117)
1 year ago
Poonam Jadhav b5023b69c3
feat: read resource namespace (#19320)
1 year ago
Michael Zalimeni a7803bd829
[NET-6305] xds: Ensure v2 route match and protocol are populated for gRPC (#19343)
1 year ago
John Murret 59d4962564
NET-6079 - wire up sidecarproxy golden file inputs into xds controller - sources (#19241)
1 year ago
John Murret 9775758d0c
NET-5397 - wire up destination golden tests from sidecar-proxy controller for xds controller and xdsv2 (#19167)
1 year ago
Iryna Shustava 809bf1deb8
mesh: ensure route configs are named uniquely per port (#19323)
1 year ago
Dhia Ayachi d5c9f11b59
Tenancy Bridge v2 (#19220)
1 year ago
Nitya Dhanushkodi def66ddf0e
mesh: provide missing domain to route configurations in ProxyStateTemplate (#19298)
1 year ago
Iryna Shustava dfea3a0efe
acls,catalog,mesh: properly authorize workload selectors on writes (#19260)
1 year ago
Eric Haberkorn f45be222bb
Prevent circular dependencies between v2 resources and generate a mermaid diagram with their dependencies (#19230)
1 year ago
Nitya Dhanushkodi 51b58cd910
fix expose paths (#19257)
1 year ago
John Murret 9f4f99c626
NET-6097 - sidecar proxy controller - give name to first failover policy target (#19239)
1 year ago
Semir Patel 4c5a46e5e1
v2tenancy: rename v1alpha1 -> v2beta1 (#19227)
1 year ago
R.B. Boyer 6741392a4f
catalog: add FailoverPolicy ACL hook tenancy test (#19179)
1 year ago
R.B. Boyer df8ea430c6
mesh: add DestinationPolicy ACL hook tenancy tests (#19178)
1 year ago
Semir Patel ad177698f7
resource: enforce lowercase v2 resource names (#19218)
1 year ago
R.B. Boyer 6c7d0759e4
mesh: add xRoute ACL hook tenancy tests (#19177)
1 year ago
John Murret a7fbd00865
NET-5073 - ProxyConfiguration: implement various connection options (#19187)
1 year ago
Iryna Shustava 105ebfdd00
catalog, mesh: implement missing ACL hooks (#19143)
1 year ago
Iryna Shustava 2ea33e9b86
mesh: add more validations to Destinations resource (#19202)
1 year ago
Iryna Shustava e94d6ceca6
mesh: add validation hook to proxy configuration (#19186)
1 year ago
Ashwin Venkatesh 3d1a606c3b
Clone proto into deepcopy correctly (#19204)
1 year ago
R.B. Boyer 99f7a1219e
catalog: add metadata filtering to refine workload selectors (#19198)
1 year ago
R.B. Boyer f0e4897736
mesh: ensure that xRoutes have ParentRefs that have matching Tenancy to the enclosing resource (#19176)
1 year ago
Dhia Ayachi 5fbf0c00d3
Add namespace read write tests (#19173)
1 year ago
Ashwin Venkatesh c2a0d4f9ca
Create DeepCopy() and Json Marshal/Unmarshal for proto-public (#19015)
1 year ago
Nitya Dhanushkodi 95d9b2c7e4
[NET-4931] xdsv2, sidecarproxycontroller, l4 trafficpermissions: support L7 (#19185)
1 year ago
Iryna Shustava e3cb4ec35e
mesh: properly handle missing workload protocols (#19172)
1 year ago
Iryna Shustava a39eec0ef4
mesh: fix race in the sidecar-proxy controller test (#19183)
1 year ago
John Murret dbca544d25
NET-5951 - Unique route names for implicit routes (#19174)
1 year ago
Iryna Shustava 54a12ab3c9
mesh: sidecar proxy controller improvements (#19083)
1 year ago
Iryna Shustava ad06c96456
mesh: add computed destinations with a controller that computes them (#19067)
1 year ago
R.B. Boyer 29ba5b5c79
catalog: block unsupported failover policy settings for now (#19168)
1 year ago
John Murret 6da4798e05
NET-5799 - ensure catalog controllers and dependency mappers function correctly for tenancy fields (#19142)
1 year ago
Iryna Shustava 60b75a55f7
mesh: implement exposed paths (#19044)
1 year ago
John Murret 6cbd417f29
NET-5822 - Add default outbound router in TProxy (#19087)
1 year ago
Iryna Shustava c35df12c95
mesh: Add ComputedProxyConfiguration and a controller that computes it. (#19043)
1 year ago
Semir Patel 830c4ea81c
v2tenancy: cluster scoped reads (#19082)
1 year ago
Chris S. Kim 92ce814693
Remove old build tags (#19128)
1 year ago
Matt Keeler 4713317457
protohcl: allow attribute syntax for all map fields (#19108)
1 year ago
Eric Haberkorn ad3aab1ef7
Add traffic permissions integration tests. (#19008)
1 year ago
R.B. Boyer 754ab9abf2
mesh: ensure we add the virtual port number for L7 implicit upstreams (#19085)
1 year ago
Chris S. Kim b43cde5d19
Add workload identity hooks (#19045)
1 year ago
Eric Haberkorn f2b7b4591a
Fix Traffic Permissions Default Deny (#19028)
1 year ago
John Murret d67e5c6e35
NET-5590 - authorization: check for identity:write in CA certs, xds server, and getting envoy bootstrap params (#19049)
1 year ago
skpratt 21ea527089
TrafficPermissions: add ACL hooks (#19023)
1 year ago
Eric Haberkorn 7ce6ebaeb3
Handle Traffic Permissions With Empty Sources Properly (#19024)
1 year ago
Iryna Shustava 3ea6afb4d4
mesh: rename Upstreams and UpstreamsConfiguration to Destinations* (#18995)
1 year ago
skpratt 202090e5d5
v2 explicit destination traffic permissions (#18823)
1 year ago
Iryna Shustava e6b724d062
catalog,mesh,auth: Move resource types to the proto-public module (#18935)
1 year ago
R.B. Boyer 9e48607893
mesh: compute more of the xRoute features into ComputedRoutes (#18980)
1 year ago
R.B. Boyer 11d6b0df45
mesh: store bound reference pointers on a ComputedRoutes resource and use during reconcile (#18965)
1 year ago
Eric Haberkorn 4d6ff29392
Traffic Permissions Validations (#18907)
1 year ago
R.B. Boyer 633c6c9458
mesh: add ACL checks for xRoute resources (#18926)
1 year ago
R.B. Boyer 43a8dbb188
mesh: add ACL checks for DestinationPolicy resources (#18920)
1 year ago
Iryna Shustava d88888ee8b
catalog,mesh,auth: Bump versions to v2beta1 (#18930)
1 year ago
R.B. Boyer de231bbbdd
catalog: fix for new method argument (#18978)
1 year ago
R.B. Boyer ec6189fd2f
catalog: add ACL checks for FailoverPolicy resources (#18919)
1 year ago
R.B. Boyer ef6f2494c7
resource: allow for the ACLs.Read hook to request the entire data payload to perform the authz check (#18925)
1 year ago
Derek Menteer eb7e20307c
[NET-5589] Add jitter to xds v2 leaf cert watches (#18940)
1 year ago
Semir Patel d2be7577b9
tenancy: split up tenancy `types.go` into CE version (#18966)
1 year ago
Matt Keeler 53fcc5d9a5
Add protoc generator to emit resource type variables (#18957)
1 year ago
Eric Haberkorn f87ae3636c
Fix V2 Wildcard RBAC Regular Expressions (#18941)
1 year ago
Derek Menteer d4ed3047f8
[NET-5589] Optimize leaf watch diff on xds controller. (#18921)
1 year ago
John Murret 700d1bb37c
NET-5131 - support multiple ported upstreams tests (#18923)
1 year ago
Dhia Ayachi 341dc28ff9
Add namespace proto and registration (#18848)
1 year ago
R.B. Boyer d574473fd1
mesh: make FailoverPolicy work in xdsv2 and ProxyStateTemplate (#18900)
1 year ago
Nitya Dhanushkodi 3a2e62053a
v2: various fixes to make K8s tproxy multiport acceptance tests and manual explicit upstreams (single port) tests pass (#18874)
1 year ago
R.B. Boyer 07d916e84f
resource: ensure resource.AuthorizerContext properly strips the local… (#18908)
1 year ago
Eric Haberkorn 170417ac97
Honor Default Traffic Permissions in V2 (#18886)
1 year ago
Iryna Shustava 212793a4ee
mesh: only build tproxy outbound listener once per destination (#18836)
1 year ago
Semir Patel 62796a1454
resource: mutate and validate before acls on write (#18868)
1 year ago
R.B. Boyer dabbc9627b
mesh: normalize/default/validate tenancy components of mesh internal References (#18827)
1 year ago
R.B. Boyer 696aa1bbd2
mesh: update xds controller to synthesize empty endpoints when no endpoints ref is found (#18835)
1 year ago
R.B. Boyer b4d5178e5c
catalog: normalize/default/validate tenancy components of FailoverPolicy internal References (#18825)
1 year ago
Dhia Ayachi 4435e4a420
add v2 tenancy bridge Flag and v2 Tenancy Bridge initial implementation (#18830)
1 year ago
Iryna Shustava a89938e0c1
catalog: Default protocol to tcp in catalog.Service if unspecified (#18832)
1 year ago
R.B. Boyer 5cde50dee7
mesh: prevent writing a ComputedRoutes with no ported configs (#18833)
1 year ago
skpratt 1fda2965e8
Allow empty data writes for resources (#18819)
1 year ago
Iryna Shustava 6838441c54
Default to tcp protocol when workload protocol is unspecified (#18824)
1 year ago
Eric Haberkorn 21fdbbabbc
Wire up traffic permissions (#18812)
1 year ago
Semir Patel d3dad14030
resource: default peername to "local" for now (#18822)
1 year ago
R.B. Boyer 9c1a1ffcde
mesh: call the right mapper (#18818)
1 year ago
R.B. Boyer 66e1cdf40c
mesh: Wire ComputedRoutes into the ProxyStateTemplate via the sidecar controller (#18752)
1 year ago
skpratt e5808d85f7
register traffic permission and workload identity types (#18704)
1 year ago
Dhia Ayachi 658c27a684
add fuzz tests to resourcehcl package and fix some panics (#18798)
1 year ago
Iryna Shustava 7f2a1d9812
catalog: service endpoints inherits protocol from service when workload doesn't have one (#18792)
1 year ago
R.B. Boyer 07f54fe3b8
resource: add helper to normalize inner Reference tenancy during mutate (#18765)
1 year ago
Eric Haberkorn 12be06f8e5
Add V2 TCP traffic permissions (#18771)
1 year ago
Nitya Dhanushkodi 78b170ad50
xds controller: setup watches for and compute leaf cert references in ProxyStateTemplate, and wire up leaf cert manager dependency (#18756)
1 year ago
R.B. Boyer 89e6725eee
mesh: create new routes-controller to reconcile xRoute types into a ComputedRoutes resource (#18460)
1 year ago
Poonam Jadhav 264166fcc0
fix: write endpoint errors out gracefully (#18743)
1 year ago
John Murret 62062fd4fd
NET-5132 - Configure multiport routing for connect proxies in TProxy mode (#18606)
1 year ago
Dhia Ayachi b1688ad856
Run copyright after running deep-copy as part of the Makefile/CI (#18741)
1 year ago
R.B. Boyer a69e901660
xds: update golden tests to be deterministic (#18707)
1 year ago
John Murret 3e78b4cf34
Prefix sidecar proxy test files with source and destination. (#18620)
1 year ago
Iryna Shustava 1557e1d6a3
sidecar-proxy controller: Add support for transparent proxy (NET-5069) (#18458)
1 year ago
R.B. Boyer acd9b3d1c4
test: update sidecarproxy/builder golden tests to use determinstic golden data (#18703)
1 year ago
Iryna Shustava 3c70e14713
sidecar-proxy controller: L4 controller with explicit upstreams (NET-3988) (#18352)
1 year ago
wangxinyi7 df9d12a56a
Net 2714/xw cli read command (#18462)
1 year ago
Semir Patel b96cff7436
resource: Require scope for resource registration (#18635)
1 year ago
Michael Zalimeni 699aa47416
fix: make UNSPECIFIED protocol pass validation (#18634)
1 year ago