From f60cc04e2640d8e0e3095a2c4c2a078c795b8b10 Mon Sep 17 00:00:00 2001 From: Shyunn <1147212064@qq.com> Date: Mon, 15 Apr 2024 09:36:02 +0800 Subject: [PATCH 1/4] fix: use ptr.To[uint32] intead of func()*uint32 (#3187) * fix: use pointer.Uint32 intead of func()*uint32 Signed-off-by: ShyunnY <1147212064@qq.com> * fix Signed-off-by: ShyunnY <1147212064@qq.com> --------- Signed-off-by: ShyunnY <1147212064@qq.com> --- .../kubernetes/ratelimit/resource_provider_test.go | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go index 52aec1fabed..03d794d0ed1 100644 --- a/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go +++ b/internal/infrastructure/kubernetes/ratelimit/resource_provider_test.go @@ -677,10 +677,7 @@ func TestDeployment(t *testing.T) { }, Telemetry: &egv1a1.RateLimitTelemetry{ Tracing: &egv1a1.RateLimitTracing{ - SamplingRate: func() *uint32 { - var samplingRate uint32 = 55 - return &samplingRate - }(), + SamplingRate: ptr.To[uint32](55), Provider: &egv1a1.RateLimitTracingProvider{ URL: "trace-collector.envoy-gateway-system.svc.cluster.local:4317", }, From 8f2e175de6ca0842f59be06ae37bbb6f196c69cd Mon Sep 17 00:00:00 2001 From: David Alger Date: Mon, 15 Apr 2024 00:51:19 -0500 Subject: [PATCH 2/4] api: gRPC Access Log Service (ALS) sink (#3078) * api: gRPC Access Log Service (ALS) logging sink Signed-off-by: David Alger * Make type mandatory and remove kubebuilder default for LogName Signed-off-by: David Alger * Add CEL validations Signed-off-by: David Alger * Cleanup Signed-off-by: David Alger * Fix missing type in validation Signed-off-by: David Alger * Pluralize backendRefs Signed-off-by: David Alger --------- Signed-off-by: David Alger Co-authored-by: zirain --- api/v1alpha1/accesslogging_types.go | 63 ++++- api/v1alpha1/zz_generated.deepcopy.go | 67 +++++ .../gateway.envoyproxy.io_envoyproxies.yaml | 145 +++++++++++ site/content/en/latest/api/extension_types.md | 54 ++++ test/cel-validation/envoyproxy_test.go | 237 ++++++++++++++++++ 5 files changed, 565 insertions(+), 1 deletion(-) diff --git a/api/v1alpha1/accesslogging_types.go b/api/v1alpha1/accesslogging_types.go index 4c62d230b45..e1311566eeb 100644 --- a/api/v1alpha1/accesslogging_types.go +++ b/api/v1alpha1/accesslogging_types.go @@ -60,6 +60,10 @@ type ProxyAccessLogFormat struct { type ProxyAccessLogSinkType string const ( + // ProxyAccessLogSinkTypeALS defines the gRPC Access Log Service (ALS) sink. + // The service must implement the Envoy gRPC Access Log Service streaming API: + // https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto + ProxyAccessLogSinkTypeALS ProxyAccessLogSinkType = "ALS" // ProxyAccessLogSinkTypeFile defines the file accesslog sink. ProxyAccessLogSinkTypeFile ProxyAccessLogSinkType = "File" // ProxyAccessLogSinkTypeOpenTelemetry defines the OpenTelemetry accesslog sink. @@ -71,13 +75,17 @@ const ( // ProxyAccessLogSink defines the sink of accesslog. // +union // +// +kubebuilder:validation:XValidation:rule="self.type == 'ALS' ? has(self.als) : !has(self.als)",message="If AccessLogSink type is ALS, als field needs to be set." // +kubebuilder:validation:XValidation:rule="self.type == 'File' ? has(self.file) : !has(self.file)",message="If AccessLogSink type is File, file field needs to be set." // +kubebuilder:validation:XValidation:rule="self.type == 'OpenTelemetry' ? has(self.openTelemetry) : !has(self.openTelemetry)",message="If AccessLogSink type is OpenTelemetry, openTelemetry field needs to be set." type ProxyAccessLogSink struct { // Type defines the type of accesslog sink. - // +kubebuilder:validation:Enum=File;OpenTelemetry + // +kubebuilder:validation:Enum=ALS;File;OpenTelemetry // +unionDiscriminator Type ProxyAccessLogSinkType `json:"type,omitempty"` + // ALS defines the gRPC Access Log Service (ALS) sink. + // +optional + ALS *ALSEnvoyProxyAccessLog `json:"als,omitempty"` // File defines the file accesslog sink. // +optional File *FileEnvoyProxyAccessLog `json:"file,omitempty"` @@ -86,6 +94,59 @@ type ProxyAccessLogSink struct { OpenTelemetry *OpenTelemetryEnvoyProxyAccessLog `json:"openTelemetry,omitempty"` } +type ALSEnvoyProxyAccessLogType string + +const ( + // ALSEnvoyProxyAccessLogTypeHTTP defines the HTTP access log type and will populate StreamAccessLogsMessage.http_logs. + ALSEnvoyProxyAccessLogTypeHTTP ALSEnvoyProxyAccessLogType = "HTTP" + // ALSEnvoyProxyAccessLogTypeTCP defines the TCP access log type and will populate StreamAccessLogsMessage.tcp_logs. + ALSEnvoyProxyAccessLogTypeTCP ALSEnvoyProxyAccessLogType = "TCP" +) + +// ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink. +// The service must implement the Envoy gRPC Access Log Service streaming API: +// https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto +// Access log format information is passed in the form of gRPC metadata when the +// stream is established. Specifically, the following metadata is passed: +// +// - `x-accesslog-text` - The access log format string when a Text format is used. +// - `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used. +// +// +kubebuilder:validation:XValidation:rule="self.type == 'HTTP' || !has(self.http)",message="The http field may only be set when type is HTTP." +type ALSEnvoyProxyAccessLog struct { + // BackendRefs references a Kubernetes object that represents the gRPC service to which + // the access logs will be sent. Currently only Service is supported. + // + // +kubebuilder:validation:MinItems=1 + // +kubebuilder:validation:MaxItems=1 + // +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="self.all(f, f.kind == 'Service')" + BackendRefs []BackendRef `json:"backendRefs"` + // LogName defines the friendly name of the access log to be returned in + // StreamAccessLogsMessage.Identifier. This allows the access log server + // to differentiate between different access logs coming from the same Envoy. + // +optional + // +kubebuilder:validation:MinLength=1 + LogName *string `json:"logName,omitempty"` + // Type defines the type of accesslog. Supported types are "HTTP" and "TCP". + // +kubebuilder:validation:Enum=HTTP;TCP + Type ALSEnvoyProxyAccessLogType `json:"type"` + // HTTP defines additional configuration specific to HTTP access logs. + // +optional + HTTP *ALSEnvoyProxyHTTPAccessLogConfig `json:"http,omitempty"` +} + +type ALSEnvoyProxyHTTPAccessLogConfig struct { + // RequestHeaders defines request headers to include in log entries sent to the access log service. + // +optional + RequestHeaders []string `json:"requestHeaders,omitempty"` + // ResponseHeaders defines response headers to include in log entries sent to the access log service. + // +optional + ResponseHeaders []string `json:"responseHeaders,omitempty"` + // ResponseTrailers defines response trailers to include in log entries sent to the access log service. + // +optional + ResponseTrailers []string `json:"responseTrailers,omitempty"` +} + type FileEnvoyProxyAccessLog struct { // Path defines the file path used to expose envoy access log(e.g. /dev/stdout). // +kubebuilder:validation:MinLength=1 diff --git a/api/v1alpha1/zz_generated.deepcopy.go b/api/v1alpha1/zz_generated.deepcopy.go index 71dcff84f36..1b0a97fa77a 100644 --- a/api/v1alpha1/zz_generated.deepcopy.go +++ b/api/v1alpha1/zz_generated.deepcopy.go @@ -19,6 +19,68 @@ import ( "sigs.k8s.io/gateway-api/apis/v1" ) +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ALSEnvoyProxyAccessLog) DeepCopyInto(out *ALSEnvoyProxyAccessLog) { + *out = *in + if in.BackendRefs != nil { + in, out := &in.BackendRefs, &out.BackendRefs + *out = make([]BackendRef, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } + if in.LogName != nil { + in, out := &in.LogName, &out.LogName + *out = new(string) + **out = **in + } + if in.HTTP != nil { + in, out := &in.HTTP, &out.HTTP + *out = new(ALSEnvoyProxyHTTPAccessLogConfig) + (*in).DeepCopyInto(*out) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ALSEnvoyProxyAccessLog. +func (in *ALSEnvoyProxyAccessLog) DeepCopy() *ALSEnvoyProxyAccessLog { + if in == nil { + return nil + } + out := new(ALSEnvoyProxyAccessLog) + in.DeepCopyInto(out) + return out +} + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *ALSEnvoyProxyHTTPAccessLogConfig) DeepCopyInto(out *ALSEnvoyProxyHTTPAccessLogConfig) { + *out = *in + if in.RequestHeaders != nil { + in, out := &in.RequestHeaders, &out.RequestHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ResponseHeaders != nil { + in, out := &in.ResponseHeaders, &out.ResponseHeaders + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.ResponseTrailers != nil { + in, out := &in.ResponseTrailers, &out.ResponseTrailers + *out = make([]string, len(*in)) + copy(*out, *in) + } +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ALSEnvoyProxyHTTPAccessLogConfig. +func (in *ALSEnvoyProxyHTTPAccessLogConfig) DeepCopy() *ALSEnvoyProxyHTTPAccessLogConfig { + if in == nil { + return nil + } + out := new(ALSEnvoyProxyHTTPAccessLogConfig) + in.DeepCopyInto(out) + return out +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ActiveHealthCheck) DeepCopyInto(out *ActiveHealthCheck) { *out = *in @@ -2911,6 +2973,11 @@ func (in *ProxyAccessLogSetting) DeepCopy() *ProxyAccessLogSetting { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *ProxyAccessLogSink) DeepCopyInto(out *ProxyAccessLogSink) { *out = *in + if in.ALS != nil { + in, out := &in.ALS, &out.ALS + *out = new(ALSEnvoyProxyAccessLog) + (*in).DeepCopyInto(*out) + } if in.File != nil { in, out := &in.File, &out.File *out = new(FileEnvoyProxyAccessLog) diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml index 0f5cf8f6bf5..76d96eccaea 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_envoyproxies.yaml @@ -5886,6 +5886,147 @@ spec: description: ProxyAccessLogSink defines the sink of accesslog. properties: + als: + description: ALS defines the gRPC Access Log Service + (ALS) sink. + properties: + backendRefs: + description: |- + BackendRefs references a Kubernetes object that represents the gRPC service to which + the access logs will be sent. Currently only Service is supported. + items: + description: BackendRef defines how an ObjectReference + that is specific to BackendRef. + properties: + group: + default: "" + description: |- + Group is the group of the referent. For example, "gateway.networking.k8s.io". + When unspecified or empty string, core API group is inferred. + maxLength: 253 + pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$ + type: string + kind: + default: Service + description: |- + Kind is the Kubernetes resource kind of the referent. For example + "Service". + + + Defaults to "Service" when not specified. + + + ExternalName services can refer to CNAME DNS records that may live + outside of the cluster and as such are difficult to reason about in + terms of conformance. They also may not be safe to forward to (see + CVE-2021-25740 for more information). Implementations SHOULD NOT + support ExternalName Services. + + + Support: Core (Services with a type other than ExternalName) + + + Support: Implementation-specific (Services with type ExternalName) + maxLength: 63 + minLength: 1 + pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$ + type: string + name: + description: Name is the name of the + referent. + maxLength: 253 + minLength: 1 + type: string + namespace: + description: |- + Namespace is the namespace of the backend. When unspecified, the local + namespace is inferred. + + + Note that when a namespace different than the local namespace is specified, + a ReferenceGrant object is required in the referent namespace to allow that + namespace's owner to accept the reference. See the ReferenceGrant + documentation for details. + + + Support: Core + maxLength: 63 + minLength: 1 + pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$ + type: string + port: + description: |- + Port specifies the destination port number to use for this resource. + Port is required when the referent is a Kubernetes Service. In this + case, the port number is the service port number, not the target port. + For other resources, destination port might be derived from the referent + resource or this field. + format: int32 + maximum: 65535 + minimum: 1 + type: integer + required: + - name + type: object + x-kubernetes-validations: + - message: Must have port for Service reference + rule: '(size(self.group) == 0 && self.kind + == ''Service'') ? has(self.port) : true' + maxItems: 1 + minItems: 1 + type: array + x-kubernetes-validations: + - message: BackendRefs only supports Service + kind. + rule: self.all(f, f.kind == 'Service') + http: + description: HTTP defines additional configuration + specific to HTTP access logs. + properties: + requestHeaders: + description: RequestHeaders defines request + headers to include in log entries sent + to the access log service. + items: + type: string + type: array + responseHeaders: + description: ResponseHeaders defines response + headers to include in log entries sent + to the access log service. + items: + type: string + type: array + responseTrailers: + description: ResponseTrailers defines + response trailers to include in log + entries sent to the access log service. + items: + type: string + type: array + type: object + logName: + description: |- + LogName defines the friendly name of the access log to be returned in + StreamAccessLogsMessage.Identifier. This allows the access log server + to differentiate between different access logs coming from the same Envoy. + minLength: 1 + type: string + type: + description: Type defines the type of accesslog. + Supported types are "HTTP" and "TCP". + enum: + - HTTP + - TCP + type: string + required: + - backendRefs + - type + type: object + x-kubernetes-validations: + - message: The http field may only be set when + type is HTTP. + rule: self.type == 'HTTP' || !has(self.http) file: description: File defines the file accesslog sink. properties: @@ -6016,11 +6157,15 @@ spec: description: Type defines the type of accesslog sink. enum: + - ALS - File - OpenTelemetry type: string type: object x-kubernetes-validations: + - message: If AccessLogSink type is ALS, als field + needs to be set. + rule: 'self.type == ''ALS'' ? has(self.als) : !has(self.als)' - message: If AccessLogSink type is File, file field needs to be set. rule: 'self.type == ''File'' ? has(self.file) : diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 43bdc15f8b4..8d64f7d9b42 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -40,6 +40,58 @@ _Appears in:_ +#### ALSEnvoyProxyAccessLog + + + +ALSEnvoyProxyAccessLog defines the gRPC Access Log Service (ALS) sink. +The service must implement the Envoy gRPC Access Log Service streaming API: +https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/accesslog/v3/als.proto +Access log format information is passed in the form of gRPC metadata when the +stream is established. Specifically, the following metadata is passed: + + +- `x-accesslog-text` - The access log format string when a Text format is used. +- `x-accesslog-attr` - JSON encoded key/value pairs when a JSON format is used. + +_Appears in:_ +- [ProxyAccessLogSink](#proxyaccesslogsink) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `backendRefs` | _[BackendRef](#backendref) array_ | true | BackendRefs references a Kubernetes object that represents the gRPC service to which
the access logs will be sent. Currently only Service is supported. | +| `logName` | _string_ | false | LogName defines the friendly name of the access log to be returned in
StreamAccessLogsMessage.Identifier. This allows the access log server
to differentiate between different access logs coming from the same Envoy. | +| `type` | _[ALSEnvoyProxyAccessLogType](#alsenvoyproxyaccesslogtype)_ | true | Type defines the type of accesslog. Supported types are "HTTP" and "TCP". | +| `http` | _[ALSEnvoyProxyHTTPAccessLogConfig](#alsenvoyproxyhttpaccesslogconfig)_ | false | HTTP defines additional configuration specific to HTTP access logs. | + + +#### ALSEnvoyProxyAccessLogType + +_Underlying type:_ _string_ + + + +_Appears in:_ +- [ALSEnvoyProxyAccessLog](#alsenvoyproxyaccesslog) + + + +#### ALSEnvoyProxyHTTPAccessLogConfig + + + + + +_Appears in:_ +- [ALSEnvoyProxyAccessLog](#alsenvoyproxyaccesslog) + +| Field | Type | Required | Description | +| --- | --- | --- | --- | +| `requestHeaders` | _string array_ | false | RequestHeaders defines request headers to include in log entries sent to the access log service. | +| `responseHeaders` | _string array_ | false | ResponseHeaders defines response headers to include in log entries sent to the access log service. | +| `responseTrailers` | _string array_ | false | ResponseTrailers defines response trailers to include in log entries sent to the access log service. | + + #### ActiveHealthCheck @@ -122,6 +174,7 @@ _Appears in:_ BackendRef defines how an ObjectReference that is specific to BackendRef. _Appears in:_ +- [ALSEnvoyProxyAccessLog](#alsenvoyproxyaccesslog) - [OpenTelemetryEnvoyProxyAccessLog](#opentelemetryenvoyproxyaccesslog) - [ProxyOpenTelemetrySink](#proxyopentelemetrysink) - [TracingProvider](#tracingprovider) @@ -2046,6 +2099,7 @@ _Appears in:_ | --- | --- | --- | --- | | `type` | _[ProxyAccessLogSinkType](#proxyaccesslogsinktype)_ | true | Type defines the type of accesslog sink. | +| `als` | _[ALSEnvoyProxyAccessLog](#alsenvoyproxyaccesslog)_ | false | ALS defines the gRPC Access Log Service (ALS) sink. | | `file` | _[FileEnvoyProxyAccessLog](#fileenvoyproxyaccesslog)_ | false | File defines the file accesslog sink. | | `openTelemetry` | _[OpenTelemetryEnvoyProxyAccessLog](#opentelemetryenvoyproxyaccesslog)_ | false | OpenTelemetry defines the OpenTelemetry accesslog sink. | diff --git a/test/cel-validation/envoyproxy_test.go b/test/cel-validation/envoyproxy_test.go index 344acdb69f9..3b2785f713d 100644 --- a/test/cel-validation/envoyproxy_test.go +++ b/test/cel-validation/envoyproxy_test.go @@ -321,6 +321,33 @@ func TestEnvoyProxyProvider(t *testing.T) { }, wantErrors: []string{"If AccessLogFormat type is JSON, json field needs to be set"}, }, + { + desc: "ProxyAccessLogSink-with-TypeALS-but-no-als", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Telemetry: &egv1a1.ProxyTelemetry{ + AccessLog: &egv1a1.ProxyAccessLog{ + Settings: []egv1a1.ProxyAccessLogSetting{ + { + Format: egv1a1.ProxyAccessLogFormat{ + Type: egv1a1.ProxyAccessLogFormatTypeJSON, + JSON: map[string]string{ + "foo": "bar", + }, + }, + Sinks: []egv1a1.ProxyAccessLogSink{ + { + Type: egv1a1.ProxyAccessLogSinkTypeALS, + }, + }, + }, + }, + }, + }, + } + }, + wantErrors: []string{"If AccessLogSink type is ALS, als field needs to be set"}, + }, { desc: "ProxyAccessLogSink-with-TypeFile-but-no-file", mutate: func(envoy *egv1a1.EnvoyProxy) { @@ -399,6 +426,216 @@ func TestEnvoyProxyProvider(t *testing.T) { }, wantErrors: []string{}, }, + { + desc: "accesslog-ALS", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Telemetry: &egv1a1.ProxyTelemetry{ + AccessLog: &egv1a1.ProxyAccessLog{ + Settings: []egv1a1.ProxyAccessLogSetting{ + { + Format: egv1a1.ProxyAccessLogFormat{ + Type: egv1a1.ProxyAccessLogFormatTypeJSON, + JSON: map[string]string{ + "attr1": "value1", + "attr2": "value2", + }, + }, + Sinks: []egv1a1.ProxyAccessLogSink{ + { + Type: egv1a1.ProxyAccessLogSinkTypeALS, + ALS: &egv1a1.ALSEnvoyProxyAccessLog{ + BackendRefs: []egv1a1.BackendRef{ + { + BackendObjectReference: gwapiv1.BackendObjectReference{ + Name: "fake-service", + Port: ptr.To(gwapiv1.PortNumber(9000)), + }, + }, + }, + Type: egv1a1.ALSEnvoyProxyAccessLogTypeHTTP, + }, + }, + }, + }, + }, + }, + }, + } + }, + }, + { + desc: "invalid-accesslog-ALS-type", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Telemetry: &egv1a1.ProxyTelemetry{ + AccessLog: &egv1a1.ProxyAccessLog{ + Settings: []egv1a1.ProxyAccessLogSetting{ + { + Format: egv1a1.ProxyAccessLogFormat{ + Type: "Text", + Text: ptr.To("[%START_TIME%]"), + }, + Sinks: []egv1a1.ProxyAccessLogSink{ + { + Type: egv1a1.ProxyAccessLogSinkTypeALS, + ALS: &egv1a1.ALSEnvoyProxyAccessLog{ + BackendRefs: []egv1a1.BackendRef{ + { + BackendObjectReference: gwapiv1.BackendObjectReference{ + Name: "fake-service", + Port: ptr.To(gwapiv1.PortNumber(9000)), + }, + }, + }, + Type: egv1a1.ALSEnvoyProxyAccessLogTypeTCP, + HTTP: &egv1a1.ALSEnvoyProxyHTTPAccessLogConfig{}, + }, + }, + }, + }, + }, + }, + }, + } + }, + wantErrors: []string{"The http field may only be set when type is HTTP."}, + }, + { + desc: "invalid-accesslog-ALS-backendrefs", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Telemetry: &egv1a1.ProxyTelemetry{ + AccessLog: &egv1a1.ProxyAccessLog{ + Settings: []egv1a1.ProxyAccessLogSetting{ + { + Format: egv1a1.ProxyAccessLogFormat{ + Type: "Text", + Text: ptr.To("[%START_TIME%]"), + }, + Sinks: []egv1a1.ProxyAccessLogSink{ + { + Type: egv1a1.ProxyAccessLogSinkTypeALS, + ALS: &egv1a1.ALSEnvoyProxyAccessLog{ + BackendRefs: []egv1a1.BackendRef{ + { + BackendObjectReference: gwapiv1.BackendObjectReference{ + Name: "fake-service", + Kind: ptr.To(gwapiv1.Kind("foo")), + }, + }, + }, + Type: egv1a1.ALSEnvoyProxyAccessLogTypeHTTP, + }, + }, + }, + }, + }, + }, + }, + } + }, + wantErrors: []string{"BackendRefs only supports Service Kind."}, + }, + { + desc: "invalid-accesslog-ALS-no-backendrefs", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Telemetry: &egv1a1.ProxyTelemetry{ + AccessLog: &egv1a1.ProxyAccessLog{ + Settings: []egv1a1.ProxyAccessLogSetting{ + { + Format: egv1a1.ProxyAccessLogFormat{ + Type: "Text", + Text: ptr.To("[%START_TIME%]"), + }, + Sinks: []egv1a1.ProxyAccessLogSink{ + { + Type: egv1a1.ProxyAccessLogSinkTypeALS, + ALS: &egv1a1.ALSEnvoyProxyAccessLog{ + Type: egv1a1.ALSEnvoyProxyAccessLogTypeHTTP, + }, + }, + }, + }, + }, + }, + }, + } + }, + wantErrors: []string{"Invalid value: \"null\""}, + }, + { + desc: "invalid-accesslog-ALS-empty-backendrefs", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Telemetry: &egv1a1.ProxyTelemetry{ + AccessLog: &egv1a1.ProxyAccessLog{ + Settings: []egv1a1.ProxyAccessLogSetting{ + { + Format: egv1a1.ProxyAccessLogFormat{ + Type: "Text", + Text: ptr.To("[%START_TIME%]"), + }, + Sinks: []egv1a1.ProxyAccessLogSink{ + { + Type: egv1a1.ProxyAccessLogSinkTypeALS, + ALS: &egv1a1.ALSEnvoyProxyAccessLog{ + BackendRefs: []egv1a1.BackendRef{}, + Type: egv1a1.ALSEnvoyProxyAccessLogTypeHTTP, + }, + }, + }, + }, + }, + }, + }, + } + }, + wantErrors: []string{"should have at least 1 items"}, + }, + { + desc: "invalid-accesslog-ALS-multi-backendrefs", + mutate: func(envoy *egv1a1.EnvoyProxy) { + envoy.Spec = egv1a1.EnvoyProxySpec{ + Telemetry: &egv1a1.ProxyTelemetry{ + AccessLog: &egv1a1.ProxyAccessLog{ + Settings: []egv1a1.ProxyAccessLogSetting{ + { + Format: egv1a1.ProxyAccessLogFormat{ + Type: "Text", + Text: ptr.To("[%START_TIME%]"), + }, + Sinks: []egv1a1.ProxyAccessLogSink{ + { + Type: egv1a1.ProxyAccessLogSinkTypeALS, + ALS: &egv1a1.ALSEnvoyProxyAccessLog{ + BackendRefs: []egv1a1.BackendRef{ + { + BackendObjectReference: gwapiv1.BackendObjectReference{ + Name: "fake-service", + Port: ptr.To(gwapiv1.PortNumber(8080)), + }, + }, + { + BackendObjectReference: gwapiv1.BackendObjectReference{ + Name: "fake-service", + Port: ptr.To(gwapiv1.PortNumber(8080)), + }, + }, + }, + Type: egv1a1.ALSEnvoyProxyAccessLogTypeHTTP, + }, + }, + }, + }, + }, + }, + }, + } + }, + wantErrors: []string{"must have at most 1 items"}, + }, { desc: "accesslog-OpenTelemetry", mutate: func(envoy *egv1a1.EnvoyProxy) { From 9fc13df1006d00d7c0289b6f1845adacf86d9050 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 15 Apr 2024 12:01:43 +0530 Subject: [PATCH 3/4] build(deps): bump golang.org/x/net from 0.23.0 to 0.24.0 (#3193) Bumps [golang.org/x/net](https://github.com/golang/net) from 0.23.0 to 0.24.0. - [Commits](https://github.com/golang/net/compare/v0.23.0...v0.24.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- go.mod | 6 +++--- go.sum | 12 ++++++------ 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/go.mod b/go.mod index 17638e32adb..6df69822686 100644 --- a/go.mod +++ b/go.mod @@ -108,7 +108,7 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect - golang.org/x/crypto v0.21.0 // indirect + golang.org/x/crypto v0.22.0 // indirect k8s.io/apiserver v0.29.3 // indirect oras.land/oras-go v1.2.4 // indirect ) @@ -171,10 +171,10 @@ require ( go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/mod v0.16.0 // indirect - golang.org/x/net v0.23.0 + golang.org/x/net v0.24.0 golang.org/x/oauth2 v0.18.0 // indirect golang.org/x/sync v0.6.0 // indirect - golang.org/x/term v0.18.0 // indirect + golang.org/x/term v0.19.0 // indirect golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.19.0 // indirect diff --git a/go.sum b/go.sum index f7a81a16dff..388448882a1 100644 --- a/go.sum +++ b/go.sum @@ -729,8 +729,8 @@ golang.org/x/crypto v0.0.0-20200220183623-bac4c82f6975/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.3.0/go.mod h1:hebNnKkNXi2UzZN1eVRvBB7co0a+JxK6XbPiWVs/3J4= -golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA= -golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs= +golang.org/x/crypto v0.22.0 h1:g1v0xeRhjcugydODzvb3mEM9SQ0HGp9s/nh3COQ/C30= +golang.org/x/crypto v0.22.0/go.mod h1:vr6Su+7cTlO45qkww3VDJlzDn0ctJvRgYbC2NvXHt+M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8 h1:aAcj0Da7eBAtrTp03QXWvm88pSyOt+UgdZw2BFZ+lEw= golang.org/x/exp v0.0.0-20240325151524-a685a6edb6d8/go.mod h1:CQ1k9gNrJ50XIzaKCRR2hssIjF07kZFEiieALBM/ARQ= @@ -767,8 +767,8 @@ golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwY golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.2.0/go.mod h1:KqCZLdyyvdV855qA2rE3GC2aiw5xGR5TEjj8smXukLY= -golang.org/x/net v0.23.0 h1:7EYJ93RZ9vYSZAIb2x3lnuvqO5zneoD6IvWjuhfxjTs= -golang.org/x/net v0.23.0/go.mod h1:JKghWKKOSdJwpW2GEx0Ja7fmaKnMsbu+MWVZTokSYmg= +golang.org/x/net v0.24.0 h1:1PcaxkF854Fu3+lvBIx5SYn9wRlBzzcnHZSiaFFAb0w= +golang.org/x/net v0.24.0/go.mod h1:2Q7sJY5mzlzWjKtYUEXSlBWCdyaioyXzRB2RtU8KVE8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -824,8 +824,8 @@ golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9sn golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= -golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= -golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= +golang.org/x/term v0.19.0 h1:+ThwsDv+tYfnJFhF4L8jITxu1tdTWRTZpdsWgEgjL6Q= +golang.org/x/term v0.19.0/go.mod h1:2CuTdWZ7KHSQwUzKva0cbMg6q2DMI3Mmxp+gKJbskEk= golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= From 3392214c9097753ffa6bcfa8025d1c578ef146df Mon Sep 17 00:00:00 2001 From: sh2 Date: Mon, 15 Apr 2024 14:34:07 +0800 Subject: [PATCH 4/4] fix gen-check merge race caused by #3078 (#3196) fix gen-check Signed-off-by: shawnh2 --- site/content/en/latest/api/extension_types.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 8d64f7d9b42..d8b5d11689b 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -59,12 +59,12 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | + | `backendRefs` | _[BackendRef](#backendref) array_ | true | BackendRefs references a Kubernetes object that represents the gRPC service to which
the access logs will be sent. Currently only Service is supported. | | `logName` | _string_ | false | LogName defines the friendly name of the access log to be returned in
StreamAccessLogsMessage.Identifier. This allows the access log server
to differentiate between different access logs coming from the same Envoy. | | `type` | _[ALSEnvoyProxyAccessLogType](#alsenvoyproxyaccesslogtype)_ | true | Type defines the type of accesslog. Supported types are "HTTP" and "TCP". | | `http` | _[ALSEnvoyProxyHTTPAccessLogConfig](#alsenvoyproxyhttpaccesslogconfig)_ | false | HTTP defines additional configuration specific to HTTP access logs. | - #### ALSEnvoyProxyAccessLogType _Underlying type:_ _string_ @@ -87,11 +87,11 @@ _Appears in:_ | Field | Type | Required | Description | | --- | --- | --- | --- | + | `requestHeaders` | _string array_ | false | RequestHeaders defines request headers to include in log entries sent to the access log service. | | `responseHeaders` | _string array_ | false | ResponseHeaders defines response headers to include in log entries sent to the access log service. | | `responseTrailers` | _string array_ | false | ResponseTrailers defines response trailers to include in log entries sent to the access log service. | - #### ActiveHealthCheck