From 7d1b2b6a69effb71b649ad8410fb96130709f3cf Mon Sep 17 00:00:00 2001 From: Dave Protasowski Date: Tue, 11 Sep 2018 21:26:49 -0400 Subject: [PATCH] bump knative/pkg to 8fc80de Includes the following changes: 8fc80de Few changes to the configmap package (#59) 0122abd The test logger will now log the correct caller (#63) e7a4b0d Dont call flag.parse in pkg/test (#62) b213523 Update test-infra dependency (#61) 382a2bf Make kube_checks generic so that it can be used in serving (#58) 760afb6 cleanup (#57) eedc0a9 Make verify-codegen.sh compatible with OS X (#54) 6eff182 Remove docker repo from e2e flags (#53) 4be5c07 Vendor the test-infra scripts (#52) 8c687df Update WaitForEndpointState to return response (#51) 8f6a3be Update knative/pkg/test (#50) 3ca4270 Add a logkey for the reconcile key. (#49) 62d2560 Add Istio DestinationRule and Policy into Istio apis and clients (#43) f4a77d7 Add a common test clients file (#46) 450739d Add common test logging module (#45 --- Gopkg.lock | 15 +- Gopkg.toml | 4 +- .../knative/pkg/apis/field_error.go | 14 - .../github.com/knative/pkg/apis/interfaces.go | 37 ++ .../authentication/register.go} | 12 +- .../apis/istio/authentication/v1alpha1/doc.go | 22 + .../authentication/v1alpha1/policy_types.go | 345 +++++++++++ .../istio/authentication/v1alpha1/register.go | 52 ++ .../v1alpha1/zz_generated.deepcopy.go | 259 +++++++++ .../pkg/apis/istio/common/v1alpha1/string.go | 35 ++ .../istio/v1alpha3/destinationrule_types.go | 547 ++++++++++++++++++ .../pkg/apis/istio/v1alpha3/register.go | 2 + .../istio/v1alpha3/virtualservice_types.go | 26 +- .../istio/v1alpha3/zz_generated.deepcopy.go | 352 ++++++++++- .../client/clientset/versioned/clientset.go | 24 +- .../clientset/versioned/scheme/register.go | 2 + .../v1alpha1/authentication_client.go | 90 +++ .../typed/authentication/v1alpha1/doc.go | 20 + .../v1alpha1/generated_expansion.go | 21 + .../typed/authentication/v1alpha1/policy.go | 157 +++++ .../typed/istio/v1alpha3/destinationrule.go | 157 +++++ .../istio/v1alpha3/generated_expansion.go | 2 + .../typed/istio/v1alpha3/istio_client.go | 5 + .../authentication/interface.go | 46 ++ .../authentication/v1alpha1/interface.go | 45 ++ .../authentication/v1alpha1/policy.go | 89 +++ .../informers/externalversions/factory.go | 6 + .../informers/externalversions/generic.go | 9 +- .../istio/v1alpha3/destinationrule.go | 89 +++ .../istio/v1alpha3/interface.go | 7 + .../v1alpha1/expansion_generated.go | 27 + .../listers/authentication/v1alpha1/policy.go | 94 +++ .../listers/istio/v1alpha3/destinationrule.go | 94 +++ .../istio/v1alpha3/expansion_generated.go | 8 + .../knative/pkg/configmap/default.go | 128 ---- .../knative/pkg/configmap/informed_watcher.go | 122 ++++ .../knative/pkg/configmap/manual_watcher.go | 71 +++ .../configmap/{fixed.go => static_watcher.go} | 42 +- .../knative/pkg/configmap/watcher.go | 16 - .../github.com/knative/pkg/logging/config.go | 14 +- .../knative/pkg/logging/logkey/constants.go | 3 + 41 files changed, 2885 insertions(+), 225 deletions(-) create mode 100644 vendor/github.com/knative/pkg/apis/interfaces.go rename vendor/github.com/knative/pkg/apis/{defaults.go => istio/authentication/register.go} (72%) create mode 100644 vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/doc.go create mode 100644 vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/policy_types.go create mode 100644 vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/register.go create mode 100644 vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/zz_generated.deepcopy.go create mode 100644 vendor/github.com/knative/pkg/apis/istio/common/v1alpha1/string.go create mode 100644 vendor/github.com/knative/pkg/apis/istio/v1alpha3/destinationrule_types.go create mode 100644 vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go create mode 100644 vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/doc.go create mode 100644 vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/generated_expansion.go create mode 100644 vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/policy.go create mode 100644 vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/destinationrule.go create mode 100644 vendor/github.com/knative/pkg/client/informers/externalversions/authentication/interface.go create mode 100644 vendor/github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1/interface.go create mode 100644 vendor/github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1/policy.go create mode 100644 vendor/github.com/knative/pkg/client/informers/externalversions/istio/v1alpha3/destinationrule.go create mode 100644 vendor/github.com/knative/pkg/client/listers/authentication/v1alpha1/expansion_generated.go create mode 100644 vendor/github.com/knative/pkg/client/listers/authentication/v1alpha1/policy.go create mode 100644 vendor/github.com/knative/pkg/client/listers/istio/v1alpha3/destinationrule.go delete mode 100644 vendor/github.com/knative/pkg/configmap/default.go create mode 100644 vendor/github.com/knative/pkg/configmap/informed_watcher.go create mode 100644 vendor/github.com/knative/pkg/configmap/manual_watcher.go rename vendor/github.com/knative/pkg/configmap/{fixed.go => static_watcher.go} (53%) diff --git a/Gopkg.lock b/Gopkg.lock index 958d97db59a..a9a91dea7e0 100644 --- a/Gopkg.lock +++ b/Gopkg.lock @@ -268,19 +268,26 @@ revision = "5c1d8c8469d1ed34b2aecf4c2305b3a57fff2ee3" [[projects]] - digest = "1:75099ce780b47b2c612be5b4581a8779d749208423eb783c5073c158fbfadb7d" + digest = "1:0b9b785cb35b9e8141b03a673fd9baefc08b6c1c8290de3d44122289a240d55c" name = "github.com/knative/pkg" packages = [ "apis", "apis/istio", + "apis/istio/authentication", + "apis/istio/authentication/v1alpha1", + "apis/istio/common/v1alpha1", "apis/istio/v1alpha3", "client/clientset/versioned", "client/clientset/versioned/scheme", + "client/clientset/versioned/typed/authentication/v1alpha1", "client/clientset/versioned/typed/istio/v1alpha3", "client/informers/externalversions", + "client/informers/externalversions/authentication", + "client/informers/externalversions/authentication/v1alpha1", "client/informers/externalversions/internalinterfaces", "client/informers/externalversions/istio", "client/informers/externalversions/istio/v1alpha3", + "client/listers/authentication/v1alpha1", "client/listers/istio/v1alpha3", "configmap", "logging", @@ -289,7 +296,7 @@ "webhook", ] pruneopts = "NUT" - revision = "a3bc2db77a14d9ca6195172e81b4bf33e6190f85" + revision = "8fc80deb200e7853795e6baf4029f406ca9534b8" [[projects]] digest = "1:63f3974f3afe3dc5b6a115c0d53b0897cd01be6880c4bf5d014fc69a95db6ed1" @@ -310,7 +317,7 @@ [[projects]] branch = "master" - digest = "1:36968d4eb1d52090841ae868d7125d8ff10afabdea0d6b622c1f4a662f94be58" + digest = "1:849fc53918b4658b896a43881305d60afc0d6a51d87c0d5b065afd631415f1d4" name = "github.com/knative/test-infra" packages = ["."] pruneopts = "T" @@ -1041,8 +1048,10 @@ "github.com/knative/pkg/webhook", "github.com/knative/serving/pkg/apis/serving/v1alpha1", "github.com/knative/serving/pkg/client/clientset/versioned", + "github.com/knative/test-infra", "github.com/prometheus/client_golang/prometheus/promhttp", "go.uber.org/zap", + "go.uber.org/zap/zapcore", "golang.org/x/net/context", "golang.org/x/oauth2", "google.golang.org/grpc/codes", diff --git a/Gopkg.toml b/Gopkg.toml index 0d934347c75..69717467774 100644 --- a/Gopkg.toml +++ b/Gopkg.toml @@ -75,8 +75,8 @@ required = [ [[constraint]] name = "github.com/knative/pkg" - # HEAD as of 2018-08-14 - revision = "a3bc2db77a14d9ca6195172e81b4bf33e6190f85" + # HEAD as of 2018-09-12 + revision = "8fc80deb200e7853795e6baf4029f406ca9534b8" [[constraint]] name = "github.com/knative/serving" diff --git a/vendor/github.com/knative/pkg/apis/field_error.go b/vendor/github.com/knative/pkg/apis/field_error.go index fff9b6f2bed..50a9a25127d 100644 --- a/vendor/github.com/knative/pkg/apis/field_error.go +++ b/vendor/github.com/knative/pkg/apis/field_error.go @@ -39,20 +39,6 @@ type FieldError struct { // FieldError implements error var _ error = (*FieldError)(nil) -// Validatable indicates that a particular type may have its fields validated. -type Validatable interface { - // Validate checks the validity of this types fields. - Validate() *FieldError -} - -// Immutable indicates that a particular type has fields that should -// not change after creation. -type Immutable interface { - // CheckImmutableFields checks that the current instance's immutable - // fields haven't changed from the provided original. - CheckImmutableFields(original Immutable) *FieldError -} - // ViaField is used to propagate a validation error along a field access. // For example, if a type recursively validates its "spec" via: // if err := foo.Spec.Validate(); err != nil { diff --git a/vendor/github.com/knative/pkg/apis/interfaces.go b/vendor/github.com/knative/pkg/apis/interfaces.go new file mode 100644 index 00000000000..f8c40f52bee --- /dev/null +++ b/vendor/github.com/knative/pkg/apis/interfaces.go @@ -0,0 +1,37 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package apis + +// Defaultable defines an interface for setting the defaults for the +// uninitialized fields of this instance. +type Defaultable interface { + SetDefaults() +} + +// Validatable indicates that a particular type may have its fields validated. +type Validatable interface { + // Validate checks the validity of this types fields. + Validate() *FieldError +} + +// Immutable indicates that a particular type has fields that should +// not change after creation. +type Immutable interface { + // CheckImmutableFields checks that the current instance's immutable + // fields haven't changed from the provided original. + CheckImmutableFields(original Immutable) *FieldError +} diff --git a/vendor/github.com/knative/pkg/apis/defaults.go b/vendor/github.com/knative/pkg/apis/istio/authentication/register.go similarity index 72% rename from vendor/github.com/knative/pkg/apis/defaults.go rename to vendor/github.com/knative/pkg/apis/istio/authentication/register.go index 20893f8e510..f54c7742d1b 100644 --- a/vendor/github.com/knative/pkg/apis/defaults.go +++ b/vendor/github.com/knative/pkg/apis/istio/authentication/register.go @@ -1,5 +1,5 @@ /* -Copyright 2017 The Knative Authors +Copyright 2018 The Knative Authors Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -14,10 +14,8 @@ See the License for the specific language governing permissions and limitations under the License. */ -package apis +package authentication -// Defaultable defines an interface for setting the defaults for the -// uninitialized fields of this instance. -type Defaultable interface { - SetDefaults() -} +const ( + GroupName = "authentication.istio.io" +) diff --git a/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/doc.go b/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/doc.go new file mode 100644 index 00000000000..07b17599c05 --- /dev/null +++ b/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/doc.go @@ -0,0 +1,22 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Api versions allow the api contract for a resource to be changed while keeping +// backward compatibility by support multiple concurrent versions +// of the same resource +// +k8s:deepcopy-gen=package +// +groupName=authentication.istio.io +package v1alpha1 diff --git a/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/policy_types.go b/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/policy_types.go new file mode 100644 index 00000000000..5e3357b1d7b --- /dev/null +++ b/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/policy_types.go @@ -0,0 +1,345 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/knative/pkg/apis/istio/common/v1alpha1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// VirtualService +type Policy struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec PolicySpec `json:"spec"` +} + +// Policy defines what authentication methods can be accepted on workload(s), +// and if authenticated, which method/certificate will set the request principal +// (i.e request.auth.principal attribute). +// +// Authentication policy is composed of 2-part authentication: +// - peer: verify caller service credentials. This part will set source.user +// (peer identity). +// - origin: verify the origin credentials. This part will set request.auth.user +// (origin identity), as well as other attributes like request.auth.presenter, +// request.auth.audiences and raw claims. Note that the identity could be +// end-user, service account, device etc. +// +// Last but not least, the principal binding rule defines which identity (peer +// or origin) should be used as principal. By default, it uses peer. +// +// Examples: +// +// Policy to enable mTLS for all services in namespace frod +// +// apiVersion: authentication.istio.io/v1alpha1 +// kind: Policy +// metadata: +// name: mTLS_enable +// namespace: frod +// spec: +// peers: +// - mtls: +// +// Policy to disable mTLS for "productpage" service +// +// apiVersion: authentication.istio.io/v1alpha1 +// kind: Policy +// metadata: +// name: mTLS_disable +// namespace: frod +// spec: +// targets: +// - name: productpage +// +// Policy to require mTLS for peer authentication, and JWT for origin authenticationn +// for productpage:9000. Principal is set from origin identity. +// +// apiVersion: authentication.istio.io/v1alpha1 +// kind: Policy +// metadata: +// name: mTLS_enable +// namespace: frod +// spec: +// target: +// - name: productpage +// ports: +// - number: 9000 +// peers: +// - mtls: +// origins: +// - jwt: +// issuer: "https://securetoken.google.com" +// audiences: +// - "productpage" +// jwksUri: "https://www.googleapis.com/oauth2/v1/certs" +// jwt_headers: +// - "x-goog-iap-jwt-assertion" +// principaBinding: USE_ORIGIN +// +// Policy to require mTLS for peer authentication, and JWT for origin authenticationn +// for productpage:9000, but allow origin authentication failed. Principal is set +// from origin identity. +// Note: this example can be used for use cases when we want to allow request from +// certain peers, given it comes with an approperiate authorization poicy to check +// and reject request accoridingly. +// +// apiVersion: authentication.istio.io/v1alpha1 +// kind: Policy +// metadata: +// name: mTLS_enable +// namespace: frod +// spec: +// target: +// - name: productpage +// ports: +// - number: 9000 +// peers: +// - mtls: +// origins: +// - jwt: +// issuer: "https://securetoken.google.com" +// audiences: +// - "productpage" +// jwksUri: "https://www.googleapis.com/oauth2/v1/certs" +// jwt_headers: +// - "x-goog-iap-jwt-assertion" +// originIsOptional: true +// principalBinding: USE_ORIGIN +type PolicySpec struct { + // List rules to select destinations that the policy should be applied on. + // If empty, policy will be used on all destinations in the same namespace. + Targets []TargetSelector `json:"targets,omitempty"` + + // List of authentication methods that can be used for peer authentication. + // They will be evaluated in order; the first validate one will be used to + // set peer identity (source.user) and other peer attributes. If none of + // these methods pass, and peer_is_optional flag is false (see below), + // request will be rejected with authentication failed error (401). + // Leave the list empty if peer authentication is not required + Peers []PeerAuthenticationMethod `json:"peers,omitempty"` + + // Set this flag to true to accept request (for peer authentication perspective), + // even when none of the peer authentication methods defined above satisfied. + // Typically, this is used to delay the rejection decision to next layer (e.g + // authorization). + // This flag is ignored if no authentication defined for peer (peers field is empty). + PeerIsOptional bool `json:"peerIsOptional,omitempty"` + + // List of authentication methods that can be used for origin authentication. + // Similar to peers, these will be evaluated in order; the first validate one + // will be used to set origin identity and attributes (i.e request.auth.user, + // request.auth.issuer etc). If none of these methods pass, and origin_is_optional + // is false (see below), request will be rejected with authentication failed + // error (401). + // Leave the list empty if origin authentication is not required. + Origins []OriginAuthenticationMethod `json:"origins,omitempty"` + + // Set this flag to true to accept request (for origin authentication perspective), + // even when none of the origin authentication methods defined above satisfied. + // Typically, this is used to delay the rejection decision to next layer (e.g + // authorization). + // This flag is ignored if no authentication defined for origin (origins field is empty). + OriginIsOptional bool `json:"originIsOptional,omitempty"` + + // Define whether peer or origin identity should be use for principal. Default + // value is USE_PEER. + // If peer (or orgin) identity is not available, either because of peer/origin + // authentication is not defined, or failed, principal will be left unset. + // In other words, binding rule does not affect the decision to accept or + // reject request. + PrincipalBinding PrincipalBinding `json:"principalBinding,omitempty"` +} + +// TargetSelector defines a matching rule to a service/destination. +type TargetSelector struct { + // REQUIRED. The name must be a short name from the service registry. The + // fully qualified domain name will be resolved in a platform specific manner. + Name string `json:"name"` + + // Specifies the ports on the destination. Leave empty to match all ports + // that are exposed. + Ports []PortSelector `json:"ports,omitempty"` +} + +// PortSelector specifies the name or number of a port to be used for +// matching targets for authenticationn policy. This is copied from +// networking API to avoid dependency. +type PortSelector struct { + // It is requred to specify exactly one of the fields: + // Number or Name + + // Valid port number + Number uint32 `json:"number,omitempty"` + + // Port name + Name string `json:"name,omitempty"` +} + +// PeerAuthenticationMethod defines one particular type of authentication, e.g +// mutual TLS, JWT etc, (no authentication is one type by itself) that can +// be used for peer authentication. +// The type can be progammatically determine by checking the type of the +// "params" field. +type PeerAuthenticationMethod struct { + // It is requred to specify exactly one of the fields: + // Mtls or Jwt + // Set if mTLS is used. + Mtls *MutualTls `json:"mtls,omitempty"` + + // Set if JWT is used. This option is not yet available. + Jwt *Jwt `json:"jwt,omitempty"` +} + +// Defines the acceptable connection TLS mode. +type Mode string + +const ( + // Client cert must be presented, connection is in TLS. + ModeStrict Mode = "STRICT" + + // Connection can be either plaintext or TLS, and client cert can be omitted. + ModePermissive Mode = "PERMISSIVE" +) + +// TLS authentication params. +type MutualTls struct { + + // WILL BE DEPRECATED, if set, will translates to `TLS_PERMISSIVE` mode. + // Set this flag to true to allow regular TLS (i.e without client x509 + // certificate). If request carries client certificate, identity will be + // extracted and used (set to peer identity). Otherwise, peer identity will + // be left unset. + // When the flag is false (default), request must have client certificate. + AllowTls bool `json:"allowTls,omitempty"` + + // Defines the mode of mTLS authentication. + Mode Mode `json:"mode,omitempty"` +} + +// JSON Web Token (JWT) token format for authentication as defined by +// https://tools.ietf.org/html/rfc7519. See [OAuth +// 2.0](https://tools.ietf.org/html/rfc6749) and [OIDC +// 1.0](http://openid.net/connect) for how this is used in the whole +// authentication flow. +// +// Example, +// +// issuer: https://example.com +// audiences: +// - bookstore_android.apps.googleusercontent.com +// bookstore_web.apps.googleusercontent.com +// jwksUri: https://example.com/.well-known/jwks.json +// +type Jwt struct { + // Identifies the issuer that issued the JWT. See + // [issuer](https://tools.ietf.org/html/rfc7519#section-4.1.1) + // Usually a URL or an email address. + // + // Example: https://securetoken.google.com + // Example: 1234567-compute@developer.gserviceaccount.com + Issuer string `json:"issuer,omitempty"` + + // The list of JWT + // [audiences](https://tools.ietf.org/html/rfc7519#section-4.1.3). + // that are allowed to access. A JWT containing any of these + // audiences will be accepted. + // + // The service name will be accepted if audiences is empty. + // + // Example: + // + // ```yaml + // audiences: + // - bookstore_android.apps.googleusercontent.com + // bookstore_web.apps.googleusercontent.com + // ``` + Audiences []string `json:"audiences,omitempty"` + + // URL of the provider's public key set to validate signature of the + // JWT. See [OpenID + // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html#ProviderMetadata). + // + // Optional if the key set document can either (a) be retrieved from + // [OpenID + // Discovery](https://openid.net/specs/openid-connect-discovery-1_0.html) of + // the issuer or (b) inferred from the email domain of the issuer (e.g. a + // Google service account). + // + // Example: https://www.googleapis.com/oauth2/v1/certs + JwksUri string `json:"jwksUri,omitempty"` + + // Two fields below define where to extract the JWT from an HTTP request. + // + // If no explicit location is specified the following default + // locations are tried in order: + // + // 1) The Authorization header using the Bearer schema, + // e.g. Authorization: Bearer . (see + // [Authorization Request Header + // Field](https://tools.ietf.org/html/rfc6750#section-2.1)) + // + // 2) `access_token` query parameter (see + // [URI Query Parameter](https://tools.ietf.org/html/rfc6750#section-2.3)) + // JWT is sent in a request header. `header` represents the + // header name. + // + // For example, if `header=x-goog-iap-jwt-assertion`, the header + // format will be x-goog-iap-jwt-assertion: . + JwtHeaders []string `json:"jwtHeaders,omitempty"` + + // JWT is sent in a query parameter. `query` represents the + // query parameter name. + // + // For example, `query=jwt_token`. + JwtParams []string `json:"jwtParams,omitempty"` + + // URL paths that should be excluded from the JWT validation. If the request path is matched, + // the JWT validation will be skipped and the request will proceed regardless. + // This is useful to keep a couple of URLs public for external health checks. + // Example: "/health_check", "/status/cpu_usage". + ExcludedPaths []v1alpha1.StringMatch `json:"excludedPaths,omitempty"` +} + +// OriginAuthenticationMethod defines authentication method/params for origin +// authentication. Origin could be end-user, device, delegate service etc. +// Currently, only JWT is supported for origin authentication. +type OriginAuthenticationMethod struct { + // Jwt params for the method. + Jwt *Jwt `json:"jwt,omitempty"` +} + +// Associates authentication with request principal. +type PrincipalBinding string + +const ( + // Principal will be set to the identity from peer authentication. + PrincipalBindingUserPeer PrincipalBinding = "USE_PEER" + // Principal will be set to the identity from peer authentication. + PrincipalBindingUserOrigin PrincipalBinding = "USE_ORIGIN" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// PolicyLIst is a list of Policy resources +type PolicyList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + Items []Policy `json:"items"` +} diff --git a/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/register.go b/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/register.go new file mode 100644 index 00000000000..7809d1cd970 --- /dev/null +++ b/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/register.go @@ -0,0 +1,52 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +import ( + "github.com/knative/pkg/apis/istio/authentication" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/runtime" + "k8s.io/apimachinery/pkg/runtime/schema" +) + +// SchemeGroupVersion is group version used to register these objects +var SchemeGroupVersion = schema.GroupVersion{Group: authentication.GroupName, Version: "v1alpha1"} + +// Kind takes an unqualified kind and returns back a Group qualified GroupKind +func Kind(kind string) schema.GroupKind { + return SchemeGroupVersion.WithKind(kind).GroupKind() +} + +// Resource takes an unqualified resource and returns a Group qualified GroupResource +func Resource(resource string) schema.GroupResource { + return SchemeGroupVersion.WithResource(resource).GroupResource() +} + +var ( + SchemeBuilder = runtime.NewSchemeBuilder(addKnownTypes) + AddToScheme = SchemeBuilder.AddToScheme +) + +// Adds the list of known types to Scheme. +func addKnownTypes(scheme *runtime.Scheme) error { + scheme.AddKnownTypes(SchemeGroupVersion, + &Policy{}, + &PolicyList{}, + ) + metav1.AddToGroupVersion(scheme, SchemeGroupVersion) + return nil +} diff --git a/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/zz_generated.deepcopy.go b/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/zz_generated.deepcopy.go new file mode 100644 index 00000000000..1879de76448 --- /dev/null +++ b/vendor/github.com/knative/pkg/apis/istio/authentication/v1alpha1/zz_generated.deepcopy.go @@ -0,0 +1,259 @@ +// +build !ignore_autogenerated + +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by deepcopy-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + commonv1alpha1 "github.com/knative/pkg/apis/istio/common/v1alpha1" + runtime "k8s.io/apimachinery/pkg/runtime" +) + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Jwt) DeepCopyInto(out *Jwt) { + *out = *in + if in.Audiences != nil { + in, out := &in.Audiences, &out.Audiences + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.JwtHeaders != nil { + in, out := &in.JwtHeaders, &out.JwtHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.JwtParams != nil { + in, out := &in.JwtParams, &out.JwtParams + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ExcludedPaths != nil { + in, out := &in.ExcludedPaths, &out.ExcludedPaths + *out = make([]commonv1alpha1.StringMatch, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Jwt. +func (in *Jwt) DeepCopy() *Jwt { + if in == nil { + return nil + } + out := new(Jwt) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *MutualTls) DeepCopyInto(out *MutualTls) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new MutualTls. +func (in *MutualTls) DeepCopy() *MutualTls { + if in == nil { + return nil + } + out := new(MutualTls) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OriginAuthenticationMethod) DeepCopyInto(out *OriginAuthenticationMethod) { + *out = *in + if in.Jwt != nil { + in, out := &in.Jwt, &out.Jwt + *out = new(Jwt) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OriginAuthenticationMethod. +func (in *OriginAuthenticationMethod) DeepCopy() *OriginAuthenticationMethod { + if in == nil { + return nil + } + out := new(OriginAuthenticationMethod) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PeerAuthenticationMethod) DeepCopyInto(out *PeerAuthenticationMethod) { + *out = *in + if in.Mtls != nil { + in, out := &in.Mtls, &out.Mtls + *out = new(MutualTls) + **out = **in + } + if in.Jwt != nil { + in, out := &in.Jwt, &out.Jwt + *out = new(Jwt) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthenticationMethod. +func (in *PeerAuthenticationMethod) DeepCopy() *PeerAuthenticationMethod { + if in == nil { + return nil + } + out := new(PeerAuthenticationMethod) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Policy) DeepCopyInto(out *Policy) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Policy. +func (in *Policy) DeepCopy() *Policy { + if in == nil { + return nil + } + out := new(Policy) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *Policy) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicyList) DeepCopyInto(out *PolicyList) { + *out = *in + out.TypeMeta = in.TypeMeta + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]Policy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyList. +func (in *PolicyList) DeepCopy() *PolicyList { + if in == nil { + return nil + } + out := new(PolicyList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PolicyList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PolicySpec) DeepCopyInto(out *PolicySpec) { + *out = *in + if in.Targets != nil { + in, out := &in.Targets, &out.Targets + *out = make([]TargetSelector, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Peers != nil { + in, out := &in.Peers, &out.Peers + *out = make([]PeerAuthenticationMethod, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.Origins != nil { + in, out := &in.Origins, &out.Origins + *out = make([]OriginAuthenticationMethod, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicySpec. +func (in *PolicySpec) DeepCopy() *PolicySpec { + if in == nil { + return nil + } + out := new(PolicySpec) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PortSelector) DeepCopyInto(out *PortSelector) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. +func (in *PortSelector) DeepCopy() *PortSelector { + if in == nil { + return nil + } + out := new(PortSelector) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TargetSelector) DeepCopyInto(out *TargetSelector) { + *out = *in + if in.Ports != nil { + in, out := &in.Ports, &out.Ports + *out = make([]PortSelector, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TargetSelector. +func (in *TargetSelector) DeepCopy() *TargetSelector { + if in == nil { + return nil + } + out := new(TargetSelector) + in.DeepCopyInto(out) + return out +} diff --git a/vendor/github.com/knative/pkg/apis/istio/common/v1alpha1/string.go b/vendor/github.com/knative/pkg/apis/istio/common/v1alpha1/string.go new file mode 100644 index 00000000000..ec5c8d39241 --- /dev/null +++ b/vendor/github.com/knative/pkg/apis/istio/common/v1alpha1/string.go @@ -0,0 +1,35 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha1 + +// Describes how to match a given string in HTTP headers. Match is +// case-sensitive. +type StringMatch struct { + // Specified exactly one of the fields below. + + // exact string match + Exact string `json:"exact,omitempty"` + + // prefix-based match + Prefix string `json:"prefix,omitempty"` + + // suffix-based match. + Suffix string `json:"prefix,omitempty"` + + // ECMAscript style regex-based match + Regex string `json:"regex,omitempty"` +} diff --git a/vendor/github.com/knative/pkg/apis/istio/v1alpha3/destinationrule_types.go b/vendor/github.com/knative/pkg/apis/istio/v1alpha3/destinationrule_types.go new file mode 100644 index 00000000000..181d1f7336d --- /dev/null +++ b/vendor/github.com/knative/pkg/apis/istio/v1alpha3/destinationrule_types.go @@ -0,0 +1,547 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package v1alpha3 + +import ( + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" +) + +// +genclient +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// DestinationRule +type DestinationRule struct { + metav1.TypeMeta `json:",inline"` + metav1.ObjectMeta `json:"metadata,omitempty"` + Spec DestinationRuleSpec `json:"spec"` +} + +// DestinationRule defines policies that apply to traffic intended for a +// service after routing has occurred. These rules specify configuration +// for load balancing, connection pool size from the sidecar, and outlier +// detection settings to detect and evict unhealthy hosts from the load +// balancing pool. For example, a simple load balancing policy for the +// ratings service would look as follows: +// +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_CONN +// +// +// Version specific policies can be specified by defining a named +// subset and overriding the settings specified at the service level. The +// following rule uses a round robin load balancing policy for all traffic +// going to a subset named testversion that is composed of endpoints (e.g., +// pods) with labels (version:v3). +// +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_CONN +// subsets: +// - name: testversion +// labels: +// version: v3 +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// +// +// **Note:** Policies specified for subsets will not take effect until +// a route rule explicitly sends traffic to this subset. +// +// Traffic policies can be customized to specific ports as well. The +// following rule uses the least connection load balancing policy for all +// traffic to port 80, while uses a round robin load balancing setting for +// traffic to the port 9080. +// +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings-port +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: # Apply to all ports +// portLevelSettings: +// - port: +// number: 80 +// loadBalancer: +// simple: LEAST_CONN +// - port: +// number: 9080 +// loadBalancer: +// simple: ROUND_ROBIN +// +type DestinationRuleSpec struct { + // REQUIRED. The name of a service from the service registry. Service + // names are looked up from the platform's service registry (e.g., + // Kubernetes services, Consul services, etc.) and from the hosts + // declared by [ServiceEntries](#ServiceEntry). Rules defined for + // services that do not exist in the service registry will be ignored. + // + // *Note for Kubernetes users*: When short names are used (e.g. "reviews" + // instead of "reviews.default.svc.cluster.local"), Istio will interpret + // the short name based on the namespace of the rule, not the service. A + // rule in the "default" namespace containing a host "reviews will be + // interpreted as "reviews.default.svc.cluster.local", irrespective of + // the actual namespace associated with the reviews service. _To avoid + // potential misconfigurations, it is recommended to always use fully + // qualified domain names over short names._ + // + // Note that the host field applies to both HTTP and TCP services. + Host string `json:"host"` + + // Traffic policies to apply (load balancing policy, connection pool + // sizes, outlier detection). + TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"` + + // One or more named sets that represent individual versions of a + // service. Traffic policies can be overridden at subset level. + Subsets []Subset `json:"subsets,omitempty"` +} + +// Traffic policies to apply for a specific destination, across all +// destination ports. See DestinationRule for examples. +type TrafficPolicy struct { + + // Settings controlling the load balancer algorithms. + LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"` + + // Settings controlling the volume of connections to an upstream service + ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"` + + // Settings controlling eviction of unhealthy hosts from the load balancing pool + OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"` + + // TLS related settings for connections to the upstream service. + Tls *TLSSettings `json:"tls,omitempty"` + + // Traffic policies specific to individual ports. Note that port level + // settings will override the destination-level settings. Traffic + // settings specified at the destination-level will not be inherited when + // overridden by port-level settings, i.e. default values will be applied + // to fields omitted in port-level traffic policies. + PortLevelSettings []PortTrafficPolicy `json:"portLevelSettings,omitempty"` +} + +// Traffic policies that apply to specific ports of the service +type PortTrafficPolicy struct { + // Specifies the port name or number of a port on the destination service + // on which this policy is being applied. + // + // Names must comply with DNS label syntax (rfc1035) and therefore cannot + // collide with numbers. If there are multiple ports on a service with + // the same protocol the names should be of the form -. + Port PortSelector `json:"port"` + + // Settings controlling the load balancer algorithms. + LoadBalancer *LoadBalancerSettings `json:"loadBalancer,omitempty"` + + // Settings controlling the volume of connections to an upstream service + ConnectionPool *ConnectionPoolSettings `json:"connectionPool,omitempty"` + + // Settings controlling eviction of unhealthy hosts from the load balancing pool + OutlierDetection *OutlierDetection `json:"outlierDetection,omitempty"` + + // TLS related settings for connections to the upstream service. + Tls *TLSSettings `json:"tls,omitempty"` +} + +// A subset of endpoints of a service. Subsets can be used for scenarios +// like A/B testing, or routing to a specific version of a service. Refer +// to [VirtualService](#VirtualService) documentation for examples of using +// subsets in these scenarios. In addition, traffic policies defined at the +// service-level can be overridden at a subset-level. The following rule +// uses a round robin load balancing policy for all traffic going to a +// subset named testversion that is composed of endpoints (e.g., pods) with +// labels (version:v3). +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: LEAST_CONN +// subsets: +// - name: testversion +// labels: +// version: v3 +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// +// **Note:** Policies specified for subsets will not take effect until +// a route rule explicitly sends traffic to this subset. +type Subset struct { + // REQUIRED. Name of the subset. The service name and the subset name can + // be used for traffic splitting in a route rule. + Name string `json:"port"` + + // REQUIRED. Labels apply a filter over the endpoints of a service in the + // service registry. See route rules for examples of usage. + Labels map[string]string `json:"labels"` + + // Traffic policies that apply to this subset. Subsets inherit the + // traffic policies specified at the DestinationRule level. Settings + // specified at the subset level will override the corresponding settings + // specified at the DestinationRule level. + TrafficPolicy *TrafficPolicy `json:"trafficPolicy,omitempty"` +} + +// Load balancing policies to apply for a specific destination. See Envoy's +// load balancing +// [documentation](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/load_balancing.html) +// for more details. +// +// For example, the following rule uses a round robin load balancing policy +// for all traffic going to the ratings service. +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// simple: ROUND_ROBIN +// +// The following example sets up sticky sessions for the ratings service +// hashing-based load balancer for the same ratings service using the +// the User cookie as the hash key. +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: bookinfo-ratings +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// loadBalancer: +// consistentHash: +// httpCookie: +// name: user +// ttl: 0s +type LoadBalancerSettings struct { + // It is requred to specify exactly one of the fields: + // Simple or ConsistentHash + Simple SimpleLB `json:"simple,omitempty"` + ConsistentHash *ConsistentHashLB `json:"consistentHash,omitempty"` +} + +// Standard load balancing algorithms that require no tuning. +type SimpleLB string + +const ( + // Round Robin policy. Default + SimpleLBRoundRobin SimpleLB = "ROUND_ROBIN" + + // The least request load balancer uses an O(1) algorithm which selects + // two random healthy hosts and picks the host which has fewer active + // requests. + SimpleLBLeastConn SimpleLB = "LEAST_CONN" + + // The random load balancer selects a random healthy host. The random + // load balancer generally performs better than round robin if no health + // checking policy is configured. + SimpleLBRandom SimpleLB = "RANDOM" + + // This option will forward the connection to the original IP address + // requested by the caller without doing any form of load + // balancing. This option must be used with care. It is meant for + // advanced use cases. Refer to Original Destination load balancer in + // Envoy for further details. + SimpleLBPassthrough SimpleLB = "PASSTHROUGH" +) + +// Consistent Hash-based load balancing can be used to provide soft +// session affinity based on HTTP headers, cookies or other +// properties. This load balancing policy is applicable only for HTTP +// connections. The affinity to a particular destination host will be +// lost when one or more hosts are added/removed from the destination +// service. +type ConsistentHashLB struct { + + // It is requred to specify exactly one of the fields as hash key: + // HttpHeaderName, HttpCookie, or UseSourceIP. + // Hash based on a specific HTTP header. + HttpHeaderName string `json:"httpHeaderName,omitempty"` + + // Hash based on HTTP cookie. + HttpCookie *HTTPCookie `json:"httpCookie,omitempty"` + + // Hash based on the source IP address. + UseSourceIp bool `json:"useSourceIp,omitempty"` + + // The minimum number of virtual nodes to use for the hash + // ring. Defaults to 1024. Larger ring sizes result in more granular + // load distributions. If the number of hosts in the load balancing + // pool is larger than the ring size, each host will be assigned a + // single virtual node. + MinimumRingSize uint64 `json:"minimumRingSize,omitempty"` +} + +// Describes a HTTP cookie that will be used as the hash key for the +// Consistent Hash load balancer. If the cookie is not present, it will +// be generated. +type HTTPCookie struct { + // REQUIRED. Name of the cookie. + Name string `json:"name"` + + // Path to set for the cookie. + Path string `json:"path,omitempty"` + + // REQUIRED. Lifetime of the cookie. + Ttl string `json:"ttl"` +} + +// Connection pool settings for an upstream host. The settings apply to +// each individual host in the upstream service. See Envoy's [circuit +// breaker](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/circuit_breaking) +// for more details. Connection pool settings can be applied at the TCP +// level as well as at HTTP level. +// +// For example, the following rule sets a limit of 100 connections to redis +// service called myredissrv with a connect timeout of 30ms +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: bookinfo-redis +// spec: +// host: myredissrv.prod.svc.cluster.local +// trafficPolicy: +// connectionPool: +// tcp: +// maxConnections: 100 +// connectTimeout: 30ms +type ConnectionPoolSettings struct { + + // Settings common to both HTTP and TCP upstream connections. + Tcp *TCPSettings `json:"tcp,omitempty"` + + // HTTP connection pool settings. + Http *HTTPSettings `json:"http,omitempty"` +} + +// Settings common to both HTTP and TCP upstream connections. +type TCPSettings struct { + // Maximum number of HTTP1 /TCP connections to a destination host. + MaxConnections int32 `json:"maxConnections,omitempty"` + + // TCP connection timeout. + ConnectTimeout string `json:"connectTimeout,omitempty"` +} + +// Settings applicable to HTTP1.1/HTTP2/GRPC connections. +type HTTPSettings struct { + // Maximum number of pending HTTP requests to a destination. Default 1024. + Http1MaxPendingRequests int32 `json:"http1MaxPendingRequests,omitempty"` + + // Maximum number of requests to a backend. Default 1024. + Http2MaxRequests int32 `json:"http2MaxRequests,omitempty"` + + // Maximum number of requests per connection to a backend. Setting this + // parameter to 1 disables keep alive. + MaxRequestsPerConnection int32 `json:"maxRequestsPerConnection,omitempty"` + + // Maximum number of retries that can be outstanding to all hosts in a + // cluster at a given time. Defaults to 3. + MaxRetries int32 `json:"maxRetries,omitempty"` +} + +// A Circuit breaker implementation that tracks the status of each +// individual host in the upstream service. Applicable to both HTTP and +// TCP services. For HTTP services, hosts that continually return 5xx +// errors for API calls are ejected from the pool for a pre-defined period +// of time. For TCP services, connection timeouts or connection +// failures to a given host counts as an error when measuring the +// consecutive errors metric. See Envoy's [outlier +// detection](https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/outlier) +// for more details. +// +// The following rule sets a connection pool size of 100 connections and +// 1000 concurrent HTTP2 requests, with no more than 10 req/connection to +// "reviews" service. In addition, it configures upstream hosts to be +// scanned every 5 mins, such that any host that fails 7 consecutive times +// with 5XX error code will be ejected for 15 minutes. +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: reviews-cb-policy +// spec: +// host: reviews.prod.svc.cluster.local +// trafficPolicy: +// connectionPool: +// tcp: +// maxConnections: 100 +// http: +// http2MaxRequests: 1000 +// maxRequestsPerConnection: 10 +// outlierDetection: +// consecutiveErrors: 7 +// interval: 5m +// baseEjectionTime: 15m +type OutlierDetection struct { + // Number of errors before a host is ejected from the connection + // pool. Defaults to 5. When the upstream host is accessed over HTTP, a + // 5xx return code qualifies as an error. When the upstream host is + // accessed over an opaque TCP connection, connect timeouts and + // connection error/failure events qualify as an error. + ConsecutiveErrors int32 `json:"consecutiveErrors,omitempty"` + + // Time interval between ejection sweep analysis. format: + // 1h/1m/1s/1ms. MUST BE >=1ms. Default is 10s. + Interval string `json:"interval,omitempty"` + + // Minimum ejection duration. A host will remain ejected for a period + // equal to the product of minimum ejection duration and the number of + // times the host has been ejected. This technique allows the system to + // automatically increase the ejection period for unhealthy upstream + // servers. format: 1h/1m/1s/1ms. MUST BE >=1ms. Default is 30s. + BaseEjectionTime string `json:"baseEjectionTime,omitempty"` + + // Maximum % of hosts in the load balancing pool for the upstream + // service that can be ejected. Defaults to 10%. + MaxEjectionPercent int32 `json:"maxEjectionPercent,omitempty"` +} + +// SSL/TLS related settings for upstream connections. See Envoy's [TLS +// context](https://www.envoyproxy.io/docs/envoy/latest/api-v1/cluster_manager/cluster_ssl.html#config-cluster-manager-cluster-ssl) +// for more details. These settings are common to both HTTP and TCP upstreams. +// +// For example, the following rule configures a client to use mutual TLS +// for connections to upstream database cluster. +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: db-mtls +// spec: +// host: mydbserver.prod.svc.cluster.local +// trafficPolicy: +// tls: +// mode: MUTUAL +// clientCertificate: /etc/certs/myclientcert.pem +// privateKey: /etc/certs/client_private_key.pem +// caCertificates: /etc/certs/rootcacerts.pem +// +// The following rule configures a client to use TLS when talking to a +// foreign service whose domain matches *.foo.com. +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: tls-foo +// spec: +// host: "*.foo.com" +// trafficPolicy: +// tls: +// mode: SIMPLE +// +// The following rule configures a client to use Istio mutual TLS when talking +// to rating services. +// +// apiVersion: networking.istio.io/v1alpha3 +// kind: DestinationRule +// metadata: +// name: ratings-istio-mtls +// spec: +// host: ratings.prod.svc.cluster.local +// trafficPolicy: +// tls: +// mode: ISTIO_MUTUAL +type TLSSettings struct { + + // REQUIRED: Indicates whether connections to this port should be secured + // using TLS. The value of this field determines how TLS is enforced. + Mode TLSmode `json:"mode"` + + // REQUIRED if mode is `MUTUAL`. The path to the file holding the + // client-side TLS certificate to use. + // Should be empty if mode is `ISTIO_MUTUAL`. + ClientCertificate string `json:"clientCertificate,omitempty"` + + // REQUIRED if mode is `MUTUAL`. The path to the file holding the + // client's private key. + // Should be empty if mode is `ISTIO_MUTUAL`. + PrivateKey string `json:"privateKey,omitempty"` + + // OPTIONAL: The path to the file containing certificate authority + // certificates to use in verifying a presented server certificate. If + // omitted, the proxy will not verify the server's certificate. + // Should be empty if mode is `ISTIO_MUTUAL`. + CaCertificates string `json:"caCertificates,omitempty"` + + // A list of alternate names to verify the subject identity in the + // certificate. If specified, the proxy will verify that the server + // certificate's subject alt name matches one of the specified values. + // Should be empty if mode is `ISTIO_MUTUAL`. + SubjectAltNames []string `json:"subjectAltNames,omitempty"` + + // SNI string to present to the server during TLS handshake. + // Should be empty if mode is `ISTIO_MUTUAL`. + Sni string `json:"sni,omitempty"` +} + +// TLS connection mode +type TLSmode string + +const ( + // Do not setup a TLS connection to the upstream endpoint. + TLSmodeDisable TLSmode = "DISABLE" + + // Originate a TLS connection to the upstream endpoint. + TLSmodeSimple TLSmode = "SIMPLE" + + // Secure connections to the upstream using mutual TLS by presenting + // client certificates for authentication. + TLSmodeMutual TLSmode = "MUTUAL" + + // Secure connections to the upstream using mutual TLS by presenting + // client certificates for authentication. + // Compared to Mutual mode, this mode uses certificates generated + // automatically by Istio for mTLS authentication. When this mode is + // used, all other fields in `TLSSettings` should be empty. + TLSmodeIstioMutual TLSmode = "ISTIO_MUTUAL" +) + +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object +// DestinationRuleList is a list of DestinationRule resources +type DestinationRuleList struct { + metav1.TypeMeta `json:",inline"` + metav1.ListMeta `json:"metadata"` + Items []DestinationRule `json:"items"` +} diff --git a/vendor/github.com/knative/pkg/apis/istio/v1alpha3/register.go b/vendor/github.com/knative/pkg/apis/istio/v1alpha3/register.go index 9ea16a53333..c2089e5c2ab 100644 --- a/vendor/github.com/knative/pkg/apis/istio/v1alpha3/register.go +++ b/vendor/github.com/knative/pkg/apis/istio/v1alpha3/register.go @@ -46,8 +46,10 @@ func addKnownTypes(scheme *runtime.Scheme) error { scheme.AddKnownTypes(SchemeGroupVersion, &VirtualService{}, &Gateway{}, + &DestinationRule{}, &VirtualServiceList{}, &GatewayList{}, + &DestinationRuleList{}, ) metav1.AddToGroupVersion(scheme, SchemeGroupVersion) return nil diff --git a/vendor/github.com/knative/pkg/apis/istio/v1alpha3/virtualservice_types.go b/vendor/github.com/knative/pkg/apis/istio/v1alpha3/virtualservice_types.go index 87e2f9815ef..eb65683e192 100644 --- a/vendor/github.com/knative/pkg/apis/istio/v1alpha3/virtualservice_types.go +++ b/vendor/github.com/knative/pkg/apis/istio/v1alpha3/virtualservice_types.go @@ -18,6 +18,7 @@ package v1alpha3 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "github.com/knative/pkg/apis/istio/common/v1alpha1" ) // +genclient @@ -234,7 +235,7 @@ type HTTPMatchRequest struct { // // - `regex: "value"` for ECMAscript style regex-based match // - Uri *StringMatch `json:"uri,omitempty"` + Uri *v1alpha1.StringMatch `json:"uri,omitempty"` // URI Scheme // values are case-sensitive and formatted as follows: @@ -245,7 +246,7 @@ type HTTPMatchRequest struct { // // - `regex: "value"` for ECMAscript style regex-based match // - Scheme *StringMatch `json:"scheme,omitempty"` + Scheme *v1alpha1.StringMatch `json:"scheme,omitempty"` // HTTP Method // values are case-sensitive and formatted as follows: @@ -256,7 +257,7 @@ type HTTPMatchRequest struct { // // - `regex: "value"` for ECMAscript style regex-based match // - Method *StringMatch `json:"method,omitempty"` + Method *v1alpha1.StringMatch `json:"method,omitempty"` // HTTP Authority // values are case-sensitive and formatted as follows: @@ -267,7 +268,7 @@ type HTTPMatchRequest struct { // // - `regex: "value"` for ECMAscript style regex-based match // - Authority *StringMatch `json:"authority,omitempty"` + Authority *v1alpha1.StringMatch `json:"authority,omitempty"` // The header keys must be lowercase and use hyphen as the separator, // e.g. _x-request-id_. @@ -281,22 +282,7 @@ type HTTPMatchRequest struct { // - `regex: "value"` for ECMAscript style regex-based match // // **Note:** The keys `uri`, `scheme`, `method`, and `authority` will be ignored. - Headers map[string]StringMatch `json:"headers,omitempty"` -} - -// Describes how to match a given string in HTTP headers. Match is -// case-sensitive. -type StringMatch struct { - // Specified exactly one of the fields below. - - // exact string match - Exact string `json:"exact,omitempty"` - - // prefix-based match - Prefix string `json:"prefix,omitempty"` - - // ECMAscript style regex-based match - Regex string `json:"regex,omitempty"` + Headers map[string]v1alpha1.StringMatch `json:"headers,omitempty"` } type DestinationWeight struct { diff --git a/vendor/github.com/knative/pkg/apis/istio/v1alpha3/zz_generated.deepcopy.go b/vendor/github.com/knative/pkg/apis/istio/v1alpha3/zz_generated.deepcopy.go index 8e323c689a2..e5a9a2c6d8e 100644 --- a/vendor/github.com/knative/pkg/apis/istio/v1alpha3/zz_generated.deepcopy.go +++ b/vendor/github.com/knative/pkg/apis/istio/v1alpha3/zz_generated.deepcopy.go @@ -21,9 +21,57 @@ limitations under the License. package v1alpha3 import ( + v1alpha1 "github.com/knative/pkg/apis/istio/common/v1alpha1" runtime "k8s.io/apimachinery/pkg/runtime" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConnectionPoolSettings) DeepCopyInto(out *ConnectionPoolSettings) { + *out = *in + if in.Tcp != nil { + in, out := &in.Tcp, &out.Tcp + *out = new(TCPSettings) + **out = **in + } + if in.Http != nil { + in, out := &in.Http, &out.Http + *out = new(HTTPSettings) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConnectionPoolSettings. +func (in *ConnectionPoolSettings) DeepCopy() *ConnectionPoolSettings { + if in == nil { + return nil + } + out := new(ConnectionPoolSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ConsistentHashLB) DeepCopyInto(out *ConsistentHashLB) { + *out = *in + if in.HttpCookie != nil { + in, out := &in.HttpCookie, &out.HttpCookie + *out = new(HTTPCookie) + **out = **in + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ConsistentHashLB. +func (in *ConsistentHashLB) DeepCopy() *ConsistentHashLB { + if in == nil { + return nil + } + out := new(ConsistentHashLB) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *CorsPolicy) DeepCopyInto(out *CorsPolicy) { *out = *in @@ -77,6 +125,94 @@ func (in *Destination) DeepCopy() *Destination { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DestinationRule) DeepCopyInto(out *DestinationRule) { + *out = *in + out.TypeMeta = in.TypeMeta + in.ObjectMeta.DeepCopyInto(&out.ObjectMeta) + in.Spec.DeepCopyInto(&out.Spec) + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRule. +func (in *DestinationRule) DeepCopy() *DestinationRule { + if in == nil { + return nil + } + out := new(DestinationRule) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *DestinationRule) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DestinationRuleList) DeepCopyInto(out *DestinationRuleList) { + *out = *in + out.TypeMeta = in.TypeMeta + out.ListMeta = in.ListMeta + if in.Items != nil { + in, out := &in.Items, &out.Items + *out = make([]DestinationRule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleList. +func (in *DestinationRuleList) DeepCopy() *DestinationRuleList { + if in == nil { + return nil + } + out := new(DestinationRuleList) + in.DeepCopyInto(out) + return out +} + +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *DestinationRuleList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *DestinationRuleSpec) DeepCopyInto(out *DestinationRuleSpec) { + *out = *in + if in.TrafficPolicy != nil { + in, out := &in.TrafficPolicy, &out.TrafficPolicy + *out = new(TrafficPolicy) + (*in).DeepCopyInto(*out) + } + if in.Subsets != nil { + in, out := &in.Subsets, &out.Subsets + *out = make([]Subset, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new DestinationRuleSpec. +func (in *DestinationRuleSpec) DeepCopy() *DestinationRuleSpec { + if in == nil { + return nil + } + out := new(DestinationRuleSpec) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *DestinationWeight) DeepCopyInto(out *DestinationWeight) { *out = *in @@ -184,6 +320,22 @@ func (in *GatewaySpec) DeepCopy() *GatewaySpec { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPCookie) DeepCopyInto(out *HTTPCookie) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPCookie. +func (in *HTTPCookie) DeepCopy() *HTTPCookie { + if in == nil { + return nil + } + out := new(HTTPCookie) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *HTTPFaultInjection) DeepCopyInto(out *HTTPFaultInjection) { *out = *in @@ -215,27 +367,27 @@ func (in *HTTPMatchRequest) DeepCopyInto(out *HTTPMatchRequest) { *out = *in if in.Uri != nil { in, out := &in.Uri, &out.Uri - *out = new(StringMatch) + *out = new(v1alpha1.StringMatch) **out = **in } if in.Scheme != nil { in, out := &in.Scheme, &out.Scheme - *out = new(StringMatch) + *out = new(v1alpha1.StringMatch) **out = **in } if in.Method != nil { in, out := &in.Method, &out.Method - *out = new(StringMatch) + *out = new(v1alpha1.StringMatch) **out = **in } if in.Authority != nil { in, out := &in.Authority, &out.Authority - *out = new(StringMatch) + *out = new(v1alpha1.StringMatch) **out = **in } if in.Headers != nil { in, out := &in.Headers, &out.Headers - *out = make(map[string]StringMatch, len(*in)) + *out = make(map[string]v1alpha1.StringMatch, len(*in)) for key, val := range *in { (*out)[key] = val } @@ -368,6 +520,22 @@ func (in *HTTPRoute) DeepCopy() *HTTPRoute { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *HTTPSettings) DeepCopyInto(out *HTTPSettings) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new HTTPSettings. +func (in *HTTPSettings) DeepCopy() *HTTPSettings { + if in == nil { + return nil + } + out := new(HTTPSettings) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *InjectAbort) DeepCopyInto(out *InjectAbort) { *out = *in @@ -428,6 +596,43 @@ func (in *L4MatchAttributes) DeepCopy() *L4MatchAttributes { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *LoadBalancerSettings) DeepCopyInto(out *LoadBalancerSettings) { + *out = *in + if in.ConsistentHash != nil { + in, out := &in.ConsistentHash, &out.ConsistentHash + *out = new(ConsistentHashLB) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new LoadBalancerSettings. +func (in *LoadBalancerSettings) DeepCopy() *LoadBalancerSettings { + if in == nil { + return nil + } + out := new(LoadBalancerSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *OutlierDetection) DeepCopyInto(out *OutlierDetection) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new OutlierDetection. +func (in *OutlierDetection) DeepCopy() *OutlierDetection { + if in == nil { + return nil + } + out := new(OutlierDetection) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Port) DeepCopyInto(out *Port) { *out = *in @@ -460,6 +665,43 @@ func (in *PortSelector) DeepCopy() *PortSelector { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *PortTrafficPolicy) DeepCopyInto(out *PortTrafficPolicy) { + *out = *in + out.Port = in.Port + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(LoadBalancerSettings) + (*in).DeepCopyInto(*out) + } + if in.ConnectionPool != nil { + in, out := &in.ConnectionPool, &out.ConnectionPool + *out = new(ConnectionPoolSettings) + (*in).DeepCopyInto(*out) + } + if in.OutlierDetection != nil { + in, out := &in.OutlierDetection, &out.OutlierDetection + *out = new(OutlierDetection) + **out = **in + } + if in.Tls != nil { + in, out := &in.Tls, &out.Tls + *out = new(TLSSettings) + (*in).DeepCopyInto(*out) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortTrafficPolicy. +func (in *PortTrafficPolicy) DeepCopy() *PortTrafficPolicy { + if in == nil { + return nil + } + out := new(PortTrafficPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Server) DeepCopyInto(out *Server) { *out = *in @@ -488,17 +730,29 @@ func (in *Server) DeepCopy() *Server { } // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. -func (in *StringMatch) DeepCopyInto(out *StringMatch) { +func (in *Subset) DeepCopyInto(out *Subset) { *out = *in + if in.Labels != nil { + in, out := &in.Labels, &out.Labels + *out = make(map[string]string, len(*in)) + for key, val := range *in { + (*out)[key] = val + } + } + if in.TrafficPolicy != nil { + in, out := &in.TrafficPolicy, &out.TrafficPolicy + *out = new(TrafficPolicy) + (*in).DeepCopyInto(*out) + } return } -// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new StringMatch. -func (in *StringMatch) DeepCopy() *StringMatch { +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Subset. +func (in *Subset) DeepCopy() *Subset { if in == nil { return nil } - out := new(StringMatch) + out := new(Subset) in.DeepCopyInto(out) return out } @@ -527,6 +781,22 @@ func (in *TCPRoute) DeepCopy() *TCPRoute { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TCPSettings) DeepCopyInto(out *TCPSettings) { + *out = *in + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TCPSettings. +func (in *TCPSettings) DeepCopy() *TCPSettings { + if in == nil { + return nil + } + out := new(TCPSettings) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *TLSOptions) DeepCopyInto(out *TLSOptions) { *out = *in @@ -548,6 +818,70 @@ func (in *TLSOptions) DeepCopy() *TLSOptions { return out } +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TLSSettings) DeepCopyInto(out *TLSSettings) { + *out = *in + if in.SubjectAltNames != nil { + in, out := &in.SubjectAltNames, &out.SubjectAltNames + *out = make([]string, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TLSSettings. +func (in *TLSSettings) DeepCopy() *TLSSettings { + if in == nil { + return nil + } + out := new(TLSSettings) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *TrafficPolicy) DeepCopyInto(out *TrafficPolicy) { + *out = *in + if in.LoadBalancer != nil { + in, out := &in.LoadBalancer, &out.LoadBalancer + *out = new(LoadBalancerSettings) + (*in).DeepCopyInto(*out) + } + if in.ConnectionPool != nil { + in, out := &in.ConnectionPool, &out.ConnectionPool + *out = new(ConnectionPoolSettings) + (*in).DeepCopyInto(*out) + } + if in.OutlierDetection != nil { + in, out := &in.OutlierDetection, &out.OutlierDetection + *out = new(OutlierDetection) + **out = **in + } + if in.Tls != nil { + in, out := &in.Tls, &out.Tls + *out = new(TLSSettings) + (*in).DeepCopyInto(*out) + } + if in.PortLevelSettings != nil { + in, out := &in.PortLevelSettings, &out.PortLevelSettings + *out = make([]PortTrafficPolicy, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new TrafficPolicy. +func (in *TrafficPolicy) DeepCopy() *TrafficPolicy { + if in == nil { + return nil + } + out := new(TrafficPolicy) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *VirtualService) DeepCopyInto(out *VirtualService) { *out = *in diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/clientset.go b/vendor/github.com/knative/pkg/client/clientset/versioned/clientset.go index b5e5fa42f5e..ba98730a052 100644 --- a/vendor/github.com/knative/pkg/client/clientset/versioned/clientset.go +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/clientset.go @@ -19,6 +19,7 @@ limitations under the License. package versioned import ( + authenticationv1alpha1 "github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1" networkingv1alpha3 "github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3" discovery "k8s.io/client-go/discovery" rest "k8s.io/client-go/rest" @@ -27,6 +28,9 @@ import ( type Interface interface { Discovery() discovery.DiscoveryInterface + AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface + // Deprecated: please explicitly pick a version if possible. + Authentication() authenticationv1alpha1.AuthenticationV1alpha1Interface NetworkingV1alpha3() networkingv1alpha3.NetworkingV1alpha3Interface // Deprecated: please explicitly pick a version if possible. Networking() networkingv1alpha3.NetworkingV1alpha3Interface @@ -36,7 +40,19 @@ type Interface interface { // version included in a Clientset. type Clientset struct { *discovery.DiscoveryClient - networkingV1alpha3 *networkingv1alpha3.NetworkingV1alpha3Client + authenticationV1alpha1 *authenticationv1alpha1.AuthenticationV1alpha1Client + networkingV1alpha3 *networkingv1alpha3.NetworkingV1alpha3Client +} + +// AuthenticationV1alpha1 retrieves the AuthenticationV1alpha1Client +func (c *Clientset) AuthenticationV1alpha1() authenticationv1alpha1.AuthenticationV1alpha1Interface { + return c.authenticationV1alpha1 +} + +// Deprecated: Authentication retrieves the default version of AuthenticationClient. +// Please explicitly pick a version. +func (c *Clientset) Authentication() authenticationv1alpha1.AuthenticationV1alpha1Interface { + return c.authenticationV1alpha1 } // NetworkingV1alpha3 retrieves the NetworkingV1alpha3Client @@ -66,6 +82,10 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { } var cs Clientset var err error + cs.authenticationV1alpha1, err = authenticationv1alpha1.NewForConfig(&configShallowCopy) + if err != nil { + return nil, err + } cs.networkingV1alpha3, err = networkingv1alpha3.NewForConfig(&configShallowCopy) if err != nil { return nil, err @@ -82,6 +102,7 @@ func NewForConfig(c *rest.Config) (*Clientset, error) { // panics if there is an error in the config. func NewForConfigOrDie(c *rest.Config) *Clientset { var cs Clientset + cs.authenticationV1alpha1 = authenticationv1alpha1.NewForConfigOrDie(c) cs.networkingV1alpha3 = networkingv1alpha3.NewForConfigOrDie(c) cs.DiscoveryClient = discovery.NewDiscoveryClientForConfigOrDie(c) @@ -91,6 +112,7 @@ func NewForConfigOrDie(c *rest.Config) *Clientset { // New creates a new Clientset for the given RESTClient. func New(c rest.Interface) *Clientset { var cs Clientset + cs.authenticationV1alpha1 = authenticationv1alpha1.New(c) cs.networkingV1alpha3 = networkingv1alpha3.New(c) cs.DiscoveryClient = discovery.NewDiscoveryClient(c) diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/scheme/register.go b/vendor/github.com/knative/pkg/client/clientset/versioned/scheme/register.go index 8058d5256b6..c796f6a6ad0 100644 --- a/vendor/github.com/knative/pkg/client/clientset/versioned/scheme/register.go +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/scheme/register.go @@ -19,6 +19,7 @@ limitations under the License. package scheme import ( + authenticationv1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1" networkingv1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" runtime "k8s.io/apimachinery/pkg/runtime" @@ -50,5 +51,6 @@ func init() { // After this, RawExtensions in Kubernetes types will serialize kube-aggregator types // correctly. func AddToScheme(scheme *runtime.Scheme) { + authenticationv1alpha1.AddToScheme(scheme) networkingv1alpha3.AddToScheme(scheme) } diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go new file mode 100644 index 00000000000..d2c0d43316a --- /dev/null +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/authentication_client.go @@ -0,0 +1,90 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1" + "github.com/knative/pkg/client/clientset/versioned/scheme" + serializer "k8s.io/apimachinery/pkg/runtime/serializer" + rest "k8s.io/client-go/rest" +) + +type AuthenticationV1alpha1Interface interface { + RESTClient() rest.Interface + PoliciesGetter +} + +// AuthenticationV1alpha1Client is used to interact with features provided by the authentication.istio.io group. +type AuthenticationV1alpha1Client struct { + restClient rest.Interface +} + +func (c *AuthenticationV1alpha1Client) Policies(namespace string) PolicyInterface { + return newPolicies(c, namespace) +} + +// NewForConfig creates a new AuthenticationV1alpha1Client for the given config. +func NewForConfig(c *rest.Config) (*AuthenticationV1alpha1Client, error) { + config := *c + if err := setConfigDefaults(&config); err != nil { + return nil, err + } + client, err := rest.RESTClientFor(&config) + if err != nil { + return nil, err + } + return &AuthenticationV1alpha1Client{client}, nil +} + +// NewForConfigOrDie creates a new AuthenticationV1alpha1Client for the given config and +// panics if there is an error in the config. +func NewForConfigOrDie(c *rest.Config) *AuthenticationV1alpha1Client { + client, err := NewForConfig(c) + if err != nil { + panic(err) + } + return client +} + +// New creates a new AuthenticationV1alpha1Client for the given RESTClient. +func New(c rest.Interface) *AuthenticationV1alpha1Client { + return &AuthenticationV1alpha1Client{c} +} + +func setConfigDefaults(config *rest.Config) error { + gv := v1alpha1.SchemeGroupVersion + config.GroupVersion = &gv + config.APIPath = "/apis" + config.NegotiatedSerializer = serializer.DirectCodecFactory{CodecFactory: scheme.Codecs} + + if config.UserAgent == "" { + config.UserAgent = rest.DefaultKubernetesUserAgent() + } + + return nil +} + +// RESTClient returns a RESTClient that is used to communicate +// with API server by this client implementation. +func (c *AuthenticationV1alpha1Client) RESTClient() rest.Interface { + if c == nil { + return nil + } + return c.restClient +} diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/doc.go b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/doc.go new file mode 100644 index 00000000000..75445c17900 --- /dev/null +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/doc.go @@ -0,0 +1,20 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +// This package has the automatically generated typed clients. +package v1alpha1 diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/generated_expansion.go b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/generated_expansion.go new file mode 100644 index 00000000000..d986b9fcb45 --- /dev/null +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/generated_expansion.go @@ -0,0 +1,21 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +type PolicyExpansion interface{} diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/policy.go b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/policy.go new file mode 100644 index 00000000000..ee24e798bb1 --- /dev/null +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/authentication/v1alpha1/policy.go @@ -0,0 +1,157 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1" + scheme "github.com/knative/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// PoliciesGetter has a method to return a PolicyInterface. +// A group's client should implement this interface. +type PoliciesGetter interface { + Policies(namespace string) PolicyInterface +} + +// PolicyInterface has methods to work with Policy resources. +type PolicyInterface interface { + Create(*v1alpha1.Policy) (*v1alpha1.Policy, error) + Update(*v1alpha1.Policy) (*v1alpha1.Policy, error) + Delete(name string, options *v1.DeleteOptions) error + DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error + Get(name string, options v1.GetOptions) (*v1alpha1.Policy, error) + List(opts v1.ListOptions) (*v1alpha1.PolicyList, error) + Watch(opts v1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) + PolicyExpansion +} + +// policies implements PolicyInterface +type policies struct { + client rest.Interface + ns string +} + +// newPolicies returns a Policies +func newPolicies(c *AuthenticationV1alpha1Client, namespace string) *policies { + return &policies{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the policy, and returns the corresponding policy object, and an error if there is any. +func (c *policies) Get(name string, options v1.GetOptions) (result *v1alpha1.Policy, err error) { + result = &v1alpha1.Policy{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policies"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of Policies that match those selectors. +func (c *policies) List(opts v1.ListOptions) (result *v1alpha1.PolicyList, err error) { + result = &v1alpha1.PolicyList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("policies"). + VersionedParams(&opts, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested policies. +func (c *policies) Watch(opts v1.ListOptions) (watch.Interface, error) { + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("policies"). + VersionedParams(&opts, scheme.ParameterCodec). + Watch() +} + +// Create takes the representation of a policy and creates it. Returns the server's representation of the policy, and an error, if there is any. +func (c *policies) Create(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) { + result = &v1alpha1.Policy{} + err = c.client.Post(). + Namespace(c.ns). + Resource("policies"). + Body(policy). + Do(). + Into(result) + return +} + +// Update takes the representation of a policy and updates it. Returns the server's representation of the policy, and an error, if there is any. +func (c *policies) Update(policy *v1alpha1.Policy) (result *v1alpha1.Policy, err error) { + result = &v1alpha1.Policy{} + err = c.client.Put(). + Namespace(c.ns). + Resource("policies"). + Name(policy.Name). + Body(policy). + Do(). + Into(result) + return +} + +// Delete takes name of the policy and deletes it. Returns an error if one occurs. +func (c *policies) Delete(name string, options *v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("policies"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *policies) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("policies"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched policy. +func (c *policies) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha1.Policy, err error) { + result = &v1alpha1.Policy{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("policies"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/destinationrule.go b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/destinationrule.go new file mode 100644 index 00000000000..465b9adbd9f --- /dev/null +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/destinationrule.go @@ -0,0 +1,157 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by client-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + v1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3" + scheme "github.com/knative/pkg/client/clientset/versioned/scheme" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + types "k8s.io/apimachinery/pkg/types" + watch "k8s.io/apimachinery/pkg/watch" + rest "k8s.io/client-go/rest" +) + +// DestinationRulesGetter has a method to return a DestinationRuleInterface. +// A group's client should implement this interface. +type DestinationRulesGetter interface { + DestinationRules(namespace string) DestinationRuleInterface +} + +// DestinationRuleInterface has methods to work with DestinationRule resources. +type DestinationRuleInterface interface { + Create(*v1alpha3.DestinationRule) (*v1alpha3.DestinationRule, error) + Update(*v1alpha3.DestinationRule) (*v1alpha3.DestinationRule, error) + Delete(name string, options *v1.DeleteOptions) error + DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error + Get(name string, options v1.GetOptions) (*v1alpha3.DestinationRule, error) + List(opts v1.ListOptions) (*v1alpha3.DestinationRuleList, error) + Watch(opts v1.ListOptions) (watch.Interface, error) + Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha3.DestinationRule, err error) + DestinationRuleExpansion +} + +// destinationRules implements DestinationRuleInterface +type destinationRules struct { + client rest.Interface + ns string +} + +// newDestinationRules returns a DestinationRules +func newDestinationRules(c *NetworkingV1alpha3Client, namespace string) *destinationRules { + return &destinationRules{ + client: c.RESTClient(), + ns: namespace, + } +} + +// Get takes name of the destinationRule, and returns the corresponding destinationRule object, and an error if there is any. +func (c *destinationRules) Get(name string, options v1.GetOptions) (result *v1alpha3.DestinationRule, err error) { + result = &v1alpha3.DestinationRule{} + err = c.client.Get(). + Namespace(c.ns). + Resource("destinationrules"). + Name(name). + VersionedParams(&options, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// List takes label and field selectors, and returns the list of DestinationRules that match those selectors. +func (c *destinationRules) List(opts v1.ListOptions) (result *v1alpha3.DestinationRuleList, err error) { + result = &v1alpha3.DestinationRuleList{} + err = c.client.Get(). + Namespace(c.ns). + Resource("destinationrules"). + VersionedParams(&opts, scheme.ParameterCodec). + Do(). + Into(result) + return +} + +// Watch returns a watch.Interface that watches the requested destinationRules. +func (c *destinationRules) Watch(opts v1.ListOptions) (watch.Interface, error) { + opts.Watch = true + return c.client.Get(). + Namespace(c.ns). + Resource("destinationrules"). + VersionedParams(&opts, scheme.ParameterCodec). + Watch() +} + +// Create takes the representation of a destinationRule and creates it. Returns the server's representation of the destinationRule, and an error, if there is any. +func (c *destinationRules) Create(destinationRule *v1alpha3.DestinationRule) (result *v1alpha3.DestinationRule, err error) { + result = &v1alpha3.DestinationRule{} + err = c.client.Post(). + Namespace(c.ns). + Resource("destinationrules"). + Body(destinationRule). + Do(). + Into(result) + return +} + +// Update takes the representation of a destinationRule and updates it. Returns the server's representation of the destinationRule, and an error, if there is any. +func (c *destinationRules) Update(destinationRule *v1alpha3.DestinationRule) (result *v1alpha3.DestinationRule, err error) { + result = &v1alpha3.DestinationRule{} + err = c.client.Put(). + Namespace(c.ns). + Resource("destinationrules"). + Name(destinationRule.Name). + Body(destinationRule). + Do(). + Into(result) + return +} + +// Delete takes name of the destinationRule and deletes it. Returns an error if one occurs. +func (c *destinationRules) Delete(name string, options *v1.DeleteOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("destinationrules"). + Name(name). + Body(options). + Do(). + Error() +} + +// DeleteCollection deletes a collection of objects. +func (c *destinationRules) DeleteCollection(options *v1.DeleteOptions, listOptions v1.ListOptions) error { + return c.client.Delete(). + Namespace(c.ns). + Resource("destinationrules"). + VersionedParams(&listOptions, scheme.ParameterCodec). + Body(options). + Do(). + Error() +} + +// Patch applies the patch and returns the patched destinationRule. +func (c *destinationRules) Patch(name string, pt types.PatchType, data []byte, subresources ...string) (result *v1alpha3.DestinationRule, err error) { + result = &v1alpha3.DestinationRule{} + err = c.client.Patch(pt). + Namespace(c.ns). + Resource("destinationrules"). + SubResource(subresources...). + Name(name). + Body(data). + Do(). + Into(result) + return +} diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/generated_expansion.go b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/generated_expansion.go index 1e2062d8084..2f806db148b 100644 --- a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/generated_expansion.go +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/generated_expansion.go @@ -18,6 +18,8 @@ limitations under the License. package v1alpha3 +type DestinationRuleExpansion interface{} + type GatewayExpansion interface{} type VirtualServiceExpansion interface{} diff --git a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/istio_client.go b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/istio_client.go index 3fa31904264..fd7ed42827c 100644 --- a/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/istio_client.go +++ b/vendor/github.com/knative/pkg/client/clientset/versioned/typed/istio/v1alpha3/istio_client.go @@ -27,6 +27,7 @@ import ( type NetworkingV1alpha3Interface interface { RESTClient() rest.Interface + DestinationRulesGetter GatewaysGetter VirtualServicesGetter } @@ -36,6 +37,10 @@ type NetworkingV1alpha3Client struct { restClient rest.Interface } +func (c *NetworkingV1alpha3Client) DestinationRules(namespace string) DestinationRuleInterface { + return newDestinationRules(c, namespace) +} + func (c *NetworkingV1alpha3Client) Gateways(namespace string) GatewayInterface { return newGateways(c, namespace) } diff --git a/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/interface.go b/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/interface.go new file mode 100644 index 00000000000..e3fc7fe8cef --- /dev/null +++ b/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/interface.go @@ -0,0 +1,46 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package authentication + +import ( + v1alpha1 "github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1" + internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to each of this group's versions. +type Interface interface { + // V1alpha1 provides access to shared informers for resources in V1alpha1. + V1alpha1() v1alpha1.Interface +} + +type group struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// V1alpha1 returns a new v1alpha1.Interface. +func (g *group) V1alpha1() v1alpha1.Interface { + return v1alpha1.New(g.factory, g.namespace, g.tweakListOptions) +} diff --git a/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1/interface.go b/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1/interface.go new file mode 100644 index 00000000000..a4f6518b9ca --- /dev/null +++ b/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1/interface.go @@ -0,0 +1,45 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces" +) + +// Interface provides access to all the informers in this group version. +type Interface interface { + // Policies returns a PolicyInformer. + Policies() PolicyInformer +} + +type version struct { + factory internalinterfaces.SharedInformerFactory + namespace string + tweakListOptions internalinterfaces.TweakListOptionsFunc +} + +// New returns a new Interface. +func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakListOptions internalinterfaces.TweakListOptionsFunc) Interface { + return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} +} + +// Policies returns a PolicyInformer. +func (v *version) Policies() PolicyInformer { + return &policyInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} diff --git a/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1/policy.go b/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1/policy.go new file mode 100644 index 00000000000..fabb2bda277 --- /dev/null +++ b/vendor/github.com/knative/pkg/client/informers/externalversions/authentication/v1alpha1/policy.go @@ -0,0 +1,89 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + time "time" + + authenticationv1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1" + versioned "github.com/knative/pkg/client/clientset/versioned" + internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces" + v1alpha1 "github.com/knative/pkg/client/listers/authentication/v1alpha1" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// PolicyInformer provides access to a shared informer and lister for +// Policies. +type PolicyInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha1.PolicyLister +} + +type policyInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewPolicyInformer constructs a new informer for Policy type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewPolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredPolicyInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredPolicyInformer constructs a new informer for Policy type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredPolicyInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AuthenticationV1alpha1().Policies(namespace).List(options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.AuthenticationV1alpha1().Policies(namespace).Watch(options) + }, + }, + &authenticationv1alpha1.Policy{}, + resyncPeriod, + indexers, + ) +} + +func (f *policyInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredPolicyInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *policyInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&authenticationv1alpha1.Policy{}, f.defaultInformer) +} + +func (f *policyInformer) Lister() v1alpha1.PolicyLister { + return v1alpha1.NewPolicyLister(f.Informer().GetIndexer()) +} diff --git a/vendor/github.com/knative/pkg/client/informers/externalversions/factory.go b/vendor/github.com/knative/pkg/client/informers/externalversions/factory.go index 1489c5ee7ad..297b59402cd 100644 --- a/vendor/github.com/knative/pkg/client/informers/externalversions/factory.go +++ b/vendor/github.com/knative/pkg/client/informers/externalversions/factory.go @@ -24,6 +24,7 @@ import ( time "time" versioned "github.com/knative/pkg/client/clientset/versioned" + authentication "github.com/knative/pkg/client/informers/externalversions/authentication" internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces" istio "github.com/knative/pkg/client/informers/externalversions/istio" v1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -172,9 +173,14 @@ type SharedInformerFactory interface { ForResource(resource schema.GroupVersionResource) (GenericInformer, error) WaitForCacheSync(stopCh <-chan struct{}) map[reflect.Type]bool + Authentication() authentication.Interface Networking() istio.Interface } +func (f *sharedInformerFactory) Authentication() authentication.Interface { + return authentication.New(f, f.namespace, f.tweakListOptions) +} + func (f *sharedInformerFactory) Networking() istio.Interface { return istio.New(f, f.namespace, f.tweakListOptions) } diff --git a/vendor/github.com/knative/pkg/client/informers/externalversions/generic.go b/vendor/github.com/knative/pkg/client/informers/externalversions/generic.go index ba6a2531c73..66737d499af 100644 --- a/vendor/github.com/knative/pkg/client/informers/externalversions/generic.go +++ b/vendor/github.com/knative/pkg/client/informers/externalversions/generic.go @@ -21,6 +21,7 @@ package externalversions import ( "fmt" + v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1" v1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3" schema "k8s.io/apimachinery/pkg/runtime/schema" cache "k8s.io/client-go/tools/cache" @@ -52,7 +53,13 @@ func (f *genericInformer) Lister() cache.GenericLister { // TODO extend this to unknown resources with a client pool func (f *sharedInformerFactory) ForResource(resource schema.GroupVersionResource) (GenericInformer, error) { switch resource { - // Group=networking.istio.io, Version=v1alpha3 + // Group=authentication.istio.io, Version=v1alpha1 + case v1alpha1.SchemeGroupVersion.WithResource("policies"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Authentication().V1alpha1().Policies().Informer()}, nil + + // Group=networking.istio.io, Version=v1alpha3 + case v1alpha3.SchemeGroupVersion.WithResource("destinationrules"): + return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1alpha3().DestinationRules().Informer()}, nil case v1alpha3.SchemeGroupVersion.WithResource("gateways"): return &genericInformer{resource: resource.GroupResource(), informer: f.Networking().V1alpha3().Gateways().Informer()}, nil case v1alpha3.SchemeGroupVersion.WithResource("virtualservices"): diff --git a/vendor/github.com/knative/pkg/client/informers/externalversions/istio/v1alpha3/destinationrule.go b/vendor/github.com/knative/pkg/client/informers/externalversions/istio/v1alpha3/destinationrule.go new file mode 100644 index 00000000000..c080d94bf55 --- /dev/null +++ b/vendor/github.com/knative/pkg/client/informers/externalversions/istio/v1alpha3/destinationrule.go @@ -0,0 +1,89 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by informer-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + time "time" + + istiov1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3" + versioned "github.com/knative/pkg/client/clientset/versioned" + internalinterfaces "github.com/knative/pkg/client/informers/externalversions/internalinterfaces" + v1alpha3 "github.com/knative/pkg/client/listers/istio/v1alpha3" + v1 "k8s.io/apimachinery/pkg/apis/meta/v1" + runtime "k8s.io/apimachinery/pkg/runtime" + watch "k8s.io/apimachinery/pkg/watch" + cache "k8s.io/client-go/tools/cache" +) + +// DestinationRuleInformer provides access to a shared informer and lister for +// DestinationRules. +type DestinationRuleInformer interface { + Informer() cache.SharedIndexInformer + Lister() v1alpha3.DestinationRuleLister +} + +type destinationRuleInformer struct { + factory internalinterfaces.SharedInformerFactory + tweakListOptions internalinterfaces.TweakListOptionsFunc + namespace string +} + +// NewDestinationRuleInformer constructs a new informer for DestinationRule type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewDestinationRuleInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers) cache.SharedIndexInformer { + return NewFilteredDestinationRuleInformer(client, namespace, resyncPeriod, indexers, nil) +} + +// NewFilteredDestinationRuleInformer constructs a new informer for DestinationRule type. +// Always prefer using an informer factory to get a shared informer instead of getting an independent +// one. This reduces memory footprint and number of connections to the server. +func NewFilteredDestinationRuleInformer(client versioned.Interface, namespace string, resyncPeriod time.Duration, indexers cache.Indexers, tweakListOptions internalinterfaces.TweakListOptionsFunc) cache.SharedIndexInformer { + return cache.NewSharedIndexInformer( + &cache.ListWatch{ + ListFunc: func(options v1.ListOptions) (runtime.Object, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.NetworkingV1alpha3().DestinationRules(namespace).List(options) + }, + WatchFunc: func(options v1.ListOptions) (watch.Interface, error) { + if tweakListOptions != nil { + tweakListOptions(&options) + } + return client.NetworkingV1alpha3().DestinationRules(namespace).Watch(options) + }, + }, + &istiov1alpha3.DestinationRule{}, + resyncPeriod, + indexers, + ) +} + +func (f *destinationRuleInformer) defaultInformer(client versioned.Interface, resyncPeriod time.Duration) cache.SharedIndexInformer { + return NewFilteredDestinationRuleInformer(client, f.namespace, resyncPeriod, cache.Indexers{cache.NamespaceIndex: cache.MetaNamespaceIndexFunc}, f.tweakListOptions) +} + +func (f *destinationRuleInformer) Informer() cache.SharedIndexInformer { + return f.factory.InformerFor(&istiov1alpha3.DestinationRule{}, f.defaultInformer) +} + +func (f *destinationRuleInformer) Lister() v1alpha3.DestinationRuleLister { + return v1alpha3.NewDestinationRuleLister(f.Informer().GetIndexer()) +} diff --git a/vendor/github.com/knative/pkg/client/informers/externalversions/istio/v1alpha3/interface.go b/vendor/github.com/knative/pkg/client/informers/externalversions/istio/v1alpha3/interface.go index 6bda46ee80d..c03f5b44737 100644 --- a/vendor/github.com/knative/pkg/client/informers/externalversions/istio/v1alpha3/interface.go +++ b/vendor/github.com/knative/pkg/client/informers/externalversions/istio/v1alpha3/interface.go @@ -24,6 +24,8 @@ import ( // Interface provides access to all the informers in this group version. type Interface interface { + // DestinationRules returns a DestinationRuleInformer. + DestinationRules() DestinationRuleInformer // Gateways returns a GatewayInformer. Gateways() GatewayInformer // VirtualServices returns a VirtualServiceInformer. @@ -41,6 +43,11 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList return &version{factory: f, namespace: namespace, tweakListOptions: tweakListOptions} } +// DestinationRules returns a DestinationRuleInformer. +func (v *version) DestinationRules() DestinationRuleInformer { + return &destinationRuleInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} +} + // Gateways returns a GatewayInformer. func (v *version) Gateways() GatewayInformer { return &gatewayInformer{factory: v.factory, namespace: v.namespace, tweakListOptions: v.tweakListOptions} diff --git a/vendor/github.com/knative/pkg/client/listers/authentication/v1alpha1/expansion_generated.go b/vendor/github.com/knative/pkg/client/listers/authentication/v1alpha1/expansion_generated.go new file mode 100644 index 00000000000..a803385848d --- /dev/null +++ b/vendor/github.com/knative/pkg/client/listers/authentication/v1alpha1/expansion_generated.go @@ -0,0 +1,27 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +// PolicyListerExpansion allows custom methods to be added to +// PolicyLister. +type PolicyListerExpansion interface{} + +// PolicyNamespaceListerExpansion allows custom methods to be added to +// PolicyNamespaceLister. +type PolicyNamespaceListerExpansion interface{} diff --git a/vendor/github.com/knative/pkg/client/listers/authentication/v1alpha1/policy.go b/vendor/github.com/knative/pkg/client/listers/authentication/v1alpha1/policy.go new file mode 100644 index 00000000000..73bef4463e7 --- /dev/null +++ b/vendor/github.com/knative/pkg/client/listers/authentication/v1alpha1/policy.go @@ -0,0 +1,94 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha1 + +import ( + v1alpha1 "github.com/knative/pkg/apis/istio/authentication/v1alpha1" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// PolicyLister helps list Policies. +type PolicyLister interface { + // List lists all Policies in the indexer. + List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) + // Policies returns an object that can list and get Policies. + Policies(namespace string) PolicyNamespaceLister + PolicyListerExpansion +} + +// policyLister implements the PolicyLister interface. +type policyLister struct { + indexer cache.Indexer +} + +// NewPolicyLister returns a new PolicyLister. +func NewPolicyLister(indexer cache.Indexer) PolicyLister { + return &policyLister{indexer: indexer} +} + +// List lists all Policies in the indexer. +func (s *policyLister) List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.Policy)) + }) + return ret, err +} + +// Policies returns an object that can list and get Policies. +func (s *policyLister) Policies(namespace string) PolicyNamespaceLister { + return policyNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// PolicyNamespaceLister helps list and get Policies. +type PolicyNamespaceLister interface { + // List lists all Policies in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) + // Get retrieves the Policy from the indexer for a given namespace and name. + Get(name string) (*v1alpha1.Policy, error) + PolicyNamespaceListerExpansion +} + +// policyNamespaceLister implements the PolicyNamespaceLister +// interface. +type policyNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all Policies in the indexer for a given namespace. +func (s policyNamespaceLister) List(selector labels.Selector) (ret []*v1alpha1.Policy, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha1.Policy)) + }) + return ret, err +} + +// Get retrieves the Policy from the indexer for a given namespace and name. +func (s policyNamespaceLister) Get(name string) (*v1alpha1.Policy, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha1.Resource("policy"), name) + } + return obj.(*v1alpha1.Policy), nil +} diff --git a/vendor/github.com/knative/pkg/client/listers/istio/v1alpha3/destinationrule.go b/vendor/github.com/knative/pkg/client/listers/istio/v1alpha3/destinationrule.go new file mode 100644 index 00000000000..804b19cbb4b --- /dev/null +++ b/vendor/github.com/knative/pkg/client/listers/istio/v1alpha3/destinationrule.go @@ -0,0 +1,94 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +// Code generated by lister-gen. DO NOT EDIT. + +package v1alpha3 + +import ( + v1alpha3 "github.com/knative/pkg/apis/istio/v1alpha3" + "k8s.io/apimachinery/pkg/api/errors" + "k8s.io/apimachinery/pkg/labels" + "k8s.io/client-go/tools/cache" +) + +// DestinationRuleLister helps list DestinationRules. +type DestinationRuleLister interface { + // List lists all DestinationRules in the indexer. + List(selector labels.Selector) (ret []*v1alpha3.DestinationRule, err error) + // DestinationRules returns an object that can list and get DestinationRules. + DestinationRules(namespace string) DestinationRuleNamespaceLister + DestinationRuleListerExpansion +} + +// destinationRuleLister implements the DestinationRuleLister interface. +type destinationRuleLister struct { + indexer cache.Indexer +} + +// NewDestinationRuleLister returns a new DestinationRuleLister. +func NewDestinationRuleLister(indexer cache.Indexer) DestinationRuleLister { + return &destinationRuleLister{indexer: indexer} +} + +// List lists all DestinationRules in the indexer. +func (s *destinationRuleLister) List(selector labels.Selector) (ret []*v1alpha3.DestinationRule, err error) { + err = cache.ListAll(s.indexer, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha3.DestinationRule)) + }) + return ret, err +} + +// DestinationRules returns an object that can list and get DestinationRules. +func (s *destinationRuleLister) DestinationRules(namespace string) DestinationRuleNamespaceLister { + return destinationRuleNamespaceLister{indexer: s.indexer, namespace: namespace} +} + +// DestinationRuleNamespaceLister helps list and get DestinationRules. +type DestinationRuleNamespaceLister interface { + // List lists all DestinationRules in the indexer for a given namespace. + List(selector labels.Selector) (ret []*v1alpha3.DestinationRule, err error) + // Get retrieves the DestinationRule from the indexer for a given namespace and name. + Get(name string) (*v1alpha3.DestinationRule, error) + DestinationRuleNamespaceListerExpansion +} + +// destinationRuleNamespaceLister implements the DestinationRuleNamespaceLister +// interface. +type destinationRuleNamespaceLister struct { + indexer cache.Indexer + namespace string +} + +// List lists all DestinationRules in the indexer for a given namespace. +func (s destinationRuleNamespaceLister) List(selector labels.Selector) (ret []*v1alpha3.DestinationRule, err error) { + err = cache.ListAllByNamespace(s.indexer, s.namespace, selector, func(m interface{}) { + ret = append(ret, m.(*v1alpha3.DestinationRule)) + }) + return ret, err +} + +// Get retrieves the DestinationRule from the indexer for a given namespace and name. +func (s destinationRuleNamespaceLister) Get(name string) (*v1alpha3.DestinationRule, error) { + obj, exists, err := s.indexer.GetByKey(s.namespace + "/" + name) + if err != nil { + return nil, err + } + if !exists { + return nil, errors.NewNotFound(v1alpha3.Resource("destinationrule"), name) + } + return obj.(*v1alpha3.DestinationRule), nil +} diff --git a/vendor/github.com/knative/pkg/client/listers/istio/v1alpha3/expansion_generated.go b/vendor/github.com/knative/pkg/client/listers/istio/v1alpha3/expansion_generated.go index 3e06aa85bb6..2b9f90f6713 100644 --- a/vendor/github.com/knative/pkg/client/listers/istio/v1alpha3/expansion_generated.go +++ b/vendor/github.com/knative/pkg/client/listers/istio/v1alpha3/expansion_generated.go @@ -18,6 +18,14 @@ limitations under the License. package v1alpha3 +// DestinationRuleListerExpansion allows custom methods to be added to +// DestinationRuleLister. +type DestinationRuleListerExpansion interface{} + +// DestinationRuleNamespaceListerExpansion allows custom methods to be added to +// DestinationRuleNamespaceLister. +type DestinationRuleNamespaceListerExpansion interface{} + // GatewayListerExpansion allows custom methods to be added to // GatewayLister. type GatewayListerExpansion interface{} diff --git a/vendor/github.com/knative/pkg/configmap/default.go b/vendor/github.com/knative/pkg/configmap/default.go deleted file mode 100644 index 0f30cf6d928..00000000000 --- a/vendor/github.com/knative/pkg/configmap/default.go +++ /dev/null @@ -1,128 +0,0 @@ -/* -Copyright 2018 The Knative Authors - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/ - -package configmap - -import ( - "errors" - "sync" - - corev1 "k8s.io/api/core/v1" - informers "k8s.io/client-go/informers" - corev1informers "k8s.io/client-go/informers/core/v1" - "k8s.io/client-go/tools/cache" -) - -// defaultImpl provides a default informer-based implementation of Watcher. -type defaultImpl struct { - sif informers.SharedInformerFactory - informer corev1informers.ConfigMapInformer - ns string - - // Guards mutations to defaultImpl fields - m sync.Mutex - - observers map[string][]Observer - started bool -} - -// Asserts that defaultImpl implements Watcher. -var _ Watcher = (*defaultImpl)(nil) - -// Watch implements Watcher -func (di *defaultImpl) Watch(name string, w Observer) { - di.m.Lock() - defer di.m.Unlock() - - if di.observers == nil { - di.observers = make(map[string][]Observer) - } - - wl, _ := di.observers[name] - di.observers[name] = append(wl, w) -} - -// Start implements Watcher -func (di *defaultImpl) Start(stopCh <-chan struct{}) error { - if err := di.registerCallbackAndStartInformer(stopCh); err != nil { - return err - } - - // Wait until it has been synced (WITHOUT holding the mutex, so callbacks happen) - if ok := cache.WaitForCacheSync(stopCh, di.informer.Informer().HasSynced); !ok { - return errors.New("Error waiting for ConfigMap informer to sync.") - } - - return di.checkObservedResourcesExist() -} - -func (di *defaultImpl) registerCallbackAndStartInformer(stopCh <-chan struct{}) error { - di.m.Lock() - defer di.m.Unlock() - if di.started { - return errors.New("Watcher already started!") - } - di.started = true - - di.informer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ - AddFunc: di.addConfigMapEvent, - UpdateFunc: di.updateConfigMapEvent, - }) - - // Start the shared informer factory (non-blocking) - di.sif.Start(stopCh) - return nil -} - -func (di *defaultImpl) checkObservedResourcesExist() error { - di.m.Lock() - defer di.m.Unlock() - // Check that all objects with Observers exist in our informers. - for k := range di.observers { - _, err := di.informer.Lister().ConfigMaps(di.ns).Get(k) - if err != nil { - return err - } - } - return nil -} - -func (di *defaultImpl) addConfigMapEvent(obj interface{}) { - // If the ConfigMap update is outside of our namespace, then quickly disregard it. - configMap := obj.(*corev1.ConfigMap) - if configMap.Namespace != di.ns { - // Outside of our namespace. - // This shouldn't happen due to our filtered informer. - return - } - - // Within our namespace, take the lock and see if there are any registered observers. - di.m.Lock() - defer di.m.Unlock() - wl, ok := di.observers[configMap.Name] - if !ok { - return // No observers. - } - - // Iterate over the observers and invoke their callbacks. - for _, w := range wl { - w(configMap) - } -} - -func (di *defaultImpl) updateConfigMapEvent(old, new interface{}) { - di.addConfigMapEvent(new) -} diff --git a/vendor/github.com/knative/pkg/configmap/informed_watcher.go b/vendor/github.com/knative/pkg/configmap/informed_watcher.go new file mode 100644 index 00000000000..9da18f7778e --- /dev/null +++ b/vendor/github.com/knative/pkg/configmap/informed_watcher.go @@ -0,0 +1,122 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +istributed under the License is istributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package configmap + +import ( + "errors" + "time" + + corev1 "k8s.io/api/core/v1" + informers "k8s.io/client-go/informers" + corev1informers "k8s.io/client-go/informers/core/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/tools/cache" +) + +// NewDefaultWatcher creates a new default configmap.Watcher instance. +// +// Deprecated: Use NewInformedWatcher +func NewDefaultWatcher(kc kubernetes.Interface, namespace string) *InformedWatcher { + return NewInformedWatcher(kc, namespace) +} + +// NewInformedWatcher watchers a Kubernetes namespace for configmap changs +func NewInformedWatcher(kc kubernetes.Interface, namespace string) *InformedWatcher { + sif := informers.NewSharedInformerFactoryWithOptions( + kc, + 5*time.Minute, + informers.WithNamespace(namespace), + ) + + return &InformedWatcher{ + sif: sif, + informer: sif.Core().V1().ConfigMaps(), + ManualWatcher: ManualWatcher{ + Namespace: namespace, + }, + } +} + +// InformedWatcher provides an informer-based implementation of Watcher. +type InformedWatcher struct { + sif informers.SharedInformerFactory + informer corev1informers.ConfigMapInformer + started bool + + // Embedding this struct allows us to reuse the logic + // of registering and notifying observers. This simplifies the + // InformedWatcher to just setting up the Kubernetes informer + ManualWatcher +} + +// Asserts that InformedWatcher implements Watcher. +var _ Watcher = (*InformedWatcher)(nil) + +// Start implements Watcher +func (i *InformedWatcher) Start(stopCh <-chan struct{}) error { + if err := i.registerCallbackAndStartInformer(stopCh); err != nil { + return err + } + + // Wait until it has been synced (WITHOUT holing the mutex, so callbacks happen) + if ok := cache.WaitForCacheSync(stopCh, i.informer.Informer().HasSynced); !ok { + return errors.New("Error waiting for ConfigMap informer to sync.") + } + + return i.checkObservedResourcesExist() +} + +func (i *InformedWatcher) registerCallbackAndStartInformer(stopCh <-chan struct{}) error { + i.m.Lock() + defer i.m.Unlock() + if i.started { + return errors.New("Watcher already started!") + } + i.started = true + + i.informer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ + AddFunc: i.addConfigMapEvent, + UpdateFunc: i.updateConfigMapEvent, + }) + + // Start the shared informer factory (non-blocking) + i.sif.Start(stopCh) + return nil +} + +func (i *InformedWatcher) checkObservedResourcesExist() error { + i.m.Lock() + defer i.m.Unlock() + // Check that all objects with Observers exist in our informers. + for k := range i.observers { + _, err := i.informer.Lister().ConfigMaps(i.Namespace).Get(k) + if err != nil { + return err + } + } + return nil +} + +func (i *InformedWatcher) addConfigMapEvent(obj interface{}) { + configMap := obj.(*corev1.ConfigMap) + i.OnChange(configMap) +} + +func (i *InformedWatcher) updateConfigMapEvent(old, new interface{}) { + configMap := new.(*corev1.ConfigMap) + i.OnChange(configMap) +} diff --git a/vendor/github.com/knative/pkg/configmap/manual_watcher.go b/vendor/github.com/knative/pkg/configmap/manual_watcher.go new file mode 100644 index 00000000000..b14c5ac7b00 --- /dev/null +++ b/vendor/github.com/knative/pkg/configmap/manual_watcher.go @@ -0,0 +1,71 @@ +/* +Copyright 2018 The Knative Authors + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package configmap + +import ( + "sync" + + corev1 "k8s.io/api/core/v1" +) + +// ManualWatcher will notify Observers when a ConfigMap is manually reported as changed +type ManualWatcher struct { + Namespace string + + // Guards mutations to defaultImpl fields + m sync.Mutex + + started bool + observers map[string][]Observer +} + +var _ Watcher = (*ManualWatcher)(nil) + +// Watch implements Watcher +func (w *ManualWatcher) Watch(name string, o Observer) { + w.m.Lock() + defer w.m.Unlock() + + if w.observers == nil { + w.observers = make(map[string][]Observer) + } + + wl, _ := w.observers[name] + w.observers[name] = append(wl, o) +} + +func (w *ManualWatcher) Start(<-chan struct{}) error { + return nil +} + +func (w *ManualWatcher) OnChange(configMap *corev1.ConfigMap) { + if configMap.Namespace != w.Namespace { + return + } + // Within our namespace, take the lock and see if there are any registered observers. + w.m.Lock() + defer w.m.Unlock() + observers, ok := w.observers[configMap.Name] + if !ok { + return // No observers. + } + + // Iterate over the observers and invoke their callbacks. + for _, o := range observers { + o(configMap) + } +} diff --git a/vendor/github.com/knative/pkg/configmap/fixed.go b/vendor/github.com/knative/pkg/configmap/static_watcher.go similarity index 53% rename from vendor/github.com/knative/pkg/configmap/fixed.go rename to vendor/github.com/knative/pkg/configmap/static_watcher.go index d915e7ae084..96a01140dbd 100644 --- a/vendor/github.com/knative/pkg/configmap/fixed.go +++ b/vendor/github.com/knative/pkg/configmap/static_watcher.go @@ -17,39 +17,47 @@ limitations under the License. package configmap import ( - "log" + "fmt" corev1 "k8s.io/api/core/v1" ) -// fixedImpl provides a fixed informer-based implementation of Watcher. -type fixedImpl struct { +// NewFixedWatcher returns a StaticWatcher that exposes a collection of ConfigMaps. +// +// Deprecated: Use NewStaticWatcher +func NewFixedWatcher(cms ...*corev1.ConfigMap) *StaticWatcher { + return NewStaticWatcher(cms...) +} + +// NewStaticWatcher returns an StaticWatcher that exposes a collection of ConfigMaps. +func NewStaticWatcher(cms ...*corev1.ConfigMap) *StaticWatcher { + cmm := make(map[string]*corev1.ConfigMap) + for _, cm := range cms { + cmm[cm.Name] = cm + } + return &StaticWatcher{cfgs: cmm} +} + +// StaticWatcher is a Watcher with static ConfigMaps. Callbacks will +// occur when Watch is invoked for a specific Observer +type StaticWatcher struct { cfgs map[string]*corev1.ConfigMap } // Asserts that fixedImpl implements Watcher. -var _ Watcher = (*fixedImpl)(nil) +var _ Watcher = (*StaticWatcher)(nil) // Watch implements Watcher -func (di *fixedImpl) Watch(name string, w Observer) { +func (di *StaticWatcher) Watch(name string, o Observer) { cm, ok := di.cfgs[name] if ok { - w(cm) + o(cm) } else { - log.Printf("Name %q is not found.", name) + panic(fmt.Sprintf("Tried to watch unknown config with name %q", name)) } } // Start implements Watcher -func (di *fixedImpl) Start(stopCh <-chan struct{}) error { +func (di *StaticWatcher) Start(<-chan struct{}) error { return nil } - -// NewFixedWatcher returns an Watcher that exposes the fixed collection of ConfigMaps. -func NewFixedWatcher(cms ...*corev1.ConfigMap) Watcher { - cmm := make(map[string]*corev1.ConfigMap) - for _, cm := range cms { - cmm[cm.Name] = cm - } - return &fixedImpl{cfgs: cmm} -} diff --git a/vendor/github.com/knative/pkg/configmap/watcher.go b/vendor/github.com/knative/pkg/configmap/watcher.go index ccb75f36ceb..d248bbd73a5 100644 --- a/vendor/github.com/knative/pkg/configmap/watcher.go +++ b/vendor/github.com/knative/pkg/configmap/watcher.go @@ -17,11 +17,7 @@ limitations under the License. package configmap import ( - "time" - corev1 "k8s.io/api/core/v1" - kubeinformers "k8s.io/client-go/informers" - "k8s.io/client-go/kubernetes" ) // Observer is the signature of the callbacks that notify an observer of the latest @@ -40,15 +36,3 @@ type Watcher interface { // initial state of the ConfigMaps they are watching. Start(<-chan struct{}) error } - -// NewDefaultWatcher creates a new default configmap.Watcher instance. -func NewDefaultWatcher(kc kubernetes.Interface, ns string) Watcher { - sif := kubeinformers.NewFilteredSharedInformerFactory( - kc, 5*time.Minute, ns, nil) - - return &defaultImpl{ - sif: sif, - informer: sif.Core().V1().ConfigMaps(), - ns: ns, - } -} diff --git a/vendor/github.com/knative/pkg/logging/config.go b/vendor/github.com/knative/pkg/logging/config.go index e0cc74abaae..8c0dfe50d94 100644 --- a/vendor/github.com/knative/pkg/logging/config.go +++ b/vendor/github.com/knative/pkg/logging/config.go @@ -34,8 +34,8 @@ import ( // If configuration is empty, a fallback configuration is used. // If configuration cannot be used to instantiate a logger, // the same fallback configuration is used. -func NewLogger(configJSON string, levelOverride string) (*zap.SugaredLogger, zap.AtomicLevel) { - logger, atomicLevel, err := newLoggerFromConfig(configJSON, levelOverride) +func NewLogger(configJSON string, levelOverride string, opts ...zap.Option) (*zap.SugaredLogger, zap.AtomicLevel) { + logger, atomicLevel, err := newLoggerFromConfig(configJSON, levelOverride, opts) if err == nil { return logger.Sugar(), atomicLevel } @@ -47,7 +47,7 @@ func NewLogger(configJSON string, levelOverride string) (*zap.SugaredLogger, zap } } - logger, err2 := loggingCfg.Build() + logger, err2 := loggingCfg.Build(opts...) if err2 != nil { panic(err2) } @@ -55,12 +55,12 @@ func NewLogger(configJSON string, levelOverride string) (*zap.SugaredLogger, zap } // NewLoggerFromConfig creates a logger using the provided Config -func NewLoggerFromConfig(config *Config, name string) (*zap.SugaredLogger, zap.AtomicLevel) { - logger, level := NewLogger(config.LoggingConfig, config.LoggingLevel[name].String()) +func NewLoggerFromConfig(config *Config, name string, opts ...zap.Option) (*zap.SugaredLogger, zap.AtomicLevel) { + logger, level := NewLogger(config.LoggingConfig, config.LoggingLevel[name].String(), opts...) return logger.Named(name), level } -func newLoggerFromConfig(configJSON string, levelOverride string) (*zap.Logger, zap.AtomicLevel, error) { +func newLoggerFromConfig(configJSON string, levelOverride string, opts []zap.Option) (*zap.Logger, zap.AtomicLevel, error) { if len(configJSON) == 0 { return nil, zap.AtomicLevel{}, errors.New("empty logging configuration") } @@ -76,7 +76,7 @@ func newLoggerFromConfig(configJSON string, levelOverride string) (*zap.Logger, } } - logger, err := loggingCfg.Build() + logger, err := loggingCfg.Build(opts...) if err != nil { return nil, zap.AtomicLevel{}, err } diff --git a/vendor/github.com/knative/pkg/logging/logkey/constants.go b/vendor/github.com/knative/pkg/logging/logkey/constants.go index d38420e5af7..809b1012865 100644 --- a/vendor/github.com/knative/pkg/logging/logkey/constants.go +++ b/vendor/github.com/knative/pkg/logging/logkey/constants.go @@ -20,6 +20,9 @@ const ( // ControllerType is the key used for controller type in structured logs ControllerType = "knative.dev/controller" + // Key is the key (namespace/name) being reconciled. + Key = "knative.dev/key" + // Namespace is the key used for namespace in structured logs Namespace = "knative.dev/namespace"