From f76ebe01d265d60e9e703d7069005c49861d11c9 Mon Sep 17 00:00:00 2001 From: Arko Dasgupta Date: Wed, 8 Mar 2023 17:36:07 -0800 Subject: [PATCH] validation for bootstrap within EnvoyProxy res (#1109) * validation for bootstrap within EnvoyProxy res Relates to https://github.com/envoyproxy/gateway/issues/31 Signed-off-by: Arko Dasgupta * use embed Signed-off-by: Arko Dasgupta --- api/config/v1alpha1/validation/envoyproxy.go | 84 +++++++++- .../v1alpha1/validation/envoyproxy_test.go | 70 ++++++++- ...rent-dynamic-resources-user-bootstrap.yaml | 67 ++++++++ ...fferent-xds-cluster-address-bootstrap.yaml | 67 ++++++++ .../missing-admin-address-user-bootstrap.yaml | 66 ++++++++ .../testdata/valid-user-bootstrap.yaml | 67 ++++++++ internal/xds/extensions/extensions.go | 145 ++++++++++++++++++ 7 files changed, 558 insertions(+), 8 deletions(-) create mode 100644 api/config/v1alpha1/validation/testdata/different-dynamic-resources-user-bootstrap.yaml create mode 100644 api/config/v1alpha1/validation/testdata/different-xds-cluster-address-bootstrap.yaml create mode 100644 api/config/v1alpha1/validation/testdata/missing-admin-address-user-bootstrap.yaml create mode 100644 api/config/v1alpha1/validation/testdata/valid-user-bootstrap.yaml create mode 100644 internal/xds/extensions/extensions.go diff --git a/api/config/v1alpha1/validation/envoyproxy.go b/api/config/v1alpha1/validation/envoyproxy.go index f88ef14ff7b..a5e08c6237b 100644 --- a/api/config/v1alpha1/validation/envoyproxy.go +++ b/api/config/v1alpha1/validation/envoyproxy.go @@ -8,10 +8,17 @@ package validation import ( "errors" "fmt" + "reflect" + bootstrapv3 "github.com/envoyproxy/go-control-plane/envoy/config/bootstrap/v3" + clusterv3 "github.com/envoyproxy/go-control-plane/envoy/config/cluster/v3" + "google.golang.org/protobuf/encoding/protojson" utilerrors "k8s.io/apimachinery/pkg/util/errors" + "sigs.k8s.io/yaml" egcfgv1a1 "github.com/envoyproxy/gateway/api/config/v1alpha1" + "github.com/envoyproxy/gateway/internal/xds/bootstrap" + _ "github.com/envoyproxy/gateway/internal/xds/extensions" // register the generated types to support protojson unmarshalling ) // ValidateEnvoyProxy validates the provided EnvoyProxy. @@ -31,14 +38,79 @@ func ValidateEnvoyProxy(ep *egcfgv1a1.EnvoyProxy) error { func validateEnvoyProxySpec(spec *egcfgv1a1.EnvoyProxySpec) error { var errs []error - switch { - case spec == nil: + if spec == nil { errs = append(errs, errors.New("spec is nil")) - case spec.Provider == nil: - return utilerrors.NewAggregate(errs) - case spec.Provider.Type != egcfgv1a1.ProviderTypeKubernetes: + } + if spec != nil && spec.Provider != nil && spec.Provider.Type != egcfgv1a1.ProviderTypeKubernetes { errs = append(errs, fmt.Errorf("unsupported provider type %v", spec.Provider.Type)) } - + if spec.Bootstrap != nil { + if err := validateBootstrap(spec.Bootstrap); err != nil { + errs = append(errs, err) + } + } return utilerrors.NewAggregate(errs) } + +func validateBootstrap(bstrap *string) error { + userBootstrap := &bootstrapv3.Bootstrap{} + jsonData, err := yaml.YAMLToJSON([]byte(*bstrap)) + if err != nil { + return fmt.Errorf("unable to convert user bootstrap to json: %w", err) + } + + if err := protojson.Unmarshal(jsonData, userBootstrap); err != nil { + return fmt.Errorf("unable to unmarshal user bootstrap: %w", err) + } + + // Call Validate method + if err := userBootstrap.Validate(); err != nil { + return fmt.Errorf("validation failed for user bootstrap: %w", err) + } + defaultBootstrap := &bootstrapv3.Bootstrap{} + defaultBootstrapStr, err := bootstrap.GetRenderedBootstrapConfig() + if err != nil { + return err + } + + jsonData, err = yaml.YAMLToJSON([]byte(defaultBootstrapStr)) + if err != nil { + return fmt.Errorf("unable to convert default bootstrap to json: %w", err) + } + + if err := protojson.Unmarshal(jsonData, defaultBootstrap); err != nil { + return fmt.Errorf("unable to unmarshal default bootstrap: %w", err) + } + + // Ensure dynamic resources config is same + // nolint // Circumvents this error "Error: copylocks: call of reflect.DeepEqual copies lock value:" + if userBootstrap.DynamicResources == nil || !reflect.DeepEqual(*userBootstrap.DynamicResources, *defaultBootstrap.DynamicResources) { + return fmt.Errorf("dynamic_resources cannot be modified") + } + // Ensure layered runtime resources config is same + // nolint // Circumvents this error "Error: copylocks: call of reflect.DeepEqual copies lock value:" + if userBootstrap.LayeredRuntime == nil || !reflect.DeepEqual(*userBootstrap.LayeredRuntime, *defaultBootstrap.LayeredRuntime) { + return fmt.Errorf("layered_runtime cannot be modified") + } + // Ensure that the xds_cluster config is same + var userXdsCluster, defaultXdsCluster *clusterv3.Cluster + for _, cluster := range userBootstrap.StaticResources.Clusters { + if cluster.Name == "xds_cluster" { + userXdsCluster = cluster + break + } + } + for _, cluster := range defaultBootstrap.StaticResources.Clusters { + if cluster.Name == "xds_cluster" { + defaultXdsCluster = cluster + break + } + } + + // nolint // Circumvents this error "Error: copylocks: call of reflect.DeepEqual copies lock value:" + if userXdsCluster == nil || !reflect.DeepEqual(*userXdsCluster.LoadAssignment, *defaultXdsCluster.LoadAssignment) { + return fmt.Errorf("xds_cluster's loadAssigntment cannot be modified") + } + + return nil +} diff --git a/api/config/v1alpha1/validation/envoyproxy_test.go b/api/config/v1alpha1/validation/envoyproxy_test.go index 2217cbe3432..e6e183eadb3 100644 --- a/api/config/v1alpha1/validation/envoyproxy_test.go +++ b/api/config/v1alpha1/validation/envoyproxy_test.go @@ -3,15 +3,29 @@ // The full text of the Apache license is available in the LICENSE file at // the root of the repo. -package validation +package validation_test import ( + // Register embed + _ "embed" "testing" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" egcfgv1a1 "github.com/envoyproxy/gateway/api/config/v1alpha1" + "github.com/envoyproxy/gateway/api/config/v1alpha1/validation" +) + +var ( + //go:embed testdata/valid-user-bootstrap.yaml + validUserBootstrap string + //go:embed testdata/missing-admin-address-user-bootstrap.yaml + missingAdminAddressUserBootstrap string + //go:embed testdata/different-dynamic-resources-user-bootstrap.yaml + differentDynamicResourcesUserBootstrap string + //go:embed testdata/different-xds-cluster-address-bootstrap.yaml + differentXdsClusterAddressBootstrap string ) func TestValidateEnvoyProxy(t *testing.T) { @@ -53,12 +67,64 @@ func TestValidateEnvoyProxy(t *testing.T) { }, expected: false, }, + { + name: "valid user bootstrap", + obj: &egcfgv1a1.EnvoyProxy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + Name: "test", + }, + Spec: egcfgv1a1.EnvoyProxySpec{ + Bootstrap: &validUserBootstrap, + }, + }, + expected: true, + }, + { + name: "user bootstrap with missing admin address", + obj: &egcfgv1a1.EnvoyProxy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + Name: "test", + }, + Spec: egcfgv1a1.EnvoyProxySpec{ + Bootstrap: &missingAdminAddressUserBootstrap, + }, + }, + expected: false, + }, + { + name: "user bootstrap with different dynamic resources", + obj: &egcfgv1a1.EnvoyProxy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + Name: "test", + }, + Spec: egcfgv1a1.EnvoyProxySpec{ + Bootstrap: &differentDynamicResourcesUserBootstrap, + }, + }, + expected: false, + }, + { + name: "user bootstrap with different xds_cluster endpoint", + obj: &egcfgv1a1.EnvoyProxy{ + ObjectMeta: metav1.ObjectMeta{ + Namespace: "test", + Name: "test", + }, + Spec: egcfgv1a1.EnvoyProxySpec{ + Bootstrap: &differentXdsClusterAddressBootstrap, + }, + }, + expected: false, + }, } for i := range testCases { tc := testCases[i] t.Run(tc.name, func(t *testing.T) { - err := ValidateEnvoyProxy(tc.obj) + err := validation.ValidateEnvoyProxy(tc.obj) if tc.expected { require.NoError(t, err) } else { diff --git a/api/config/v1alpha1/validation/testdata/different-dynamic-resources-user-bootstrap.yaml b/api/config/v1alpha1/validation/testdata/different-dynamic-resources-user-bootstrap.yaml new file mode 100644 index 00000000000..a4e016ae3be --- /dev/null +++ b/api/config/v1alpha1/validation/testdata/different-dynamic-resources-user-bootstrap.yaml @@ -0,0 +1,67 @@ +admin: + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socketAddress: + address: 127.0.0.1 + portValue: 19000 +dynamicResources: + adsConfig: + apiType: GRPC + grpcServices: + - envoyGrpc: + clusterName: xds_cluster + setNodeOnFirstMessageOnly: true + transportApiVersion: V3 + ldsConfig: + ads: {} + cdsConfig: + ads: {} +layeredRuntime: + layers: + - name: runtime-0 + rtdsLayer: + name: runtime-0 + rtdsConfig: + ads: {} +staticResources: + clusters: + - connectTimeout: 10s + loadAssignment: + clusterName: xds_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18000 + name: xds_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/api/config/v1alpha1/validation/testdata/different-xds-cluster-address-bootstrap.yaml b/api/config/v1alpha1/validation/testdata/different-xds-cluster-address-bootstrap.yaml new file mode 100644 index 00000000000..58aac290f1a --- /dev/null +++ b/api/config/v1alpha1/validation/testdata/different-xds-cluster-address-bootstrap.yaml @@ -0,0 +1,67 @@ +admin: + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socketAddress: + address: 127.0.0.1 + portValue: 19000 +dynamicResources: + adsConfig: + apiType: DELTA_GRPC + grpcServices: + - envoyGrpc: + clusterName: xds_cluster + setNodeOnFirstMessageOnly: true + transportApiVersion: V3 + ldsConfig: + ads: {} + cdsConfig: + ads: {} +layeredRuntime: + layers: + - name: runtime-0 + rtdsLayer: + name: runtime-0 + rtdsConfig: + ads: {} +staticResources: + clusters: + - connectTimeout: 10s + loadAssignment: + clusterName: xds_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: fake-envoy-gateway + portValue: 18000 + name: xds_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/api/config/v1alpha1/validation/testdata/missing-admin-address-user-bootstrap.yaml b/api/config/v1alpha1/validation/testdata/missing-admin-address-user-bootstrap.yaml new file mode 100644 index 00000000000..ff21b861baf --- /dev/null +++ b/api/config/v1alpha1/validation/testdata/missing-admin-address-user-bootstrap.yaml @@ -0,0 +1,66 @@ +admin: + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socketAddress: + portValue: 19000 +dynamicResources: + adsConfig: + apiType: DELTA_GRPC + grpcServices: + - envoyGrpc: + clusterName: xds_cluster + setNodeOnFirstMessageOnly: true + transportApiVersion: V3 + ldsConfig: + ads: {} + cdsConfig: + ads: {} +layeredRuntime: + layers: + - name: runtime-0 + rtdsLayer: + name: runtime-0 + rtdsConfig: + ads: {} +staticResources: + clusters: + - connectTimeout: 10s + loadAssignment: + clusterName: xds_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18000 + name: xds_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/api/config/v1alpha1/validation/testdata/valid-user-bootstrap.yaml b/api/config/v1alpha1/validation/testdata/valid-user-bootstrap.yaml new file mode 100644 index 00000000000..5b1f155fd95 --- /dev/null +++ b/api/config/v1alpha1/validation/testdata/valid-user-bootstrap.yaml @@ -0,0 +1,67 @@ +admin: + accessLog: + - name: envoy.access_loggers.file + typedConfig: + '@type': type.googleapis.com/envoy.extensions.access_loggers.file.v3.FileAccessLog + path: /dev/null + address: + socketAddress: + address: 127.0.0.1 + portValue: 19000 +dynamicResources: + adsConfig: + apiType: DELTA_GRPC + grpcServices: + - envoyGrpc: + clusterName: xds_cluster + setNodeOnFirstMessageOnly: true + transportApiVersion: V3 + ldsConfig: + ads: {} + cdsConfig: + ads: {} +layeredRuntime: + layers: + - name: runtime-0 + rtdsLayer: + name: runtime-0 + rtdsConfig: + ads: {} +staticResources: + clusters: + - connectTimeout: 10s + loadAssignment: + clusterName: xds_cluster + endpoints: + - lbEndpoints: + - endpoint: + address: + socketAddress: + address: envoy-gateway + portValue: 18000 + name: xds_cluster + transportSocket: + name: envoy.transport_sockets.tls + typedConfig: + '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext + commonTlsContext: + tlsCertificateSdsSecretConfigs: + - name: xds_certificate + sdsConfig: + pathConfigSource: + path: /sds/xds-certificate.json + resourceApiVersion: V3 + tlsParams: + tlsMaximumProtocolVersion: TLSv1_3 + validationContextSdsSecretConfig: + name: xds_trusted_ca + sdsConfig: + pathConfigSource: + path: /sds/xds-trusted-ca.json + resourceApiVersion: V3 + type: STRICT_DNS + typedExtensionProtocolOptions: + envoy.extensions.upstreams.http.v3.HttpProtocolOptions: + '@type': type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions + explicitHttpConfig: + http2ProtocolOptions: {} diff --git a/internal/xds/extensions/extensions.go b/internal/xds/extensions/extensions.go new file mode 100644 index 00000000000..b66a594ca5b --- /dev/null +++ b/internal/xds/extensions/extensions.go @@ -0,0 +1,145 @@ +// Copyright Envoy Gateway Authors +// SPDX-License-Identifier: Apache-2.0 +// The full text of the Apache license is available in the LICENSE file at +// the root of the repo. + +package extensions + +import ( + _ "github.com/cncf/xds/go/udpa/type/v1" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/file/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/filters/cel/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/stream/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/wasm/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/aggregate/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/dynamic_forward_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/clusters/redis/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/dynamic_forward_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/matching/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/ratelimit/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/common/tap/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/brotli/compressor/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/brotli/decompressor/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/decompressor/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/dependency/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/common/matcher/action/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/adaptive_concurrency/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/admission_control/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/alternate_protocols_cache/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_lambda/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/aws_request_signing/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/bandwidth_limit/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/buffer/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cache/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cdn_loop/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/composite/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/cors/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/csrf/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/decompressor/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/dynamic_forward_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_proc/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/fault/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_bridge/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_http1_reverse_bridge/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_json_transcoder/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_stats/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/grpc_web/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/gzip/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/header_to_metadata/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/health_check/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ip_tagging/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/kill_request/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/local_ratelimit/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/lua/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/oauth2/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/on_demand/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/original_src/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ratelimit/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/rbac/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/router/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/set_metadata/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/stateful_session/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/tap/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/wasm/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/http_inspector/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_dst/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/original_src/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/proxy_protocol/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/listener/tls_inspector/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/connection_limit/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/direct_response/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/dubbo_proxy/router/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/dubbo_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/echo/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/ext_authz/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/local_ratelimit/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/mongo_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/ratelimit/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/rbac/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/redis_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_cluster/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/sni_dynamic_forward_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/tcp_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/filters/header_to_metadata/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/filters/ratelimit/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/router/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/thrift_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/wasm/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/zookeeper_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/dns_filter/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/udp/udp_proxy/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/metadata/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/formatter/req_without_query/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/health_checkers/redis/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/header_formatters/preserve_case/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/custom_header/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/original_ip_detection/xff/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/http/stateful_session/cookie/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/allow_listed_routes/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/previous_routes/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/internal_redirect/safe_cross_scheme/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/key_value/file_based/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/round_robin/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/load_balancing_policies/wrr_locality/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/common_inputs/environment_variable/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/input_matchers/consistent_hashing/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/matching/input_matchers/ip/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/dns_resolver/apple/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/dns_resolver/cares/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/network/socket_interface/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/quic/crypto_stream/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/quic/proof_source/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/rate_limit_descriptors/expr/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/rbac/matchers/upstream_ip_port/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/request_id/uuid/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/fixed_heap/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/resource_monitors/injected_resource/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/omit_canary_hosts/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/omit_host_metadata/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/host/previous_hosts/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/retry/priority/previous_priorities/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/stat_sinks/graphite_statsd/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/stat_sinks/wasm/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/alts/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/proxy_protocol/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/quic/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/raw_buffer/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/s2a/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/starttls/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tap/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tcp_stats/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/transport_sockets/tls/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/generic/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/http/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/tcp/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/http/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/upstreams/tcp/generic/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/wasm/v3" // to resolve missing type URL + _ "github.com/envoyproxy/go-control-plane/envoy/extensions/watchdog/profile_action/v3" // to resolve missing type URL +)