diff --git a/changelog/v1.14.32/missing-tls-secret.yaml b/changelog/v1.14.32/missing-tls-secret.yaml new file mode 100644 index 00000000000..423929623c8 --- /dev/null +++ b/changelog/v1.14.32/missing-tls-secret.yaml @@ -0,0 +1,18 @@ +changelog: + - type: FIX + issueLink: https://github.com/solo-io/gloo/issues/6957 + resolvesIssue: false + description: >- + Fix for issue where a missing TLS secret was treated by validation as an error, + potentially bringing down the entire HTTPS gateway if the gloo pod restarts while + in this bad state. This is a breaking change in the default behavior of validation. + To enable this behavior, use the helm setting `gateway.validation.warnMissingTlsSecret=true` + or the same field on the Settings CR. This field has no effect if allowWarnings is false or + acceptAllResources is true. + - type: HELM + issueLink: https://github.com/solo-io/gloo/issues/6957 + resolvesIssue: false + description: >- + New field gateway.validation.warnMissingTlsSecret controls whether missing TLS secrets referenced + in SslConfig and UpstreamSslConfig will be treated as a warning instead of an error during validation. + Defaults to false. This field has no effect if allowWarnings is false or acceptAllResources is true. diff --git a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk.md b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk.md index 47b6862725a..a8cb0ac46e4 100644 --- a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk.md +++ b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/grpc/validation/gloo_validation.proto.sk.md @@ -23,6 +23,8 @@ weight: 5 - [ListenerReport](#listenerreport) - [Error](#error) - [Type](#type) +- [Warning](#warning) +- [Type](#type) - [HttpListenerReport](#httplistenerreport) - [Error](#error) - [Type](#type) @@ -232,6 +234,7 @@ If the report contains no errors, the (sub-)resource is valid. ```yaml "errors": []gloo.solo.io.ListenerReport.Error +"warnings": []gloo.solo.io.ListenerReport.Warning "httpListenerReport": .gloo.solo.io.HttpListenerReport "tcpListenerReport": .gloo.solo.io.TcpListenerReport "hybridListenerReport": .gloo.solo.io.HybridListenerReport @@ -242,6 +245,7 @@ If the report contains no errors, the (sub-)resource is valid. | Field | Type | Description | | ----- | ---- | ----------- | | `errors` | [[]gloo.solo.io.ListenerReport.Error](../gloo_validation.proto.sk/#error) | errors on top-level config of the listener. | +| `warnings` | [[]gloo.solo.io.ListenerReport.Warning](../gloo_validation.proto.sk/#warning) | warnings on the top-levelconfig of the listener. | | `httpListenerReport` | [.gloo.solo.io.HttpListenerReport](../gloo_validation.proto.sk/#httplistenerreport) | report for the http listener. Only one of `httpListenerReport`, `tcpListenerReport`, `hybridListenerReport`, or `aggregateListenerReport` can be set. | | `tcpListenerReport` | [.gloo.solo.io.TcpListenerReport](../gloo_validation.proto.sk/#tcplistenerreport) | report for the tcp listener. Only one of `tcpListenerReport`, `httpListenerReport`, `hybridListenerReport`, or `aggregateListenerReport` can be set. | | `hybridListenerReport` | [.gloo.solo.io.HybridListenerReport](../gloo_validation.proto.sk/#hybridlistenerreport) | report for the hybrid listener. Only one of `hybridListenerReport`, `httpListenerReport`, `tcpListenerReport`, or `aggregateListenerReport` can be set. | @@ -285,6 +289,38 @@ error types for top-level listener config +--- +### Warning + + +warning types for the given listener config + +```yaml +"type": .gloo.solo.io.ListenerReport.Warning.Type +"reason": string + +``` + +| Field | Type | Description | +| ----- | ---- | ----------- | +| `type` | [.gloo.solo.io.ListenerReport.Warning.Type](../gloo_validation.proto.sk/#type) | the type of the error. | +| `reason` | `string` | any extra info as a string. | + + + + +--- +### Type + + + +| Name | Description | +| ----- | ----------- | +| `SSLConfigWarning` | | + + + + --- ### HttpListenerReport diff --git a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md index 187fc23816e..1e4ce2a72c3 100644 --- a/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md +++ b/docs/content/reference/api/github.com/solo-io/gloo/projects/gloo/api/v1/settings.proto.sk.md @@ -844,6 +844,7 @@ options for configuring admission control / validation "disableTransformationValidation": .google.protobuf.BoolValue "validationServerGrpcMaxSizeBytes": .google.protobuf.Int32Value "serverEnabled": .google.protobuf.BoolValue +"warnMissingTlsSecret": .google.protobuf.BoolValue ``` @@ -859,6 +860,7 @@ options for configuring admission control / validation | `disableTransformationValidation` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | Deprecated: See `server_enabled` and consider configuring it to `false` instead. By default gloo will attempt to validate transformations by calling out to a local envoy binary in `validate` mode. Calling this local envoy binary can become slow when done many times during a single validation. Setting this to true will stop gloo from calling out to envoy to validate the transformations, which may speed up the validation time considerably, but may also cause the transformation config to fail after being sent to envoy. When disabling this, ensure that your transformations are valid prior to applying them. | | `validationServerGrpcMaxSizeBytes` | [.google.protobuf.Int32Value](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/int-32-value) | By default, gRPC validation messages between gateway and gloo pods have a max message size of 100 MB. Setting this value sets the gRPC max message size in bytes for the gloo validation server. This should only be changed if necessary. If not included, the gRPC max message size will be the default of 100 MB. | | `serverEnabled` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | By providing the validation field (parent of this object) the user is implicitly opting into validation. This field allows the user to opt out of the validation server, while still configuring pre-existing fields such as `warn_route_short_circuiting` and `disable_transformation_validation`. If not included, the validation server will be enabled. | +| `warnMissingTlsSecret` | [.google.protobuf.BoolValue](https://developers.google.com/protocol-buffers/docs/reference/csharp/class/google/protobuf/well-known-types/bool-value) | Allows configuring validation to report a missing TLS secret referenced by a SslConfig or UpstreamSslConfig as a warning instead of an error. This will allow for eventually consistent workloads, but will also permit the accidental deletion of secrets being referenced, which would cause disruption in traffic. | diff --git a/docs/content/reference/values.txt b/docs/content/reference/values.txt index c38b200a9f2..d47cf9b6900 100644 --- a/docs/content/reference/values.txt +++ b/docs/content/reference/values.txt @@ -303,6 +303,7 @@ |gateway.validation.enabled|bool|true|enable Gloo Edge API Gateway validation hook (default true)| |gateway.validation.alwaysAcceptResources|bool|true|unless this is set this to false in order to ensure validation webhook rejects invalid resources. by default, validation webhook will only log and report metrics for invalid resource admission without rejecting them outright.| |gateway.validation.allowWarnings|bool|true|set this to false in order to ensure validation webhook rejects resources that would have warning status or rejected status, rather than just rejected.| +|gateway.validation.warnMissingTlsSecret|bool|false|set this to true in order to treat missing tls secret references as warnings, causing validation to allow this state. This supports eventually consistent workflows where TLS secrets may not yet be present when VirtualServices that reference them are created. This field has no effect if allowWarnings is false or acceptAllResources is true.| |gateway.validation.serverEnabled|bool|true|By providing the validation field (parent of this object) the user is implicitly opting into validation. This field allows the user to opt out of the validation server, while still configuring pre-existing fields such as warn_route_short_circuiting and disable_transformation_validation.| |gateway.validation.disableTransformationValidation|bool|false|set this to true to disable transformation validation. This may bring signifigant performance benefits if using many transformations, at the cost of possibly incorrect transformations being sent to Envoy. When using this value make sure to pre-validate transformations.| |gateway.validation.warnRouteShortCircuiting|bool|false|Write a warning to route resources if validation produced a route ordering warning (defaults to false). By setting to true, this means that Gloo Edge will start assigning warnings to resources that would result in route short-circuiting within a virtual host.| diff --git a/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml b/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml index 0e6587c28cd..5c71513e5d1 100644 --- a/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml +++ b/install/helm/gloo/crds/gloo.solo.io_v1_Settings.yaml @@ -329,6 +329,9 @@ spec: type: string validationWebhookTlsKey: type: string + warnMissingTlsSecret: + nullable: true + type: boolean warnRouteShortCircuiting: nullable: true type: boolean diff --git a/install/helm/gloo/generate/values.go b/install/helm/gloo/generate/values.go index 71e772ca72c..ad55ed991dd 100644 --- a/install/helm/gloo/generate/values.go +++ b/install/helm/gloo/generate/values.go @@ -338,6 +338,7 @@ type GatewayValidation struct { Enabled *bool `json:"enabled,omitempty" desc:"enable Gloo Edge API Gateway validation hook (default true)"` AlwaysAcceptResources *bool `json:"alwaysAcceptResources,omitempty" desc:"unless this is set this to false in order to ensure validation webhook rejects invalid resources. by default, validation webhook will only log and report metrics for invalid resource admission without rejecting them outright."` AllowWarnings *bool `json:"allowWarnings,omitempty" desc:"set this to false in order to ensure validation webhook rejects resources that would have warning status or rejected status, rather than just rejected."` + WarnMissingTlsSecret *bool `json:"warnMissingTlsSecret,omitempty" desc:"set this to true in order to treat missing tls secret references as warnings, causing validation to allow this state. This supports eventually consistent workflows where TLS secrets may not yet be present when VirtualServices that reference them are created. This field has no effect if allowWarnings is false or acceptAllResources is true."` ServerEnabled *bool `json:"serverEnabled,omitempty" desc:"By providing the validation field (parent of this object) the user is implicitly opting into validation. This field allows the user to opt out of the validation server, while still configuring pre-existing fields such as warn_route_short_circuiting and disable_transformation_validation."` DisableTransformationValidation *bool `json:"disableTransformationValidation,omitempty" desc:"set this to true to disable transformation validation. This may bring signifigant performance benefits if using many transformations, at the cost of possibly incorrect transformations being sent to Envoy. When using this value make sure to pre-validate transformations."` WarnRouteShortCircuiting *bool `json:"warnRouteShortCircuiting,omitempty" desc:"Write a warning to route resources if validation produced a route ordering warning (defaults to false). By setting to true, this means that Gloo Edge will start assigning warnings to resources that would result in route short-circuiting within a virtual host."` diff --git a/install/helm/gloo/templates/18-settings.yaml b/install/helm/gloo/templates/18-settings.yaml index d803759f143..30b3e55275e 100644 --- a/install/helm/gloo/templates/18-settings.yaml +++ b/install/helm/gloo/templates/18-settings.yaml @@ -114,6 +114,7 @@ spec: {{- /* need to do this weird if/else because Helm cannot differentiate between 'false' and 'unset' */}} alwaysAccept: {{ .Values.gateway.validation.alwaysAcceptResources }} allowWarnings: {{ .Values.gateway.validation.allowWarnings }} + warnMissingTlsSecret: {{ .Values.gateway.validation.warnMissingTlsSecret }} serverEnabled: {{ .Values.gateway.validation.serverEnabled }} disableTransformationValidation: {{ .Values.gateway.validation.disableTransformationValidation }} warnRouteShortCircuiting: {{ .Values.gateway.validation.warnRouteShortCircuiting }} diff --git a/install/helm/gloo/values-template.yaml b/install/helm/gloo/values-template.yaml index e75383cf65c..cfe2b24fdb9 100644 --- a/install/helm/gloo/values-template.yaml +++ b/install/helm/gloo/values-template.yaml @@ -72,6 +72,10 @@ gateway: secretName: gateway-validation-certs alwaysAcceptResources: true allowWarnings: true + # Explicitly defaulting this setting to false in order to emphasize the opt-in + # nature of this behavior in this version. The default value for this field + # is changed to true in 1.18, making the behavior opt-out. + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false diff --git a/install/test/fixtures/settings/compressed_proxy_spec.yaml b/install/test/fixtures/settings/compressed_proxy_spec.yaml index 2e0b4792d48..f652363780a 100644 --- a/install/test/fixtures/settings/compressed_proxy_spec.yaml +++ b/install/test/fixtures/settings/compressed_proxy_spec.yaml @@ -7,26 +7,26 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - compressedProxySpec: true - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + compressedProxySpec: true + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/consul_config_upstream_discovery.yaml b/install/test/fixtures/settings/consul_config_upstream_discovery.yaml index c51ee448a10..3b659a7a164 100644 --- a/install/test/fixtures/settings/consul_config_upstream_discovery.yaml +++ b/install/test/fixtures/settings/consul_config_upstream_discovery.yaml @@ -7,40 +7,41 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - enableGatewayController: true - readGatewaysFromAllNamespaces: false - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - consulDiscovery: - useTlsTagging: true - tlsTagName: tag - splitTlsServices: true - rootCa: - name: testName - namespace: testNamespace - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + enableGatewayController: true + readGatewaysFromAllNamespaces: false + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + consulDiscovery: + useTlsTagging: true + tlsTagName: tag + splitTlsServices: true + rootCa: + name: testName + namespace: testNamespace + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/consul_config_values.yaml b/install/test/fixtures/settings/consul_config_values.yaml index 34efd6a7f74..0e18c243b05 100644 --- a/install/test/fixtures/settings/consul_config_values.yaml +++ b/install/test/fixtures/settings/consul_config_values.yaml @@ -7,51 +7,52 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - isolateVirtualHostsBySslConfig: false - enableGatewayController: true - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - consul: - datacenter: datacenter - username: user - password: password - token: aToken - caFile: testCaFile - caPath: testCaPath - certFile: testCertFile - keyFile: testKeyFile - insecureSkipVerify: true - waitTime: 12s - serviceDiscovery: - dataCenters: - - dc1 - - dc2 - httpAddress: 1.2.3.4 - dnsAddress: 5.6.7.8 - dnsPollingInterval: 5s - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + isolateVirtualHostsBySslConfig: false + enableGatewayController: true + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + consul: + datacenter: datacenter + username: user + password: password + token: aToken + caFile: testCaFile + caPath: testCaPath + certFile: testCertFile + keyFile: testKeyFile + insecureSkipVerify: true + waitTime: 12s + serviceDiscovery: + dataCenters: + - dc1 + - dc2 + httpAddress: 1.2.3.4 + dnsAddress: 5.6.7.8 + dnsPollingInterval: 5s + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/disable_kubernetes_destinations.yaml b/install/test/fixtures/settings/disable_kubernetes_destinations.yaml index e207bf030d8..baa00620aa6 100644 --- a/install/test/fixtures/settings/disable_kubernetes_destinations.yaml +++ b/install/test/fixtures/settings/disable_kubernetes_destinations.yaml @@ -7,33 +7,34 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: true - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: true + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/disable_proxy_garbage_collection.yaml b/install/test/fixtures/settings/disable_proxy_garbage_collection.yaml index dd2d08dd216..1c84b48dd2b 100644 --- a/install/test/fixtures/settings/disable_proxy_garbage_collection.yaml +++ b/install/test/fixtures/settings/disable_proxy_garbage_collection.yaml @@ -7,33 +7,34 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: true - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: true + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/disabled_gateway.yaml b/install/test/fixtures/settings/disabled_gateway.yaml index e170758d947..99d1c4f9eae 100644 --- a/install/test/fixtures/settings/disabled_gateway.yaml +++ b/install/test/fixtures/settings/disabled_gateway.yaml @@ -17,6 +17,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -37,4 +38,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/enable_default_credentials.yaml b/install/test/fixtures/settings/enable_default_credentials.yaml index b4789e7f26a..1815f469ab1 100644 --- a/install/test/fixtures/settings/enable_default_credentials.yaml +++ b/install/test/fixtures/settings/enable_default_credentials.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -38,4 +39,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/enable_rest_eds.yaml b/install/test/fixtures/settings/enable_rest_eds.yaml index 84a60edf1cf..917bc7b754d 100644 --- a/install/test/fixtures/settings/enable_rest_eds.yaml +++ b/install/test/fixtures/settings/enable_rest_eds.yaml @@ -7,33 +7,34 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/enable_rest_eds_and_gloo_mtls.yaml b/install/test/fixtures/settings/enable_rest_eds_and_gloo_mtls.yaml index dd776a1c1af..0189bef3819 100644 --- a/install/test/fixtures/settings/enable_rest_eds_and_gloo_mtls.yaml +++ b/install/test/fixtures/settings/enable_rest_eds_and_gloo_mtls.yaml @@ -7,33 +7,34 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: "127.0.0.1:9999" - restXdsBindAddr: "127.0.0.1:9998" - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: "127.0.0.1:9999" + restXdsBindAddr: "127.0.0.1:9998" + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/gateway_circuit_breakers.yaml b/install/test/fixtures/settings/gateway_circuit_breakers.yaml index 08047d9632d..30655bad9ff 100644 --- a/install/test/fixtures/settings/gateway_circuit_breakers.yaml +++ b/install/test/fixtures/settings/gateway_circuit_breakers.yaml @@ -7,38 +7,39 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - circuitBreakers: - maxConnections: 1024 - maxPendingRequests: 1024 - maxRequests: 1024 - maxRetries: 3 - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - replaceInvalidRoutes: false - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + circuitBreakers: + maxConnections: 1024 + maxPendingRequests: 1024 + maxRequests: 1024 + maxRetries: 3 + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + replaceInvalidRoutes: false + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/gateway_settings.yaml b/install/test/fixtures/settings/gateway_settings.yaml index fecf73bbe58..9273d404579 100644 --- a/install/test/fixtures/settings/gateway_settings.yaml +++ b/install/test/fixtures/settings/gateway_settings.yaml @@ -7,33 +7,34 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - replaceInvalidRoutes: true - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + replaceInvalidRoutes: true + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/gateway_validation.yaml b/install/test/fixtures/settings/gateway_validation.yaml index 78ae750bc54..f1e3cd7a6b5 100644 --- a/install/test/fixtures/settings/gateway_validation.yaml +++ b/install/test/fixtures/settings/gateway_validation.yaml @@ -7,33 +7,34 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: true - warnRouteShortCircuiting: true - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - replaceInvalidRoutes: false - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: true + serverEnabled: true + disableTransformationValidation: true + warnRouteShortCircuiting: true + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + replaceInvalidRoutes: false + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/graphql_fds_disabled.yaml b/install/test/fixtures/settings/graphql_fds_disabled.yaml index 958eff9de9d..796bfb65beb 100644 --- a/install/test/fixtures/settings/graphql_fds_disabled.yaml +++ b/install/test/fixtures/settings/graphql_fds_disabled.yaml @@ -18,6 +18,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false diff --git a/install/test/fixtures/settings/isolate_virtual_hosts_by_ssl_config.yaml b/install/test/fixtures/settings/isolate_virtual_hosts_by_ssl_config.yaml index 12527c8b5a0..e0f31d04a3e 100644 --- a/install/test/fixtures/settings/isolate_virtual_hosts_by_ssl_config.yaml +++ b/install/test/fixtures/settings/isolate_virtual_hosts_by_ssl_config.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -36,4 +37,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/ratelimit_descriptors.yaml b/install/test/fixtures/settings/ratelimit_descriptors.yaml index d176c5b8aa7..e9cc6f50b45 100644 --- a/install/test/fixtures/settings/ratelimit_descriptors.yaml +++ b/install/test/fixtures/settings/ratelimit_descriptors.yaml @@ -7,40 +7,41 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} - ratelimit: - descriptors: - - key: generic_key - value: "per-second" - rateLimit: - requestsPerUnit: 2 - unit: SECOND \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} + ratelimit: + descriptors: + - key: generic_key + value: "per-second" + rateLimit: + requestsPerUnit: 2 + unit: SECOND diff --git a/install/test/fixtures/settings/ratelimit_server.yaml b/install/test/fixtures/settings/ratelimit_server.yaml index fc7eee9ad17..d5487a8702c 100644 --- a/install/test/fixtures/settings/ratelimit_server.yaml +++ b/install/test/fixtures/settings/ratelimit_server.yaml @@ -7,40 +7,41 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - validation: - alwaysAccept: true - allowWarnings: true - serverEnabled: true - disableTransformationValidation: false - warnRouteShortCircuiting: false - proxyValidationServerAddr: gloo:9988 - validationServerGrpcMaxSizeBytes: 104857600 - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} - ratelimitServer: - ratelimitServerRef: - name: ratelimit - namespace: ratelimitns - denyOnFail: true - rateLimitBeforeAuth: true - enableXRatelimitHeaders: true + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + validation: + alwaysAccept: true + allowWarnings: true + warnMissingTlsSecret: false + serverEnabled: true + disableTransformationValidation: false + warnRouteShortCircuiting: false + proxyValidationServerAddr: gloo:9988 + validationServerGrpcMaxSizeBytes: 104857600 + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} + ratelimitServer: + ratelimitServerRef: + name: ratelimit + namespace: ratelimitns + denyOnFail: true + rateLimitBeforeAuth: true + enableXRatelimitHeaders: true diff --git a/install/test/fixtures/settings/read_gateways_from_all_namespaces.yaml b/install/test/fixtures/settings/read_gateways_from_all_namespaces.yaml index eed8e2978c6..b9653502365 100644 --- a/install/test/fixtures/settings/read_gateways_from_all_namespaces.yaml +++ b/install/test/fixtures/settings/read_gateways_from_all_namespaces.yaml @@ -7,25 +7,25 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: true - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: true + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/set_regex_max_program_size.yaml b/install/test/fixtures/settings/set_regex_max_program_size.yaml index 4e19b32b287..94678ea98cf 100644 --- a/install/test/fixtures/settings/set_regex_max_program_size.yaml +++ b/install/test/fixtures/settings/set_regex_max_program_size.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -37,4 +38,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/sts_discovery.yaml b/install/test/fixtures/settings/sts_discovery.yaml index 230293d184a..df5201576e0 100644 --- a/install/test/fixtures/settings/sts_discovery.yaml +++ b/install/test/fixtures/settings/sts_discovery.yaml @@ -16,6 +16,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -42,4 +43,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/translate_empty_gateway.yaml b/install/test/fixtures/settings/translate_empty_gateway.yaml index 8b7927a3440..dc37f5080b7 100644 --- a/install/test/fixtures/settings/translate_empty_gateway.yaml +++ b/install/test/fixtures/settings/translate_empty_gateway.yaml @@ -7,27 +7,27 @@ metadata: name: default namespace: {{ . }} spec: - discovery: - fdsMode: WHITELIST - gateway: - readGatewaysFromAllNamespaces: false - translateEmptyGateways: true - enableGatewayController: true - isolateVirtualHostsBySslConfig: false - gloo: - enableRestEds: false - xdsBindAddr: 0.0.0.0:9977 - restXdsBindAddr: 0.0.0.0:9976 - proxyDebugBindAddr: 0.0.0.0:9966 - disableKubernetesDestinations: false - disableProxyGarbageCollection: false - invalidConfigPolicy: - invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. - invalidRouteResponseCode: 404 - replaceInvalidRoutes: false - kubernetesArtifactSource: {} - kubernetesConfigSource: {} - kubernetesSecretSource: {} - refreshRate: 60s - discoveryNamespace: {{ . }} - + discovery: + fdsMode: WHITELIST + gateway: + readGatewaysFromAllNamespaces: false + translateEmptyGateways: true + enableGatewayController: true + isolateVirtualHostsBySslConfig: false + gloo: + enableRestEds: false + xdsBindAddr: 0.0.0.0:9977 + restXdsBindAddr: 0.0.0.0:9976 + proxyDebugBindAddr: 0.0.0.0:9966 + disableKubernetesDestinations: false + disableProxyGarbageCollection: false + invalidConfigPolicy: + invalidRouteResponseBody: Gloo Gateway has invalid configuration. Administrators should run `glooctl check` to find and fix config errors. + invalidRouteResponseCode: 404 + replaceInvalidRoutes: false + kubernetesArtifactSource: {} + kubernetesConfigSource: {} + kubernetesSecretSource: {} + refreshRate: 60s + discoveryNamespace: {{ . }} + diff --git a/install/test/fixtures/settings/uds_disabled.yaml b/install/test/fixtures/settings/uds_disabled.yaml index 92eca12c76f..b488fc5578a 100644 --- a/install/test/fixtures/settings/uds_disabled.yaml +++ b/install/test/fixtures/settings/uds_disabled.yaml @@ -18,6 +18,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -38,4 +39,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/fixtures/settings/watched_discovery_labels.yaml b/install/test/fixtures/settings/watched_discovery_labels.yaml index 2828df67c77..579c6a08619 100644 --- a/install/test/fixtures/settings/watched_discovery_labels.yaml +++ b/install/test/fixtures/settings/watched_discovery_labels.yaml @@ -19,6 +19,7 @@ spec: validation: alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false @@ -39,4 +40,4 @@ spec: kubernetesConfigSource: {} kubernetesSecretSource: {} refreshRate: 60s - discoveryNamespace: {{ . }} \ No newline at end of file + discoveryNamespace: {{ . }} diff --git a/install/test/helm_test.go b/install/test/helm_test.go index ce18b880f52..884e0580cdb 100644 --- a/install/test/helm_test.go +++ b/install/test/helm_test.go @@ -3918,6 +3918,7 @@ spec: valuesArgs: []string{ "gateway.validation.disableTransformationValidation=true", "gateway.validation.warnRouteShortCircuiting=true", + "gateway.validation.warnMissingTlsSecret=true", }, }) testManifest.ExpectUnstructured(settings.GetKind(), settings.GetNamespace(), settings.GetName()).To(BeEquivalentTo(settings)) @@ -4091,6 +4092,7 @@ spec: proxyValidationServerAddr: gloo:9988 alwaysAccept: true allowWarnings: true + warnMissingTlsSecret: false serverEnabled: true disableTransformationValidation: false warnRouteShortCircuiting: false diff --git a/projects/gateway/pkg/reporting/add_proxy_validation_result.go b/projects/gateway/pkg/reporting/add_proxy_validation_result.go index da104a8181e..381135e9494 100644 --- a/projects/gateway/pkg/reporting/add_proxy_validation_result.go +++ b/projects/gateway/pkg/reporting/add_proxy_validation_result.go @@ -116,6 +116,7 @@ func AddProxyValidationResult(resourceReports reporter.ResourceReports, proxy *g func addListenerResult(resourceReports reporter.ResourceReports, listener *gloov1.Listener, listenerReport *validation.ListenerReport) error { listenerErrs := getListenerLevelErrors(listenerReport) + listenerWarnings := getListenerLevelWarnings(listenerReport) return translator.ForEachSource(listener, func(src translator.SourceRef) error { srcResource, _ := resourceReports.Find(src.ResourceKind, &core.ResourceRef{Name: src.Name, Namespace: src.Namespace}) @@ -123,6 +124,7 @@ func addListenerResult(resourceReports reporter.ResourceReports, listener *gloov return missingReportForSourceErr } resourceReports.AddErrors(srcResource, listenerErrs...) + resourceReports.AddWarnings(srcResource, listenerWarnings...) return nil }) } @@ -181,6 +183,15 @@ func getListenerLevelErrors(listenerReport *validation.ListenerReport) []error { return listenerErrs } +func getListenerLevelWarnings(listenerReport *validation.ListenerReport) []string { + listenerWarnings := validationutils.GetListenerWarning(listenerReport) + + // TODO(jbohanon) implement warnings on various listener types and account for them here + // similarly to the errors aggregation func above. + + return listenerWarnings +} + // get errors that can be caused by virtual services func getVirtualHostLevelErrorsAndWarnings(vhReport *validation.VirtualHostReport) ([]error, []string) { var ( diff --git a/projects/gloo/api/grpc/validation/gloo_validation.proto b/projects/gloo/api/grpc/validation/gloo_validation.proto index 08ef33cb545..98c0ac84150 100644 --- a/projects/gloo/api/grpc/validation/gloo_validation.proto +++ b/projects/gloo/api/grpc/validation/gloo_validation.proto @@ -121,9 +121,24 @@ message ListenerReport { string reason = 2; } + // warning types for the given listener config + message Warning { + enum Type { + SSLConfigWarning = 0; + } + + // the type of the error + Type type = 1; + // any extra info as a string + string reason = 2; + } + // errors on top-level config of the listener repeated Error errors = 2; + // warnings on the top-levelconfig of the listener + repeated Warning warnings = 7; + oneof listener_type_report { // report for the http listener HttpListenerReport http_listener_report = 3; diff --git a/projects/gloo/api/v1/settings.proto b/projects/gloo/api/v1/settings.proto index 1377d96a52d..da5f475adbf 100644 --- a/projects/gloo/api/v1/settings.proto +++ b/projects/gloo/api/v1/settings.proto @@ -782,6 +782,11 @@ message GatewayOptions { // // If not included, the validation server will be enabled. google.protobuf.BoolValue server_enabled = 12; + + // Allows configuring validation to report a missing TLS secret referenced by a SslConfig or UpstreamSslConfig + // as a warning instead of an error. This will allow for eventually consistent workloads, but will also permit + // the accidental deletion of secrets being referenced, which would cause disruption in traffic. + google.protobuf.BoolValue warn_missing_tls_secret = 13; } // If provided, the Gateway will perform [Dynamic Admission Control](https://kubernetes.io/docs/reference/access-authn-authz/extensible-admission-controllers/) diff --git a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.clone.go b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.clone.go index 29c55069656..72e1257cdd6 100644 --- a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.clone.go +++ b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.clone.go @@ -297,6 +297,19 @@ func (m *ListenerReport) Clone() proto.Message { } } + if m.GetWarnings() != nil { + target.Warnings = make([]*ListenerReport_Warning, len(m.GetWarnings())) + for idx, v := range m.GetWarnings() { + + if h, ok := interface{}(v).(clone.Cloner); ok { + target.Warnings[idx] = h.Clone().(*ListenerReport_Warning) + } else { + target.Warnings[idx] = proto.Clone(v).(*ListenerReport_Warning) + } + + } + } + switch m.ListenerTypeReport.(type) { case *ListenerReport_HttpListenerReport: @@ -652,6 +665,21 @@ func (m *ListenerReport_Error) Clone() proto.Message { return target } +// Clone function +func (m *ListenerReport_Warning) Clone() proto.Message { + var target *ListenerReport_Warning + if m == nil { + return target + } + target = &ListenerReport_Warning{} + + target.Type = m.GetType() + + target.Reason = m.GetReason() + + return target +} + // Clone function func (m *HttpListenerReport_Error) Clone() proto.Message { var target *HttpListenerReport_Error diff --git a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.equal.go b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.equal.go index 69f22a8c306..cab26506e7b 100644 --- a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.equal.go +++ b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.equal.go @@ -482,6 +482,23 @@ func (m *ListenerReport) Equal(that interface{}) bool { } + if len(m.GetWarnings()) != len(target.GetWarnings()) { + return false + } + for idx, v := range m.GetWarnings() { + + if h, ok := interface{}(v).(equality.Equalizer); ok { + if !h.Equal(target.GetWarnings()[idx]) { + return false + } + } else { + if !proto.Equal(v, target.GetWarnings()[idx]) { + return false + } + } + + } + switch m.ListenerTypeReport.(type) { case *ListenerReport_HttpListenerReport: @@ -1038,6 +1055,38 @@ func (m *ListenerReport_Error) Equal(that interface{}) bool { return true } +// Equal function +func (m *ListenerReport_Warning) Equal(that interface{}) bool { + if that == nil { + return m == nil + } + + target, ok := that.(*ListenerReport_Warning) + if !ok { + that2, ok := that.(ListenerReport_Warning) + if ok { + target = &that2 + } else { + return false + } + } + if target == nil { + return m == nil + } else if m == nil { + return false + } + + if m.GetType() != target.GetType() { + return false + } + + if strings.Compare(m.GetReason(), target.GetReason()) != 0 { + return false + } + + return true +} + // Equal function func (m *HttpListenerReport_Error) Equal(that interface{}) bool { if that == nil { diff --git a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.go b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.go index e8310870135..b578c264dc5 100644 --- a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.go +++ b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.go @@ -80,6 +80,49 @@ func (ListenerReport_Error_Type) EnumDescriptor() ([]byte, []int) { return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDescGZIP(), []int{9, 0, 0} } +type ListenerReport_Warning_Type int32 + +const ( + ListenerReport_Warning_SSLConfigWarning ListenerReport_Warning_Type = 0 +) + +// Enum value maps for ListenerReport_Warning_Type. +var ( + ListenerReport_Warning_Type_name = map[int32]string{ + 0: "SSLConfigWarning", + } + ListenerReport_Warning_Type_value = map[string]int32{ + "SSLConfigWarning": 0, + } +) + +func (x ListenerReport_Warning_Type) Enum() *ListenerReport_Warning_Type { + p := new(ListenerReport_Warning_Type) + *p = x + return p +} + +func (x ListenerReport_Warning_Type) String() string { + return protoimpl.X.EnumStringOf(x.Descriptor(), protoreflect.EnumNumber(x)) +} + +func (ListenerReport_Warning_Type) Descriptor() protoreflect.EnumDescriptor { + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[1].Descriptor() +} + +func (ListenerReport_Warning_Type) Type() protoreflect.EnumType { + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[1] +} + +func (x ListenerReport_Warning_Type) Number() protoreflect.EnumNumber { + return protoreflect.EnumNumber(x) +} + +// Deprecated: Use ListenerReport_Warning_Type.Descriptor instead. +func (ListenerReport_Warning_Type) EnumDescriptor() ([]byte, []int) { + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDescGZIP(), []int{9, 1, 0} +} + type HttpListenerReport_Error_Type int32 const ( @@ -107,11 +150,11 @@ func (x HttpListenerReport_Error_Type) String() string { } func (HttpListenerReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[1].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[2].Descriptor() } func (HttpListenerReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[1] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[2] } func (x HttpListenerReport_Error_Type) Number() protoreflect.EnumNumber { @@ -159,11 +202,11 @@ func (x VirtualHostReport_Error_Type) String() string { } func (VirtualHostReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[2].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[3].Descriptor() } func (VirtualHostReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[2] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[3] } func (x VirtualHostReport_Error_Type) Number() protoreflect.EnumNumber { @@ -205,11 +248,11 @@ func (x RouteReport_Error_Type) String() string { } func (RouteReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[3].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[4].Descriptor() } func (RouteReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[3] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[4] } func (x RouteReport_Error_Type) Number() protoreflect.EnumNumber { @@ -248,11 +291,11 @@ func (x RouteReport_Warning_Type) String() string { } func (RouteReport_Warning_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[4].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[5].Descriptor() } func (RouteReport_Warning_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[4] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[5] } func (x RouteReport_Warning_Type) Number() protoreflect.EnumNumber { @@ -300,11 +343,11 @@ func (x TcpListenerReport_Error_Type) String() string { } func (TcpListenerReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[5].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[6].Descriptor() } func (TcpListenerReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[5] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[6] } func (x TcpListenerReport_Error_Type) Number() protoreflect.EnumNumber { @@ -350,11 +393,11 @@ func (x TcpHostReport_Error_Type) String() string { } func (TcpHostReport_Error_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[6].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[7].Descriptor() } func (TcpHostReport_Error_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[6] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[7] } func (x TcpHostReport_Error_Type) Number() protoreflect.EnumNumber { @@ -396,11 +439,11 @@ func (x TcpHostReport_Warning_Type) String() string { } func (TcpHostReport_Warning_Type) Descriptor() protoreflect.EnumDescriptor { - return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[7].Descriptor() + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[8].Descriptor() } func (TcpHostReport_Warning_Type) Type() protoreflect.EnumType { - return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[7] + return &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes[8] } func (x TcpHostReport_Warning_Type) Number() protoreflect.EnumNumber { @@ -935,6 +978,8 @@ type ListenerReport struct { // errors on top-level config of the listener Errors []*ListenerReport_Error `protobuf:"bytes,2,rep,name=errors,proto3" json:"errors,omitempty"` + // warnings on the top-levelconfig of the listener + Warnings []*ListenerReport_Warning `protobuf:"bytes,7,rep,name=warnings,proto3" json:"warnings,omitempty"` // Types that are assignable to ListenerTypeReport: // // *ListenerReport_HttpListenerReport @@ -983,6 +1028,13 @@ func (x *ListenerReport) GetErrors() []*ListenerReport_Error { return nil } +func (x *ListenerReport) GetWarnings() []*ListenerReport_Warning { + if x != nil { + return x.Warnings + } + return nil +} + func (m *ListenerReport) GetListenerTypeReport() isListenerReport_ListenerTypeReport { if m != nil { return m.ListenerTypeReport @@ -1575,6 +1627,64 @@ func (x *ListenerReport_Error) GetReason() string { return "" } +// warning types for the given listener config +type ListenerReport_Warning struct { + state protoimpl.MessageState + sizeCache protoimpl.SizeCache + unknownFields protoimpl.UnknownFields + + // the type of the error + Type ListenerReport_Warning_Type `protobuf:"varint,1,opt,name=type,proto3,enum=gloo.solo.io.ListenerReport_Warning_Type" json:"type,omitempty"` + // any extra info as a string + Reason string `protobuf:"bytes,2,opt,name=reason,proto3" json:"reason,omitempty"` +} + +func (x *ListenerReport_Warning) Reset() { + *x = ListenerReport_Warning{} + if protoimpl.UnsafeEnabled { + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19] + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + ms.StoreMessageInfo(mi) + } +} + +func (x *ListenerReport_Warning) String() string { + return protoimpl.X.MessageStringOf(x) +} + +func (*ListenerReport_Warning) ProtoMessage() {} + +func (x *ListenerReport_Warning) ProtoReflect() protoreflect.Message { + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19] + if protoimpl.UnsafeEnabled && x != nil { + ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) + if ms.LoadMessageInfo() == nil { + ms.StoreMessageInfo(mi) + } + return ms + } + return mi.MessageOf(x) +} + +// Deprecated: Use ListenerReport_Warning.ProtoReflect.Descriptor instead. +func (*ListenerReport_Warning) Descriptor() ([]byte, []int) { + return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDescGZIP(), []int{9, 1} +} + +func (x *ListenerReport_Warning) GetType() ListenerReport_Warning_Type { + if x != nil { + return x.Type + } + return ListenerReport_Warning_SSLConfigWarning +} + +func (x *ListenerReport_Warning) GetReason() string { + if x != nil { + return x.Reason + } + return "" +} + // error types for top-level http listener config type HttpListenerReport_Error struct { state protoimpl.MessageState @@ -1590,7 +1700,7 @@ type HttpListenerReport_Error struct { func (x *HttpListenerReport_Error) Reset() { *x = HttpListenerReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1603,7 +1713,7 @@ func (x *HttpListenerReport_Error) String() string { func (*HttpListenerReport_Error) ProtoMessage() {} func (x *HttpListenerReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1648,7 +1758,7 @@ type VirtualHostReport_Error struct { func (x *VirtualHostReport_Error) Reset() { *x = VirtualHostReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1661,7 +1771,7 @@ func (x *VirtualHostReport_Error) String() string { func (*VirtualHostReport_Error) ProtoMessage() {} func (x *VirtualHostReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1706,7 +1816,7 @@ type RouteReport_Error struct { func (x *RouteReport_Error) Reset() { *x = RouteReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1719,7 +1829,7 @@ func (x *RouteReport_Error) String() string { func (*RouteReport_Error) ProtoMessage() {} func (x *RouteReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1764,7 +1874,7 @@ type RouteReport_Warning struct { func (x *RouteReport_Warning) Reset() { *x = RouteReport_Warning{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1777,7 +1887,7 @@ func (x *RouteReport_Warning) String() string { func (*RouteReport_Warning) ProtoMessage() {} func (x *RouteReport_Warning) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1822,7 +1932,7 @@ type TcpListenerReport_Error struct { func (x *TcpListenerReport_Error) Reset() { *x = TcpListenerReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1835,7 +1945,7 @@ func (x *TcpListenerReport_Error) String() string { func (*TcpListenerReport_Error) ProtoMessage() {} func (x *TcpListenerReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1880,7 +1990,7 @@ type TcpHostReport_Error struct { func (x *TcpHostReport_Error) Reset() { *x = TcpHostReport_Error{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1893,7 +2003,7 @@ func (x *TcpHostReport_Error) String() string { func (*TcpHostReport_Error) ProtoMessage() {} func (x *TcpHostReport_Error) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -1938,7 +2048,7 @@ type TcpHostReport_Warning struct { func (x *TcpHostReport_Warning) Reset() { *x = TcpHostReport_Warning{} if protoimpl.UnsafeEnabled { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[26] ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) ms.StoreMessageInfo(mi) } @@ -1951,7 +2061,7 @@ func (x *TcpHostReport_Warning) String() string { func (*TcpHostReport_Warning) ProtoMessage() {} func (x *TcpHostReport_Warning) ProtoReflect() protoreflect.Message { - mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25] + mi := &file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[26] if protoimpl.UnsafeEnabled && x != nil { ms := protoimpl.X.MessageStateOf(protoimpl.Pointer(x)) if ms.LoadMessageInfo() == nil { @@ -2067,127 +2177,41 @@ var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validati 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x1c, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x73, 0x22, 0x92, 0x05, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x70, 0x6f, 0x72, 0x74, 0x73, 0x22, 0xd4, 0x06, 0x0a, 0x0e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3a, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x22, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, - 0x72, 0x6f, 0x72, 0x73, 0x12, 0x54, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, 0x20, 0x01, - 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, - 0x6f, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x12, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, - 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x51, 0x0a, 0x13, 0x74, 0x63, - 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, - 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x11, 0x74, 0x63, 0x70, 0x4c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x5a, 0x0a, - 0x16, 0x68, 0x79, 0x62, 0x72, 0x69, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x22, 0x2e, - 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x79, 0x62, - 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x48, 0x00, 0x52, 0x14, 0x68, 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, - 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x63, 0x0a, 0x19, 0x61, 0x67, 0x67, - 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, - 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, - 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, 0x67, 0x72, - 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x17, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, - 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x1a, 0xc1, - 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, - 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x27, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, + 0x72, 0x6f, 0x72, 0x73, 0x12, 0x40, 0x0a, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, + 0x18, 0x07, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, - 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x63, 0x0a, - 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, 0x4e, 0x6f, 0x74, - 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x1a, 0x0a, - 0x16, 0x42, 0x69, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, - 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x53, 0x53, 0x4c, - 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x12, 0x13, 0x0a, - 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, - 0x10, 0x03, 0x42, 0x16, 0x0a, 0x14, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x74, - 0x79, 0x70, 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xa6, 0x02, 0x0a, 0x12, 0x48, - 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, - 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, - 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, - 0x73, 0x12, 0x51, 0x0a, 0x14, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x68, 0x6f, 0x73, - 0x74, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x56, - 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x52, 0x12, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x73, 0x1a, 0x7d, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3f, 0x0a, - 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, 0x67, 0x6c, - 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, - 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, - 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, - 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, - 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x1b, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x13, - 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x10, 0x00, 0x22, 0xda, 0x02, 0x0a, 0x11, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, - 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x65, 0x72, 0x72, - 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, - 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, - 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, - 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x3e, 0x0a, 0x0d, 0x72, 0x6f, 0x75, 0x74, - 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, - 0x19, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, - 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0c, 0x72, 0x6f, 0x75, 0x74, - 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0xc5, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x64, 0x0a, 0x04, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, - 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, 0x44, 0x6f, - 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, - 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, - 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, 0x45, 0x6d, - 0x70, 0x74, 0x79, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x03, - 0x22, 0x9e, 0x03, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x12, 0x37, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x3d, 0x0a, 0x08, 0x77, 0x61, 0x72, - 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6c, - 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x08, - 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x1a, 0x8f, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x12, 0x38, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, - 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, - 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, - 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x34, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, 0x0a, 0x13, - 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, 0x45, 0x72, - 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, - 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x1a, 0x84, 0x01, 0x0a, 0x07, 0x57, - 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, - 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, - 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, - 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, - 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x25, 0x0a, 0x04, 0x54, 0x79, - 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, 0x65, 0x73, - 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x10, - 0x00, 0x22, 0xe0, 0x02, 0x0a, 0x11, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, - 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, - 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, - 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, - 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, 0x68, 0x6f, - 0x73, 0x74, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, - 0x32, 0x1b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0e, 0x74, - 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0xc4, 0x01, - 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, - 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, - 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x77, 0x61, + 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x12, 0x54, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x03, + 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, + 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x12, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, + 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x51, 0x0a, 0x13, + 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x18, 0x04, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, + 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x11, 0x74, 0x63, + 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, + 0x5a, 0x0a, 0x16, 0x68, 0x79, 0x62, 0x72, 0x69, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x05, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x22, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, + 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x14, 0x68, 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x63, 0x0a, 0x19, 0x61, + 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x06, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x25, + 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, + 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x17, 0x61, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, + 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, + 0x1a, 0xc1, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3b, 0x0a, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x27, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, + 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, @@ -2197,115 +2221,213 @@ var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validati 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x12, 0x0a, 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, - 0x6f, 0x72, 0x10, 0x03, 0x22, 0xdc, 0x03, 0x0a, 0x0d, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x39, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, - 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, - 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, - 0x73, 0x12, 0x3f, 0x0a, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x03, 0x20, - 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, - 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, - 0x67, 0x73, 0x1a, 0xb1, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3a, 0x0a, 0x04, - 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, - 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, - 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, - 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, - 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, - 0x22, 0x54, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, - 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, - 0x12, 0x1f, 0x0a, 0x17, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, - 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x1a, 0x02, 0x08, - 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, - 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x1a, 0x9a, 0x01, 0x0a, 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, - 0x6e, 0x67, 0x12, 0x3c, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, - 0x32, 0x28, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, - 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, - 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x6f, 0x72, 0x10, 0x03, 0x1a, 0x7e, 0x0a, 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, + 0x3d, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x29, 0x2e, + 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4c, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, + 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, + 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x1c, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x14, + 0x0a, 0x10, 0x53, 0x53, 0x4c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x57, 0x61, 0x72, 0x6e, 0x69, + 0x6e, 0x67, 0x10, 0x00, 0x42, 0x16, 0x0a, 0x14, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x5f, 0x74, 0x79, 0x70, 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x22, 0xa6, 0x02, 0x0a, + 0x12, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x12, 0x3e, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, + 0x03, 0x28, 0x0b, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, + 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x73, 0x12, 0x51, 0x0a, 0x14, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x5f, 0x68, + 0x6f, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, + 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x52, 0x12, 0x76, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0x7d, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, + 0x3f, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2b, 0x2e, + 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, + 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, - 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x39, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, - 0x12, 0x12, 0x0a, 0x0e, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x57, 0x61, 0x72, 0x6e, 0x69, - 0x6e, 0x67, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, + 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x1b, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, + 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, + 0x72, 0x6f, 0x72, 0x10, 0x00, 0x22, 0xda, 0x02, 0x0a, 0x11, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, + 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x65, + 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6c, + 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, + 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, + 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x3e, 0x0a, 0x0d, 0x72, 0x6f, + 0x75, 0x74, 0x65, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, + 0x0b, 0x32, 0x19, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, + 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x0c, 0x72, 0x6f, + 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0xc5, 0x01, 0x0a, 0x05, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x56, 0x69, 0x72, 0x74, 0x75, 0x61, 0x6c, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x64, 0x0a, 0x04, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, 0x65, 0x4e, 0x6f, 0x74, 0x55, + 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x19, 0x0a, 0x15, + 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x73, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, + 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x12, 0x14, 0x0a, 0x10, + 0x45, 0x6d, 0x70, 0x74, 0x79, 0x44, 0x6f, 0x6d, 0x61, 0x69, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x10, 0x03, 0x22, 0x9e, 0x03, 0x0a, 0x0b, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x12, 0x37, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, + 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x3d, 0x0a, 0x08, 0x77, + 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, + 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x6f, 0x75, + 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, + 0x52, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x1a, 0x8f, 0x01, 0x0a, 0x05, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x12, 0x38, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, + 0x72, 0x6f, 0x72, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, + 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, + 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x34, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x17, + 0x0a, 0x13, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x72, + 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x00, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, + 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x1a, 0x84, 0x01, 0x0a, + 0x07, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x3a, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, + 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, + 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x52, 0x6f, 0x75, 0x74, 0x65, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, + 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x25, 0x0a, 0x04, + 0x54, 0x79, 0x70, 0x65, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, - 0x67, 0x10, 0x01, 0x22, 0x80, 0x02, 0x0a, 0x14, 0x48, 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x78, 0x0a, 0x18, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, - 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x79, - 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, - 0x72, 0x74, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, - 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x16, - 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, - 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0x6e, 0x0a, 0x1b, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, - 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, - 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, - 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xd6, 0x01, 0x0a, 0x15, 0x4d, 0x61, 0x74, 0x63, 0x68, - 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x12, 0x54, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, - 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, - 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, + 0x67, 0x10, 0x00, 0x22, 0xe0, 0x02, 0x0a, 0x11, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x3d, 0x0a, 0x06, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x25, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, + 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x52, 0x06, 0x65, 0x72, 0x72, 0x6f, 0x72, 0x73, 0x12, 0x45, 0x0a, 0x10, 0x74, 0x63, 0x70, 0x5f, + 0x68, 0x6f, 0x73, 0x74, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, + 0x28, 0x0b, 0x32, 0x1b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, + 0x0e, 0x74, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, + 0xc4, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3e, 0x0a, 0x04, 0x74, 0x79, 0x70, + 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, + 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, 0x54, + 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, + 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, + 0x6e, 0x22, 0x63, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, 0x6d, + 0x65, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, + 0x00, 0x12, 0x1a, 0x0a, 0x16, 0x42, 0x69, 0x6e, 0x64, 0x50, 0x6f, 0x72, 0x74, 0x4e, 0x6f, 0x74, + 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x12, 0x12, 0x0a, + 0x0e, 0x53, 0x53, 0x4c, 0x43, 0x6f, 0x6e, 0x66, 0x69, 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, + 0x02, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x45, + 0x72, 0x72, 0x6f, 0x72, 0x10, 0x03, 0x22, 0xdc, 0x03, 0x0a, 0x0d, 0x54, 0x63, 0x70, 0x48, 0x6f, + 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x39, 0x0a, 0x06, 0x65, 0x72, 0x72, 0x6f, + 0x72, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x21, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, + 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x52, 0x06, 0x65, 0x72, 0x72, + 0x6f, 0x72, 0x73, 0x12, 0x3f, 0x0a, 0x08, 0x77, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x73, 0x18, + 0x03, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, + 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x2e, 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x52, 0x08, 0x77, 0x61, 0x72, 0x6e, + 0x69, 0x6e, 0x67, 0x73, 0x1a, 0xb1, 0x01, 0x0a, 0x05, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x12, 0x3a, + 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0e, 0x32, 0x26, 0x2e, 0x67, + 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, + 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x2e, + 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, + 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, + 0x6f, 0x6e, 0x22, 0x54, 0x0a, 0x04, 0x54, 0x79, 0x70, 0x65, 0x12, 0x16, 0x0a, 0x12, 0x4e, 0x61, + 0x6d, 0x65, 0x4e, 0x6f, 0x74, 0x55, 0x6e, 0x69, 0x71, 0x75, 0x65, 0x45, 0x72, 0x72, 0x6f, 0x72, + 0x10, 0x00, 0x12, 0x1f, 0x0a, 0x17, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x44, 0x65, 0x73, + 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x01, 0x1a, + 0x02, 0x08, 0x01, 0x12, 0x13, 0x0a, 0x0f, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, + 0x67, 0x45, 0x72, 0x72, 0x6f, 0x72, 0x10, 0x02, 0x1a, 0x9a, 0x01, 0x0a, 0x07, 0x57, 0x61, 0x72, + 0x6e, 0x69, 0x6e, 0x67, 0x12, 0x3c, 0x0a, 0x04, 0x74, 0x79, 0x70, 0x65, 0x18, 0x01, 0x20, 0x01, + 0x28, 0x0e, 0x32, 0x28, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, + 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x48, 0x6f, 0x73, 0x74, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, + 0x57, 0x61, 0x72, 0x6e, 0x69, 0x6e, 0x67, 0x2e, 0x54, 0x79, 0x70, 0x65, 0x52, 0x04, 0x74, 0x79, + 0x70, 0x65, 0x12, 0x16, 0x0a, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x18, 0x02, 0x20, 0x01, + 0x28, 0x09, 0x52, 0x06, 0x72, 0x65, 0x61, 0x73, 0x6f, 0x6e, 0x22, 0x39, 0x0a, 0x04, 0x54, 0x79, + 0x70, 0x65, 0x12, 0x12, 0x0a, 0x0e, 0x55, 0x6e, 0x6b, 0x6e, 0x6f, 0x77, 0x6e, 0x57, 0x61, 0x72, + 0x6e, 0x69, 0x6e, 0x67, 0x10, 0x00, 0x12, 0x1d, 0x0a, 0x19, 0x49, 0x6e, 0x76, 0x61, 0x6c, 0x69, + 0x64, 0x44, 0x65, 0x73, 0x74, 0x69, 0x6e, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x57, 0x61, 0x72, 0x6e, + 0x69, 0x6e, 0x67, 0x10, 0x01, 0x22, 0x80, 0x02, 0x0a, 0x14, 0x48, 0x79, 0x62, 0x72, 0x69, 0x64, + 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x78, + 0x0a, 0x18, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, + 0x32, 0x3e, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x48, 0x79, 0x62, 0x72, 0x69, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, + 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, + 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, + 0x52, 0x16, 0x6d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x1a, 0x6e, 0x0a, 0x1b, 0x4d, 0x61, 0x74, 0x63, + 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x39, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, + 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4d, 0x61, 0x74, 0x63, 0x68, 0x65, 0x64, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x76, + 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x22, 0xd6, 0x01, 0x0a, 0x15, 0x4d, 0x61, 0x74, + 0x63, 0x68, 0x65, 0x64, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x12, 0x54, 0x0a, 0x14, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, + 0x32, 0x20, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, + 0x72, 0x74, 0x48, 0x00, 0x52, 0x12, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x51, 0x0a, 0x13, 0x74, 0x63, 0x70, 0x5f, + 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, + 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, + 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x11, 0x74, 0x63, 0x70, 0x4c, 0x69, 0x73, + 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x14, 0x0a, 0x12, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x79, 0x70, + 0x65, 0x22, 0xd0, 0x03, 0x0a, 0x17, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, + 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x72, 0x0a, + 0x15, 0x68, 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, + 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, + 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, 0x67, 0x72, + 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, + 0x6f, 0x72, 0x74, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x13, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, - 0x48, 0x00, 0x52, 0x12, 0x68, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x51, 0x0a, 0x13, 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x69, - 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x18, 0x02, 0x20, - 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, - 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x48, 0x00, 0x52, 0x11, 0x74, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, - 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x42, 0x14, 0x0a, 0x12, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x54, 0x79, 0x70, 0x65, 0x22, - 0xd0, 0x03, 0x0a, 0x17, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, - 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x12, 0x72, 0x0a, 0x15, 0x68, - 0x74, 0x74, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, 0x72, 0x65, 0x70, - 0x6f, 0x72, 0x74, 0x73, 0x18, 0x01, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3e, 0x2e, 0x67, 0x6c, 0x6f, - 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, 0x67, 0x72, 0x65, 0x67, - 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, - 0x74, 0x2e, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x13, 0x68, 0x74, 0x74, 0x70, - 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x12, - 0x6f, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x5f, - 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, 0x3d, 0x2e, - 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, 0x67, 0x67, - 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, - 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x12, 0x74, 0x63, - 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, - 0x1a, 0x68, 0x0a, 0x18, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, - 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, - 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x36, - 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x20, 0x2e, - 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, 0x74, 0x74, - 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, - 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x66, 0x0a, 0x17, 0x54, 0x63, - 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, - 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, - 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x35, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, - 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, - 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, - 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, - 0x38, 0x01, 0x32, 0xdf, 0x01, 0x0a, 0x15, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, 0x69, 0x64, - 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5f, 0x0a, 0x0e, - 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, 0x63, 0x12, 0x23, - 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4e, 0x6f, - 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, 0x63, 0x52, 0x65, 0x71, 0x75, - 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, - 0x69, 0x6f, 0x2e, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, - 0x63, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, 0x65, 0x0a, - 0x08, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, - 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, - 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, - 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, - 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, - 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, - 0x73, 0x65, 0x22, 0x00, 0x42, 0x4b, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, 0x04, 0x01, 0xd0, 0xf5, - 0x04, 0x01, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, - 0x6f, 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, - 0x65, 0x63, 0x74, 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, - 0x69, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, - 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x73, 0x12, 0x6f, 0x0a, 0x14, 0x74, 0x63, 0x70, 0x5f, 0x6c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, + 0x72, 0x5f, 0x72, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0b, 0x32, + 0x3d, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x41, + 0x67, 0x67, 0x72, 0x65, 0x67, 0x61, 0x74, 0x65, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, + 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x52, 0x12, + 0x74, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x73, 0x1a, 0x68, 0x0a, 0x18, 0x48, 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, + 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, + 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, + 0x12, 0x36, 0x0a, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, + 0x20, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x48, + 0x74, 0x74, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, 0x3a, 0x02, 0x38, 0x01, 0x1a, 0x66, 0x0a, 0x17, + 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, + 0x74, 0x73, 0x45, 0x6e, 0x74, 0x72, 0x79, 0x12, 0x10, 0x0a, 0x03, 0x6b, 0x65, 0x79, 0x18, 0x01, + 0x20, 0x01, 0x28, 0x09, 0x52, 0x03, 0x6b, 0x65, 0x79, 0x12, 0x35, 0x0a, 0x05, 0x76, 0x61, 0x6c, + 0x75, 0x65, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1f, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, + 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x54, 0x63, 0x70, 0x4c, 0x69, 0x73, 0x74, 0x65, + 0x6e, 0x65, 0x72, 0x52, 0x65, 0x70, 0x6f, 0x72, 0x74, 0x52, 0x05, 0x76, 0x61, 0x6c, 0x75, 0x65, + 0x3a, 0x02, 0x38, 0x01, 0x32, 0xdf, 0x01, 0x0a, 0x15, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, + 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x12, 0x5f, + 0x0a, 0x0e, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, 0x63, + 0x12, 0x23, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, + 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, 0x79, 0x6e, 0x63, 0x52, 0x65, + 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x24, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, + 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x4e, 0x6f, 0x74, 0x69, 0x66, 0x79, 0x4f, 0x6e, 0x52, 0x65, 0x73, + 0x79, 0x6e, 0x63, 0x52, 0x65, 0x73, 0x70, 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x30, 0x01, 0x12, + 0x65, 0x0a, 0x08, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x65, 0x12, 0x2a, 0x2e, 0x67, 0x6c, + 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x6c, 0x6f, 0x6f, 0x56, + 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, + 0x52, 0x65, 0x71, 0x75, 0x65, 0x73, 0x74, 0x1a, 0x2b, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, + 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x6c, 0x6f, 0x6f, 0x56, 0x61, 0x6c, 0x69, 0x64, + 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x53, 0x65, 0x72, 0x76, 0x69, 0x63, 0x65, 0x52, 0x65, 0x73, 0x70, + 0x6f, 0x6e, 0x73, 0x65, 0x22, 0x00, 0x42, 0x4b, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, 0x04, 0x01, + 0xd0, 0xf5, 0x04, 0x01, 0x5a, 0x3d, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, 0x6f, 0x6d, + 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x72, + 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x6b, 0x67, 0x2f, + 0x61, 0x70, 0x69, 0x2f, 0x67, 0x72, 0x70, 0x63, 0x2f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, + 0x69, 0x6f, 0x6e, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, } var ( @@ -2320,103 +2442,107 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat return file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDescData } -var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes = make([]protoimpl.EnumInfo, 8) -var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes = make([]protoimpl.MessageInfo, 29) +var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_enumTypes = make([]protoimpl.EnumInfo, 9) +var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes = make([]protoimpl.MessageInfo, 30) var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_goTypes = []interface{}{ (ListenerReport_Error_Type)(0), // 0: gloo.solo.io.ListenerReport.Error.Type - (HttpListenerReport_Error_Type)(0), // 1: gloo.solo.io.HttpListenerReport.Error.Type - (VirtualHostReport_Error_Type)(0), // 2: gloo.solo.io.VirtualHostReport.Error.Type - (RouteReport_Error_Type)(0), // 3: gloo.solo.io.RouteReport.Error.Type - (RouteReport_Warning_Type)(0), // 4: gloo.solo.io.RouteReport.Warning.Type - (TcpListenerReport_Error_Type)(0), // 5: gloo.solo.io.TcpListenerReport.Error.Type - (TcpHostReport_Error_Type)(0), // 6: gloo.solo.io.TcpHostReport.Error.Type - (TcpHostReport_Warning_Type)(0), // 7: gloo.solo.io.TcpHostReport.Warning.Type - (*GlooValidationServiceRequest)(nil), // 8: gloo.solo.io.GlooValidationServiceRequest - (*GlooValidationServiceResponse)(nil), // 9: gloo.solo.io.GlooValidationServiceResponse - (*ModifiedResources)(nil), // 10: gloo.solo.io.ModifiedResources - (*DeletedResources)(nil), // 11: gloo.solo.io.DeletedResources - (*ValidationReport)(nil), // 12: gloo.solo.io.ValidationReport - (*ResourceReport)(nil), // 13: gloo.solo.io.ResourceReport - (*NotifyOnResyncRequest)(nil), // 14: gloo.solo.io.NotifyOnResyncRequest - (*NotifyOnResyncResponse)(nil), // 15: gloo.solo.io.NotifyOnResyncResponse - (*ProxyReport)(nil), // 16: gloo.solo.io.ProxyReport - (*ListenerReport)(nil), // 17: gloo.solo.io.ListenerReport - (*HttpListenerReport)(nil), // 18: gloo.solo.io.HttpListenerReport - (*VirtualHostReport)(nil), // 19: gloo.solo.io.VirtualHostReport - (*RouteReport)(nil), // 20: gloo.solo.io.RouteReport - (*TcpListenerReport)(nil), // 21: gloo.solo.io.TcpListenerReport - (*TcpHostReport)(nil), // 22: gloo.solo.io.TcpHostReport - (*HybridListenerReport)(nil), // 23: gloo.solo.io.HybridListenerReport - (*MatchedListenerReport)(nil), // 24: gloo.solo.io.MatchedListenerReport - (*AggregateListenerReport)(nil), // 25: gloo.solo.io.AggregateListenerReport - (*ListenerReport_Error)(nil), // 26: gloo.solo.io.ListenerReport.Error - (*HttpListenerReport_Error)(nil), // 27: gloo.solo.io.HttpListenerReport.Error - (*VirtualHostReport_Error)(nil), // 28: gloo.solo.io.VirtualHostReport.Error - (*RouteReport_Error)(nil), // 29: gloo.solo.io.RouteReport.Error - (*RouteReport_Warning)(nil), // 30: gloo.solo.io.RouteReport.Warning - (*TcpListenerReport_Error)(nil), // 31: gloo.solo.io.TcpListenerReport.Error - (*TcpHostReport_Error)(nil), // 32: gloo.solo.io.TcpHostReport.Error - (*TcpHostReport_Warning)(nil), // 33: gloo.solo.io.TcpHostReport.Warning - nil, // 34: gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry - nil, // 35: gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry - nil, // 36: gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry - (*v1.Proxy)(nil), // 37: gloo.solo.io.Proxy - (*v1.Upstream)(nil), // 38: gloo.solo.io.Upstream - (*core.ResourceRef)(nil), // 39: core.solo.io.ResourceRef + (ListenerReport_Warning_Type)(0), // 1: gloo.solo.io.ListenerReport.Warning.Type + (HttpListenerReport_Error_Type)(0), // 2: gloo.solo.io.HttpListenerReport.Error.Type + (VirtualHostReport_Error_Type)(0), // 3: gloo.solo.io.VirtualHostReport.Error.Type + (RouteReport_Error_Type)(0), // 4: gloo.solo.io.RouteReport.Error.Type + (RouteReport_Warning_Type)(0), // 5: gloo.solo.io.RouteReport.Warning.Type + (TcpListenerReport_Error_Type)(0), // 6: gloo.solo.io.TcpListenerReport.Error.Type + (TcpHostReport_Error_Type)(0), // 7: gloo.solo.io.TcpHostReport.Error.Type + (TcpHostReport_Warning_Type)(0), // 8: gloo.solo.io.TcpHostReport.Warning.Type + (*GlooValidationServiceRequest)(nil), // 9: gloo.solo.io.GlooValidationServiceRequest + (*GlooValidationServiceResponse)(nil), // 10: gloo.solo.io.GlooValidationServiceResponse + (*ModifiedResources)(nil), // 11: gloo.solo.io.ModifiedResources + (*DeletedResources)(nil), // 12: gloo.solo.io.DeletedResources + (*ValidationReport)(nil), // 13: gloo.solo.io.ValidationReport + (*ResourceReport)(nil), // 14: gloo.solo.io.ResourceReport + (*NotifyOnResyncRequest)(nil), // 15: gloo.solo.io.NotifyOnResyncRequest + (*NotifyOnResyncResponse)(nil), // 16: gloo.solo.io.NotifyOnResyncResponse + (*ProxyReport)(nil), // 17: gloo.solo.io.ProxyReport + (*ListenerReport)(nil), // 18: gloo.solo.io.ListenerReport + (*HttpListenerReport)(nil), // 19: gloo.solo.io.HttpListenerReport + (*VirtualHostReport)(nil), // 20: gloo.solo.io.VirtualHostReport + (*RouteReport)(nil), // 21: gloo.solo.io.RouteReport + (*TcpListenerReport)(nil), // 22: gloo.solo.io.TcpListenerReport + (*TcpHostReport)(nil), // 23: gloo.solo.io.TcpHostReport + (*HybridListenerReport)(nil), // 24: gloo.solo.io.HybridListenerReport + (*MatchedListenerReport)(nil), // 25: gloo.solo.io.MatchedListenerReport + (*AggregateListenerReport)(nil), // 26: gloo.solo.io.AggregateListenerReport + (*ListenerReport_Error)(nil), // 27: gloo.solo.io.ListenerReport.Error + (*ListenerReport_Warning)(nil), // 28: gloo.solo.io.ListenerReport.Warning + (*HttpListenerReport_Error)(nil), // 29: gloo.solo.io.HttpListenerReport.Error + (*VirtualHostReport_Error)(nil), // 30: gloo.solo.io.VirtualHostReport.Error + (*RouteReport_Error)(nil), // 31: gloo.solo.io.RouteReport.Error + (*RouteReport_Warning)(nil), // 32: gloo.solo.io.RouteReport.Warning + (*TcpListenerReport_Error)(nil), // 33: gloo.solo.io.TcpListenerReport.Error + (*TcpHostReport_Error)(nil), // 34: gloo.solo.io.TcpHostReport.Error + (*TcpHostReport_Warning)(nil), // 35: gloo.solo.io.TcpHostReport.Warning + nil, // 36: gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry + nil, // 37: gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry + nil, // 38: gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry + (*v1.Proxy)(nil), // 39: gloo.solo.io.Proxy + (*v1.Upstream)(nil), // 40: gloo.solo.io.Upstream + (*core.ResourceRef)(nil), // 41: core.solo.io.ResourceRef } var file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_depIdxs = []int32{ - 37, // 0: gloo.solo.io.GlooValidationServiceRequest.proxy:type_name -> gloo.solo.io.Proxy - 10, // 1: gloo.solo.io.GlooValidationServiceRequest.modified_resources:type_name -> gloo.solo.io.ModifiedResources - 11, // 2: gloo.solo.io.GlooValidationServiceRequest.deleted_resources:type_name -> gloo.solo.io.DeletedResources - 12, // 3: gloo.solo.io.GlooValidationServiceResponse.validation_reports:type_name -> gloo.solo.io.ValidationReport - 38, // 4: gloo.solo.io.ModifiedResources.upstreams:type_name -> gloo.solo.io.Upstream - 39, // 5: gloo.solo.io.DeletedResources.upstream_refs:type_name -> core.solo.io.ResourceRef - 39, // 6: gloo.solo.io.DeletedResources.secret_refs:type_name -> core.solo.io.ResourceRef - 16, // 7: gloo.solo.io.ValidationReport.proxy_report:type_name -> gloo.solo.io.ProxyReport - 13, // 8: gloo.solo.io.ValidationReport.upstream_reports:type_name -> gloo.solo.io.ResourceReport - 37, // 9: gloo.solo.io.ValidationReport.proxy:type_name -> gloo.solo.io.Proxy - 39, // 10: gloo.solo.io.ResourceReport.resource_ref:type_name -> core.solo.io.ResourceRef - 17, // 11: gloo.solo.io.ProxyReport.listener_reports:type_name -> gloo.solo.io.ListenerReport - 26, // 12: gloo.solo.io.ListenerReport.errors:type_name -> gloo.solo.io.ListenerReport.Error - 18, // 13: gloo.solo.io.ListenerReport.http_listener_report:type_name -> gloo.solo.io.HttpListenerReport - 21, // 14: gloo.solo.io.ListenerReport.tcp_listener_report:type_name -> gloo.solo.io.TcpListenerReport - 23, // 15: gloo.solo.io.ListenerReport.hybrid_listener_report:type_name -> gloo.solo.io.HybridListenerReport - 25, // 16: gloo.solo.io.ListenerReport.aggregate_listener_report:type_name -> gloo.solo.io.AggregateListenerReport - 27, // 17: gloo.solo.io.HttpListenerReport.errors:type_name -> gloo.solo.io.HttpListenerReport.Error - 19, // 18: gloo.solo.io.HttpListenerReport.virtual_host_reports:type_name -> gloo.solo.io.VirtualHostReport - 28, // 19: gloo.solo.io.VirtualHostReport.errors:type_name -> gloo.solo.io.VirtualHostReport.Error - 20, // 20: gloo.solo.io.VirtualHostReport.route_reports:type_name -> gloo.solo.io.RouteReport - 29, // 21: gloo.solo.io.RouteReport.errors:type_name -> gloo.solo.io.RouteReport.Error - 30, // 22: gloo.solo.io.RouteReport.warnings:type_name -> gloo.solo.io.RouteReport.Warning - 31, // 23: gloo.solo.io.TcpListenerReport.errors:type_name -> gloo.solo.io.TcpListenerReport.Error - 22, // 24: gloo.solo.io.TcpListenerReport.tcp_host_reports:type_name -> gloo.solo.io.TcpHostReport - 32, // 25: gloo.solo.io.TcpHostReport.errors:type_name -> gloo.solo.io.TcpHostReport.Error - 33, // 26: gloo.solo.io.TcpHostReport.warnings:type_name -> gloo.solo.io.TcpHostReport.Warning - 34, // 27: gloo.solo.io.HybridListenerReport.matched_listener_reports:type_name -> gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry - 18, // 28: gloo.solo.io.MatchedListenerReport.http_listener_report:type_name -> gloo.solo.io.HttpListenerReport - 21, // 29: gloo.solo.io.MatchedListenerReport.tcp_listener_report:type_name -> gloo.solo.io.TcpListenerReport - 35, // 30: gloo.solo.io.AggregateListenerReport.http_listener_reports:type_name -> gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry - 36, // 31: gloo.solo.io.AggregateListenerReport.tcp_listener_reports:type_name -> gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry - 0, // 32: gloo.solo.io.ListenerReport.Error.type:type_name -> gloo.solo.io.ListenerReport.Error.Type - 1, // 33: gloo.solo.io.HttpListenerReport.Error.type:type_name -> gloo.solo.io.HttpListenerReport.Error.Type - 2, // 34: gloo.solo.io.VirtualHostReport.Error.type:type_name -> gloo.solo.io.VirtualHostReport.Error.Type - 3, // 35: gloo.solo.io.RouteReport.Error.type:type_name -> gloo.solo.io.RouteReport.Error.Type - 4, // 36: gloo.solo.io.RouteReport.Warning.type:type_name -> gloo.solo.io.RouteReport.Warning.Type - 5, // 37: gloo.solo.io.TcpListenerReport.Error.type:type_name -> gloo.solo.io.TcpListenerReport.Error.Type - 6, // 38: gloo.solo.io.TcpHostReport.Error.type:type_name -> gloo.solo.io.TcpHostReport.Error.Type - 7, // 39: gloo.solo.io.TcpHostReport.Warning.type:type_name -> gloo.solo.io.TcpHostReport.Warning.Type - 24, // 40: gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry.value:type_name -> gloo.solo.io.MatchedListenerReport - 18, // 41: gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry.value:type_name -> gloo.solo.io.HttpListenerReport - 21, // 42: gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry.value:type_name -> gloo.solo.io.TcpListenerReport - 14, // 43: gloo.solo.io.GlooValidationService.NotifyOnResync:input_type -> gloo.solo.io.NotifyOnResyncRequest - 8, // 44: gloo.solo.io.GlooValidationService.Validate:input_type -> gloo.solo.io.GlooValidationServiceRequest - 15, // 45: gloo.solo.io.GlooValidationService.NotifyOnResync:output_type -> gloo.solo.io.NotifyOnResyncResponse - 9, // 46: gloo.solo.io.GlooValidationService.Validate:output_type -> gloo.solo.io.GlooValidationServiceResponse - 45, // [45:47] is the sub-list for method output_type - 43, // [43:45] is the sub-list for method input_type - 43, // [43:43] is the sub-list for extension type_name - 43, // [43:43] is the sub-list for extension extendee - 0, // [0:43] is the sub-list for field type_name + 39, // 0: gloo.solo.io.GlooValidationServiceRequest.proxy:type_name -> gloo.solo.io.Proxy + 11, // 1: gloo.solo.io.GlooValidationServiceRequest.modified_resources:type_name -> gloo.solo.io.ModifiedResources + 12, // 2: gloo.solo.io.GlooValidationServiceRequest.deleted_resources:type_name -> gloo.solo.io.DeletedResources + 13, // 3: gloo.solo.io.GlooValidationServiceResponse.validation_reports:type_name -> gloo.solo.io.ValidationReport + 40, // 4: gloo.solo.io.ModifiedResources.upstreams:type_name -> gloo.solo.io.Upstream + 41, // 5: gloo.solo.io.DeletedResources.upstream_refs:type_name -> core.solo.io.ResourceRef + 41, // 6: gloo.solo.io.DeletedResources.secret_refs:type_name -> core.solo.io.ResourceRef + 17, // 7: gloo.solo.io.ValidationReport.proxy_report:type_name -> gloo.solo.io.ProxyReport + 14, // 8: gloo.solo.io.ValidationReport.upstream_reports:type_name -> gloo.solo.io.ResourceReport + 39, // 9: gloo.solo.io.ValidationReport.proxy:type_name -> gloo.solo.io.Proxy + 41, // 10: gloo.solo.io.ResourceReport.resource_ref:type_name -> core.solo.io.ResourceRef + 18, // 11: gloo.solo.io.ProxyReport.listener_reports:type_name -> gloo.solo.io.ListenerReport + 27, // 12: gloo.solo.io.ListenerReport.errors:type_name -> gloo.solo.io.ListenerReport.Error + 28, // 13: gloo.solo.io.ListenerReport.warnings:type_name -> gloo.solo.io.ListenerReport.Warning + 19, // 14: gloo.solo.io.ListenerReport.http_listener_report:type_name -> gloo.solo.io.HttpListenerReport + 22, // 15: gloo.solo.io.ListenerReport.tcp_listener_report:type_name -> gloo.solo.io.TcpListenerReport + 24, // 16: gloo.solo.io.ListenerReport.hybrid_listener_report:type_name -> gloo.solo.io.HybridListenerReport + 26, // 17: gloo.solo.io.ListenerReport.aggregate_listener_report:type_name -> gloo.solo.io.AggregateListenerReport + 29, // 18: gloo.solo.io.HttpListenerReport.errors:type_name -> gloo.solo.io.HttpListenerReport.Error + 20, // 19: gloo.solo.io.HttpListenerReport.virtual_host_reports:type_name -> gloo.solo.io.VirtualHostReport + 30, // 20: gloo.solo.io.VirtualHostReport.errors:type_name -> gloo.solo.io.VirtualHostReport.Error + 21, // 21: gloo.solo.io.VirtualHostReport.route_reports:type_name -> gloo.solo.io.RouteReport + 31, // 22: gloo.solo.io.RouteReport.errors:type_name -> gloo.solo.io.RouteReport.Error + 32, // 23: gloo.solo.io.RouteReport.warnings:type_name -> gloo.solo.io.RouteReport.Warning + 33, // 24: gloo.solo.io.TcpListenerReport.errors:type_name -> gloo.solo.io.TcpListenerReport.Error + 23, // 25: gloo.solo.io.TcpListenerReport.tcp_host_reports:type_name -> gloo.solo.io.TcpHostReport + 34, // 26: gloo.solo.io.TcpHostReport.errors:type_name -> gloo.solo.io.TcpHostReport.Error + 35, // 27: gloo.solo.io.TcpHostReport.warnings:type_name -> gloo.solo.io.TcpHostReport.Warning + 36, // 28: gloo.solo.io.HybridListenerReport.matched_listener_reports:type_name -> gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry + 19, // 29: gloo.solo.io.MatchedListenerReport.http_listener_report:type_name -> gloo.solo.io.HttpListenerReport + 22, // 30: gloo.solo.io.MatchedListenerReport.tcp_listener_report:type_name -> gloo.solo.io.TcpListenerReport + 37, // 31: gloo.solo.io.AggregateListenerReport.http_listener_reports:type_name -> gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry + 38, // 32: gloo.solo.io.AggregateListenerReport.tcp_listener_reports:type_name -> gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry + 0, // 33: gloo.solo.io.ListenerReport.Error.type:type_name -> gloo.solo.io.ListenerReport.Error.Type + 1, // 34: gloo.solo.io.ListenerReport.Warning.type:type_name -> gloo.solo.io.ListenerReport.Warning.Type + 2, // 35: gloo.solo.io.HttpListenerReport.Error.type:type_name -> gloo.solo.io.HttpListenerReport.Error.Type + 3, // 36: gloo.solo.io.VirtualHostReport.Error.type:type_name -> gloo.solo.io.VirtualHostReport.Error.Type + 4, // 37: gloo.solo.io.RouteReport.Error.type:type_name -> gloo.solo.io.RouteReport.Error.Type + 5, // 38: gloo.solo.io.RouteReport.Warning.type:type_name -> gloo.solo.io.RouteReport.Warning.Type + 6, // 39: gloo.solo.io.TcpListenerReport.Error.type:type_name -> gloo.solo.io.TcpListenerReport.Error.Type + 7, // 40: gloo.solo.io.TcpHostReport.Error.type:type_name -> gloo.solo.io.TcpHostReport.Error.Type + 8, // 41: gloo.solo.io.TcpHostReport.Warning.type:type_name -> gloo.solo.io.TcpHostReport.Warning.Type + 25, // 42: gloo.solo.io.HybridListenerReport.MatchedListenerReportsEntry.value:type_name -> gloo.solo.io.MatchedListenerReport + 19, // 43: gloo.solo.io.AggregateListenerReport.HttpListenerReportsEntry.value:type_name -> gloo.solo.io.HttpListenerReport + 22, // 44: gloo.solo.io.AggregateListenerReport.TcpListenerReportsEntry.value:type_name -> gloo.solo.io.TcpListenerReport + 15, // 45: gloo.solo.io.GlooValidationService.NotifyOnResync:input_type -> gloo.solo.io.NotifyOnResyncRequest + 9, // 46: gloo.solo.io.GlooValidationService.Validate:input_type -> gloo.solo.io.GlooValidationServiceRequest + 16, // 47: gloo.solo.io.GlooValidationService.NotifyOnResync:output_type -> gloo.solo.io.NotifyOnResyncResponse + 10, // 48: gloo.solo.io.GlooValidationService.Validate:output_type -> gloo.solo.io.GlooValidationServiceResponse + 47, // [47:49] is the sub-list for method output_type + 45, // [45:47] is the sub-list for method input_type + 45, // [45:45] is the sub-list for extension type_name + 45, // [45:45] is the sub-list for extension extendee + 0, // [0:45] is the sub-list for field type_name } func init() { @@ -2656,7 +2782,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[19].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*HttpListenerReport_Error); i { + switch v := v.(*ListenerReport_Warning); i { case 0: return &v.state case 1: @@ -2668,7 +2794,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[20].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*VirtualHostReport_Error); i { + switch v := v.(*HttpListenerReport_Error); i { case 0: return &v.state case 1: @@ -2680,7 +2806,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[21].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RouteReport_Error); i { + switch v := v.(*VirtualHostReport_Error); i { case 0: return &v.state case 1: @@ -2692,7 +2818,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[22].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*RouteReport_Warning); i { + switch v := v.(*RouteReport_Error); i { case 0: return &v.state case 1: @@ -2704,7 +2830,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[23].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TcpListenerReport_Error); i { + switch v := v.(*RouteReport_Warning); i { case 0: return &v.state case 1: @@ -2716,7 +2842,7 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[24].Exporter = func(v interface{}, i int) interface{} { - switch v := v.(*TcpHostReport_Error); i { + switch v := v.(*TcpListenerReport_Error); i { case 0: return &v.state case 1: @@ -2728,6 +2854,18 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat } } file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[25].Exporter = func(v interface{}, i int) interface{} { + switch v := v.(*TcpHostReport_Error); i { + case 0: + return &v.state + case 1: + return &v.sizeCache + case 2: + return &v.unknownFields + default: + return nil + } + } + file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_msgTypes[26].Exporter = func(v interface{}, i int) interface{} { switch v := v.(*TcpHostReport_Warning); i { case 0: return &v.state @@ -2759,8 +2897,8 @@ func file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validat File: protoimpl.DescBuilder{ GoPackagePath: reflect.TypeOf(x{}).PkgPath(), RawDescriptor: file_github_com_solo_io_gloo_projects_gloo_api_grpc_validation_gloo_validation_proto_rawDesc, - NumEnums: 8, - NumMessages: 29, + NumEnums: 9, + NumMessages: 30, NumExtensions: 0, NumServices: 1, }, diff --git a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.hash.go b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.hash.go index 541af861f67..d11991319f5 100644 --- a/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.hash.go +++ b/projects/gloo/pkg/api/grpc/validation/gloo_validation.pb.hash.go @@ -494,6 +494,30 @@ func (m *ListenerReport) Hash(hasher hash.Hash64) (uint64, error) { } + for _, v := range m.GetWarnings() { + + if h, ok := interface{}(v).(safe_hasher.SafeHasher); ok { + if _, err = hasher.Write([]byte("")); err != nil { + return 0, err + } + if _, err = h.Hash(hasher); err != nil { + return 0, err + } + } else { + if fieldValue, err := hashstructure.Hash(v, nil); err != nil { + return 0, err + } else { + if _, err = hasher.Write([]byte("")); err != nil { + return 0, err + } + if err := binary.Write(hasher, binary.LittleEndian, fieldValue); err != nil { + return 0, err + } + } + } + + } + switch m.ListenerTypeReport.(type) { case *ListenerReport_HttpListenerReport: @@ -1147,6 +1171,31 @@ func (m *ListenerReport_Error) Hash(hasher hash.Hash64) (uint64, error) { return hasher.Sum64(), nil } +// Hash function +func (m *ListenerReport_Warning) Hash(hasher hash.Hash64) (uint64, error) { + if m == nil { + return 0, nil + } + if hasher == nil { + hasher = fnv.New64() + } + var err error + if _, err = hasher.Write([]byte("gloo.solo.io.github.com/solo-io/gloo/projects/gloo/pkg/api/grpc/validation.ListenerReport_Warning")); err != nil { + return 0, err + } + + err = binary.Write(hasher, binary.LittleEndian, m.GetType()) + if err != nil { + return 0, err + } + + if _, err = hasher.Write([]byte(m.GetReason())); err != nil { + return 0, err + } + + return hasher.Sum64(), nil +} + // Hash function func (m *HttpListenerReport_Error) Hash(hasher hash.Hash64) (uint64, error) { if m == nil { diff --git a/projects/gloo/pkg/api/v1/settings.pb.clone.go b/projects/gloo/pkg/api/v1/settings.pb.clone.go index dbc9c43150a..ae76d0bbf44 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.clone.go +++ b/projects/gloo/pkg/api/v1/settings.pb.clone.go @@ -1231,6 +1231,12 @@ func (m *GatewayOptions_ValidationOptions) Clone() proto.Message { target.ServerEnabled = proto.Clone(m.GetServerEnabled()).(*github_com_golang_protobuf_ptypes_wrappers.BoolValue) } + if h, ok := interface{}(m.GetWarnMissingTlsSecret()).(clone.Cloner); ok { + target.WarnMissingTlsSecret = h.Clone().(*github_com_golang_protobuf_ptypes_wrappers.BoolValue) + } else { + target.WarnMissingTlsSecret = proto.Clone(m.GetWarnMissingTlsSecret()).(*github_com_golang_protobuf_ptypes_wrappers.BoolValue) + } + return target } diff --git a/projects/gloo/pkg/api/v1/settings.pb.equal.go b/projects/gloo/pkg/api/v1/settings.pb.equal.go index f8e36e297d8..8d758346f9e 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.equal.go +++ b/projects/gloo/pkg/api/v1/settings.pb.equal.go @@ -2135,6 +2135,16 @@ func (m *GatewayOptions_ValidationOptions) Equal(that interface{}) bool { } } + if h, ok := interface{}(m.GetWarnMissingTlsSecret()).(equality.Equalizer); ok { + if !h.Equal(target.GetWarnMissingTlsSecret()) { + return false + } + } else { + if !proto.Equal(m.GetWarnMissingTlsSecret(), target.GetWarnMissingTlsSecret()) { + return false + } + } + return true } diff --git a/projects/gloo/pkg/api/v1/settings.pb.go b/projects/gloo/pkg/api/v1/settings.pb.go index ae5bcd152dc..7f8a8f0825f 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.go +++ b/projects/gloo/pkg/api/v1/settings.pb.go @@ -3162,6 +3162,10 @@ type GatewayOptions_ValidationOptions struct { // // If not included, the validation server will be enabled. ServerEnabled *wrappers.BoolValue `protobuf:"bytes,12,opt,name=server_enabled,json=serverEnabled,proto3" json:"server_enabled,omitempty"` + // Allows configuring validation to report a missing TLS secret referenced by a SslConfig or UpstreamSslConfig + // as a warning instead of an error. This will allow for eventually consistent workloads, but will also permit + // the accidental deletion of secrets being referenced, which would cause disruption in traffic. + WarnMissingTlsSecret *wrappers.BoolValue `protobuf:"bytes,13,opt,name=warn_missing_tls_secret,json=warnMissingTlsSecret,proto3" json:"warn_missing_tls_secret,omitempty"` } func (x *GatewayOptions_ValidationOptions) Reset() { @@ -3269,6 +3273,13 @@ func (x *GatewayOptions_ValidationOptions) GetServerEnabled() *wrappers.BoolValu return nil } +func (x *GatewayOptions_ValidationOptions) GetWarnMissingTlsSecret() *wrappers.BoolValue { + if x != nil { + return x.WarnMissingTlsSecret + } + return nil +} + type GraphqlOptions_SchemaChangeValidationOptions struct { state protoimpl.MessageState sizeCache protoimpl.SizeCache @@ -3995,7 +4006,7 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_rawDesc = [ 0x79, 0x5f, 0x74, 0x6c, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x09, 0x6f, 0x6e, 0x65, 0x57, 0x61, 0x79, 0x54, - 0x6c, 0x73, 0x22, 0xbc, 0x0c, 0x0a, 0x0e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4f, 0x70, + 0x6c, 0x73, 0x22, 0x8f, 0x0d, 0x0a, 0x0e, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x34, 0x0a, 0x16, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x01, 0x20, 0x01, 0x28, 0x09, 0x52, 0x14, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, @@ -4045,7 +4056,7 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_rawDesc = [ 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x16, 0x74, 0x72, 0x61, 0x6e, 0x73, 0x6c, 0x61, 0x74, 0x65, 0x45, 0x6d, 0x70, 0x74, 0x79, 0x47, 0x61, 0x74, 0x65, 0x77, 0x61, 0x79, 0x73, 0x1a, - 0x9f, 0x06, 0x0a, 0x11, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, + 0xf2, 0x06, 0x0a, 0x11, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x3f, 0x0a, 0x1c, 0x70, 0x72, 0x6f, 0x78, 0x79, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x73, 0x65, 0x72, 0x76, 0x65, 0x72, 0x5f, 0x61, 0x64, 0x64, 0x72, 0x18, 0x02, 0x20, 0x01, 0x28, 0x09, 0x52, 0x19, 0x70, 0x72, 0x6f, @@ -4094,57 +4105,63 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_rawDesc = [ 0x65, 0x72, 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x0c, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x0d, 0x73, 0x65, - 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x4a, 0x04, 0x08, 0x0a, 0x10, - 0x0b, 0x22, 0x97, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, 0x4f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, 0x6f, 0x6e, 0x6c, - 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, 0x12, 0x4c, 0x0a, - 0x14, 0x61, 0x70, 0x69, 0x5f, 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x5f, 0x65, 0x6e, - 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, - 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, - 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x61, 0x70, 0x69, 0x45, 0x78, 0x70, 0x6c, - 0x6f, 0x72, 0x65, 0x72, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0xba, 0x04, 0x0a, 0x0e, - 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x83, - 0x01, 0x0a, 0x20, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, - 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, 0x70, 0x74, 0x69, - 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, - 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, - 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, - 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, - 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1d, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, - 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, - 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0xa1, 0x03, 0x0a, 0x1d, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, - 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, - 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x52, 0x0a, 0x17, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, - 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x61, 0x6e, 0x67, 0x65, - 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, - 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, - 0x6c, 0x75, 0x65, 0x52, 0x15, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x42, 0x72, 0x65, 0x61, 0x6b, - 0x69, 0x6e, 0x67, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x74, 0x0a, 0x10, 0x70, 0x72, - 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6c, 0x65, 0x73, 0x18, 0x02, - 0x20, 0x03, 0x28, 0x0e, 0x32, 0x49, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, - 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, - 0x6e, 0x73, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, - 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, - 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x52, - 0x0f, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x73, - 0x22, 0xb5, 0x01, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, - 0x75, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x55, 0x4e, 0x53, 0x50, - 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, 0x52, 0x55, 0x4c, - 0x45, 0x5f, 0x44, 0x41, 0x4e, 0x47, 0x45, 0x52, 0x4f, 0x55, 0x53, 0x5f, 0x54, 0x4f, 0x5f, 0x42, - 0x52, 0x45, 0x41, 0x4b, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x2b, 0x0a, 0x27, 0x52, 0x55, 0x4c, - 0x45, 0x5f, 0x44, 0x45, 0x50, 0x52, 0x45, 0x43, 0x41, 0x54, 0x45, 0x44, 0x5f, 0x46, 0x49, 0x45, - 0x4c, 0x44, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x56, 0x41, 0x4c, 0x5f, 0x44, 0x41, 0x4e, 0x47, 0x45, - 0x52, 0x4f, 0x55, 0x53, 0x10, 0x02, 0x12, 0x23, 0x0a, 0x1f, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x49, - 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x53, 0x43, 0x52, 0x49, 0x50, 0x54, 0x49, 0x4f, - 0x4e, 0x5f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, 0x53, 0x10, 0x03, 0x12, 0x1b, 0x0a, 0x17, 0x52, - 0x55, 0x4c, 0x45, 0x5f, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x5f, 0x55, 0x4e, 0x52, 0x45, 0x41, - 0x43, 0x48, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x04, 0x42, 0x3e, 0xb8, 0xf5, 0x04, 0x01, 0xc0, 0xf5, - 0x04, 0x01, 0xd0, 0xf5, 0x04, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, 0x62, 0x2e, 0x63, - 0x6f, 0x6d, 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, - 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, 0x2f, 0x70, 0x6b, - 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x33, + 0x72, 0x76, 0x65, 0x72, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x12, 0x51, 0x0a, 0x17, 0x77, + 0x61, 0x72, 0x6e, 0x5f, 0x6d, 0x69, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x74, 0x6c, 0x73, 0x5f, + 0x73, 0x65, 0x63, 0x72, 0x65, 0x74, 0x18, 0x0d, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, + 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, + 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x14, 0x77, 0x61, 0x72, 0x6e, 0x4d, 0x69, + 0x73, 0x73, 0x69, 0x6e, 0x67, 0x54, 0x6c, 0x73, 0x53, 0x65, 0x63, 0x72, 0x65, 0x74, 0x4a, 0x04, + 0x08, 0x0a, 0x10, 0x0b, 0x22, 0x97, 0x01, 0x0a, 0x0e, 0x43, 0x6f, 0x6e, 0x73, 0x6f, 0x6c, 0x65, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x37, 0x0a, 0x09, 0x72, 0x65, 0x61, 0x64, 0x5f, + 0x6f, 0x6e, 0x6c, 0x79, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, + 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x08, 0x72, 0x65, 0x61, 0x64, 0x4f, 0x6e, 0x6c, 0x79, + 0x12, 0x4c, 0x0a, 0x14, 0x61, 0x70, 0x69, 0x5f, 0x65, 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, + 0x5f, 0x65, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x18, 0x02, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, + 0x2e, 0x67, 0x6f, 0x6f, 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, + 0x2e, 0x42, 0x6f, 0x6f, 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x12, 0x61, 0x70, 0x69, 0x45, + 0x78, 0x70, 0x6c, 0x6f, 0x72, 0x65, 0x72, 0x45, 0x6e, 0x61, 0x62, 0x6c, 0x65, 0x64, 0x22, 0xba, + 0x04, 0x0a, 0x0e, 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, + 0x73, 0x12, 0x83, 0x01, 0x0a, 0x20, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x5f, 0x63, 0x68, 0x61, + 0x6e, 0x67, 0x65, 0x5f, 0x76, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x5f, 0x6f, + 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x3a, 0x2e, 0x67, + 0x6c, 0x6f, 0x6f, 0x2e, 0x73, 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x72, 0x61, 0x70, + 0x68, 0x71, 0x6c, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, + 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, + 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x52, 0x1d, 0x73, 0x63, 0x68, 0x65, 0x6d, 0x61, + 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, + 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x1a, 0xa1, 0x03, 0x0a, 0x1d, 0x53, 0x63, 0x68, 0x65, + 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, + 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x12, 0x52, 0x0a, 0x17, 0x72, 0x65, 0x6a, + 0x65, 0x63, 0x74, 0x5f, 0x62, 0x72, 0x65, 0x61, 0x6b, 0x69, 0x6e, 0x67, 0x5f, 0x63, 0x68, 0x61, + 0x6e, 0x67, 0x65, 0x73, 0x18, 0x01, 0x20, 0x01, 0x28, 0x0b, 0x32, 0x1a, 0x2e, 0x67, 0x6f, 0x6f, + 0x67, 0x6c, 0x65, 0x2e, 0x70, 0x72, 0x6f, 0x74, 0x6f, 0x62, 0x75, 0x66, 0x2e, 0x42, 0x6f, 0x6f, + 0x6c, 0x56, 0x61, 0x6c, 0x75, 0x65, 0x52, 0x15, 0x72, 0x65, 0x6a, 0x65, 0x63, 0x74, 0x42, 0x72, + 0x65, 0x61, 0x6b, 0x69, 0x6e, 0x67, 0x43, 0x68, 0x61, 0x6e, 0x67, 0x65, 0x73, 0x12, 0x74, 0x0a, + 0x10, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x5f, 0x72, 0x75, 0x6c, 0x65, + 0x73, 0x18, 0x02, 0x20, 0x03, 0x28, 0x0e, 0x32, 0x49, 0x2e, 0x67, 0x6c, 0x6f, 0x6f, 0x2e, 0x73, + 0x6f, 0x6c, 0x6f, 0x2e, 0x69, 0x6f, 0x2e, 0x47, 0x72, 0x61, 0x70, 0x68, 0x71, 0x6c, 0x4f, 0x70, + 0x74, 0x69, 0x6f, 0x6e, 0x73, 0x2e, 0x53, 0x63, 0x68, 0x65, 0x6d, 0x61, 0x43, 0x68, 0x61, 0x6e, + 0x67, 0x65, 0x56, 0x61, 0x6c, 0x69, 0x64, 0x61, 0x74, 0x69, 0x6f, 0x6e, 0x4f, 0x70, 0x74, 0x69, + 0x6f, 0x6e, 0x73, 0x2e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x75, + 0x6c, 0x65, 0x52, 0x0f, 0x70, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, 0x6e, 0x67, 0x52, 0x75, + 0x6c, 0x65, 0x73, 0x22, 0xb5, 0x01, 0x0a, 0x0e, 0x50, 0x72, 0x6f, 0x63, 0x65, 0x73, 0x73, 0x69, + 0x6e, 0x67, 0x52, 0x75, 0x6c, 0x65, 0x12, 0x14, 0x0a, 0x10, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x55, + 0x4e, 0x53, 0x50, 0x45, 0x43, 0x49, 0x46, 0x49, 0x45, 0x44, 0x10, 0x00, 0x12, 0x1e, 0x0a, 0x1a, + 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x44, 0x41, 0x4e, 0x47, 0x45, 0x52, 0x4f, 0x55, 0x53, 0x5f, 0x54, + 0x4f, 0x5f, 0x42, 0x52, 0x45, 0x41, 0x4b, 0x49, 0x4e, 0x47, 0x10, 0x01, 0x12, 0x2b, 0x0a, 0x27, + 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x44, 0x45, 0x50, 0x52, 0x45, 0x43, 0x41, 0x54, 0x45, 0x44, 0x5f, + 0x46, 0x49, 0x45, 0x4c, 0x44, 0x5f, 0x52, 0x45, 0x4d, 0x4f, 0x56, 0x41, 0x4c, 0x5f, 0x44, 0x41, + 0x4e, 0x47, 0x45, 0x52, 0x4f, 0x55, 0x53, 0x10, 0x02, 0x12, 0x23, 0x0a, 0x1f, 0x52, 0x55, 0x4c, + 0x45, 0x5f, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x5f, 0x44, 0x45, 0x53, 0x43, 0x52, 0x49, 0x50, + 0x54, 0x49, 0x4f, 0x4e, 0x5f, 0x43, 0x48, 0x41, 0x4e, 0x47, 0x45, 0x53, 0x10, 0x03, 0x12, 0x1b, + 0x0a, 0x17, 0x52, 0x55, 0x4c, 0x45, 0x5f, 0x49, 0x47, 0x4e, 0x4f, 0x52, 0x45, 0x5f, 0x55, 0x4e, + 0x52, 0x45, 0x41, 0x43, 0x48, 0x41, 0x42, 0x4c, 0x45, 0x10, 0x04, 0x42, 0x3e, 0xb8, 0xf5, 0x04, + 0x01, 0xc0, 0xf5, 0x04, 0x01, 0xd0, 0xf5, 0x04, 0x01, 0x5a, 0x30, 0x67, 0x69, 0x74, 0x68, 0x75, + 0x62, 0x2e, 0x63, 0x6f, 0x6d, 0x2f, 0x73, 0x6f, 0x6c, 0x6f, 0x2d, 0x69, 0x6f, 0x2f, 0x67, 0x6c, + 0x6f, 0x6f, 0x2f, 0x70, 0x72, 0x6f, 0x6a, 0x65, 0x63, 0x74, 0x73, 0x2f, 0x67, 0x6c, 0x6f, 0x6f, + 0x2f, 0x70, 0x6b, 0x67, 0x2f, 0x61, 0x70, 0x69, 0x2f, 0x76, 0x31, 0x62, 0x06, 0x70, 0x72, 0x6f, + 0x74, 0x6f, 0x33, } var ( @@ -4315,13 +4332,14 @@ var file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_depIdxs = [ 51, // 90: gloo.solo.io.GatewayOptions.ValidationOptions.disable_transformation_validation:type_name -> google.protobuf.BoolValue 57, // 91: gloo.solo.io.GatewayOptions.ValidationOptions.validation_server_grpc_max_size_bytes:type_name -> google.protobuf.Int32Value 51, // 92: gloo.solo.io.GatewayOptions.ValidationOptions.server_enabled:type_name -> google.protobuf.BoolValue - 51, // 93: gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.reject_breaking_changes:type_name -> google.protobuf.BoolValue - 1, // 94: gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.processing_rules:type_name -> gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.ProcessingRule - 95, // [95:95] is the sub-list for method output_type - 95, // [95:95] is the sub-list for method input_type - 95, // [95:95] is the sub-list for extension type_name - 95, // [95:95] is the sub-list for extension extendee - 0, // [0:95] is the sub-list for field type_name + 51, // 93: gloo.solo.io.GatewayOptions.ValidationOptions.warn_missing_tls_secret:type_name -> google.protobuf.BoolValue + 51, // 94: gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.reject_breaking_changes:type_name -> google.protobuf.BoolValue + 1, // 95: gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.processing_rules:type_name -> gloo.solo.io.GraphqlOptions.SchemaChangeValidationOptions.ProcessingRule + 96, // [96:96] is the sub-list for method output_type + 96, // [96:96] is the sub-list for method input_type + 96, // [96:96] is the sub-list for extension type_name + 96, // [96:96] is the sub-list for extension extendee + 0, // [0:96] is the sub-list for field type_name } func init() { file_github_com_solo_io_gloo_projects_gloo_api_v1_settings_proto_init() } diff --git a/projects/gloo/pkg/api/v1/settings.pb.hash.go b/projects/gloo/pkg/api/v1/settings.pb.hash.go index b4a80c45b89..5ce1c6fbc2f 100644 --- a/projects/gloo/pkg/api/v1/settings.pb.hash.go +++ b/projects/gloo/pkg/api/v1/settings.pb.hash.go @@ -2705,6 +2705,26 @@ func (m *GatewayOptions_ValidationOptions) Hash(hasher hash.Hash64) (uint64, err } } + if h, ok := interface{}(m.GetWarnMissingTlsSecret()).(safe_hasher.SafeHasher); ok { + if _, err = hasher.Write([]byte("WarnMissingTlsSecret")); err != nil { + return 0, err + } + if _, err = h.Hash(hasher); err != nil { + return 0, err + } + } else { + if fieldValue, err := hashstructure.Hash(m.GetWarnMissingTlsSecret(), nil); err != nil { + return 0, err + } else { + if _, err = hasher.Write([]byte("WarnMissingTlsSecret")); err != nil { + return 0, err + } + if err := binary.Write(hasher, binary.LittleEndian, fieldValue); err != nil { + return 0, err + } + } + } + return hasher.Sum64(), nil } diff --git a/projects/gloo/pkg/translator/clusters.go b/projects/gloo/pkg/translator/clusters.go index 8751c02bc4a..c7640903d24 100644 --- a/projects/gloo/pkg/translator/clusters.go +++ b/projects/gloo/pkg/translator/clusters.go @@ -12,6 +12,7 @@ import ( _struct "github.com/golang/protobuf/ptypes/struct" "github.com/golang/protobuf/ptypes/wrappers" "github.com/rotisserie/eris" + errors "github.com/rotisserie/eris" "github.com/solo-io/gloo/pkg/utils/api_conversion" v1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" v1_options "github.com/solo-io/gloo/projects/gloo/pkg/api/v1/options" @@ -114,7 +115,14 @@ func (t *translatorInstance) initializeCluster( applyDefaultsToUpstreamSslConfig(sslConfig, t.settings.GetUpstreamOptions()) cfg, err := utils.NewSslConfigTranslator().ResolveUpstreamSslConfig(*secrets, sslConfig) if err != nil { - reports.AddError(upstream, err) + // if we are configured to warn on missing tls secret and we match that error, add a + // warning instead of error to the report. + if t.settings.GetGateway().GetValidation().GetWarnMissingTlsSecret().GetValue() && + errors.Is(err, utils.SslSecretNotFoundError) { + reports.AddWarning(upstream, err.Error()) + } else { + reports.AddError(upstream, err) + } } else { typedConfig, err := utils.MessageToAny(cfg) if err != nil { diff --git a/projects/gloo/pkg/translator/filter_chain.go b/projects/gloo/pkg/translator/filter_chain.go index 27514806e6c..a646c41bddb 100644 --- a/projects/gloo/pkg/translator/filter_chain.go +++ b/projects/gloo/pkg/translator/filter_chain.go @@ -5,6 +5,7 @@ import ( "fmt" "github.com/hashicorp/go-multierror" + errors "github.com/rotisserie/eris" "github.com/solo-io/go-utils/contextutils" v3 "github.com/solo-io/gloo/projects/gloo/pkg/api/external/envoy/config/core/v3" @@ -154,6 +155,7 @@ func (t *tcpFilterChainTranslator) ComputeFilterChains(params plugins.Params) [] // An httpFilterChainTranslator configures a single set of NetworkFilters // and then creates duplicate filter chains for each provided SslConfig. type httpFilterChainTranslator struct { + settings *v1.Settings parentReport *validationapi.ListenerReport networkFilterTranslator NetworkFilterTranslator sslConfigurations []*ssl.SslConfig @@ -227,7 +229,19 @@ func (h *httpFilterChainTranslator) createFilterChainsFromSslConfiguration( // get secrets downstreamTlsContext, err := h.sslConfigTranslator.ResolveDownstreamSslConfig(snap.Secrets, sslConfig) if err != nil { - validation.AppendListenerError(h.parentReport, validationapi.ListenerReport_Error_SSLConfigError, err.Error()) + // if we are configured to warn on missing tls secret and we match that error, add a + // warning instead of error to the report. + if h.settings.GetGateway().GetValidation().GetWarnMissingTlsSecret().GetValue() && + errors.Is(err, utils.SslSecretNotFoundError) { + // We add this as a warning to support eventual consistency with TLS Secret resources. In this way, + // the Proxy producing this will not be considered Rejected, and the HTTPS Listener will still operate + // as expected with a VirtualService in error. + validation.AppendListenerWarning(h.parentReport, validationapi.ListenerReport_Warning_SSLConfigWarning, err.Error()) + } else { + // If our error is any other than SslSecretNotFoundError, we assume it is due to a malformed secret or otherwise + // irreconcilable issue. + validation.AppendListenerError(h.parentReport, validationapi.ListenerReport_Error_SSLConfigError, err.Error()) + } continue } @@ -241,7 +255,9 @@ func (h *httpFilterChainTranslator) createFilterChainsFromSslConfiguration( continue } secureFilterChains = append(secureFilterChains, &plugins.ExtendedFilterChain{ - FilterChain: filterChain, TerminatingCipherSuites: sslConfig.GetParameters().GetCipherSuites()}) + FilterChain: filterChain, + TerminatingCipherSuites: sslConfig.GetParameters().GetCipherSuites(), + }) } return secureFilterChains } diff --git a/projects/gloo/pkg/translator/listener_subsystem.go b/projects/gloo/pkg/translator/listener_subsystem.go index 4e000c548ad..e99e1774cfb 100644 --- a/projects/gloo/pkg/translator/listener_subsystem.go +++ b/projects/gloo/pkg/translator/listener_subsystem.go @@ -23,15 +23,18 @@ import ( type ListenerSubsystemTranslatorFactory struct { pluginRegistry plugins.PluginRegistry sslConfigTranslator utils.SslConfigTranslator + settings *v1.Settings } func NewListenerSubsystemTranslatorFactory( pluginRegistry plugins.PluginRegistry, sslConfigTranslator utils.SslConfigTranslator, + settings *v1.Settings, ) *ListenerSubsystemTranslatorFactory { return &ListenerSubsystemTranslatorFactory{ pluginRegistry: pluginRegistry, sslConfigTranslator: sslConfigTranslator, + settings: settings, } } @@ -92,6 +95,7 @@ func (l *ListenerSubsystemTranslatorFactory) GetHttpListenerTranslators(ctx cont sslConfigurations: listener.GetSslConfigurations(), defaultSslConfig: nil, // not available for HttpGateway, HybridGateway only feature sourcePrefixRanges: nil, // not available for HttpGateway, HybridGateway only feature + settings: l.settings, } // This translator produces a single Listener @@ -210,6 +214,7 @@ func (l *ListenerSubsystemTranslatorFactory) GetHybridListenerTranslators(ctx co sslConfigurations: matchedListener.GetSslConfigurations(), defaultSslConfig: matcher.GetSslConfig(), // HybridGateway only feature sourcePrefixRanges: matcher.GetSourcePrefixRanges(), // HybridGateway only feature + settings: l.settings, } // This translator produces a single RouteConfiguration @@ -333,6 +338,7 @@ func (l *ListenerSubsystemTranslatorFactory) GetAggregateListenerTranslators(ctx sslConfigurations: []*ssl.SslConfig{httpFilterChain.GetMatcher().GetSslConfig()}, defaultSslConfig: nil, sourcePrefixRanges: httpFilterChain.GetMatcher().GetSourcePrefixRanges(), + settings: l.settings, } // This translator produces a single RouteConfiguration diff --git a/projects/gloo/pkg/translator/listener_subsystem_test.go b/projects/gloo/pkg/translator/listener_subsystem_test.go index 3430ec2a29a..2e9ba90adf7 100644 --- a/projects/gloo/pkg/translator/listener_subsystem_test.go +++ b/projects/gloo/pkg/translator/listener_subsystem_test.go @@ -7,6 +7,7 @@ import ( envoy_config_route_v3 "github.com/envoyproxy/go-control-plane/envoy/config/route/v3" envoy_http_connection_manager_v3 "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3" "github.com/golang/protobuf/ptypes/wrappers" + "google.golang.org/protobuf/types/known/wrapperspb" . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" @@ -53,11 +54,22 @@ var _ = Describe("Listener Subsystem", func() { cancel context.CancelFunc translatorFactory *translator.ListenerSubsystemTranslatorFactory + + settings *v1.Settings ) BeforeEach(func() { ctx, cancel = context.WithCancel(context.Background()) + settings = &v1.Settings{ + Gateway: &v1.GatewayOptions{ + Validation: &v1.GatewayOptions_ValidationOptions{ + // set this as it is the default setting initialized by helm + WarnMissingTlsSecret: &wrapperspb.BoolValue{Value: true}, + }, + }, + } + // Create a pluginRegistry with a minimal number of plugins // This test is not concerned with the functionality of individual plugins pluginRegistry := registry.NewPluginRegistry([]plugins.Plugin{ @@ -70,11 +82,11 @@ var _ = Describe("Listener Subsystem", func() { for _, p := range pluginRegistry.GetPlugins() { p.Init(plugins.InitParams{ Ctx: ctx, - Settings: &v1.Settings{}, + Settings: settings, }) } - translatorFactory = translator.NewListenerSubsystemTranslatorFactory(pluginRegistry, sslutils.NewSslConfigTranslator()) + translatorFactory = translator.NewListenerSubsystemTranslatorFactory(pluginRegistry, sslutils.NewSslConfigTranslator(), settings) }) AfterEach(func() { @@ -380,8 +392,19 @@ var _ = Describe("Listener Subsystem", func() { listenerReport) params := plugins.Params{ - Ctx: ctx, - Snapshot: &gloov1snap.ApiSnapshot{}, + Ctx: ctx, + Snapshot: &gloov1snap.ApiSnapshot{ + Secrets: []*v1.Secret{{ + Kind: &v1.Secret_Tls{ + // This is an invalid secret that will generate a listener error when referenced. + Tls: &v1.TlsSecret{}, + }, + Metadata: &core.Metadata{ + Name: "exists-but-invalid", + Namespace: defaults.GlooSystem, + }, + }}, + }, } _ = listenerTranslator.ComputeListener(params) _ = routeConfigurationTranslator.ComputeRouteConfiguration(params) @@ -409,7 +432,7 @@ var _ = Describe("Listener Subsystem", func() { SslConfig: &ssl.SslConfig{ SslSecrets: &ssl.SslConfig_SecretRef{ SecretRef: &core.ResourceRef{ - Name: "secret-that-is-not-in-snapshot", + Name: "exists-but-invalid", Namespace: defaults.GlooSystem, }, }, @@ -425,6 +448,41 @@ var _ = Describe("Listener Subsystem", func() { Expect(proxyErr.Error()).To(ContainSubstring(validation.ListenerReport_Error_SSLConfigError.String())) }, ), + Entry( + "ListenerWarning", + &v1.AggregateListener{ + HttpResources: &v1.AggregateListener_HttpResources{ + HttpOptions: map[string]*v1.HttpListenerOptions{ + "http-options-ref": { + HttpConnectionManagerSettings: &hcm.HttpConnectionManagerSettings{}, + }, + }, + VirtualHosts: map[string]*v1.VirtualHost{ + "vhost-ref": { + Name: "virtual-host", + }, + }, + }, + HttpFilterChains: []*v1.AggregateListener_HttpFilterChain{{ + Matcher: &v1.Matcher{ + SslConfig: &ssl.SslConfig{ + SslSecrets: &ssl.SslConfig_SecretRef{ + SecretRef: &core.ResourceRef{ + Name: "secret-that-is-not-in-snapshot", + Namespace: defaults.GlooSystem, + }, + }, + }, + }, + HttpOptionsRef: "http-options-ref", + VirtualHostRefs: []string{"vhost-ref"}, + }}, + }, + func(proxyReport *validation.ProxyReport) { + proxyErr := gloovalidation.GetProxyWarning(proxyReport) + Expect(proxyErr).To(ContainElement(ContainSubstring(validation.ListenerReport_Warning_SSLConfigWarning.String()))) + }, + ), Entry( "HttpListenerError", &v1.AggregateListener{ diff --git a/projects/gloo/pkg/translator/translator.go b/projects/gloo/pkg/translator/translator.go index 15a4fd698bc..c01a7c87320 100644 --- a/projects/gloo/pkg/translator/translator.go +++ b/projects/gloo/pkg/translator/translator.go @@ -71,7 +71,7 @@ func NewTranslatorWithHasher( pluginRegistry: pluginRegistry, settings: settings, hasher: hasher, - listenerTranslatorFactory: NewListenerSubsystemTranslatorFactory(pluginRegistry, sslConfigTranslator), + listenerTranslatorFactory: NewListenerSubsystemTranslatorFactory(pluginRegistry, sslConfigTranslator, settings), } } diff --git a/projects/gloo/pkg/translator/translator_test.go b/projects/gloo/pkg/translator/translator_test.go index 8bf8b5aaf67..5da2d4af2ee 100644 --- a/projects/gloo/pkg/translator/translator_test.go +++ b/projects/gloo/pkg/translator/translator_test.go @@ -111,7 +111,15 @@ var _ = Describe("Translator", func() { ctrl = gomock.NewController(T) cluster = nil - settings = &v1.Settings{} + settings = &v1.Settings{ + Gateway: &v1.GatewayOptions{ + Validation: &v1.GatewayOptions_ValidationOptions{ + // This is the default value, specifying false explicitly here as it + // is not default-on until 1.18 + WarnMissingTlsSecret: &wrapperspb.BoolValue{Value: false}, + }, + }, + } memoryClientFactory := &factory.MemoryResourceClientFactory{ Cache: memory.NewInMemoryResourceCache(), } @@ -2863,7 +2871,7 @@ var _ = Describe("Translator", func() { Expect(hcmTypedCfg.GetHttpFilters()).To(HaveLen(1)) // only the router filter should be configured }) - It("skips listeners with invalid downstream ssl config", func() { + It("skips listeners with missing downstream ssl config with error", func() { invalidSslSecretRef := &ssl.SslConfig_SecretRef{ SecretRef: &core.ResourceRef{ Name: "invalid", @@ -2881,6 +2889,29 @@ var _ = Describe("Translator", func() { Expect(errs.Validate().Error()).To(ContainSubstring("Listener Error: SSLConfigError. Reason: SSL secret not found: list did not find secret")) }) + When("WarnMissingTlsSecret=true", func() { + BeforeEach(func() { + settings.GetGateway().GetValidation().WarnMissingTlsSecret = &wrapperspb.BoolValue{Value: true} + }) + It("skips listeners with missing downstream ssl config with warning", func() { + invalidSslSecretRef := &ssl.SslConfig_SecretRef{ + SecretRef: &core.ResourceRef{ + Name: "invalid", + Namespace: "invalid", + }, + } + + proxyClone := proto.Clone(proxy).(*v1.Proxy) + proxyClone.GetListeners()[2].GetHybridListener().GetMatchedListeners()[1].SslConfigurations = []*ssl.SslConfig{{ + SslSecrets: invalidSslSecretRef, + }} + + _, errs, _ := translator.Translate(params, proxyClone) + Expect(errs.ValidateStrict()).To(HaveOccurred()) + Expect(errs.ValidateStrict().Error()).To(ContainSubstring("Listener Warning: SSLConfigWarning. Reason: SSL secret not found: list did not find secret")) + }) + }) + }) Context("Ssl - cluster", func() { diff --git a/projects/gloo/pkg/utils/ssl.go b/projects/gloo/pkg/utils/ssl.go index fde32cfe34b..aec292fa7c6 100644 --- a/projects/gloo/pkg/utils/ssl.go +++ b/projects/gloo/pkg/utils/ssl.go @@ -32,8 +32,11 @@ var ( return eris.Errorf("ocsp staple policy %v not a valid policy", p) } - SslSecretNotFoundError = func(err error) error { - return eris.Wrapf(err, "SSL secret not found") + // SslSecretNotFoundError is an exported error that wraps errors produced in validation + // indicating a missing secret reference. This can be compared against using errors.Is. + SslSecretNotFoundError = eris.New("SSL secret not found") + sslSecretNotFoundError = func(err error) error { + return eris.Wrapf(err, SslSecretNotFoundError.Error()) } NotTlsSecretError = func(ref *core.ResourceRef) error { @@ -404,7 +407,7 @@ func (s *sslConfigTranslator) ResolveCommonSslConfig(cs CertSource, secrets v1.S func getSslSecrets(ref core.ResourceRef, secrets v1.SecretList) (string, string, string, []byte, error) { secret, err := secrets.Find(ref.Strings()) if err != nil { - return "", "", "", nil, SslSecretNotFoundError(err) + return "", "", "", nil, sslSecretNotFoundError(err) } sslSecret, ok := secret.GetKind().(*v1.Secret_Tls) diff --git a/projects/gloo/pkg/utils/validation/proxy_validation.go b/projects/gloo/pkg/utils/validation/proxy_validation.go index f2defc9af1d..e53c954508c 100644 --- a/projects/gloo/pkg/utils/validation/proxy_validation.go +++ b/projects/gloo/pkg/utils/validation/proxy_validation.go @@ -185,22 +185,34 @@ func makeTcpHostReports(tcpHosts []*v1.TcpHost) []*validation.TcpHostReport { return tcpHostReports } -func mkErr(level, errType, reason string) error { +func formattedError(level, errType, reason string) error { return errors.Errorf("%v Error: %v. Reason: %v", level, errType, reason) } +func formattedWarning(level, errType, reason string) string { + return fmt.Sprintf("%v Warning: %v. Reason: %v", level, errType, reason) +} + func GetListenerErr(listener *validation.ListenerReport) []error { var errs []error for _, errReport := range listener.GetErrors() { - errs = append(errs, mkErr("Listener", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("Listener", errReport.GetType().String(), errReport.GetReason())) } return errs } +func GetListenerWarning(listener *validation.ListenerReport) []string { + var warnings []string + for _, warning := range listener.GetWarnings() { + warnings = append(warnings, formattedWarning("Listener", warning.GetType().String(), warning.GetReason())) + } + return warnings +} + func GetHttpListenerErr(httpListener *validation.HttpListenerReport) []error { var errs []error for _, errReport := range httpListener.GetErrors() { - errs = append(errs, mkErr("HttpListener", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("HttpListener", errReport.GetType().String(), errReport.GetReason())) } return errs } @@ -208,7 +220,7 @@ func GetHttpListenerErr(httpListener *validation.HttpListenerReport) []error { func GetVirtualHostErr(virtualHost *validation.VirtualHostReport) []error { var errs []error for _, errReport := range virtualHost.GetErrors() { - errs = append(errs, mkErr("VirtualHost", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("VirtualHost", errReport.GetType().String(), errReport.GetReason())) } return errs } @@ -224,12 +236,9 @@ func GetRouteErr(route *validation.RouteReport) []error { func GetRouteWarning(route *validation.RouteReport) []string { var warnings []string - appendWarning := func(level, errType, reason string) { - warnings = append(warnings, fmt.Sprintf("%v Warning: %v. Reason: %v", level, errType, reason)) - } for _, warning := range route.GetWarnings() { - appendWarning("Route", warning.GetType().String(), warning.GetReason()) + warnings = append(warnings, formattedWarning("Route", warning.GetType().String(), warning.GetReason())) } return warnings @@ -238,7 +247,7 @@ func GetRouteWarning(route *validation.RouteReport) []string { func GetTcpListenerErr(tcpListener *validation.TcpListenerReport) []error { var errs []error for _, errReport := range tcpListener.GetErrors() { - errs = append(errs, mkErr("TcpListener", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("TcpListener", errReport.GetType().String(), errReport.GetReason())) } return errs } @@ -246,7 +255,7 @@ func GetTcpListenerErr(tcpListener *validation.TcpListenerReport) []error { func GetTcpHostErr(tcpHost *validation.TcpHostReport) []error { var errs []error for _, errReport := range tcpHost.GetErrors() { - errs = append(errs, mkErr("TcpHost", errReport.GetType().String(), errReport.GetReason())) + errs = append(errs, formattedError("TcpHost", errReport.GetType().String(), errReport.GetReason())) } return errs } @@ -255,12 +264,9 @@ func GetTcpHostErr(tcpHost *validation.TcpHostReport) []error { // of strings func GetTcpHostWarning(tcpHost *validation.TcpHostReport) []string { var warnings []string - appendWarning := func(level, errType, reason string) { - warnings = append(warnings, fmt.Sprintf("%v Warning: %v. Reason: %v", level, errType, reason)) - } for _, warning := range tcpHost.GetWarnings() { - appendWarning("TcpHost", warning.GetType().String(), warning.GetReason()) + warnings = append(warnings, formattedWarning("TcpHost", warning.GetType().String(), warning.GetReason())) } return warnings @@ -346,12 +352,11 @@ func GetProxyWarning(proxyRpt *validation.ProxyReport) []string { var warnings []string for _, listenerReport := range proxyRpt.GetListenerReports() { + warnings = append(warnings, GetListenerWarning(listenerReport)...) vhostReports := utils.GetVhostReportsFromListenerReport(listenerReport) for _, vhReport := range vhostReports { for _, routeReport := range vhReport.GetRouteReports() { - if warns := GetRouteWarning(routeReport); len(warns) > 0 { - warnings = append(warnings, warns...) - } + warnings = append(warnings, GetRouteWarning(routeReport)...) } } for _, tcpHostReport := range utils.GetTcpHostReportsFromListenerReport(listenerReport) { @@ -370,6 +375,13 @@ func AppendListenerError(listenerReport *validation.ListenerReport, errType vali }) } +func AppendListenerWarning(listenerReport *validation.ListenerReport, errType validation.ListenerReport_Warning_Type, reason string) { + listenerReport.Warnings = append(listenerReport.GetWarnings(), &validation.ListenerReport_Warning{ + Type: errType, + Reason: reason, + }) +} + func AppendVirtualHostError(virtualHostReport *validation.VirtualHostReport, errType validation.VirtualHostReport_Error_Type, reason string) { virtualHostReport.Errors = append(virtualHostReport.GetErrors(), &validation.VirtualHostReport_Error{ Type: errType, diff --git a/test/helpers/certs.go b/test/helpers/certs.go index d31e62db412..b19d5912f20 100644 --- a/test/helpers/certs.go +++ b/test/helpers/certs.go @@ -26,6 +26,8 @@ import ( . "github.com/onsi/ginkgo/v2" . "github.com/onsi/gomega" + v1 "github.com/solo-io/gloo/projects/gloo/pkg/api/v1" + "github.com/solo-io/solo-kit/pkg/api/v1/resources/core" ) func publicKey(priv interface{}) interface{} { @@ -232,6 +234,21 @@ func GetKubeSecret(name, namespace string) *kubev1.Secret { } } +func GetTlsSecret(name, namespace string) *v1.Secret { + return &v1.Secret{ + Metadata: &core.Metadata{ + Namespace: namespace, + Name: name, + }, + Kind: &v1.Secret_Tls{ + Tls: &v1.TlsSecret{ + PrivateKey: PrivateKey(), + CertChain: Certificate(), + }, + }, + } +} + // GetCertificateFromString returns an x509 certificate from the certificate's string representation. func GetCertificateFromString(certificate string) *x509.Certificate { block, _ := pem.Decode([]byte(certificate)) diff --git a/test/kube2e/gateway/gateway_test.go b/test/kube2e/gateway/gateway_test.go index f6f8826a599..c7184941eb2 100644 --- a/test/kube2e/gateway/gateway_test.go +++ b/test/kube2e/gateway/gateway_test.go @@ -84,6 +84,8 @@ var _ = Describe("Kube2e: gateway", func() { // Therefore, before the tests start, we must attempt updates that should be rejected // They will only be rejected once a Proxy exists in the ApiSnapshot + // NOTE: The error used to check this behavior is a warning, meaning + // this function is ineffective when testing with allowWarnings=false placeholderUs := &gloov1.Upstream{ Metadata: &core.Metadata{ Name: "", @@ -2103,6 +2105,129 @@ spec: testValidation(tc.resourceYaml, tc.errorMatcher) } }) + Context("secret validation", func() { + const secretName = "tls-secret" + BeforeEach(func() { + tlsSecret := helpers.GetTlsSecret(secretName, testHelper.InstallNamespace) + glooResources.Secrets = gloov1.SecretList{tlsSecret} + + // Modify the VirtualService to include the created SslConfig + testRunnerVs.SslConfig = &ssl.SslConfig{ + SslSecrets: &ssl.SslConfig_SecretRef{ + SecretRef: &core.ResourceRef{ + Name: tlsSecret.GetMetadata().GetName(), + Namespace: tlsSecret.GetMetadata().GetNamespace(), + }, + }, + } + }) + When("warnMissingTlsSecret=true", Ordered, func() { + BeforeAll(func() { + kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { + settings.GetGateway().GetValidation().WarnMissingTlsSecret = &wrappers.BoolValue{Value: true} + }, testHelper.InstallNamespace) + }) + + AfterAll(func() { + kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { + settings.GetGateway().GetValidation().WarnMissingTlsSecret = &wrappers.BoolValue{Value: false} + }, testHelper.InstallNamespace) + }) + + It("should act as expected with secret validation", func() { + By("waiting for the modified VS to be accepted") + helpers.EventuallyResourceAccepted(func() (resources.InputResource, error) { + return resourceClientset.VirtualServiceClient().Read(testHelper.InstallNamespace, testRunnerVs.GetMetadata().GetName(), clients.ReadOpts{Ctx: ctx}) + }) + + // verifyGlooValidationWorks() + // The method ^ that uses to check the validation server doesn't work with + // allowWarnings=true + time.Sleep(time.Second * 10) + + By("successfully deleting a secret that is in use") + err := resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}) + + Expect(err).NotTo(HaveOccurred()) + }) + + It("can delete a secret that is not in use", func() { + tlsSecret := helpers.GetKubeSecret("tls-secret-2", testHelper.InstallNamespace) + tlsSecret, err := resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Create(ctx, tlsSecret, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + + err = resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, tlsSecret.GetName(), metav1.DeleteOptions{}) + Expect(err).NotTo(HaveOccurred()) + }) + }) + + // this is the default mode for this version + When("warnMissingTlsSecret=false", Ordered, func() { + BeforeAll(func() { + kube2e.UpdateSettings(ctx, func(settings *gloov1.Settings) { + settings.GetGateway().GetValidation().WarnMissingTlsSecret = &wrappers.BoolValue{Value: false} + }, testHelper.InstallNamespace) + }) + + AfterAll(func() { + // Our tests default to using warnMissingTlsSecret=false, so we just need to ensure we leave it that way + }) + + // There are times when the VirtualService + Proxy do not update Status with the error when deleting the referenced Secret, therefore the validation error doesn't occur. + // It isn't until later - either a few minutes and/or after forcing an update by updating the VS - that the error status appears. + // The reason is still unknown, so we retry on flakes in the meantime. + It("should act as expected with secret validation", func() { + By("waiting for the modified VS to be accepted") + helpers.EventuallyResourceAccepted(func() (resources.InputResource, error) { + return resourceClientset.VirtualServiceClient().Read(testHelper.InstallNamespace, testRunnerVs.GetMetadata().GetName(), clients.ReadOpts{Ctx: ctx}) + }) + + // verifyGlooValidationWorks() + // The method ^ that uses to check the validation server doesn't work with + // allowWarnings=true + time.Sleep(time.Second * 10) + + By("failing to delete a secret that is in use") + err := resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}) + + Expect(err).To(HaveOccurred()) + Expect(err).To(MatchError(ContainSubstring(utils.SslSecretNotFoundError.Error()))) + + By("successfully deleting a secret that is no longer in use") + // We patch the VirtualService to remove the ssl reference, allowing the Secret to be removed + err = helpers.PatchResource( + ctx, + &core.ResourceRef{ + Namespace: testHelper.InstallNamespace, + Name: testRunnerVs.GetMetadata().Name, + }, + func(resource resources.Resource) resources.Resource { + vs := resource.(*gatewayv1.VirtualService) + vs.SslConfig = nil + return vs + }, + resourceClientset.VirtualServiceClient().BaseClient()) + Expect(err).NotTo(HaveOccurred()) + helpers.EventuallyResourceAccepted(func() (resources.InputResource, error) { + return resourceClientset.VirtualServiceClient().Read(testHelper.InstallNamespace, testRunnerVs.GetMetadata().GetName(), clients.ReadOpts{Ctx: ctx}) + }) + + // Although these tests delete the secret handled by our SnapshotWriter, because we set `IgnoreNotFound` when deleting snapshot resources, this won't cause an issue. + Eventually(func() error { + return resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, secretName, metav1.DeleteOptions{}) + }).WithPolling(500 * time.Millisecond).WithTimeout(30 * time.Second).ShouldNot(HaveOccurred()) + }) + + It("can delete a secret that is not in use", func() { + tlsSecret := helpers.GetKubeSecret("tls-secret-2", testHelper.InstallNamespace) + tlsSecret, err := resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Create(ctx, tlsSecret, metav1.CreateOptions{}) + Expect(err).NotTo(HaveOccurred()) + + err = resourceClientset.KubeClients().CoreV1().Secrets(testHelper.InstallNamespace).Delete(ctx, tlsSecret.GetName(), metav1.DeleteOptions{}) + Expect(err).NotTo(HaveOccurred()) + }) + }) + }) })