diff --git a/docs/test-version.md b/docs/test-version.md
index 26a2903f3..2b3cab798 100644
--- a/docs/test-version.md
+++ b/docs/test-version.md
@@ -9,7 +9,7 @@ The following Gateway API version and Ingress were tested as part of the release
| Tested Gateway API |
| ------------------------ |
-| v1.0.0 |
+| v1.1.0 |
### Tested Ingress
diff --git a/go.mod b/go.mod
index 17c27fa68..dfffa16a0 100644
--- a/go.mod
+++ b/go.mod
@@ -1,6 +1,13 @@
module knative.dev/net-gateway-api
-go 1.21
+go 1.22.0
+
+replace (
+ k8s.io/api => k8s.io/api v0.29.5
+ k8s.io/apimachinery => k8s.io/apimachinery v0.29.5
+ k8s.io/client-go => k8s.io/client-go v0.29.5
+ k8s.io/code-generator => k8s.io/code-generator v0.29.5
+)
require (
github.com/google/go-cmp v0.6.0
@@ -8,15 +15,15 @@ require (
go.uber.org/zap v1.27.0
golang.org/x/time v0.5.0
gopkg.in/yaml.v2 v2.4.0
- k8s.io/api v0.29.3
- k8s.io/apimachinery v0.29.3
- k8s.io/client-go v0.29.3
- k8s.io/code-generator v0.29.3
- k8s.io/utils v0.0.0-20240102154912-e7106e64919e
+ k8s.io/api v0.30.0
+ k8s.io/apimachinery v0.30.0
+ k8s.io/client-go v0.30.0
+ k8s.io/code-generator v0.30.0
+ k8s.io/utils v0.0.0-20240423183400-0849a56e8f22
knative.dev/hack v0.0.0-20240529131459-3b6d6441e7ea
knative.dev/networking v0.0.0-20240529132623-11202c520534
knative.dev/pkg v0.0.0-20240529181700-7d52a43448b2
- sigs.k8s.io/gateway-api v1.0.1-0.20240422224228-29e68bffffb9
+ sigs.k8s.io/gateway-api v1.1.0
sigs.k8s.io/yaml v1.4.0
)
@@ -29,15 +36,15 @@ require (
github.com/census-instrumentation/opencensus-proto v0.4.1 // indirect
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/davecgh/go-spew v1.1.1 // indirect
- github.com/emicklei/go-restful/v3 v3.11.2 // indirect
+ github.com/emicklei/go-restful/v3 v3.12.0 // indirect
github.com/evanphx/json-patch v5.7.0+incompatible // indirect
github.com/evanphx/json-patch/v5 v5.9.0 // indirect
github.com/go-kit/log v0.2.1 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-logr/logr v1.4.1 // indirect
- github.com/go-openapi/jsonpointer v0.20.2 // indirect
- github.com/go-openapi/jsonreference v0.20.4 // indirect
- github.com/go-openapi/swag v0.22.7 // indirect
+ github.com/go-openapi/jsonpointer v0.21.0 // indirect
+ github.com/go-openapi/jsonreference v0.21.0 // indirect
+ github.com/go-openapi/swag v0.23.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
@@ -83,10 +90,11 @@ require (
google.golang.org/protobuf v1.34.1 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/yaml.v3 v3.0.1 // indirect
- k8s.io/apiextensions-apiserver v0.29.3 // indirect
+ k8s.io/apiextensions-apiserver v0.30.0 // indirect
k8s.io/gengo v0.0.0-20240129211411-f967bbeff4b4 // indirect
+ k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 // indirect
k8s.io/klog/v2 v2.120.1 // indirect
- k8s.io/kube-openapi v0.0.0-20240105020646-a37d4de58910 // indirect
+ k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 // indirect
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect
)
diff --git a/go.sum b/go.sum
index 8661e7213..81ad9d0a3 100644
--- a/go.sum
+++ b/go.sum
@@ -67,8 +67,8 @@ github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGX
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
-github.com/emicklei/go-restful/v3 v3.11.2 h1:1onLa9DcsMYO9P+CXaL0dStDqQ2EHHXLiz+BtnqkLAU=
-github.com/emicklei/go-restful/v3 v3.11.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
+github.com/emicklei/go-restful/v3 v3.12.0 h1:y2DdzBAURM29NFF94q6RaY4vjIH1rtwDapwQtU84iWk=
+github.com/emicklei/go-restful/v3 v3.12.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc=
github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98=
@@ -95,12 +95,12 @@ github.com/go-logfmt/logfmt v0.5.1/go.mod h1:WYhtIu8zTZfxdn5+rREduYbwxfcBr/Vr6KE
github.com/go-logr/logr v0.2.0/go.mod h1:z6/tIYblkpsD+a4lm/fGIIU9mZ+XfAiaFtq7xTgseGU=
github.com/go-logr/logr v1.4.1 h1:pKouT5E8xu9zeFC39JXRDukb6JFQPXM5p5I91188VAQ=
github.com/go-logr/logr v1.4.1/go.mod h1:9T104GzyrTigFIr8wt5mBrctHMim0Nb2HLGrmQ40KvY=
-github.com/go-openapi/jsonpointer v0.20.2 h1:mQc3nmndL8ZBzStEo3JYF8wzmeWffDH4VbXz58sAx6Q=
-github.com/go-openapi/jsonpointer v0.20.2/go.mod h1:bHen+N0u1KEO3YlmqOjTT9Adn1RfD91Ar825/PuiRVs=
-github.com/go-openapi/jsonreference v0.20.4 h1:bKlDxQxQJgwpUSgOENiMPzCTBVuc7vTdXSSgNeAhojU=
-github.com/go-openapi/jsonreference v0.20.4/go.mod h1:5pZJyJP2MnYCpoeoMAql78cCHauHj0V9Lhc506VOpw4=
-github.com/go-openapi/swag v0.22.7 h1:JWrc1uc/P9cSomxfnsFSVWoE1FW6bNbrVPmpQYpCcR8=
-github.com/go-openapi/swag v0.22.7/go.mod h1:Gl91UqO+btAM0plGGxHqJcQZ1ZTy6jbmridBTsDy8A0=
+github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ=
+github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY=
+github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ=
+github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4=
+github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE=
+github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ=
github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 h1:tfuBGBXKqDEevZMzYi5KSi8KkcZtzBcTgAUUtapy0OI=
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572/go.mod h1:9Pwr4B2jHnOSGXyyzV8ROjYa2ojvAY6HCGYYfMoC3Ls=
@@ -656,25 +656,27 @@ honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWh
honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
-k8s.io/api v0.29.3 h1:2ORfZ7+bGC3YJqGpV0KSDDEVf8hdGQ6A03/50vj8pmw=
-k8s.io/api v0.29.3/go.mod h1:y2yg2NTyHUUkIoTC+phinTnEa3KFM6RZ3szxt014a80=
-k8s.io/apiextensions-apiserver v0.29.3 h1:9HF+EtZaVpFjStakF4yVufnXGPRppWFEQ87qnO91YeI=
-k8s.io/apiextensions-apiserver v0.29.3/go.mod h1:po0XiY5scnpJfFizNGo6puNU6Fq6D70UJY2Cb2KwAVc=
-k8s.io/apimachinery v0.29.3 h1:2tbx+5L7RNvqJjn7RIuIKu9XTsIZ9Z5wX2G22XAa5EU=
-k8s.io/apimachinery v0.29.3/go.mod h1:hx/S4V2PNW4OMg3WizRrHutyB5la0iCUbZym+W0EQIU=
-k8s.io/client-go v0.29.3 h1:R/zaZbEAxqComZ9FHeQwOh3Y1ZUs7FaHKZdQtIc2WZg=
-k8s.io/client-go v0.29.3/go.mod h1:tkDisCvgPfiRpxGnOORfkljmS+UrW+WtXAy2fTvXJB0=
-k8s.io/code-generator v0.29.3 h1:m7E25/t9R9NvejspO2zBdyu+/Gl0Z5m7dCRc680KS14=
-k8s.io/code-generator v0.29.3/go.mod h1:x47ofBhN4gxYFcxeKA1PYXeaPreAGaDN85Y/lNUsPoM=
+k8s.io/api v0.29.5 h1:levS+umUigHCfI3riD36pMY1vQEbrzh4r1ivVWAhHaI=
+k8s.io/api v0.29.5/go.mod h1:7b18TtPcJzdjk7w5zWyIHgoAtpGeRvGGASxlS7UZXdQ=
+k8s.io/apiextensions-apiserver v0.30.0 h1:jcZFKMqnICJfRxTgnC4E+Hpcq8UEhT8B2lhBcQ+6uAs=
+k8s.io/apiextensions-apiserver v0.30.0/go.mod h1:N9ogQFGcrbWqAY9p2mUAL5mGxsLqwgtUce127VtRX5Y=
+k8s.io/apimachinery v0.29.5 h1:Hofa2BmPfpoT+IyDTlcPdCHSnHtEQMoJYGVoQpRTfv4=
+k8s.io/apimachinery v0.29.5/go.mod h1:i3FJVwhvSp/6n8Fl4K97PJEP8C+MM+aoDq4+ZJBf70Y=
+k8s.io/client-go v0.29.5 h1:nlASXmPQy190qTteaVP31g3c/wi2kycznkTP7Sv1zPc=
+k8s.io/client-go v0.29.5/go.mod h1:aY5CnqUUvXYccJhm47XHoPcRyX6vouHdIBHaKZGTbK4=
+k8s.io/code-generator v0.29.5 h1:WqSdBPVV1B3jsPnKtPS39U02zj6Q7+FsjhAj1EPBJec=
+k8s.io/code-generator v0.29.5/go.mod h1:7TYnI0dYItL2cKuhhgPSuF3WED9uMdELgbVXFfn/joE=
k8s.io/gengo v0.0.0-20240129211411-f967bbeff4b4 h1:izq7u3SJBdOAuA5YYe1/PIp9jczrih/jGlKRRt0G7bQ=
k8s.io/gengo v0.0.0-20240129211411-f967bbeff4b4/go.mod h1:FiNAH4ZV3gBg2Kwh89tzAEV2be7d5xI0vBa/VySYy3E=
+k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70 h1:NGrVE502P0s0/1hudf8zjgwki1X/TByhmAoILTarmzo=
+k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70/go.mod h1:VH3AT8AaQOqiGjMF9p0/IM1Dj+82ZwjfxUP1IxaHE+8=
k8s.io/klog/v2 v2.2.0/go.mod h1:Od+F08eJP+W3HUb4pSrPpgp9DGU4GzlpG/TmITuYh/Y=
k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw=
k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE=
-k8s.io/kube-openapi v0.0.0-20240105020646-a37d4de58910 h1:1Rp/XEKP5uxPs6QrsngEHAxBjaAR78iJRiJq5Fi7LSU=
-k8s.io/kube-openapi v0.0.0-20240105020646-a37d4de58910/go.mod h1:Pa1PvrP7ACSkuX6I7KYomY6cmMA0Tx86waBhDUgoKPw=
-k8s.io/utils v0.0.0-20240102154912-e7106e64919e h1:eQ/4ljkx21sObifjzXwlPKpdGLrCfRziVtos3ofG/sQ=
-k8s.io/utils v0.0.0-20240102154912-e7106e64919e/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
+k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108 h1:Q8Z7VlGhcJgBHJHYugJ/K/7iB8a2eSxCyxdVjJp+lLY=
+k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108/go.mod h1:yD4MZYeKMBwQKVht279WycxKyM84kkAx2DPrTXaeb98=
+k8s.io/utils v0.0.0-20240423183400-0849a56e8f22 h1:ao5hUqGhsqdm+bYbjH/pRkCs0unBGe9UyDahzs9zQzQ=
+k8s.io/utils v0.0.0-20240423183400-0849a56e8f22/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0=
knative.dev/hack v0.0.0-20240529131459-3b6d6441e7ea h1:iWW6SNMrVd2hI5Y+ltKIEzXVedoQLL86b23dS5fkvXs=
knative.dev/hack v0.0.0-20240529131459-3b6d6441e7ea/go.mod h1:yk2OjGDsbEnQjfxdm0/HJKS2WqTLEFg/N6nUs6Rqx3Q=
knative.dev/networking v0.0.0-20240529132623-11202c520534 h1:YeSYUcpXsh2EcNqCKhHslBG9tW53k3r1j/EwSASyDrY=
@@ -684,8 +686,8 @@ knative.dev/pkg v0.0.0-20240529181700-7d52a43448b2/go.mod h1:GHFUP1wtD/bR/c02QAD
rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
-sigs.k8s.io/gateway-api v1.0.1-0.20240422224228-29e68bffffb9 h1:GNZSULVSxk/Ur6qcaZuDLfHOxmbsGv8KLQnozYUbsMQ=
-sigs.k8s.io/gateway-api v1.0.1-0.20240422224228-29e68bffffb9/go.mod h1:ECVx/vt9VVr7xoaG+IWb0KHNKFLi2GrEnPPAlfnBvFE=
+sigs.k8s.io/gateway-api v1.1.0 h1:DsLDXCi6jR+Xz8/xd0Z1PYl2Pn0TyaFMOPPZIj4inDM=
+sigs.k8s.io/gateway-api v1.1.0/go.mod h1:ZH4lHrL2sDi0FHZ9jjneb8kKnGzFWyrTya35sWUTrRs=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd h1:EDPBXCAspyGV4jQlpZSudPeMmr1bNJefnuqLsRAsHZo=
sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0=
sigs.k8s.io/structured-merge-diff/v4 v4.4.1 h1:150L+0vs/8DA78h1u02ooW1/fFq/Lwr+sGiqlzvrtq4=
diff --git a/hack/test-env.sh b/hack/test-env.sh
index c54de153c..28eb799ad 100755
--- a/hack/test-env.sh
+++ b/hack/test-env.sh
@@ -14,7 +14,7 @@
# See the License for the specific language governing permissions and
# limitations under the License.
-export GATEWAY_API_VERSION="v1.0.0"
+export GATEWAY_API_VERSION="v1.1.0"
export ISTIO_VERSION="1.22.0"
export ISTIO_UNSUPPORTED_E2E_TESTS="retry,httpoption"
export CONTOUR_VERSION="v1.29.0"
diff --git a/test/e2e-common.sh b/test/e2e-common.sh
index 5d7531dc1..c3b2c7357 100755
--- a/test/e2e-common.sh
+++ b/test/e2e-common.sh
@@ -27,6 +27,13 @@ export GATEWAY_CLASS=${GATEWAY_CLASS:-istio}
export UNSUPPORTED_E2E_TESTS=${UNSUPPORTED_E2E_TESTS:-$ISTIO_UNSUPPORTED_E2E_TESTS}
export KIND=${KIND:-0}
export GATEWAY_TESTS_ONLY=${GATEWAY_TESTS_ONLY:-0}
+export CONTOUR_FILES=(
+ "examples/contour/01-crds.yaml"
+ "examples/gateway-provisioner/00-common.yaml"
+ "examples/gateway-provisioner/01-roles.yaml"
+ "examples/gateway-provisioner/02-rolebindings.yaml"
+ "examples/gateway-provisioner/03-gateway-provisioner.yaml"
+)
function parse_flags() {
case "$1" in
@@ -109,7 +116,10 @@ function teardown_networking() {
kubectl delete -f "${REPO_ROOT_DIR}/third_party/gateway-api/gateway-api.yaml"
if [[ "$INGRESS" == "contour" ]]; then
- kubectl delete -f "https://raw.githubusercontent.com/projectcontour/contour/${CONTOUR_VERSION}/examples/render/contour-gateway-provisioner.yaml"
+ for file in ${CONTOUR_FILES[@]}; do
+ kubectl delete -f \
+ "https://raw.githubusercontent.com/projectcontour/contour/${CONTOUR_VERSION}/${file}"
+ done
else
istioctl uninstall -y --purge
kubectl delete namespace istio-system
@@ -118,7 +128,10 @@ function teardown_networking() {
function setup_contour() {
# Version is selected is in $REPO_ROOT/hack/test-env.sh
- kubectl apply -f "https://raw.githubusercontent.com/projectcontour/contour/${CONTOUR_VERSION}/examples/render/contour-gateway-provisioner.yaml" && \
+ for file in ${CONTOUR_FILES[@]}; do
+ kubectl apply -f \
+ "https://raw.githubusercontent.com/projectcontour/contour/${CONTOUR_VERSION}/${file}"
+ done
kubectl wait deploy --for=condition=Available --timeout=60s -n projectcontour contour-gateway-provisioner && \
kubectl apply -f "${REPO_ROOT_DIR}/third_party/contour"
diff --git a/third_party/contour/gateway-external.yaml b/third_party/contour/gateway-external.yaml
index 0fa75db13..e2742791a 100644
--- a/third_party/contour/gateway-external.yaml
+++ b/third_party/contour/gateway-external.yaml
@@ -51,6 +51,7 @@ spec:
deployment:
replicas: 2
contour:
+ disabledFeatures: [grpcroutes, backendtlspolicies]
deployment:
replicas: 1
---
diff --git a/third_party/contour/gateway-internal.yaml b/third_party/contour/gateway-internal.yaml
index 9fb9679ef..7cc251970 100644
--- a/third_party/contour/gateway-internal.yaml
+++ b/third_party/contour/gateway-internal.yaml
@@ -53,6 +53,7 @@ spec:
deployment:
replicas: 2
contour:
+ disabledFeatures: [grpcroutes, backendtlspolicies]
deployment:
replicas: 1
---
diff --git a/third_party/gateway-api/gateway-api.yaml b/third_party/gateway-api/gateway-api.yaml
index bbb71f11f..8a50a1fa2 100644
--- a/third_party/gateway-api/gateway-api.yaml
+++ b/third_party/gateway-api/gateway-api.yaml
@@ -1,4 +1,4 @@
-# Copyright 2023 The Kubernetes Authors.
+# Copyright 2024 The Kubernetes Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
@@ -17,30 +17,28 @@
#
---
#
-# config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml
+# config/crd/experimental/gateway.networking.k8s.io_backendlbpolicies.yaml
#
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
- labels:
- gateway.networking.k8s.io/policy: Direct
- name: backendtlspolicies.gateway.networking.k8s.io
+ name: backendlbpolicies.gateway.networking.k8s.io
spec:
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
- kind: BackendTLSPolicy
- listKind: BackendTLSPolicyList
- plural: backendtlspolicies
+ kind: BackendLBPolicy
+ listKind: BackendLBPolicyList
+ plural: backendlbpolicies
shortNames:
- - btlspolicy
- singular: backendtlspolicy
+ - blbpolicy
+ singular: backendlbpolicy
scope: Namespaced
versions:
- additionalPrinterColumns:
@@ -50,332 +48,400 @@ spec:
name: v1alpha2
schema:
openAPIV3Schema:
- description: BackendTLSPolicy provides a way to configure how a Gateway connects
- to a Backend via TLS.
+ description: |-
+ BackendLBPolicy provides a way to define load balancing rules
+ for a backend.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: Spec defines the desired state of BackendTLSPolicy.
+ description: Spec defines the desired state of BackendLBPolicy.
properties:
- targetRef:
- description: "TargetRef identifies an API object to apply the policy
- to. Only Services have Extended support. Implementations MAY support
- additional objects, with Implementation Specific support. Note that
- this config applies to the entire referenced resource by default,
- but this default may change in the future to provide a more granular
- application of the policy. \n Support: Extended for Kubernetes Service
- \n Support: Implementation-specific for any other resource"
+ sessionPersistence:
+ description: |-
+ SessionPersistence defines and configures session persistence
+ for the backend.
+
+
+ Support: Extended
properties:
- group:
- description: Group is the group of the target resource.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is kind of the target resource.
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- name:
- description: Name is the name of the target resource.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace is the namespace of the referent. When
- unspecified, the local namespace is inferred. Even when policy
- targets a resource in a different namespace, it MUST only apply
- to traffic originating from the same namespace as the policy.
- maxLength: 63
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ absoluteTimeout:
+ description: |-
+ AbsoluteTimeout defines the absolute timeout of the persistent
+ session. Once the AbsoluteTimeout duration has elapsed, the
+ session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
- sectionName:
- description: "SectionName is the name of a section within the
- target resource. When unspecified, this targetRef targets the
- entire resource. In the following resources, SectionName is
- interpreted as the following: \n * Gateway: Listener Name *
- Service: Port Name \n If a SectionName is specified, but does
- not exist on the targeted object, the Policy must fail to attach,
- and the policy implementation should record a `ResolvedRefs`
- or similar Condition in the Policy's status."
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ cookieConfig:
+ description: |-
+ CookieConfig provides configuration settings that are specific
+ to cookie-based session persistence.
+
+
+ Support: Core
+ properties:
+ lifetimeType:
+ default: Session
+ description: |-
+ LifetimeType specifies whether the cookie has a permanent or
+ session-based lifetime. A permanent cookie persists until its
+ specified expiry time, defined by the Expires or Max-Age cookie
+ attributes, while a session cookie is deleted when the current
+ session ends.
+
+
+ When set to "Permanent", AbsoluteTimeout indicates the
+ cookie's lifetime via the Expires or Max-Age cookie attributes
+ and is required.
+
+
+ When set to "Session", AbsoluteTimeout indicates the
+ absolute lifetime of the cookie tracked by the gateway and
+ is optional.
+
+
+ Support: Core for "Session" type
+
+
+ Support: Extended for "Permanent" type
+ enum:
+ - Permanent
+ - Session
+ type: string
+ type: object
+ idleTimeout:
+ description: |-
+ IdleTimeout defines the idle timeout of the persistent session.
+ Once the session has been idle for more than the specified
+ IdleTimeout duration, the session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
- required:
- - group
- - kind
- - name
- type: object
- tls:
- description: TLS contains backend TLS policy configuration.
- properties:
- caCertRefs:
- description: "CACertRefs contains one or more references to Kubernetes
- objects that contain a PEM-encoded TLS CA certificate bundle,
- which is used to validate a TLS handshake between the Gateway
- and backend Pod. \n If CACertRefs is empty or unspecified, then
- WellKnownCACerts must be specified. Only one of CACertRefs or
- WellKnownCACerts may be specified, not both. If CACertRefs is
- empty or unspecified, the configuration for WellKnownCACerts
- MUST be honored instead. \n References to a resource in a different
- namespace are invalid for the moment, although we will revisit
- this in the future. \n A single CACertRef to a Kubernetes ConfigMap
- kind has \"Core\" support. Implementations MAY choose to support
- attaching multiple certificates to a backend, but this behavior
- is implementation-specific. \n Support: Core - An optional single
- reference to a Kubernetes ConfigMap, with the CA certificate
- in a key named `ca.crt`. \n Support: Implementation-specific
- (More than one reference, or other kinds of resources)."
- items:
- description: "LocalObjectReference identifies an API object
- within the namespace of the referrer. The API object must
- be valid in the cluster; the Group and Kind must be registered
- in the cluster for this reference to be valid. \n References
- to objects with invalid Group and Kind are not valid, and
- must be rejected by the implementation, with appropriate Conditions
- set on the containing object."
- properties:
- group:
- description: Group is the group of the referent. For example,
- "gateway.networking.k8s.io". When unspecified or empty
- string, core API group is inferred.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is kind of the referent. For example "HTTPRoute"
- or "Service".
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- name:
- description: Name is the name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- required:
- - group
- - kind
- - name
- type: object
- maxItems: 8
- type: array
- hostname:
- description: "Hostname is used for two purposes in the connection
- between Gateways and backends: \n 1. Hostname MUST be used as
- the SNI to connect to the backend (RFC 6066). 2. Hostname MUST
- be used for authentication and MUST match the certificate served
- by the matching backend. \n Support: Core"
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ sessionName:
+ description: |-
+ SessionName defines the name of the persistent session token
+ which may be reflected in the cookie or the header. Users
+ should avoid reusing session names to prevent unintended
+ consequences, such as rejection or unpredictable behavior.
+
+
+ Support: Implementation-specific
+ maxLength: 128
type: string
- wellKnownCACerts:
- description: "WellKnownCACerts specifies whether system CA certificates
- may be used in the TLS handshake between the gateway and backend
- pod. \n If WellKnownCACerts is unspecified or empty (\"\"),
- then CACertRefs must be specified with at least one entry for
- a valid configuration. Only one of CACertRefs or WellKnownCACerts
- may be specified, not both. \n Support: Core for \"System\""
+ type:
+ default: Cookie
+ description: |-
+ Type defines the type of session persistence such as through
+ the use a header or cookie. Defaults to cookie based session
+ persistence.
+
+
+ Support: Core for "Cookie" type
+
+
+ Support: Extended for "Header" type
enum:
- - System
+ - Cookie
+ - Header
type: string
- required:
- - hostname
type: object
x-kubernetes-validations:
- - message: must not contain both CACertRefs and WellKnownCACerts
- rule: '!(has(self.caCertRefs) && size(self.caCertRefs) > 0 && has(self.wellKnownCACerts)
- && self.wellKnownCACerts != "")'
- - message: must specify either CACertRefs or WellKnownCACerts
- rule: (has(self.caCertRefs) && size(self.caCertRefs) > 0 || has(self.wellKnownCACerts)
- && self.wellKnownCACerts != "")
+ - message: AbsoluteTimeout must be specified when cookie lifetimeType
+ is Permanent
+ rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
+ != ''Permanent'' || has(self.absoluteTimeout)'
+ targetRefs:
+ description: |-
+ TargetRef identifies an API object to apply policy to.
+ Currently, Backends (i.e. Service, ServiceImport, or any
+ implementation-specific backendRef) are the only valid API
+ target references.
+ items:
+ description: |-
+ LocalPolicyTargetReference identifies an API object to apply a direct or
+ inherited policy to. This should be used as part of Policy resources
+ that can target Gateway API resources. For more information on how this
+ policy attachment model works, and a sample Policy resource, refer to
+ the policy attachment documentation for Gateway API.
+ properties:
+ group:
+ description: Group is the group of the target resource.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the target resource.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the target resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ maxItems: 16
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - group
+ - kind
+ - name
+ x-kubernetes-list-type: map
required:
- - targetRef
- - tls
+ - targetRefs
type: object
status:
- description: Status defines the current state of BackendTLSPolicy.
+ description: Status defines the current state of BackendLBPolicy.
properties:
ancestors:
- description: "Ancestors is a list of ancestor resources (usually Gateways)
- that are associated with the policy, and the status of the policy
- with respect to each ancestor. When this policy attaches to a parent,
- the controller that manages the parent and the ancestors MUST add
- an entry to this list when the controller first sees the policy
- and SHOULD update the entry as appropriate when the relevant ancestor
- is modified. \n Note that choosing the relevant ancestor is left
- to the Policy designers; an important part of Policy design is designing
- the right object level at which to namespace this status. \n Note
- also that implementations MUST ONLY populate ancestor status for
- the Ancestor resources they are responsible for. Implementations
- MUST use the ControllerName field to uniquely identify the entries
- in this list that they are responsible for. \n Note that to achieve
- this, the list of PolicyAncestorStatus structs MUST be treated as
- a map with a composite key, made up of the AncestorRef and ControllerName
- fields combined. \n A maximum of 16 ancestors will be represented
- in this list. An empty list means the Policy is not relevant for
- any ancestors. \n If this slice is full, implementations MUST NOT
- add further entries. Instead they MUST consider the policy unimplementable
- and signal that on any related resources such as the ancestor that
- would be referenced here. For example, if this list was full on
- BackendTLSPolicy, no additional Gateways would be able to reference
- the Service targeted by the BackendTLSPolicy."
+ description: |-
+ Ancestors is a list of ancestor resources (usually Gateways) that are
+ associated with the policy, and the status of the policy with respect to
+ each ancestor. When this policy attaches to a parent, the controller that
+ manages the parent and the ancestors MUST add an entry to this list when
+ the controller first sees the policy and SHOULD update the entry as
+ appropriate when the relevant ancestor is modified.
+
+
+ Note that choosing the relevant ancestor is left to the Policy designers;
+ an important part of Policy design is designing the right object level at
+ which to namespace this status.
+
+
+ Note also that implementations MUST ONLY populate ancestor status for
+ the Ancestor resources they are responsible for. Implementations MUST
+ use the ControllerName field to uniquely identify the entries in this list
+ that they are responsible for.
+
+
+ Note that to achieve this, the list of PolicyAncestorStatus structs
+ MUST be treated as a map with a composite key, made up of the AncestorRef
+ and ControllerName fields combined.
+
+
+ A maximum of 16 ancestors will be represented in this list. An empty list
+ means the Policy is not relevant for any ancestors.
+
+
+ If this slice is full, implementations MUST NOT add further entries.
+ Instead they MUST consider the policy unimplementable and signal that
+ on any related resources such as the ancestor that would be referenced
+ here. For example, if this list was full on BackendTLSPolicy, no
+ additional Gateways would be able to reference the Service targeted by
+ the BackendTLSPolicy.
items:
- description: "PolicyAncestorStatus describes the status of a route
- with respect to an associated Ancestor. \n Ancestors refer to
- objects that are either the Target of a policy or above it in
- terms of object hierarchy. For example, if a policy targets a
- Service, the Policy's Ancestors are, in order, the Service, the
- HTTPRoute, the Gateway, and the GatewayClass. Almost always, in
- this hierarchy, the Gateway will be the most useful object to
- place Policy status on, so we recommend that implementations SHOULD
- use Gateway as the PolicyAncestorStatus object unless the designers
- have a _very_ good reason otherwise. \n In the context of policy
- attachment, the Ancestor is used to distinguish which resource
- results in a distinct application of this policy. For example,
- if a policy targets a Service, it may have a distinct result per
- attached Gateway. \n Policies targeting the same resource may
- have different effects depending on the ancestors of those resources.
- For example, different Gateways targeting the same Service may
- have different capabilities, especially if they have different
- underlying implementations. \n For example, in BackendTLSPolicy,
- the Policy attaches to a Service that is used as a backend in
- a HTTPRoute that is itself attached to a Gateway. In this case,
- the relevant object for status is the Gateway, and that is the
- ancestor object referred to in this status. \n Note that a parent
- is also an ancestor, so for objects where the parent is the relevant
- object for status, this struct SHOULD still be used. \n This struct
- is intended to be used in a slice that's effectively a map, with
- a composite key made up of the AncestorRef and the ControllerName."
+ description: |-
+ PolicyAncestorStatus describes the status of a route with respect to an
+ associated Ancestor.
+
+
+ Ancestors refer to objects that are either the Target of a policy or above it
+ in terms of object hierarchy. For example, if a policy targets a Service, the
+ Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and
+ the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most
+ useful object to place Policy status on, so we recommend that implementations
+ SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
+ have a _very_ good reason otherwise.
+
+
+ In the context of policy attachment, the Ancestor is used to distinguish which
+ resource results in a distinct application of this policy. For example, if a policy
+ targets a Service, it may have a distinct result per attached Gateway.
+
+
+ Policies targeting the same resource may have different effects depending on the
+ ancestors of those resources. For example, different Gateways targeting the same
+ Service may have different capabilities, especially if they have different underlying
+ implementations.
+
+
+ For example, in BackendTLSPolicy, the Policy attaches to a Service that is
+ used as a backend in a HTTPRoute that is itself attached to a Gateway.
+ In this case, the relevant object for status is the Gateway, and that is the
+ ancestor object referred to in this status.
+
+
+ Note that a parent is also an ancestor, so for objects where the parent is the
+ relevant object for status, this struct SHOULD still be used.
+
+
+ This struct is intended to be used in a slice that's effectively a map,
+ with a composite key made up of the AncestorRef and the ControllerName.
properties:
ancestorRef:
- description: AncestorRef corresponds with a ParentRef in the
- spec that this PolicyAncestorStatus struct describes the status
- of.
+ description: |-
+ AncestorRef corresponds with a ParentRef in the spec that this
+ PolicyAncestorStatus struct describes the status of.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the
- core API group (such as for a \"Service\" kind referent),
- Group must be explicitly set to \"\" (empty string). \n
- Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are
- two kinds of parent resources with \"Core\" support: \n
- * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services
- only) \n Support for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent.
- When unspecified, this refers to the local namespace of
- the Route. \n Note that there are specific rules for ParentRefs
- which cross namespace boundaries. Cross-namespace references
- are only valid if they are explicitly allowed by something
- in the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides
- a generic way to enable any other kind of cross-namespace
- reference. \n ParentRefs from a Route to a Service in
- the same namespace are \"producer\" routes, which apply
- default routing rules to inbound connections from any
- namespace to the Service. \n ParentRefs from a Route to
- a Service in a different namespace are \"consumer\" routes,
- and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for
- which the intended destination of the connections are
- a Service targeted as a ParentRef of the Route. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets.
- It can be interpreted differently based on the type of
- parent resource. \n When the parent resource is a Gateway,
- this targets all listeners listening on the specified
- port that also support this kind of Route(and select this
- Route). It's not recommended to set `Port` unless the
- networking behaviors specified in a Route must apply to
- a specific port as opposed to a listener(s) whose port(s)
- may be changed. When both Port and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. \n When the parent resource is
- a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are
- specified, the name and port of the selected port must
- match both specified values. \n Implementations MAY choose
- to support other parent resources. Implementations supporting
- other types of parent resources MUST clearly document
- how/if Port is interpreted. \n For the purpose of status,
- an attachment is considered successful as long as the
- parent resource accepts it partially. For example, Gateway
- listeners can restrict which Routes can attach to them
- by Route kind, namespace, or hostname. If 1 of 2 Gateway
- listeners accept attachment from the referencing Route,
- the Route MUST be considered successfully attached. If
- no Gateway listeners accept attachment from this Route,
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
- \n Support: Extended \n "
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within
- the target resource. In the following resources, SectionName
- is interpreted as the following: \n * Gateway: Listener
- Name. When both Port (experimental) and SectionName are
- specified, the name and port of the selected listener
- must match both specified values. * Service: Port Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services
- as Parents is part of experimental Mesh support and is
- not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this
- will reference the entire resource. For the purpose of
- status, an attachment is considered successful if at least
- one section in the parent resource accepts it. For example,
- Gateway listeners can restrict which Routes can attach
- to them by Route kind, namespace, or hostname. If 1 of
- 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway.
- \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -388,46 +454,45 @@ spec:
respect to the given Ancestor.
items:
description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
+ the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -441,12 +506,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -464,16 +529,23 @@ spec:
- type
x-kubernetes-list-type: map
controllerName:
- description: "ControllerName is a domain/path string that indicates
- the name of the controller that wrote this status. This corresponds
- with the controllerName field on GatewayClass. \n Example:
- \"example.net/gateway-controller\". \n The format of this
- field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
- Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- \n Controllers MUST populate this field when writing status.
- Controllers should ensure that entries to status populated
- with their ControllerName are cleaned up when they are no
- longer necessary."
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
@@ -502,490 +574,594 @@ status:
storedVersions: null
---
#
-# config/crd/experimental/gateway.networking.k8s.io_gatewayclasses.yaml
+# config/crd/experimental/gateway.networking.k8s.io_backendtlspolicies.yaml
#
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
- name: gatewayclasses.gateway.networking.k8s.io
+ labels:
+ gateway.networking.k8s.io/policy: Direct
+ name: backendtlspolicies.gateway.networking.k8s.io
spec:
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
- kind: GatewayClass
- listKind: GatewayClassList
- plural: gatewayclasses
+ kind: BackendTLSPolicy
+ listKind: BackendTLSPolicyList
+ plural: backendtlspolicies
shortNames:
- - gc
- singular: gatewayclass
- scope: Cluster
+ - btlspolicy
+ singular: backendtlspolicy
+ scope: Namespaced
versions:
- additionalPrinterColumns:
- - jsonPath: .spec.controllerName
- name: Controller
- type: string
- - jsonPath: .status.conditions[?(@.type=="Accepted")].status
- name: Accepted
- type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
- - jsonPath: .spec.description
- name: Description
- priority: 1
- type: string
- name: v1
+ name: v1alpha3
schema:
openAPIV3Schema:
- description: "GatewayClass describes a class of Gateways available to the
- user for creating Gateway resources. \n It is recommended that this resource
- be used as a template for Gateways. This means that a Gateway is based on
- the state of the GatewayClass at the time it was created and changes to
- the GatewayClass or associated parameters are not propagated down to existing
- Gateways. This recommendation is intended to limit the blast radius of changes
- to GatewayClass or associated parameters. If implementations choose to propagate
- GatewayClass changes to existing Gateways, that MUST be clearly documented
- by the implementation. \n Whenever one or more Gateways are using a GatewayClass,
- implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io`
- finalizer on the associated GatewayClass. This ensures that a GatewayClass
- associated with a Gateway is not deleted while in use. \n GatewayClass is
- a Cluster level resource."
+ description: |-
+ BackendTLSPolicy provides a way to configure how a Gateway
+ connects to a Backend via TLS.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: Spec defines the desired state of GatewayClass.
+ description: Spec defines the desired state of BackendTLSPolicy.
properties:
- controllerName:
- description: "ControllerName is the name of the controller that is
- managing Gateways of this class. The value of this field MUST be
- a domain prefixed path. \n Example: \"example.net/gateway-controller\".
- \n This field is not mutable and cannot be empty. \n Support: Core"
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
- type: string
- x-kubernetes-validations:
- - message: Value is immutable
- rule: self == oldSelf
- description:
- description: Description helps describe a GatewayClass with more details.
- maxLength: 64
- type: string
- parametersRef:
- description: "ParametersRef is a reference to a resource that contains
- the configuration parameters corresponding to the GatewayClass.
- This is optional if the controller does not require any additional
- configuration. \n ParametersRef can reference a standard Kubernetes
- resource, i.e. ConfigMap, or an implementation-specific custom resource.
- The resource can be cluster-scoped or namespace-scoped. \n If the
- referent cannot be found, the GatewayClass's \"InvalidParameters\"
- status condition will be true. \n Support: Implementation-specific"
- properties:
- group:
- description: Group is the group of the referent.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is kind of the referent.
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- name:
- description: Name is the name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: Namespace is the namespace of the referent. This
- field is required when referring to a Namespace-scoped resource
- and MUST be unset when referring to a Cluster-scoped resource.
- maxLength: 63
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
- type: string
- required:
- - group
- - kind
- - name
- type: object
- required:
- - controllerName
- type: object
- status:
- default:
- conditions:
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Waiting
- status: Unknown
- type: Accepted
- description: "Status defines the current state of GatewayClass. \n Implementations
- MUST populate status on all GatewayClass resources which specify their
- controller name."
- properties:
- conditions:
- default:
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Accepted
- description: "Conditions is the current status from the controller
- for this GatewayClass. \n Controllers should prefer to publish conditions
- using values of GatewayClassConditionType for the type of each Condition."
+ targetRefs:
+ description: |-
+ TargetRefs identifies an API object to apply the policy to.
+ Only Services have Extended support. Implementations MAY support
+ additional objects, with Implementation Specific support.
+ Note that this config applies to the entire referenced resource
+ by default, but this default may change in the future to provide
+ a more granular application of the policy.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ description: |-
+ LocalPolicyTargetReferenceWithSectionName identifies an API object to apply a
+ direct policy to. This should be used as part of Policy resources that can
+ target single resources. For more information on how this policy attachment
+ mode works, and a sample Policy resource, refer to the policy attachment
+ documentation for Gateway API.
+
+
+ Note: This should only be used for direct policy attachment when references
+ to SectionName are actually needed. In all other cases,
+ LocalPolicyTargetReference should be used.
properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
+ group:
+ description: Group is the group of the target resource.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
+ kind:
+ description: Kind is kind of the target resource.
+ maxLength: 63
minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
+ name:
+ description: Name is the name of the target resource.
+ maxLength: 253
+ minLength: 1
type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ sectionName:
+ description: |-
+ SectionName is the name of a section within the target resource. When
+ unspecified, this targetRef targets the entire resource. In the following
+ resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name
+ * HTTPRoute: HTTPRouteRule name
+ * Service: Port name
+
+
+ If a SectionName is specified, but does not exist on the targeted object,
+ the Policy must fail to attach, and the policy implementation should record
+ a `ResolvedRefs` or similar Condition in the Policy's status.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
+ - group
+ - kind
+ - name
type: object
- maxItems: 8
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- supportedFeatures:
- description: 'SupportedFeatures is the set of features the GatewayClass
- support. It MUST be sorted in ascending alphabetical order. '
- items:
- description: SupportedFeature is used to describe distinct features
- that are covered by conformance tests.
- enum:
- - Gateway
- - GatewayPort8080
- - GatewayStaticAddresses
- - HTTPRoute
- - HTTPRouteDestinationPortMatching
- - HTTPRouteHostRewrite
- - HTTPRouteMethodMatching
- - HTTPRoutePathRedirect
- - HTTPRoutePathRewrite
- - HTTPRoutePortRedirect
- - HTTPRouteQueryParamMatching
- - HTTPRouteRequestMirror
- - HTTPRouteRequestMultipleMirrors
- - HTTPRouteResponseHeaderModification
- - HTTPRouteSchemeRedirect
- - Mesh
- - ReferenceGrant
- - TLSRoute
- type: string
- maxItems: 64
+ maxItems: 16
+ minItems: 1
type: array
- x-kubernetes-list-type: set
- type: object
- required:
- - spec
- type: object
- served: true
- storage: false
- subresources:
- status: {}
- - additionalPrinterColumns:
- - jsonPath: .spec.controllerName
- name: Controller
- type: string
- - jsonPath: .status.conditions[?(@.type=="Accepted")].status
- name: Accepted
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
- - jsonPath: .spec.description
- name: Description
- priority: 1
- type: string
- name: v1beta1
- schema:
- openAPIV3Schema:
- description: "GatewayClass describes a class of Gateways available to the
- user for creating Gateway resources. \n It is recommended that this resource
- be used as a template for Gateways. This means that a Gateway is based on
- the state of the GatewayClass at the time it was created and changes to
- the GatewayClass or associated parameters are not propagated down to existing
- Gateways. This recommendation is intended to limit the blast radius of changes
- to GatewayClass or associated parameters. If implementations choose to propagate
- GatewayClass changes to existing Gateways, that MUST be clearly documented
- by the implementation. \n Whenever one or more Gateways are using a GatewayClass,
- implementations SHOULD add the `gateway-exists-finalizer.gateway.networking.k8s.io`
- finalizer on the associated GatewayClass. This ensures that a GatewayClass
- associated with a Gateway is not deleted while in use. \n GatewayClass is
- a Cluster level resource."
- properties:
- apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
- type: string
- kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
- type: string
- metadata:
- type: object
- spec:
- description: Spec defines the desired state of GatewayClass.
- properties:
- controllerName:
- description: "ControllerName is the name of the controller that is
- managing Gateways of this class. The value of this field MUST be
- a domain prefixed path. \n Example: \"example.net/gateway-controller\".
- \n This field is not mutable and cannot be empty. \n Support: Core"
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
- type: string
- x-kubernetes-validations:
- - message: Value is immutable
- rule: self == oldSelf
- description:
- description: Description helps describe a GatewayClass with more details.
- maxLength: 64
- type: string
- parametersRef:
- description: "ParametersRef is a reference to a resource that contains
- the configuration parameters corresponding to the GatewayClass.
- This is optional if the controller does not require any additional
- configuration. \n ParametersRef can reference a standard Kubernetes
- resource, i.e. ConfigMap, or an implementation-specific custom resource.
- The resource can be cluster-scoped or namespace-scoped. \n If the
- referent cannot be found, the GatewayClass's \"InvalidParameters\"
- status condition will be true. \n Support: Implementation-specific"
+ validation:
+ description: Validation contains backend TLS validation configuration.
properties:
- group:
- description: Group is the group of the referent.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is kind of the referent.
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- name:
- description: Name is the name of the referent.
+ caCertificateRefs:
+ description: |-
+ CACertificateRefs contains one or more references to Kubernetes objects that
+ contain a PEM-encoded TLS CA certificate bundle, which is used to
+ validate a TLS handshake between the Gateway and backend Pod.
+
+
+ If CACertificateRefs is empty or unspecified, then WellKnownCACertificates must be
+ specified. Only one of CACertificateRefs or WellKnownCACertificates may be specified,
+ not both. If CACertifcateRefs is empty or unspecified, the configuration for
+ WellKnownCACertificates MUST be honored instead if supported by the implementation.
+
+
+ References to a resource in a different namespace are invalid for the
+ moment, although we will revisit this in the future.
+
+
+ A single CACertificateRef to a Kubernetes ConfigMap kind has "Core" support.
+ Implementations MAY choose to support attaching multiple certificates to
+ a backend, but this behavior is implementation-specific.
+
+
+ Support: Core - An optional single reference to a Kubernetes ConfigMap,
+ with the CA certificate in a key named `ca.crt`.
+
+
+ Support: Implementation-specific (More than one reference, or other kinds
+ of resources).
+ items:
+ description: |-
+ LocalObjectReference identifies an API object within the namespace of the
+ referrer.
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
+
+
+ References to objects with invalid Group and Kind are not valid, and must
+ be rejected by the implementation, with appropriate Conditions set
+ on the containing object.
+ properties:
+ group:
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent. For example "HTTPRoute"
+ or "Service".
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ maxItems: 8
+ type: array
+ hostname:
+ description: |-
+ Hostname is used for two purposes in the connection between Gateways and
+ backends:
+
+
+ 1. Hostname MUST be used as the SNI to connect to the backend (RFC 6066).
+ 2. Hostname MUST be used for authentication and MUST match the certificate
+ served by the matching backend.
+
+
+ Support: Core
maxLength: 253
minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
- namespace:
- description: Namespace is the namespace of the referent. This
- field is required when referring to a Namespace-scoped resource
- and MUST be unset when referring to a Cluster-scoped resource.
- maxLength: 63
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ wellKnownCACertificates:
+ description: |-
+ WellKnownCACertificates specifies whether system CA certificates may be used in
+ the TLS handshake between the gateway and backend pod.
+
+
+ If WellKnownCACertificates is unspecified or empty (""), then CACertificateRefs
+ must be specified with at least one entry for a valid configuration. Only one of
+ CACertificateRefs or WellKnownCACertificates may be specified, not both. If an
+ implementation does not support the WellKnownCACertificates field or the value
+ supplied is not supported, the Status Conditions on the Policy MUST be
+ updated to include an Accepted: False Condition with Reason: Invalid.
+
+
+ Support: Implementation-specific
+ enum:
+ - System
type: string
required:
- - group
- - kind
- - name
+ - hostname
type: object
+ x-kubernetes-validations:
+ - message: must not contain both CACertificateRefs and WellKnownCACertificates
+ rule: '!(has(self.caCertificateRefs) && size(self.caCertificateRefs)
+ > 0 && has(self.wellKnownCACertificates) && self.wellKnownCACertificates
+ != "")'
+ - message: must specify either CACertificateRefs or WellKnownCACertificates
+ rule: (has(self.caCertificateRefs) && size(self.caCertificateRefs)
+ > 0 || has(self.wellKnownCACertificates) && self.wellKnownCACertificates
+ != "")
required:
- - controllerName
+ - targetRefs
+ - validation
type: object
status:
- default:
- conditions:
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Waiting
- status: Unknown
- type: Accepted
- description: "Status defines the current state of GatewayClass. \n Implementations
- MUST populate status on all GatewayClass resources which specify their
- controller name."
+ description: Status defines the current state of BackendTLSPolicy.
properties:
- conditions:
- default:
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Accepted
- description: "Conditions is the current status from the controller
- for this GatewayClass. \n Controllers should prefer to publish conditions
- using values of GatewayClassConditionType for the type of each Condition."
+ ancestors:
+ description: |-
+ Ancestors is a list of ancestor resources (usually Gateways) that are
+ associated with the policy, and the status of the policy with respect to
+ each ancestor. When this policy attaches to a parent, the controller that
+ manages the parent and the ancestors MUST add an entry to this list when
+ the controller first sees the policy and SHOULD update the entry as
+ appropriate when the relevant ancestor is modified.
+
+
+ Note that choosing the relevant ancestor is left to the Policy designers;
+ an important part of Policy design is designing the right object level at
+ which to namespace this status.
+
+
+ Note also that implementations MUST ONLY populate ancestor status for
+ the Ancestor resources they are responsible for. Implementations MUST
+ use the ControllerName field to uniquely identify the entries in this list
+ that they are responsible for.
+
+
+ Note that to achieve this, the list of PolicyAncestorStatus structs
+ MUST be treated as a map with a composite key, made up of the AncestorRef
+ and ControllerName fields combined.
+
+
+ A maximum of 16 ancestors will be represented in this list. An empty list
+ means the Policy is not relevant for any ancestors.
+
+
+ If this slice is full, implementations MUST NOT add further entries.
+ Instead they MUST consider the policy unimplementable and signal that
+ on any related resources such as the ancestor that would be referenced
+ here. For example, if this list was full on BackendTLSPolicy, no
+ additional Gateways would be able to reference the Service targeted by
+ the BackendTLSPolicy.
items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ description: |-
+ PolicyAncestorStatus describes the status of a route with respect to an
+ associated Ancestor.
+
+
+ Ancestors refer to objects that are either the Target of a policy or above it
+ in terms of object hierarchy. For example, if a policy targets a Service, the
+ Policy's Ancestors are, in order, the Service, the HTTPRoute, the Gateway, and
+ the GatewayClass. Almost always, in this hierarchy, the Gateway will be the most
+ useful object to place Policy status on, so we recommend that implementations
+ SHOULD use Gateway as the PolicyAncestorStatus object unless the designers
+ have a _very_ good reason otherwise.
+
+
+ In the context of policy attachment, the Ancestor is used to distinguish which
+ resource results in a distinct application of this policy. For example, if a policy
+ targets a Service, it may have a distinct result per attached Gateway.
+
+
+ Policies targeting the same resource may have different effects depending on the
+ ancestors of those resources. For example, different Gateways targeting the same
+ Service may have different capabilities, especially if they have different underlying
+ implementations.
+
+
+ For example, in BackendTLSPolicy, the Policy attaches to a Service that is
+ used as a backend in a HTTPRoute that is itself attached to a Gateway.
+ In this case, the relevant object for status is the Gateway, and that is the
+ ancestor object referred to in this status.
+
+
+ Note that a parent is also an ancestor, so for objects where the parent is the
+ relevant object for status, this struct SHOULD still be used.
+
+
+ This struct is intended to be used in a slice that's effectively a map,
+ with a composite key made up of the AncestorRef and the ControllerName.
properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
+ ancestorRef:
+ description: |-
+ AncestorRef corresponds with a ParentRef in the spec that this
+ PolicyAncestorStatus struct describes the status of.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Gateway
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ sectionName:
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - name
+ type: object
+ conditions:
+ description: Conditions describes the status of the Policy with
+ respect to the given Ancestor.
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource.\n---\nThis struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ controllerName:
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
+ maxLength: 253
minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
+ - ancestorRef
+ - controllerName
type: object
- maxItems: 8
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- supportedFeatures:
- description: 'SupportedFeatures is the set of features the GatewayClass
- support. It MUST be sorted in ascending alphabetical order. '
- items:
- description: SupportedFeature is used to describe distinct features
- that are covered by conformance tests.
- enum:
- - Gateway
- - GatewayPort8080
- - GatewayStaticAddresses
- - HTTPRoute
- - HTTPRouteDestinationPortMatching
- - HTTPRouteHostRewrite
- - HTTPRouteMethodMatching
- - HTTPRoutePathRedirect
- - HTTPRoutePathRewrite
- - HTTPRoutePortRedirect
- - HTTPRouteQueryParamMatching
- - HTTPRouteRequestMirror
- - HTTPRouteRequestMultipleMirrors
- - HTTPRouteResponseHeaderModification
- - HTTPRouteSchemeRedirect
- - Mesh
- - ReferenceGrant
- - TLSRoute
- type: string
- maxItems: 64
+ maxItems: 16
type: array
- x-kubernetes-list-type: set
+ required:
+ - ancestors
type: object
required:
- spec
@@ -1002,723 +1178,236 @@ status:
storedVersions: null
---
#
-# config/crd/experimental/gateway.networking.k8s.io_gateways.yaml
+# config/crd/experimental/gateway.networking.k8s.io_gatewayclasses.yaml
#
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
- name: gateways.gateway.networking.k8s.io
+ name: gatewayclasses.gateway.networking.k8s.io
spec:
group: gateway.networking.k8s.io
names:
categories:
- gateway-api
- kind: Gateway
- listKind: GatewayList
- plural: gateways
+ kind: GatewayClass
+ listKind: GatewayClassList
+ plural: gatewayclasses
shortNames:
- - gtw
- singular: gateway
- scope: Namespaced
+ - gc
+ singular: gatewayclass
+ scope: Cluster
versions:
- additionalPrinterColumns:
- - jsonPath: .spec.gatewayClassName
- name: Class
- type: string
- - jsonPath: .status.addresses[*].value
- name: Address
+ - jsonPath: .spec.controllerName
+ name: Controller
type: string
- - jsonPath: .status.conditions[?(@.type=="Programmed")].status
- name: Programmed
+ - jsonPath: .status.conditions[?(@.type=="Accepted")].status
+ name: Accepted
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
+ - jsonPath: .spec.description
+ name: Description
+ priority: 1
+ type: string
name: v1
schema:
openAPIV3Schema:
- description: Gateway represents an instance of a service-traffic handling
- infrastructure by binding Listeners to a set of IP addresses.
+ description: |-
+ GatewayClass describes a class of Gateways available to the user for creating
+ Gateway resources.
+
+
+ It is recommended that this resource be used as a template for Gateways. This
+ means that a Gateway is based on the state of the GatewayClass at the time it
+ was created and changes to the GatewayClass or associated parameters are not
+ propagated down to existing Gateways. This recommendation is intended to
+ limit the blast radius of changes to GatewayClass or associated parameters.
+ If implementations choose to propagate GatewayClass changes to existing
+ Gateways, that MUST be clearly documented by the implementation.
+
+
+ Whenever one or more Gateways are using a GatewayClass, implementations SHOULD
+ add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the
+ associated GatewayClass. This ensures that a GatewayClass associated with a
+ Gateway is not deleted while in use.
+
+
+ GatewayClass is a Cluster level resource.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: Spec defines the desired state of Gateway.
+ description: Spec defines the desired state of GatewayClass.
properties:
- addresses:
- description: "Addresses requested for this Gateway. This is optional
- and behavior can depend on the implementation. If a value is set
- in the spec and the requested address is invalid or unavailable,
- the implementation MUST indicate this in the associated entry in
- GatewayStatus.Addresses. \n The Addresses field represents a request
- for the address(es) on the \"outside of the Gateway\", that traffic
- bound for this Gateway will use. This could be the IP address or
- hostname of an external load balancer or other networking infrastructure,
- or some other address that traffic will be sent to. \n If no Addresses
- are specified, the implementation MAY schedule the Gateway in an
- implementation-specific manner, assigning an appropriate set of
- Addresses. \n The implementation MUST bind all Listeners to every
- GatewayAddress that it assigns to the Gateway and add a corresponding
- entry in GatewayStatus.Addresses. \n Support: Extended \n "
- items:
- description: GatewayAddress describes an address that can be bound
- to a Gateway.
- oneOf:
- - properties:
- type:
- enum:
- - IPAddress
- value:
- anyOf:
- - format: ipv4
- - format: ipv6
- - properties:
- type:
- not:
- enum:
- - IPAddress
- properties:
- type:
- default: IPAddress
- description: Type of the address.
- maxLength: 253
- minLength: 1
- pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
- type: string
- value:
- description: "Value of the address. The validity of the values
- will depend on the type and support by the controller. \n
- Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
- maxLength: 253
- minLength: 1
- type: string
- required:
- - value
- type: object
- x-kubernetes-validations:
- - message: Hostname value must only contain valid characters (matching
- ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
- rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
- true'
- maxItems: 16
- type: array
- x-kubernetes-validations:
- - message: IPAddress values must be unique
- rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2,
- a2.type == a1.type && a2.value == a1.value) : true )'
- - message: Hostname values must be unique
- rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2,
- a2.type == a1.type && a2.value == a1.value) : true )'
- gatewayClassName:
- description: GatewayClassName used for this Gateway. This is the name
- of a GatewayClass resource.
+ controllerName:
+ description: |-
+ ControllerName is the name of the controller that is managing Gateways of
+ this class. The value of this field MUST be a domain prefixed path.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ This field is not mutable and cannot be empty.
+
+
+ Support: Core
maxLength: 253
minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
- infrastructure:
- description: "Infrastructure defines infrastructure level attributes
- about this Gateway instance. \n Support: Core \n "
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ description:
+ description: Description helps describe a GatewayClass with more details.
+ maxLength: 64
+ type: string
+ parametersRef:
+ description: |-
+ ParametersRef is a reference to a resource that contains the configuration
+ parameters corresponding to the GatewayClass. This is optional if the
+ controller does not require any additional configuration.
+
+
+ ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,
+ or an implementation-specific custom resource. The resource can be
+ cluster-scoped or namespace-scoped.
+
+
+ If the referent cannot be found, the GatewayClass's "InvalidParameters"
+ status condition will be true.
+
+
+ A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,
+ the merging behavior is implementation specific.
+ It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.
+
+
+ Support: Implementation-specific
properties:
- annotations:
- additionalProperties:
- description: AnnotationValue is the value of an annotation in
- Gateway API. This is used for validation of maps such as TLS
- options. This roughly matches Kubernetes annotation validation,
- although the length validation in that case is based on the
- entire size of the annotations struct.
- maxLength: 4096
- minLength: 0
- type: string
- description: "Annotations that SHOULD be applied to any resources
- created in response to this Gateway. \n For implementations
- creating other Kubernetes objects, this should be the `metadata.annotations`
- field on resources. For other implementations, this refers to
- any relevant (implementation specific) \"annotations\" concepts.
- \n An implementation may chose to add additional implementation-specific
- annotations as they see fit. \n Support: Extended"
- maxProperties: 8
- type: object
- labels:
- additionalProperties:
- description: AnnotationValue is the value of an annotation in
- Gateway API. This is used for validation of maps such as TLS
- options. This roughly matches Kubernetes annotation validation,
- although the length validation in that case is based on the
- entire size of the annotations struct.
- maxLength: 4096
- minLength: 0
- type: string
- description: "Labels that SHOULD be applied to any resources created
- in response to this Gateway. \n For implementations creating
- other Kubernetes objects, this should be the `metadata.labels`
- field on resources. For other implementations, this refers to
- any relevant (implementation specific) \"labels\" concepts.
- \n An implementation may chose to add additional implementation-specific
- labels as they see fit. \n Support: Extended"
- maxProperties: 8
- type: object
- type: object
- listeners:
- description: "Listeners associated with this Gateway. Listeners define
- logical endpoints that are bound on this Gateway's addresses. At
- least one Listener MUST be specified. \n Each Listener in a set
- of Listeners (for example, in a single Gateway) MUST be _distinct_,
- in that a traffic flow MUST be able to be assigned to exactly one
- listener. (This section uses \"set of Listeners\" rather than \"Listeners
- in a single Gateway\" because implementations MAY merge configuration
- from multiple Gateways onto a single data plane, and these rules
- _also_ apply in that case). \n Practically, this means that each
- listener in a set MUST have a unique combination of Port, Protocol,
- and, if supported by the protocol, Hostname. \n Some combinations
- of port, protocol, and TLS settings are considered Core support
- and MUST be supported by implementations based on their targeted
- conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80,
- Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode:
- Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port:
- 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners
- have the following property: \n The implementation can match inbound
- requests to a single distinct Listener. When multiple Listeners
- share values for fields (for example, two Listeners with the same
- Port value), the implementation can match requests to only one of
- the Listeners using other Listener fields. \n For example, the following
- Listener scenarios are distinct: \n 1. Multiple Listeners with the
- same Port that all use the \"HTTP\" Protocol that all have unique
- Hostname values. 2. Multiple Listeners with the same Port that use
- either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname
- values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners,
- where no Listener with the same Protocol has the same Port value.
- \n Some fields in the Listener struct have possible values that
- affect whether the Listener is distinct. Hostname is particularly
- relevant for HTTP or HTTPS protocols. \n When using the Hostname
- value to select between same-Port, same-Protocol Listeners, the
- Hostname value must be different on each Listener for the Listener
- to be distinct. \n When the Listeners are distinct based on Hostname,
- inbound request hostnames MUST match from the most specific to least
- specific Hostname values to choose the correct Listener and its
- associated set of Routes. \n Exact matches must be processed before
- wildcard matches, and wildcard matches must be processed before
- fallback (empty Hostname value) matches. For example, `\"foo.example.com\"`
- takes precedence over `\"*.example.com\"`, and `\"*.example.com\"`
- takes precedence over `\"\"`. \n Additionally, if there are multiple
- wildcard entries, more specific wildcard entries must be processed
- before less specific wildcard entries. For example, `\"*.foo.example.com\"`
- takes precedence over `\"*.example.com\"`. The precise definition
- here is that the higher the number of dots in the hostname to the
- right of the wildcard character, the higher the precedence. \n The
- wildcard character will match any number of characters _and dots_
- to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"`
- _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners
- that are not distinct, then those Listeners are Conflicted, and
- the implementation MUST set the \"Conflicted\" condition in the
- Listener Status to \"True\". \n Implementations MAY choose to accept
- a Gateway with some Conflicted Listeners only if they only accept
- the partial Listener set that contains no Conflicted Listeners.
- To put this another way, implementations may accept a partial Listener
- set only if they throw out *all* the conflicting Listeners. No picking
- one of the conflicting listeners as the winner. This also means
- that the Gateway must have at least one non-conflicting Listener
- in this case, otherwise it violates the requirement that at least
- one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\"
- condition on the Gateway Status when the Gateway contains Conflicted
- Listeners whether or not they accept the Gateway. That Condition
- SHOULD clearly indicate in the Message which Listeners are conflicted,
- and which are Accepted. Additionally, the Listener status for those
- listeners SHOULD indicate which Listeners are conflicted and not
- Accepted. \n A Gateway's Listeners are considered \"compatible\"
- if: \n 1. They are distinct. 2. The implementation can serve them
- in compliance with the Addresses requirement that all Listeners
- are available on all assigned addresses. \n Compatible combinations
- in Extended support are expected to vary across implementations.
- A combination that is compatible for one implementation may not
- be compatible for another. \n For example, an implementation that
- cannot serve both TCP and UDP listeners on the same address, or
- cannot mix HTTPS and generic TLS listens on the same port would
- not consider those cases compatible, even though they are distinct.
- \n Note that requests SHOULD match at most one Listener. For example,
- if Listeners are defined for \"foo.example.com\" and \"*.example.com\",
- a request to \"foo.example.com\" SHOULD only be routed using routes
- attached to the \"foo.example.com\" Listener (and not the \"*.example.com\"
- Listener). This concept is known as \"Listener Isolation\". Implementations
- that do not support Listener Isolation MUST clearly document this.
- \n Implementations MAY merge separate Gateways onto a single set
- of Addresses if all Listeners across all Gateways are compatible.
- \n Support: Core"
- items:
- description: Listener embodies the concept of a logical endpoint
- where a Gateway accepts network connections.
- properties:
- allowedRoutes:
- default:
- namespaces:
- from: Same
- description: "AllowedRoutes defines the types of routes that
- MAY be attached to a Listener and the trusted namespaces where
- those Route resources MAY be present. \n Although a client
- request may match multiple route rules, only one rule may
- ultimately receive the request. Matching precedence MUST be
- determined in order of the following criteria: \n * The most
- specific match as defined by the Route type. * The oldest
- Route based on creation timestamp. For example, a Route with
- a creation timestamp of \"2020-09-08 01:02:03\" is given precedence
- over a Route with a creation timestamp of \"2020-09-08 01:02:04\".
- * If everything else is equivalent, the Route appearing first
- in alphabetical order (namespace/name) should be given precedence.
- For example, foo/bar is given precedence over foo/baz. \n
- All valid rules within a Route attached to this Listener should
- be implemented. Invalid Route rules can be ignored (sometimes
- that will mean the full Route). If a Route rule transitions
- from valid to invalid, support for that Route rule should
- be dropped to ensure consistency. For example, even if a filter
- specified by a Route rule is invalid, the rest of the rules
- within that Route should still be supported. \n Support: Core"
- properties:
- kinds:
- description: "Kinds specifies the groups and kinds of Routes
- that are allowed to bind to this Gateway Listener. When
- unspecified or empty, the kinds of Routes selected are
- determined using the Listener protocol. \n A RouteGroupKind
- MUST correspond to kinds of Routes that are compatible
- with the application protocol specified in the Listener's
- Protocol field. If an implementation does not support
- or recognize this resource type, it MUST set the \"ResolvedRefs\"
- condition to False for this Listener with the \"InvalidRouteKinds\"
- reason. \n Support: Core"
- items:
- description: RouteGroupKind indicates the group and kind
- of a Route resource.
- properties:
- group:
- default: gateway.networking.k8s.io
- description: Group is the group of the Route.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is the kind of the Route.
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- required:
- - kind
- type: object
- maxItems: 8
- type: array
- namespaces:
- default:
- from: Same
- description: "Namespaces indicates namespaces from which
- Routes may be attached to this Listener. This is restricted
- to the namespace of this Gateway by default. \n Support:
- Core"
- properties:
- from:
- default: Same
- description: "From indicates where Routes will be selected
- for this Gateway. Possible values are: \n * All: Routes
- in all namespaces may be used by this Gateway. * Selector:
- Routes in namespaces selected by the selector may
- be used by this Gateway. * Same: Only Routes in the
- same namespace may be used by this Gateway. \n Support:
- Core"
- enum:
- - All
- - Selector
- - Same
- type: string
- selector:
- description: "Selector must be specified when From is
- set to \"Selector\". In that case, only Routes in
- Namespaces matching this Selector will be selected
- by this Gateway. This field is ignored for other values
- of \"From\". \n Support: Core"
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: object
- hostname:
- description: "Hostname specifies the virtual hostname to match
- for protocol types that define this concept. When unspecified,
- all hostnames are matched. This field is ignored for protocols
- that don't require hostname based matching. \n Implementations
- MUST apply Hostname matching appropriately for each of the
- following protocols: \n * TLS: The Listener Hostname MUST
- match the SNI. * HTTP: The Listener Hostname MUST match the
- Host header of the request. * HTTPS: The Listener Hostname
- SHOULD match at both the TLS and HTTP protocol layers as described
- above. If an implementation does not ensure that both the
- SNI and Host header match the Listener hostname, it MUST clearly
- document that. \n For HTTPRoute and TLSRoute resources, there
- is an interaction with the `spec.hostnames` array. When both
- listener and route specify hostnames, there MUST be an intersection
- between the values for a Route to be accepted. For more information,
- refer to the Route specific Hostnames documentation. \n Hostnames
- that are prefixed with a wildcard label (`*.`) are interpreted
- as a suffix match. That means that a match for `*.example.com`
- would match both `test.example.com`, and `foo.test.example.com`,
- but not `example.com`. \n Support: Core"
- maxLength: 253
- minLength: 1
- pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- name:
- description: "Name is the name of the Listener. This name MUST
- be unique within a Gateway. \n Support: Core"
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- port:
- description: "Port is the network port. Multiple listeners may
- use the same port, subject to the Listener compatibility rules.
- \n Support: Core"
- format: int32
- maximum: 65535
- minimum: 1
- type: integer
- protocol:
- description: "Protocol specifies the network protocol this listener
- expects to receive. \n Support: Core"
- maxLength: 255
- minLength: 1
- pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
- type: string
- tls:
- description: "TLS is the TLS configuration for the Listener.
- This field is required if the Protocol field is \"HTTPS\"
- or \"TLS\". It is invalid to set this field if the Protocol
- field is \"HTTP\", \"TCP\", or \"UDP\". \n The association
- of SNIs to Certificate defined in GatewayTLSConfig is defined
- based on the Hostname field for this listener. \n The GatewayClass
- MUST use the longest matching SNI out of all available certificates
- for any TLS handshake. \n Support: Core"
- properties:
- certificateRefs:
- description: "CertificateRefs contains a series of references
- to Kubernetes objects that contains TLS certificates and
- private keys. These certificates are used to establish
- a TLS handshake for requests that match the hostname of
- the associated listener. \n A single CertificateRef to
- a Kubernetes Secret has \"Core\" support. Implementations
- MAY choose to support attaching multiple certificates
- to a Listener, but this behavior is implementation-specific.
- \n References to a resource in different namespace are
- invalid UNLESS there is a ReferenceGrant in the target
- namespace that allows the certificate to be attached.
- If a ReferenceGrant does not allow this reference, the
- \"ResolvedRefs\" condition MUST be set to False for this
- listener with the \"RefNotPermitted\" reason. \n This
- field is required to have at least one element when the
- mode is set to \"Terminate\" (default) and is optional
- otherwise. \n CertificateRefs can reference to standard
- Kubernetes resources, i.e. Secret, or implementation-specific
- custom resources. \n Support: Core - A single reference
- to a Kubernetes Secret of type kubernetes.io/tls \n Support:
- Implementation-specific (More than one reference or other
- resource types)"
- items:
- description: "SecretObjectReference identifies an API
- object including its namespace, defaulting to Secret.
- \n The API object must be valid in the cluster; the
- Group and Kind must be registered in the cluster for
- this reference to be valid. \n References to objects
- with invalid Group and Kind are not valid, and must
- be rejected by the implementation, with appropriate
- Conditions set on the containing object."
- properties:
- group:
- default: ""
- description: Group is the group of the referent. For
- example, "gateway.networking.k8s.io". When unspecified
- or empty string, core API group is inferred.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- default: Secret
- description: Kind is kind of the referent. For example
- "Secret".
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- name:
- description: Name is the name of the referent.
- maxLength: 253
- minLength: 1
- type: string
- namespace:
- description: "Namespace is the namespace of the referenced
- object. When unspecified, the local namespace is
- inferred. \n Note that when a namespace different
- than the local namespace is specified, a ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- \n Support: Core"
- maxLength: 63
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
- type: string
- required:
- - name
- type: object
- maxItems: 64
- type: array
- mode:
- default: Terminate
- description: "Mode defines the TLS behavior for the TLS
- session initiated by the client. There are two possible
- modes: \n - Terminate: The TLS session between the downstream
- client and the Gateway is terminated at the Gateway. This
- mode requires certificateRefs to be set and contain at
- least one element. - Passthrough: The TLS session is NOT
- terminated by the Gateway. This implies that the Gateway
- can't decipher the TLS stream except for the ClientHello
- message of the TLS protocol. CertificateRefs field is
- ignored in this mode. \n Support: Core"
- enum:
- - Terminate
- - Passthrough
- type: string
- options:
- additionalProperties:
- description: AnnotationValue is the value of an annotation
- in Gateway API. This is used for validation of maps
- such as TLS options. This roughly matches Kubernetes
- annotation validation, although the length validation
- in that case is based on the entire size of the annotations
- struct.
- maxLength: 4096
- minLength: 0
- type: string
- description: "Options are a list of key/value pairs to enable
- extended TLS configuration for each implementation. For
- example, configuring the minimum TLS version or supported
- cipher suites. \n A set of common keys MAY be defined
- by the API in the future. To avoid any ambiguity, implementation-specific
- definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.
- Un-prefixed names are reserved for key names defined by
- Gateway API. \n Support: Implementation-specific"
- maxProperties: 16
- type: object
- type: object
- x-kubernetes-validations:
- - message: certificateRefs must be specified when TLSModeType
- is Terminate
- rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs)
- > 0 : true'
- required:
- - name
- - port
- - protocol
- type: object
- maxItems: 64
- minItems: 1
- type: array
- x-kubernetes-list-map-keys:
+ group:
+ description: Group is the group of the referent.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent.
+ This field is required when referring to a Namespace-scoped resource and
+ MUST be unset when referring to a Cluster-scoped resource.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - group
+ - kind
- name
- x-kubernetes-list-type: map
- x-kubernetes-validations:
- - message: tls must be specified for protocols ['HTTPS', 'TLS']
- rule: 'self.all(l, l.protocol in [''HTTPS'', ''TLS''] ? has(l.tls)
- : true)'
- - message: tls must not be specified for protocols ['HTTP', 'TCP',
- 'UDP']
- rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ?
- !has(l.tls) : true)'
- - message: hostname must not be specified for protocols ['TCP', 'UDP']
- rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname)
- || l.hostname == '''') : true)'
- - message: Listener name must be unique within the Gateway
- rule: self.all(l1, self.exists_one(l2, l1.name == l2.name))
- - message: Combination of port, protocol and hostname must be unique
- for each listener
- rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol
- == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname
- == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))'
+ type: object
required:
- - gatewayClassName
- - listeners
+ - controllerName
type: object
status:
default:
conditions:
- lastTransitionTime: "1970-01-01T00:00:00Z"
message: Waiting for controller
- reason: Pending
+ reason: Waiting
status: Unknown
type: Accepted
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Programmed
- description: Status defines the current state of Gateway.
+ description: |-
+ Status defines the current state of GatewayClass.
+
+
+ Implementations MUST populate status on all GatewayClass resources which
+ specify their controller name.
properties:
- addresses:
- description: "Addresses lists the network addresses that have been
- bound to the Gateway. \n This list may differ from the addresses
- provided in the spec under some conditions: \n * no addresses are
- specified, all addresses are dynamically assigned * a combination
- of specified and dynamic addresses are assigned * a specified address
- was unusable (e.g. already in use) \n "
- items:
- description: GatewayStatusAddress describes a network address that
- is bound to a Gateway.
- oneOf:
- - properties:
- type:
- enum:
- - IPAddress
- value:
- anyOf:
- - format: ipv4
- - format: ipv6
- - properties:
- type:
- not:
- enum:
- - IPAddress
- properties:
- type:
- default: IPAddress
- description: Type of the address.
- maxLength: 253
- minLength: 1
- pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
- type: string
- value:
- description: "Value of the address. The validity of the values
- will depend on the type and support by the controller. \n
- Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
- maxLength: 253
- minLength: 1
- type: string
- required:
- - value
- type: object
- x-kubernetes-validations:
- - message: Hostname value must only contain valid characters (matching
- ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
- rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
- true'
- maxItems: 16
- type: array
- conditions:
- default:
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Accepted
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Programmed
- description: "Conditions describe the current conditions of the Gateway.
- \n Implementations should prefer to express Gateway conditions using
- the `GatewayConditionType` and `GatewayConditionReason` constants
- so that operators and tools can converge on a common vocabulary
- to describe Gateway state. \n Known condition types are: \n * \"Accepted\"
- * \"Programmed\" * \"Ready\""
+ conditions:
+ default:
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Accepted
+ description: |-
+ Conditions is the current status from the controller for
+ this GatewayClass.
+
+
+ Controllers should prefer to publish conditions using values
+ of GatewayClassConditionType for the type of each Condition.
items:
description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
+ state of this API Resource.\n---\nThis struct is intended for
+ direct use as an array at the field path .status.conditions. For
+ example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
+ observations of a foo's current state.\n\t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
+ \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
This field may not be empty.
maxLength: 1024
minLength: 1
@@ -1732,11 +1421,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -1752,965 +1442,4907 @@ spec:
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
- listeners:
- description: Listeners provide status for each unique listener port
- defined in the Spec.
+ supportedFeatures:
+ description: |
+ SupportedFeatures is the set of features the GatewayClass support.
+ It MUST be sorted in ascending alphabetical order.
items:
- description: ListenerStatus is the status associated with a Listener.
- properties:
- attachedRoutes:
- description: "AttachedRoutes represents the total number of
- Routes that have been successfully attached to this Listener.
- \n Successful attachment of a Route to a Listener is based
- solely on the combination of the AllowedRoutes field on the
- corresponding Listener and the Route's ParentRefs field. A
- Route is successfully attached to a Listener when it is selected
- by the Listener's AllowedRoutes field AND the Route has a
- valid ParentRef selecting the whole Gateway resource or a
- specific Listener as a parent resource (more detail on attachment
- semantics can be found in the documentation on the various
- Route kinds ParentRefs fields). Listener or Route status does
- not impact successful attachment, i.e. the AttachedRoutes
- field count MUST be set for Listeners with condition Accepted:
- false and MUST count successfully attached Routes that may
- themselves have Accepted: false conditions. \n Uses for this
- field include troubleshooting Route attachment and measuring
- blast radius/impact of changes to a Listener."
- format: int32
- type: integer
- conditions:
- description: Conditions describe the current condition of this
- listener.
- items:
- description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
- is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False,
- Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 8
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- name:
- description: Name is the name of the Listener that this status
- corresponds to.
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- supportedKinds:
- description: "SupportedKinds is the list indicating the Kinds
- supported by this listener. This MUST represent the kinds
- an implementation supports for that Listener configuration.
- \n If kinds are specified in Spec that are not supported,
- they MUST NOT appear in this list and an implementation MUST
- set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"
- reason. If both valid and invalid Route kinds are specified,
- the implementation MUST reference the valid Route kinds that
- have been specified."
- items:
- description: RouteGroupKind indicates the group and kind of
- a Route resource.
- properties:
- group:
- default: gateway.networking.k8s.io
- description: Group is the group of the Route.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is the kind of the Route.
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- required:
- - kind
- type: object
- maxItems: 8
- type: array
- required:
- - attachedRoutes
- - conditions
- - name
- - supportedKinds
- type: object
+ description: |-
+ SupportedFeature is used to describe distinct features that are covered by
+ conformance tests.
+ type: string
maxItems: 64
type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
+ x-kubernetes-list-type: set
type: object
required:
- spec
type: object
served: true
- storage: false
+ storage: true
subresources:
status: {}
- additionalPrinterColumns:
- - jsonPath: .spec.gatewayClassName
- name: Class
- type: string
- - jsonPath: .status.addresses[*].value
- name: Address
+ - jsonPath: .spec.controllerName
+ name: Controller
type: string
- - jsonPath: .status.conditions[?(@.type=="Programmed")].status
- name: Programmed
+ - jsonPath: .status.conditions[?(@.type=="Accepted")].status
+ name: Accepted
type: string
- jsonPath: .metadata.creationTimestamp
name: Age
type: date
+ - jsonPath: .spec.description
+ name: Description
+ priority: 1
+ type: string
name: v1beta1
schema:
openAPIV3Schema:
- description: Gateway represents an instance of a service-traffic handling
- infrastructure by binding Listeners to a set of IP addresses.
+ description: |-
+ GatewayClass describes a class of Gateways available to the user for creating
+ Gateway resources.
+
+
+ It is recommended that this resource be used as a template for Gateways. This
+ means that a Gateway is based on the state of the GatewayClass at the time it
+ was created and changes to the GatewayClass or associated parameters are not
+ propagated down to existing Gateways. This recommendation is intended to
+ limit the blast radius of changes to GatewayClass or associated parameters.
+ If implementations choose to propagate GatewayClass changes to existing
+ Gateways, that MUST be clearly documented by the implementation.
+
+
+ Whenever one or more Gateways are using a GatewayClass, implementations SHOULD
+ add the `gateway-exists-finalizer.gateway.networking.k8s.io` finalizer on the
+ associated GatewayClass. This ensures that a GatewayClass associated with a
+ Gateway is not deleted while in use.
+
+
+ GatewayClass is a Cluster level resource.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
spec:
- description: Spec defines the desired state of Gateway.
+ description: Spec defines the desired state of GatewayClass.
properties:
- addresses:
- description: "Addresses requested for this Gateway. This is optional
- and behavior can depend on the implementation. If a value is set
- in the spec and the requested address is invalid or unavailable,
- the implementation MUST indicate this in the associated entry in
- GatewayStatus.Addresses. \n The Addresses field represents a request
- for the address(es) on the \"outside of the Gateway\", that traffic
- bound for this Gateway will use. This could be the IP address or
- hostname of an external load balancer or other networking infrastructure,
- or some other address that traffic will be sent to. \n If no Addresses
- are specified, the implementation MAY schedule the Gateway in an
- implementation-specific manner, assigning an appropriate set of
- Addresses. \n The implementation MUST bind all Listeners to every
- GatewayAddress that it assigns to the Gateway and add a corresponding
- entry in GatewayStatus.Addresses. \n Support: Extended \n "
- items:
- description: GatewayAddress describes an address that can be bound
- to a Gateway.
- oneOf:
- - properties:
- type:
- enum:
- - IPAddress
- value:
- anyOf:
- - format: ipv4
- - format: ipv6
- - properties:
- type:
- not:
- enum:
- - IPAddress
- properties:
- type:
- default: IPAddress
- description: Type of the address.
- maxLength: 253
- minLength: 1
- pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
- type: string
- value:
- description: "Value of the address. The validity of the values
- will depend on the type and support by the controller. \n
- Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
- maxLength: 253
- minLength: 1
- type: string
- required:
- - value
- type: object
- x-kubernetes-validations:
- - message: Hostname value must only contain valid characters (matching
- ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
- rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
- true'
- maxItems: 16
- type: array
- x-kubernetes-validations:
- - message: IPAddress values must be unique
- rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2,
- a2.type == a1.type && a2.value == a1.value) : true )'
- - message: Hostname values must be unique
- rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2,
- a2.type == a1.type && a2.value == a1.value) : true )'
- gatewayClassName:
- description: GatewayClassName used for this Gateway. This is the name
- of a GatewayClass resource.
+ controllerName:
+ description: |-
+ ControllerName is the name of the controller that is managing Gateways of
+ this class. The value of this field MUST be a domain prefixed path.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ This field is not mutable and cannot be empty.
+
+
+ Support: Core
maxLength: 253
minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
- infrastructure:
- description: "Infrastructure defines infrastructure level attributes
- about this Gateway instance. \n Support: Core \n "
+ x-kubernetes-validations:
+ - message: Value is immutable
+ rule: self == oldSelf
+ description:
+ description: Description helps describe a GatewayClass with more details.
+ maxLength: 64
+ type: string
+ parametersRef:
+ description: |-
+ ParametersRef is a reference to a resource that contains the configuration
+ parameters corresponding to the GatewayClass. This is optional if the
+ controller does not require any additional configuration.
+
+
+ ParametersRef can reference a standard Kubernetes resource, i.e. ConfigMap,
+ or an implementation-specific custom resource. The resource can be
+ cluster-scoped or namespace-scoped.
+
+
+ If the referent cannot be found, the GatewayClass's "InvalidParameters"
+ status condition will be true.
+
+
+ A Gateway for this GatewayClass may provide its own `parametersRef`. When both are specified,
+ the merging behavior is implementation specific.
+ It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.
+
+
+ Support: Implementation-specific
properties:
- annotations:
- additionalProperties:
- description: AnnotationValue is the value of an annotation in
- Gateway API. This is used for validation of maps such as TLS
- options. This roughly matches Kubernetes annotation validation,
- although the length validation in that case is based on the
- entire size of the annotations struct.
- maxLength: 4096
- minLength: 0
- type: string
- description: "Annotations that SHOULD be applied to any resources
- created in response to this Gateway. \n For implementations
- creating other Kubernetes objects, this should be the `metadata.annotations`
- field on resources. For other implementations, this refers to
- any relevant (implementation specific) \"annotations\" concepts.
- \n An implementation may chose to add additional implementation-specific
- annotations as they see fit. \n Support: Extended"
- maxProperties: 8
- type: object
- labels:
- additionalProperties:
- description: AnnotationValue is the value of an annotation in
- Gateway API. This is used for validation of maps such as TLS
- options. This roughly matches Kubernetes annotation validation,
- although the length validation in that case is based on the
- entire size of the annotations struct.
- maxLength: 4096
- minLength: 0
- type: string
- description: "Labels that SHOULD be applied to any resources created
- in response to this Gateway. \n For implementations creating
- other Kubernetes objects, this should be the `metadata.labels`
- field on resources. For other implementations, this refers to
- any relevant (implementation specific) \"labels\" concepts.
- \n An implementation may chose to add additional implementation-specific
- labels as they see fit. \n Support: Extended"
- maxProperties: 8
- type: object
+ group:
+ description: Group is the group of the referent.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent.
+ This field is required when referring to a Namespace-scoped resource and
+ MUST be unset when referring to a Cluster-scoped resource.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - group
+ - kind
+ - name
type: object
- listeners:
- description: "Listeners associated with this Gateway. Listeners define
- logical endpoints that are bound on this Gateway's addresses. At
- least one Listener MUST be specified. \n Each Listener in a set
- of Listeners (for example, in a single Gateway) MUST be _distinct_,
- in that a traffic flow MUST be able to be assigned to exactly one
- listener. (This section uses \"set of Listeners\" rather than \"Listeners
- in a single Gateway\" because implementations MAY merge configuration
- from multiple Gateways onto a single data plane, and these rules
- _also_ apply in that case). \n Practically, this means that each
- listener in a set MUST have a unique combination of Port, Protocol,
- and, if supported by the protocol, Hostname. \n Some combinations
- of port, protocol, and TLS settings are considered Core support
- and MUST be supported by implementations based on their targeted
- conformance profile: \n HTTP Profile \n 1. HTTPRoute, Port: 80,
- Protocol: HTTP 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode:
- Terminate, TLS keypair provided \n TLS Profile \n 1. TLSRoute, Port:
- 443, Protocol: TLS, TLS Mode: Passthrough \n \"Distinct\" Listeners
- have the following property: \n The implementation can match inbound
- requests to a single distinct Listener. When multiple Listeners
- share values for fields (for example, two Listeners with the same
- Port value), the implementation can match requests to only one of
- the Listeners using other Listener fields. \n For example, the following
- Listener scenarios are distinct: \n 1. Multiple Listeners with the
- same Port that all use the \"HTTP\" Protocol that all have unique
- Hostname values. 2. Multiple Listeners with the same Port that use
- either the \"HTTPS\" or \"TLS\" Protocol that all have unique Hostname
- values. 3. A mixture of \"TCP\" and \"UDP\" Protocol Listeners,
- where no Listener with the same Protocol has the same Port value.
- \n Some fields in the Listener struct have possible values that
- affect whether the Listener is distinct. Hostname is particularly
- relevant for HTTP or HTTPS protocols. \n When using the Hostname
- value to select between same-Port, same-Protocol Listeners, the
- Hostname value must be different on each Listener for the Listener
- to be distinct. \n When the Listeners are distinct based on Hostname,
- inbound request hostnames MUST match from the most specific to least
- specific Hostname values to choose the correct Listener and its
- associated set of Routes. \n Exact matches must be processed before
- wildcard matches, and wildcard matches must be processed before
- fallback (empty Hostname value) matches. For example, `\"foo.example.com\"`
- takes precedence over `\"*.example.com\"`, and `\"*.example.com\"`
- takes precedence over `\"\"`. \n Additionally, if there are multiple
- wildcard entries, more specific wildcard entries must be processed
- before less specific wildcard entries. For example, `\"*.foo.example.com\"`
- takes precedence over `\"*.example.com\"`. The precise definition
- here is that the higher the number of dots in the hostname to the
- right of the wildcard character, the higher the precedence. \n The
- wildcard character will match any number of characters _and dots_
- to the left, however, so `\"*.example.com\"` will match both `\"foo.bar.example.com\"`
- _and_ `\"bar.example.com\"`. \n If a set of Listeners contains Listeners
- that are not distinct, then those Listeners are Conflicted, and
- the implementation MUST set the \"Conflicted\" condition in the
- Listener Status to \"True\". \n Implementations MAY choose to accept
- a Gateway with some Conflicted Listeners only if they only accept
- the partial Listener set that contains no Conflicted Listeners.
- To put this another way, implementations may accept a partial Listener
- set only if they throw out *all* the conflicting Listeners. No picking
- one of the conflicting listeners as the winner. This also means
- that the Gateway must have at least one non-conflicting Listener
- in this case, otherwise it violates the requirement that at least
- one Listener must be present. \n The implementation MUST set a \"ListenersNotValid\"
- condition on the Gateway Status when the Gateway contains Conflicted
- Listeners whether or not they accept the Gateway. That Condition
- SHOULD clearly indicate in the Message which Listeners are conflicted,
- and which are Accepted. Additionally, the Listener status for those
- listeners SHOULD indicate which Listeners are conflicted and not
- Accepted. \n A Gateway's Listeners are considered \"compatible\"
- if: \n 1. They are distinct. 2. The implementation can serve them
- in compliance with the Addresses requirement that all Listeners
- are available on all assigned addresses. \n Compatible combinations
- in Extended support are expected to vary across implementations.
- A combination that is compatible for one implementation may not
- be compatible for another. \n For example, an implementation that
- cannot serve both TCP and UDP listeners on the same address, or
- cannot mix HTTPS and generic TLS listens on the same port would
- not consider those cases compatible, even though they are distinct.
- \n Note that requests SHOULD match at most one Listener. For example,
- if Listeners are defined for \"foo.example.com\" and \"*.example.com\",
- a request to \"foo.example.com\" SHOULD only be routed using routes
- attached to the \"foo.example.com\" Listener (and not the \"*.example.com\"
- Listener). This concept is known as \"Listener Isolation\". Implementations
- that do not support Listener Isolation MUST clearly document this.
- \n Implementations MAY merge separate Gateways onto a single set
- of Addresses if all Listeners across all Gateways are compatible.
- \n Support: Core"
+ required:
+ - controllerName
+ type: object
+ status:
+ default:
+ conditions:
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Waiting
+ status: Unknown
+ type: Accepted
+ description: |-
+ Status defines the current state of GatewayClass.
+
+
+ Implementations MUST populate status on all GatewayClass resources which
+ specify their controller name.
+ properties:
+ conditions:
+ default:
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Accepted
+ description: |-
+ Conditions is the current status from the controller for
+ this GatewayClass.
+
+
+ Controllers should prefer to publish conditions using values
+ of GatewayClassConditionType for the type of each Condition.
items:
- description: Listener embodies the concept of a logical endpoint
- where a Gateway accepts network connections.
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource.\n---\nThis struct is intended for
+ direct use as an array at the field path .status.conditions. For
+ example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
+ observations of a foo's current state.\n\t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
+ \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
- allowedRoutes:
- default:
- namespaces:
- from: Same
- description: "AllowedRoutes defines the types of routes that
- MAY be attached to a Listener and the trusted namespaces where
- those Route resources MAY be present. \n Although a client
- request may match multiple route rules, only one rule may
- ultimately receive the request. Matching precedence MUST be
- determined in order of the following criteria: \n * The most
- specific match as defined by the Route type. * The oldest
- Route based on creation timestamp. For example, a Route with
- a creation timestamp of \"2020-09-08 01:02:03\" is given precedence
- over a Route with a creation timestamp of \"2020-09-08 01:02:04\".
- * If everything else is equivalent, the Route appearing first
- in alphabetical order (namespace/name) should be given precedence.
- For example, foo/bar is given precedence over foo/baz. \n
- All valid rules within a Route attached to this Listener should
- be implemented. Invalid Route rules can be ignored (sometimes
- that will mean the full Route). If a Route rule transitions
- from valid to invalid, support for that Route rule should
- be dropped to ensure consistency. For example, even if a filter
- specified by a Route rule is invalid, the rest of the rules
- within that Route should still be supported. \n Support: Core"
- properties:
- kinds:
- description: "Kinds specifies the groups and kinds of Routes
- that are allowed to bind to this Gateway Listener. When
- unspecified or empty, the kinds of Routes selected are
- determined using the Listener protocol. \n A RouteGroupKind
- MUST correspond to kinds of Routes that are compatible
- with the application protocol specified in the Listener's
- Protocol field. If an implementation does not support
- or recognize this resource type, it MUST set the \"ResolvedRefs\"
- condition to False for this Listener with the \"InvalidRouteKinds\"
- reason. \n Support: Core"
- items:
- description: RouteGroupKind indicates the group and kind
- of a Route resource.
- properties:
- group:
- default: gateway.networking.k8s.io
- description: Group is the group of the Route.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is the kind of the Route.
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- required:
- - kind
- type: object
- maxItems: 8
- type: array
- namespaces:
- default:
- from: Same
- description: "Namespaces indicates namespaces from which
- Routes may be attached to this Listener. This is restricted
- to the namespace of this Gateway by default. \n Support:
- Core"
- properties:
- from:
- default: Same
- description: "From indicates where Routes will be selected
- for this Gateway. Possible values are: \n * All: Routes
- in all namespaces may be used by this Gateway. * Selector:
- Routes in namespaces selected by the selector may
- be used by this Gateway. * Same: Only Routes in the
- same namespace may be used by this Gateway. \n Support:
- Core"
- enum:
- - All
- - Selector
- - Same
- type: string
- selector:
- description: "Selector must be specified when From is
- set to \"Selector\". In that case, only Routes in
- Namespaces matching this Selector will be selected
- by this Gateway. This field is ignored for other values
- of \"From\". \n Support: Core"
- properties:
- matchExpressions:
- description: matchExpressions is a list of label
- selector requirements. The requirements are ANDed.
- items:
- description: A label selector requirement is a
- selector that contains values, a key, and an
- operator that relates the key and values.
- properties:
- key:
- description: key is the label key that the
- selector applies to.
- type: string
- operator:
- description: operator represents a key's relationship
- to a set of values. Valid operators are
- In, NotIn, Exists and DoesNotExist.
- type: string
- values:
- description: values is an array of string
- values. If the operator is In or NotIn,
- the values array must be non-empty. If the
- operator is Exists or DoesNotExist, the
- values array must be empty. This array is
- replaced during a strategic merge patch.
- items:
- type: string
- type: array
- required:
- - key
- - operator
- type: object
- type: array
- matchLabels:
- additionalProperties:
- type: string
- description: matchLabels is a map of {key,value}
- pairs. A single {key,value} in the matchLabels
- map is equivalent to an element of matchExpressions,
- whose key field is "key", the operator is "In",
- and the values array contains only "value". The
- requirements are ANDed.
- type: object
- type: object
- x-kubernetes-map-type: atomic
- type: object
- type: object
- hostname:
- description: "Hostname specifies the virtual hostname to match
- for protocol types that define this concept. When unspecified,
- all hostnames are matched. This field is ignored for protocols
- that don't require hostname based matching. \n Implementations
- MUST apply Hostname matching appropriately for each of the
- following protocols: \n * TLS: The Listener Hostname MUST
- match the SNI. * HTTP: The Listener Hostname MUST match the
- Host header of the request. * HTTPS: The Listener Hostname
- SHOULD match at both the TLS and HTTP protocol layers as described
- above. If an implementation does not ensure that both the
- SNI and Host header match the Listener hostname, it MUST clearly
- document that. \n For HTTPRoute and TLSRoute resources, there
- is an interaction with the `spec.hostnames` array. When both
- listener and route specify hostnames, there MUST be an intersection
- between the values for a Route to be accepted. For more information,
- refer to the Route specific Hostnames documentation. \n Hostnames
- that are prefixed with a wildcard label (`*.`) are interpreted
- as a suffix match. That means that a match for `*.example.com`
- would match both `test.example.com`, and `foo.test.example.com`,
- but not `example.com`. \n Support: Core"
- maxLength: 253
- minLength: 1
- pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
type: string
- name:
- description: "Name is the name of the Listener. This name MUST
- be unique within a Gateway. \n Support: Core"
- maxLength: 253
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
type: string
- port:
- description: "Port is the network port. Multiple listeners may
- use the same port, subject to the Listener compatibility rules.
- \n Support: Core"
- format: int32
- maximum: 65535
- minimum: 1
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
type: integer
- protocol:
- description: "Protocol specifies the network protocol this listener
- expects to receive. \n Support: Core"
- maxLength: 255
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
minLength: 1
- pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
type: string
- tls:
- description: "TLS is the TLS configuration for the Listener.
- This field is required if the Protocol field is \"HTTPS\"
- or \"TLS\". It is invalid to set this field if the Protocol
- field is \"HTTP\", \"TCP\", or \"UDP\". \n The association
- of SNIs to Certificate defined in GatewayTLSConfig is defined
- based on the Hostname field for this listener. \n The GatewayClass
- MUST use the longest matching SNI out of all available certificates
- for any TLS handshake. \n Support: Core"
- properties:
- certificateRefs:
- description: "CertificateRefs contains a series of references
- to Kubernetes objects that contains TLS certificates and
- private keys. These certificates are used to establish
- a TLS handshake for requests that match the hostname of
- the associated listener. \n A single CertificateRef to
- a Kubernetes Secret has \"Core\" support. Implementations
- MAY choose to support attaching multiple certificates
- to a Listener, but this behavior is implementation-specific.
- \n References to a resource in different namespace are
- invalid UNLESS there is a ReferenceGrant in the target
- namespace that allows the certificate to be attached.
- If a ReferenceGrant does not allow this reference, the
- \"ResolvedRefs\" condition MUST be set to False for this
- listener with the \"RefNotPermitted\" reason. \n This
- field is required to have at least one element when the
- mode is set to \"Terminate\" (default) and is optional
- otherwise. \n CertificateRefs can reference to standard
- Kubernetes resources, i.e. Secret, or implementation-specific
- custom resources. \n Support: Core - A single reference
- to a Kubernetes Secret of type kubernetes.io/tls \n Support:
- Implementation-specific (More than one reference or other
- resource types)"
- items:
- description: "SecretObjectReference identifies an API
- object including its namespace, defaulting to Secret.
- \n The API object must be valid in the cluster; the
- Group and Kind must be registered in the cluster for
- this reference to be valid. \n References to objects
- with invalid Group and Kind are not valid, and must
- be rejected by the implementation, with appropriate
- Conditions set on the containing object."
- properties:
- group:
- default: ""
- description: Group is the group of the referent. For
- example, "gateway.networking.k8s.io". When unspecified
- or empty string, core API group is inferred.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- default: Secret
- description: Kind is kind of the referent. For example
- "Secret".
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ supportedFeatures:
+ description: |
+ SupportedFeatures is the set of features the GatewayClass support.
+ It MUST be sorted in ascending alphabetical order.
+ items:
+ description: |-
+ SupportedFeature is used to describe distinct features that are covered by
+ conformance tests.
+ type: string
+ maxItems: 64
+ type: array
+ x-kubernetes-list-type: set
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+#
+# config/crd/experimental/gateway.networking.k8s.io_gateways.yaml
+#
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
+ gateway.networking.k8s.io/channel: experimental
+ creationTimestamp: null
+ name: gateways.gateway.networking.k8s.io
+spec:
+ group: gateway.networking.k8s.io
+ names:
+ categories:
+ - gateway-api
+ kind: Gateway
+ listKind: GatewayList
+ plural: gateways
+ shortNames:
+ - gtw
+ singular: gateway
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.gatewayClassName
+ name: Class
+ type: string
+ - jsonPath: .status.addresses[*].value
+ name: Address
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Programmed")].status
+ name: Programmed
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Gateway represents an instance of a service-traffic handling infrastructure
+ by binding Listeners to a set of IP addresses.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of Gateway.
+ properties:
+ addresses:
+ description: |+
+ Addresses requested for this Gateway. This is optional and behavior can
+ depend on the implementation. If a value is set in the spec and the
+ requested address is invalid or unavailable, the implementation MUST
+ indicate this in the associated entry in GatewayStatus.Addresses.
+
+
+ The Addresses field represents a request for the address(es) on the
+ "outside of the Gateway", that traffic bound for this Gateway will use.
+ This could be the IP address or hostname of an external load balancer or
+ other networking infrastructure, or some other address that traffic will
+ be sent to.
+
+
+ If no Addresses are specified, the implementation MAY schedule the
+ Gateway in an implementation-specific manner, assigning an appropriate
+ set of Addresses.
+
+
+ The implementation MUST bind all Listeners to every GatewayAddress that
+ it assigns to the Gateway and add a corresponding entry in
+ GatewayStatus.Addresses.
+
+
+ Support: Extended
+
+
+ items:
+ description: GatewayAddress describes an address that can be bound
+ to a Gateway.
+ oneOf:
+ - properties:
+ type:
+ enum:
+ - IPAddress
+ value:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - properties:
+ type:
+ not:
+ enum:
+ - IPAddress
+ properties:
+ type:
+ default: IPAddress
+ description: Type of the address.
+ maxLength: 253
+ minLength: 1
+ pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
+ type: string
+ value:
+ description: |-
+ Value of the address. The validity of the values will depend
+ on the type and support by the controller.
+
+
+ Examples: `1.2.3.4`, `128::1`, `my-ip-address`.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - value
+ type: object
+ x-kubernetes-validations:
+ - message: Hostname value must only contain valid characters (matching
+ ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
+ rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
+ true'
+ maxItems: 16
+ type: array
+ x-kubernetes-validations:
+ - message: IPAddress values must be unique
+ rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2,
+ a2.type == a1.type && a2.value == a1.value) : true )'
+ - message: Hostname values must be unique
+ rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2,
+ a2.type == a1.type && a2.value == a1.value) : true )'
+ gatewayClassName:
+ description: |-
+ GatewayClassName used for this Gateway. This is the name of a
+ GatewayClass resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ infrastructure:
+ description: |+
+ Infrastructure defines infrastructure level attributes about this Gateway instance.
+
+
+ Support: Core
+
+
+ properties:
+ annotations:
+ additionalProperties:
+ description: |-
+ AnnotationValue is the value of an annotation in Gateway API. This is used
+ for validation of maps such as TLS options. This roughly matches Kubernetes
+ annotation validation, although the length validation in that case is based
+ on the entire size of the annotations struct.
+ maxLength: 4096
+ minLength: 0
+ type: string
+ description: |-
+ Annotations that SHOULD be applied to any resources created in response to this Gateway.
+
+
+ For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.
+ For other implementations, this refers to any relevant (implementation specific) "annotations" concepts.
+
+
+ An implementation may chose to add additional implementation-specific annotations as they see fit.
+
+
+ Support: Extended
+ maxProperties: 8
+ type: object
+ labels:
+ additionalProperties:
+ description: |-
+ AnnotationValue is the value of an annotation in Gateway API. This is used
+ for validation of maps such as TLS options. This roughly matches Kubernetes
+ annotation validation, although the length validation in that case is based
+ on the entire size of the annotations struct.
+ maxLength: 4096
+ minLength: 0
+ type: string
+ description: |-
+ Labels that SHOULD be applied to any resources created in response to this Gateway.
+
+
+ For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.
+ For other implementations, this refers to any relevant (implementation specific) "labels" concepts.
+
+
+ An implementation may chose to add additional implementation-specific labels as they see fit.
+
+
+ Support: Extended
+ maxProperties: 8
+ type: object
+ parametersRef:
+ description: |-
+ ParametersRef is a reference to a resource that contains the configuration
+ parameters corresponding to the Gateway. This is optional if the
+ controller does not require any additional configuration.
+
+
+ This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis
+
+
+ The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,
+ the merging behavior is implementation specific.
+ It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.
+
+
+ Support: Implementation-specific
+ properties:
+ group:
+ description: Group is the group of the referent.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ type: object
+ listeners:
+ description: |-
+ Listeners associated with this Gateway. Listeners define
+ logical endpoints that are bound on this Gateway's addresses.
+ At least one Listener MUST be specified.
+
+
+ Each Listener in a set of Listeners (for example, in a single Gateway)
+ MUST be _distinct_, in that a traffic flow MUST be able to be assigned to
+ exactly one listener. (This section uses "set of Listeners" rather than
+ "Listeners in a single Gateway" because implementations MAY merge configuration
+ from multiple Gateways onto a single data plane, and these rules _also_
+ apply in that case).
+
+
+ Practically, this means that each listener in a set MUST have a unique
+ combination of Port, Protocol, and, if supported by the protocol, Hostname.
+
+
+ Some combinations of port, protocol, and TLS settings are considered
+ Core support and MUST be supported by implementations based on their
+ targeted conformance profile:
+
+
+ HTTP Profile
+
+
+ 1. HTTPRoute, Port: 80, Protocol: HTTP
+ 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided
+
+
+ TLS Profile
+
+
+ 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough
+
+
+ "Distinct" Listeners have the following property:
+
+
+ The implementation can match inbound requests to a single distinct
+ Listener. When multiple Listeners share values for fields (for
+ example, two Listeners with the same Port value), the implementation
+ can match requests to only one of the Listeners using other
+ Listener fields.
+
+
+ For example, the following Listener scenarios are distinct:
+
+
+ 1. Multiple Listeners with the same Port that all use the "HTTP"
+ Protocol that all have unique Hostname values.
+ 2. Multiple Listeners with the same Port that use either the "HTTPS" or
+ "TLS" Protocol that all have unique Hostname values.
+ 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener
+ with the same Protocol has the same Port value.
+
+
+ Some fields in the Listener struct have possible values that affect
+ whether the Listener is distinct. Hostname is particularly relevant
+ for HTTP or HTTPS protocols.
+
+
+ When using the Hostname value to select between same-Port, same-Protocol
+ Listeners, the Hostname value must be different on each Listener for the
+ Listener to be distinct.
+
+
+ When the Listeners are distinct based on Hostname, inbound request
+ hostnames MUST match from the most specific to least specific Hostname
+ values to choose the correct Listener and its associated set of Routes.
+
+
+ Exact matches must be processed before wildcard matches, and wildcard
+ matches must be processed before fallback (empty Hostname value)
+ matches. For example, `"foo.example.com"` takes precedence over
+ `"*.example.com"`, and `"*.example.com"` takes precedence over `""`.
+
+
+ Additionally, if there are multiple wildcard entries, more specific
+ wildcard entries must be processed before less specific wildcard entries.
+ For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`.
+ The precise definition here is that the higher the number of dots in the
+ hostname to the right of the wildcard character, the higher the precedence.
+
+
+ The wildcard character will match any number of characters _and dots_ to
+ the left, however, so `"*.example.com"` will match both
+ `"foo.bar.example.com"` _and_ `"bar.example.com"`.
+
+
+ If a set of Listeners contains Listeners that are not distinct, then those
+ Listeners are Conflicted, and the implementation MUST set the "Conflicted"
+ condition in the Listener Status to "True".
+
+
+ Implementations MAY choose to accept a Gateway with some Conflicted
+ Listeners only if they only accept the partial Listener set that contains
+ no Conflicted Listeners. To put this another way, implementations may
+ accept a partial Listener set only if they throw out *all* the conflicting
+ Listeners. No picking one of the conflicting listeners as the winner.
+ This also means that the Gateway must have at least one non-conflicting
+ Listener in this case, otherwise it violates the requirement that at
+ least one Listener must be present.
+
+
+ The implementation MUST set a "ListenersNotValid" condition on the
+ Gateway Status when the Gateway contains Conflicted Listeners whether or
+ not they accept the Gateway. That Condition SHOULD clearly
+ indicate in the Message which Listeners are conflicted, and which are
+ Accepted. Additionally, the Listener status for those listeners SHOULD
+ indicate which Listeners are conflicted and not Accepted.
+
+
+ A Gateway's Listeners are considered "compatible" if:
+
+
+ 1. They are distinct.
+ 2. The implementation can serve them in compliance with the Addresses
+ requirement that all Listeners are available on all assigned
+ addresses.
+
+
+ Compatible combinations in Extended support are expected to vary across
+ implementations. A combination that is compatible for one implementation
+ may not be compatible for another.
+
+
+ For example, an implementation that cannot serve both TCP and UDP listeners
+ on the same address, or cannot mix HTTPS and generic TLS listens on the same port
+ would not consider those cases compatible, even though they are distinct.
+
+
+ Note that requests SHOULD match at most one Listener. For example, if
+ Listeners are defined for "foo.example.com" and "*.example.com", a
+ request to "foo.example.com" SHOULD only be routed using routes attached
+ to the "foo.example.com" Listener (and not the "*.example.com" Listener).
+ This concept is known as "Listener Isolation". Implementations that do
+ not support Listener Isolation MUST clearly document this.
+
+
+ Implementations MAY merge separate Gateways onto a single set of
+ Addresses if all Listeners across all Gateways are compatible.
+
+
+ Support: Core
+ items:
+ description: |-
+ Listener embodies the concept of a logical endpoint where a Gateway accepts
+ network connections.
+ properties:
+ allowedRoutes:
+ default:
+ namespaces:
+ from: Same
+ description: |-
+ AllowedRoutes defines the types of routes that MAY be attached to a
+ Listener and the trusted namespaces where those Route resources MAY be
+ present.
+
+
+ Although a client request may match multiple route rules, only one rule
+ may ultimately receive the request. Matching precedence MUST be
+ determined in order of the following criteria:
+
+
+ * The most specific match as defined by the Route type.
+ * The oldest Route based on creation timestamp. For example, a Route with
+ a creation timestamp of "2020-09-08 01:02:03" is given precedence over
+ a Route with a creation timestamp of "2020-09-08 01:02:04".
+ * If everything else is equivalent, the Route appearing first in
+ alphabetical order (namespace/name) should be given precedence. For
+ example, foo/bar is given precedence over foo/baz.
+
+
+ All valid rules within a Route attached to this Listener should be
+ implemented. Invalid Route rules can be ignored (sometimes that will mean
+ the full Route). If a Route rule transitions from valid to invalid,
+ support for that Route rule should be dropped to ensure consistency. For
+ example, even if a filter specified by a Route rule is invalid, the rest
+ of the rules within that Route should still be supported.
+
+
+ Support: Core
+ properties:
+ kinds:
+ description: |-
+ Kinds specifies the groups and kinds of Routes that are allowed to bind
+ to this Gateway Listener. When unspecified or empty, the kinds of Routes
+ selected are determined using the Listener protocol.
+
+
+ A RouteGroupKind MUST correspond to kinds of Routes that are compatible
+ with the application protocol specified in the Listener's Protocol field.
+ If an implementation does not support or recognize this resource type, it
+ MUST set the "ResolvedRefs" condition to False for this Listener with the
+ "InvalidRouteKinds" reason.
+
+
+ Support: Core
+ items:
+ description: RouteGroupKind indicates the group and kind
+ of a Route resource.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: Group is the group of the Route.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is the kind of the Route.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ required:
+ - kind
+ type: object
+ maxItems: 8
+ type: array
+ namespaces:
+ default:
+ from: Same
+ description: |-
+ Namespaces indicates namespaces from which Routes may be attached to this
+ Listener. This is restricted to the namespace of this Gateway by default.
+
+
+ Support: Core
+ properties:
+ from:
+ default: Same
+ description: |-
+ From indicates where Routes will be selected for this Gateway. Possible
+ values are:
+
+
+ * All: Routes in all namespaces may be used by this Gateway.
+ * Selector: Routes in namespaces selected by the selector may be used by
+ this Gateway.
+ * Same: Only Routes in the same namespace may be used by this Gateway.
+
+
+ Support: Core
+ enum:
+ - All
+ - Selector
+ - Same
+ type: string
+ selector:
+ description: |-
+ Selector must be specified when From is set to "Selector". In that case,
+ only Routes in Namespaces matching this Selector will be selected by this
+ Gateway. This field is ignored for other values of "From".
+
+
+ Support: Core
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ hostname:
+ description: |-
+ Hostname specifies the virtual hostname to match for protocol types that
+ define this concept. When unspecified, all hostnames are matched. This
+ field is ignored for protocols that don't require hostname based
+ matching.
+
+
+ Implementations MUST apply Hostname matching appropriately for each of
+ the following protocols:
+
+
+ * TLS: The Listener Hostname MUST match the SNI.
+ * HTTP: The Listener Hostname MUST match the Host header of the request.
+ * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP
+ protocol layers as described above. If an implementation does not
+ ensure that both the SNI and Host header match the Listener hostname,
+ it MUST clearly document that.
+
+
+ For HTTPRoute and TLSRoute resources, there is an interaction with the
+ `spec.hostnames` array. When both listener and route specify hostnames,
+ there MUST be an intersection between the values for a Route to be
+ accepted. For more information, refer to the Route specific Hostnames
+ documentation.
+
+
+ Hostnames that are prefixed with a wildcard label (`*.`) are interpreted
+ as a suffix match. That means that a match for `*.example.com` would match
+ both `test.example.com`, and `foo.test.example.com`, but not `example.com`.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ name:
+ description: |-
+ Name is the name of the Listener. This name MUST be unique within a
+ Gateway.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ port:
+ description: |-
+ Port is the network port. Multiple listeners may use the
+ same port, subject to the Listener compatibility rules.
+
+
+ Support: Core
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ protocol:
+ description: |-
+ Protocol specifies the network protocol this listener expects to receive.
+
+
+ Support: Core
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
+ type: string
+ tls:
+ description: |-
+ TLS is the TLS configuration for the Listener. This field is required if
+ the Protocol field is "HTTPS" or "TLS". It is invalid to set this field
+ if the Protocol field is "HTTP", "TCP", or "UDP".
+
+
+ The association of SNIs to Certificate defined in GatewayTLSConfig is
+ defined based on the Hostname field for this listener.
+
+
+ The GatewayClass MUST use the longest matching SNI out of all
+ available certificates for any TLS handshake.
+
+
+ Support: Core
+ properties:
+ certificateRefs:
+ description: |-
+ CertificateRefs contains a series of references to Kubernetes objects that
+ contains TLS certificates and private keys. These certificates are used to
+ establish a TLS handshake for requests that match the hostname of the
+ associated listener.
+
+
+ A single CertificateRef to a Kubernetes Secret has "Core" support.
+ Implementations MAY choose to support attaching multiple certificates to
+ a Listener, but this behavior is implementation-specific.
+
+
+ References to a resource in different namespace are invalid UNLESS there
+ is a ReferenceGrant in the target namespace that allows the certificate
+ to be attached. If a ReferenceGrant does not allow this reference, the
+ "ResolvedRefs" condition MUST be set to False for this listener with the
+ "RefNotPermitted" reason.
+
+
+ This field is required to have at least one element when the mode is set
+ to "Terminate" (default) and is optional otherwise.
+
+
+ CertificateRefs can reference to standard Kubernetes resources, i.e.
+ Secret, or implementation-specific custom resources.
+
+
+ Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls
+
+
+ Support: Implementation-specific (More than one reference or other resource types)
+ items:
+ description: |-
+ SecretObjectReference identifies an API object including its namespace,
+ defaulting to Secret.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
+
+
+ References to objects with invalid Group and Kind are not valid, and must
+ be rejected by the implementation, with appropriate Conditions set
+ on the containing object.
+ properties:
+ group:
+ default: ""
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Secret
+ description: Kind is kind of the referent. For example
+ "Secret".
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referenced object. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ maxItems: 64
+ type: array
+ frontendValidation:
+ description: |+
+ FrontendValidation holds configuration information for validating the frontend (client).
+ Setting this field will require clients to send a client certificate
+ required for validation during the TLS handshake. In browsers this may result in a dialog appearing
+ that requests a user to specify the client certificate.
+ The maximum depth of a certificate chain accepted in verification is Implementation specific.
+
+
+ Support: Extended
+
+
+ properties:
+ caCertificateRefs:
+ description: |-
+ CACertificateRefs contains one or more references to
+ Kubernetes objects that contain TLS certificates of
+ the Certificate Authorities that can be used
+ as a trust anchor to validate the certificates presented by the client.
+
+
+ A single CA certificate reference to a Kubernetes ConfigMap
+ has "Core" support.
+ Implementations MAY choose to support attaching multiple CA certificates to
+ a Listener, but this behavior is implementation-specific.
+
+
+ Support: Core - A single reference to a Kubernetes ConfigMap
+ with the CA certificate in a key named `ca.crt`.
+
+
+ Support: Implementation-specific (More than one reference, or other kinds
+ of resources).
+
+
+ References to a resource in a different namespace are invalid UNLESS there
+ is a ReferenceGrant in the target namespace that allows the certificate
+ to be attached. If a ReferenceGrant does not allow this reference, the
+ "ResolvedRefs" condition MUST be set to False for this listener with the
+ "RefNotPermitted" reason.
+ items:
+ description: |-
+ ObjectReference identifies an API object including its namespace.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
+
+
+ References to objects with invalid Group and Kind are not valid, and must
+ be rejected by the implementation, with appropriate Conditions set
+ on the containing object.
+ properties:
+ group:
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent. For
+ example "ConfigMap" or "Service".
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referenced object. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ maxItems: 8
+ minItems: 1
+ type: array
+ type: object
+ mode:
+ default: Terminate
+ description: |-
+ Mode defines the TLS behavior for the TLS session initiated by the client.
+ There are two possible modes:
+
+
+ - Terminate: The TLS session between the downstream client and the
+ Gateway is terminated at the Gateway. This mode requires certificates
+ to be specified in some way, such as populating the certificateRefs
+ field.
+ - Passthrough: The TLS session is NOT terminated by the Gateway. This
+ implies that the Gateway can't decipher the TLS stream except for
+ the ClientHello message of the TLS protocol. The certificateRefs field
+ is ignored in this mode.
+
+
+ Support: Core
+ enum:
+ - Terminate
+ - Passthrough
+ type: string
+ options:
+ additionalProperties:
+ description: |-
+ AnnotationValue is the value of an annotation in Gateway API. This is used
+ for validation of maps such as TLS options. This roughly matches Kubernetes
+ annotation validation, although the length validation in that case is based
+ on the entire size of the annotations struct.
+ maxLength: 4096
+ minLength: 0
+ type: string
+ description: |-
+ Options are a list of key/value pairs to enable extended TLS
+ configuration for each implementation. For example, configuring the
+ minimum TLS version or supported cipher suites.
+
+
+ A set of common keys MAY be defined by the API in the future. To avoid
+ any ambiguity, implementation-specific definitions MUST use
+ domain-prefixed names, such as `example.com/my-custom-option`.
+ Un-prefixed names are reserved for key names defined by Gateway API.
+
+
+ Support: Implementation-specific
+ maxProperties: 16
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: certificateRefs or options must be specified when
+ mode is Terminate
+ rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs)
+ > 0 || size(self.options) > 0 : true'
+ required:
+ - name
+ - port
+ - protocol
+ type: object
+ maxItems: 64
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: tls must not be specified for protocols ['HTTP', 'TCP',
+ 'UDP']
+ rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ?
+ !has(l.tls) : true)'
+ - message: tls mode must be Terminate for protocol HTTPS
+ rule: 'self.all(l, (l.protocol == ''HTTPS'' && has(l.tls)) ? (l.tls.mode
+ == '''' || l.tls.mode == ''Terminate'') : true)'
+ - message: hostname must not be specified for protocols ['TCP', 'UDP']
+ rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname)
+ || l.hostname == '''') : true)'
+ - message: Listener name must be unique within the Gateway
+ rule: self.all(l1, self.exists_one(l2, l1.name == l2.name))
+ - message: Combination of port, protocol and hostname must be unique
+ for each listener
+ rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol
+ == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname
+ == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))'
+ required:
+ - gatewayClassName
+ - listeners
+ type: object
+ status:
+ default:
+ conditions:
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Accepted
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Programmed
+ description: Status defines the current state of Gateway.
+ properties:
+ addresses:
+ description: |+
+ Addresses lists the network addresses that have been bound to the
+ Gateway.
+
+
+ This list may differ from the addresses provided in the spec under some
+ conditions:
+
+
+ * no addresses are specified, all addresses are dynamically assigned
+ * a combination of specified and dynamic addresses are assigned
+ * a specified address was unusable (e.g. already in use)
+
+
+ items:
+ description: GatewayStatusAddress describes a network address that
+ is bound to a Gateway.
+ oneOf:
+ - properties:
+ type:
+ enum:
+ - IPAddress
+ value:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - properties:
+ type:
+ not:
+ enum:
+ - IPAddress
+ properties:
+ type:
+ default: IPAddress
+ description: Type of the address.
+ maxLength: 253
+ minLength: 1
+ pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
+ type: string
+ value:
+ description: |-
+ Value of the address. The validity of the values will depend
+ on the type and support by the controller.
+
+
+ Examples: `1.2.3.4`, `128::1`, `my-ip-address`.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - value
+ type: object
+ x-kubernetes-validations:
+ - message: Hostname value must only contain valid characters (matching
+ ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
+ rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
+ true'
+ maxItems: 16
+ type: array
+ conditions:
+ default:
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Accepted
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Programmed
+ description: |-
+ Conditions describe the current conditions of the Gateway.
+
+
+ Implementations should prefer to express Gateway conditions
+ using the `GatewayConditionType` and `GatewayConditionReason`
+ constants so that operators and tools can converge on a common
+ vocabulary to describe Gateway state.
+
+
+ Known condition types are:
+
+
+ * "Accepted"
+ * "Programmed"
+ * "Ready"
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource.\n---\nThis struct is intended for
+ direct use as an array at the field path .status.conditions. For
+ example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
+ observations of a foo's current state.\n\t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
+ \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ listeners:
+ description: Listeners provide status for each unique listener port
+ defined in the Spec.
+ items:
+ description: ListenerStatus is the status associated with a Listener.
+ properties:
+ attachedRoutes:
+ description: |-
+ AttachedRoutes represents the total number of Routes that have been
+ successfully attached to this Listener.
+
+
+ Successful attachment of a Route to a Listener is based solely on the
+ combination of the AllowedRoutes field on the corresponding Listener
+ and the Route's ParentRefs field. A Route is successfully attached to
+ a Listener when it is selected by the Listener's AllowedRoutes field
+ AND the Route has a valid ParentRef selecting the whole Gateway
+ resource or a specific Listener as a parent resource (more detail on
+ attachment semantics can be found in the documentation on the various
+ Route kinds ParentRefs fields). Listener or Route status does not impact
+ successful attachment, i.e. the AttachedRoutes field count MUST be set
+ for Listeners with condition Accepted: false and MUST count successfully
+ attached Routes that may themselves have Accepted: false conditions.
+
+
+ Uses for this field include troubleshooting Route attachment and
+ measuring blast radius/impact of changes to a Listener.
+ format: int32
+ type: integer
+ conditions:
+ description: Conditions describe the current condition of this
+ listener.
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource.\n---\nThis struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ name:
+ description: Name is the name of the Listener that this status
+ corresponds to.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ supportedKinds:
+ description: |-
+ SupportedKinds is the list indicating the Kinds supported by this
+ listener. This MUST represent the kinds an implementation supports for
+ that Listener configuration.
+
+
+ If kinds are specified in Spec that are not supported, they MUST NOT
+ appear in this list and an implementation MUST set the "ResolvedRefs"
+ condition to "False" with the "InvalidRouteKinds" reason. If both valid
+ and invalid Route kinds are specified, the implementation MUST
+ reference the valid Route kinds that have been specified.
+ items:
+ description: RouteGroupKind indicates the group and kind of
+ a Route resource.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: Group is the group of the Route.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is the kind of the Route.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ required:
+ - kind
+ type: object
+ maxItems: 8
+ type: array
+ required:
+ - attachedRoutes
+ - conditions
+ - name
+ - supportedKinds
+ type: object
+ maxItems: 64
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: true
+ subresources:
+ status: {}
+ - additionalPrinterColumns:
+ - jsonPath: .spec.gatewayClassName
+ name: Class
+ type: string
+ - jsonPath: .status.addresses[*].value
+ name: Address
+ type: string
+ - jsonPath: .status.conditions[?(@.type=="Programmed")].status
+ name: Programmed
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1beta1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ Gateway represents an instance of a service-traffic handling infrastructure
+ by binding Listeners to a set of IP addresses.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of Gateway.
+ properties:
+ addresses:
+ description: |+
+ Addresses requested for this Gateway. This is optional and behavior can
+ depend on the implementation. If a value is set in the spec and the
+ requested address is invalid or unavailable, the implementation MUST
+ indicate this in the associated entry in GatewayStatus.Addresses.
+
+
+ The Addresses field represents a request for the address(es) on the
+ "outside of the Gateway", that traffic bound for this Gateway will use.
+ This could be the IP address or hostname of an external load balancer or
+ other networking infrastructure, or some other address that traffic will
+ be sent to.
+
+
+ If no Addresses are specified, the implementation MAY schedule the
+ Gateway in an implementation-specific manner, assigning an appropriate
+ set of Addresses.
+
+
+ The implementation MUST bind all Listeners to every GatewayAddress that
+ it assigns to the Gateway and add a corresponding entry in
+ GatewayStatus.Addresses.
+
+
+ Support: Extended
+
+
+ items:
+ description: GatewayAddress describes an address that can be bound
+ to a Gateway.
+ oneOf:
+ - properties:
+ type:
+ enum:
+ - IPAddress
+ value:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - properties:
+ type:
+ not:
+ enum:
+ - IPAddress
+ properties:
+ type:
+ default: IPAddress
+ description: Type of the address.
+ maxLength: 253
+ minLength: 1
+ pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
+ type: string
+ value:
+ description: |-
+ Value of the address. The validity of the values will depend
+ on the type and support by the controller.
+
+
+ Examples: `1.2.3.4`, `128::1`, `my-ip-address`.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - value
+ type: object
+ x-kubernetes-validations:
+ - message: Hostname value must only contain valid characters (matching
+ ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
+ rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
+ true'
+ maxItems: 16
+ type: array
+ x-kubernetes-validations:
+ - message: IPAddress values must be unique
+ rule: 'self.all(a1, a1.type == ''IPAddress'' ? self.exists_one(a2,
+ a2.type == a1.type && a2.value == a1.value) : true )'
+ - message: Hostname values must be unique
+ rule: 'self.all(a1, a1.type == ''Hostname'' ? self.exists_one(a2,
+ a2.type == a1.type && a2.value == a1.value) : true )'
+ gatewayClassName:
+ description: |-
+ GatewayClassName used for this Gateway. This is the name of a
+ GatewayClass resource.
+ maxLength: 253
+ minLength: 1
+ type: string
+ infrastructure:
+ description: |+
+ Infrastructure defines infrastructure level attributes about this Gateway instance.
+
+
+ Support: Core
+
+
+ properties:
+ annotations:
+ additionalProperties:
+ description: |-
+ AnnotationValue is the value of an annotation in Gateway API. This is used
+ for validation of maps such as TLS options. This roughly matches Kubernetes
+ annotation validation, although the length validation in that case is based
+ on the entire size of the annotations struct.
+ maxLength: 4096
+ minLength: 0
+ type: string
+ description: |-
+ Annotations that SHOULD be applied to any resources created in response to this Gateway.
+
+
+ For implementations creating other Kubernetes objects, this should be the `metadata.annotations` field on resources.
+ For other implementations, this refers to any relevant (implementation specific) "annotations" concepts.
+
+
+ An implementation may chose to add additional implementation-specific annotations as they see fit.
+
+
+ Support: Extended
+ maxProperties: 8
+ type: object
+ labels:
+ additionalProperties:
+ description: |-
+ AnnotationValue is the value of an annotation in Gateway API. This is used
+ for validation of maps such as TLS options. This roughly matches Kubernetes
+ annotation validation, although the length validation in that case is based
+ on the entire size of the annotations struct.
+ maxLength: 4096
+ minLength: 0
+ type: string
+ description: |-
+ Labels that SHOULD be applied to any resources created in response to this Gateway.
+
+
+ For implementations creating other Kubernetes objects, this should be the `metadata.labels` field on resources.
+ For other implementations, this refers to any relevant (implementation specific) "labels" concepts.
+
+
+ An implementation may chose to add additional implementation-specific labels as they see fit.
+
+
+ Support: Extended
+ maxProperties: 8
+ type: object
+ parametersRef:
+ description: |-
+ ParametersRef is a reference to a resource that contains the configuration
+ parameters corresponding to the Gateway. This is optional if the
+ controller does not require any additional configuration.
+
+
+ This follows the same semantics as GatewayClass's `parametersRef`, but on a per-Gateway basis
+
+
+ The Gateway's GatewayClass may provide its own `parametersRef`. When both are specified,
+ the merging behavior is implementation specific.
+ It is generally recommended that GatewayClass provides defaults that can be overridden by a Gateway.
+
+
+ Support: Implementation-specific
+ properties:
+ group:
+ description: Group is the group of the referent.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ type: object
+ listeners:
+ description: |-
+ Listeners associated with this Gateway. Listeners define
+ logical endpoints that are bound on this Gateway's addresses.
+ At least one Listener MUST be specified.
+
+
+ Each Listener in a set of Listeners (for example, in a single Gateway)
+ MUST be _distinct_, in that a traffic flow MUST be able to be assigned to
+ exactly one listener. (This section uses "set of Listeners" rather than
+ "Listeners in a single Gateway" because implementations MAY merge configuration
+ from multiple Gateways onto a single data plane, and these rules _also_
+ apply in that case).
+
+
+ Practically, this means that each listener in a set MUST have a unique
+ combination of Port, Protocol, and, if supported by the protocol, Hostname.
+
+
+ Some combinations of port, protocol, and TLS settings are considered
+ Core support and MUST be supported by implementations based on their
+ targeted conformance profile:
+
+
+ HTTP Profile
+
+
+ 1. HTTPRoute, Port: 80, Protocol: HTTP
+ 2. HTTPRoute, Port: 443, Protocol: HTTPS, TLS Mode: Terminate, TLS keypair provided
+
+
+ TLS Profile
+
+
+ 1. TLSRoute, Port: 443, Protocol: TLS, TLS Mode: Passthrough
+
+
+ "Distinct" Listeners have the following property:
+
+
+ The implementation can match inbound requests to a single distinct
+ Listener. When multiple Listeners share values for fields (for
+ example, two Listeners with the same Port value), the implementation
+ can match requests to only one of the Listeners using other
+ Listener fields.
+
+
+ For example, the following Listener scenarios are distinct:
+
+
+ 1. Multiple Listeners with the same Port that all use the "HTTP"
+ Protocol that all have unique Hostname values.
+ 2. Multiple Listeners with the same Port that use either the "HTTPS" or
+ "TLS" Protocol that all have unique Hostname values.
+ 3. A mixture of "TCP" and "UDP" Protocol Listeners, where no Listener
+ with the same Protocol has the same Port value.
+
+
+ Some fields in the Listener struct have possible values that affect
+ whether the Listener is distinct. Hostname is particularly relevant
+ for HTTP or HTTPS protocols.
+
+
+ When using the Hostname value to select between same-Port, same-Protocol
+ Listeners, the Hostname value must be different on each Listener for the
+ Listener to be distinct.
+
+
+ When the Listeners are distinct based on Hostname, inbound request
+ hostnames MUST match from the most specific to least specific Hostname
+ values to choose the correct Listener and its associated set of Routes.
+
+
+ Exact matches must be processed before wildcard matches, and wildcard
+ matches must be processed before fallback (empty Hostname value)
+ matches. For example, `"foo.example.com"` takes precedence over
+ `"*.example.com"`, and `"*.example.com"` takes precedence over `""`.
+
+
+ Additionally, if there are multiple wildcard entries, more specific
+ wildcard entries must be processed before less specific wildcard entries.
+ For example, `"*.foo.example.com"` takes precedence over `"*.example.com"`.
+ The precise definition here is that the higher the number of dots in the
+ hostname to the right of the wildcard character, the higher the precedence.
+
+
+ The wildcard character will match any number of characters _and dots_ to
+ the left, however, so `"*.example.com"` will match both
+ `"foo.bar.example.com"` _and_ `"bar.example.com"`.
+
+
+ If a set of Listeners contains Listeners that are not distinct, then those
+ Listeners are Conflicted, and the implementation MUST set the "Conflicted"
+ condition in the Listener Status to "True".
+
+
+ Implementations MAY choose to accept a Gateway with some Conflicted
+ Listeners only if they only accept the partial Listener set that contains
+ no Conflicted Listeners. To put this another way, implementations may
+ accept a partial Listener set only if they throw out *all* the conflicting
+ Listeners. No picking one of the conflicting listeners as the winner.
+ This also means that the Gateway must have at least one non-conflicting
+ Listener in this case, otherwise it violates the requirement that at
+ least one Listener must be present.
+
+
+ The implementation MUST set a "ListenersNotValid" condition on the
+ Gateway Status when the Gateway contains Conflicted Listeners whether or
+ not they accept the Gateway. That Condition SHOULD clearly
+ indicate in the Message which Listeners are conflicted, and which are
+ Accepted. Additionally, the Listener status for those listeners SHOULD
+ indicate which Listeners are conflicted and not Accepted.
+
+
+ A Gateway's Listeners are considered "compatible" if:
+
+
+ 1. They are distinct.
+ 2. The implementation can serve them in compliance with the Addresses
+ requirement that all Listeners are available on all assigned
+ addresses.
+
+
+ Compatible combinations in Extended support are expected to vary across
+ implementations. A combination that is compatible for one implementation
+ may not be compatible for another.
+
+
+ For example, an implementation that cannot serve both TCP and UDP listeners
+ on the same address, or cannot mix HTTPS and generic TLS listens on the same port
+ would not consider those cases compatible, even though they are distinct.
+
+
+ Note that requests SHOULD match at most one Listener. For example, if
+ Listeners are defined for "foo.example.com" and "*.example.com", a
+ request to "foo.example.com" SHOULD only be routed using routes attached
+ to the "foo.example.com" Listener (and not the "*.example.com" Listener).
+ This concept is known as "Listener Isolation". Implementations that do
+ not support Listener Isolation MUST clearly document this.
+
+
+ Implementations MAY merge separate Gateways onto a single set of
+ Addresses if all Listeners across all Gateways are compatible.
+
+
+ Support: Core
+ items:
+ description: |-
+ Listener embodies the concept of a logical endpoint where a Gateway accepts
+ network connections.
+ properties:
+ allowedRoutes:
+ default:
+ namespaces:
+ from: Same
+ description: |-
+ AllowedRoutes defines the types of routes that MAY be attached to a
+ Listener and the trusted namespaces where those Route resources MAY be
+ present.
+
+
+ Although a client request may match multiple route rules, only one rule
+ may ultimately receive the request. Matching precedence MUST be
+ determined in order of the following criteria:
+
+
+ * The most specific match as defined by the Route type.
+ * The oldest Route based on creation timestamp. For example, a Route with
+ a creation timestamp of "2020-09-08 01:02:03" is given precedence over
+ a Route with a creation timestamp of "2020-09-08 01:02:04".
+ * If everything else is equivalent, the Route appearing first in
+ alphabetical order (namespace/name) should be given precedence. For
+ example, foo/bar is given precedence over foo/baz.
+
+
+ All valid rules within a Route attached to this Listener should be
+ implemented. Invalid Route rules can be ignored (sometimes that will mean
+ the full Route). If a Route rule transitions from valid to invalid,
+ support for that Route rule should be dropped to ensure consistency. For
+ example, even if a filter specified by a Route rule is invalid, the rest
+ of the rules within that Route should still be supported.
+
+
+ Support: Core
+ properties:
+ kinds:
+ description: |-
+ Kinds specifies the groups and kinds of Routes that are allowed to bind
+ to this Gateway Listener. When unspecified or empty, the kinds of Routes
+ selected are determined using the Listener protocol.
+
+
+ A RouteGroupKind MUST correspond to kinds of Routes that are compatible
+ with the application protocol specified in the Listener's Protocol field.
+ If an implementation does not support or recognize this resource type, it
+ MUST set the "ResolvedRefs" condition to False for this Listener with the
+ "InvalidRouteKinds" reason.
+
+
+ Support: Core
+ items:
+ description: RouteGroupKind indicates the group and kind
+ of a Route resource.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: Group is the group of the Route.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is the kind of the Route.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ required:
+ - kind
+ type: object
+ maxItems: 8
+ type: array
+ namespaces:
+ default:
+ from: Same
+ description: |-
+ Namespaces indicates namespaces from which Routes may be attached to this
+ Listener. This is restricted to the namespace of this Gateway by default.
+
+
+ Support: Core
+ properties:
+ from:
+ default: Same
+ description: |-
+ From indicates where Routes will be selected for this Gateway. Possible
+ values are:
+
+
+ * All: Routes in all namespaces may be used by this Gateway.
+ * Selector: Routes in namespaces selected by the selector may be used by
+ this Gateway.
+ * Same: Only Routes in the same namespace may be used by this Gateway.
+
+
+ Support: Core
+ enum:
+ - All
+ - Selector
+ - Same
+ type: string
+ selector:
+ description: |-
+ Selector must be specified when From is set to "Selector". In that case,
+ only Routes in Namespaces matching this Selector will be selected by this
+ Gateway. This field is ignored for other values of "From".
+
+
+ Support: Core
+ properties:
+ matchExpressions:
+ description: matchExpressions is a list of label
+ selector requirements. The requirements are ANDed.
+ items:
+ description: |-
+ A label selector requirement is a selector that contains values, a key, and an operator that
+ relates the key and values.
+ properties:
+ key:
+ description: key is the label key that the
+ selector applies to.
+ type: string
+ operator:
+ description: |-
+ operator represents a key's relationship to a set of values.
+ Valid operators are In, NotIn, Exists and DoesNotExist.
+ type: string
+ values:
+ description: |-
+ values is an array of string values. If the operator is In or NotIn,
+ the values array must be non-empty. If the operator is Exists or DoesNotExist,
+ the values array must be empty. This array is replaced during a strategic
+ merge patch.
+ items:
+ type: string
+ type: array
+ x-kubernetes-list-type: atomic
+ required:
+ - key
+ - operator
+ type: object
+ type: array
+ x-kubernetes-list-type: atomic
+ matchLabels:
+ additionalProperties:
+ type: string
+ description: |-
+ matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+ map is equivalent to an element of matchExpressions, whose key field is "key", the
+ operator is "In", and the values array contains only "value". The requirements are ANDed.
+ type: object
+ type: object
+ x-kubernetes-map-type: atomic
+ type: object
+ type: object
+ hostname:
+ description: |-
+ Hostname specifies the virtual hostname to match for protocol types that
+ define this concept. When unspecified, all hostnames are matched. This
+ field is ignored for protocols that don't require hostname based
+ matching.
+
+
+ Implementations MUST apply Hostname matching appropriately for each of
+ the following protocols:
+
+
+ * TLS: The Listener Hostname MUST match the SNI.
+ * HTTP: The Listener Hostname MUST match the Host header of the request.
+ * HTTPS: The Listener Hostname SHOULD match at both the TLS and HTTP
+ protocol layers as described above. If an implementation does not
+ ensure that both the SNI and Host header match the Listener hostname,
+ it MUST clearly document that.
+
+
+ For HTTPRoute and TLSRoute resources, there is an interaction with the
+ `spec.hostnames` array. When both listener and route specify hostnames,
+ there MUST be an intersection between the values for a Route to be
+ accepted. For more information, refer to the Route specific Hostnames
+ documentation.
+
+
+ Hostnames that are prefixed with a wildcard label (`*.`) are interpreted
+ as a suffix match. That means that a match for `*.example.com` would match
+ both `test.example.com`, and `foo.test.example.com`, but not `example.com`.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ name:
+ description: |-
+ Name is the name of the Listener. This name MUST be unique within a
+ Gateway.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ port:
+ description: |-
+ Port is the network port. Multiple listeners may use the
+ same port, subject to the Listener compatibility rules.
+
+
+ Support: Core
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ protocol:
+ description: |-
+ Protocol specifies the network protocol this listener expects to receive.
+
+
+ Support: Core
+ maxLength: 255
+ minLength: 1
+ pattern: ^[a-zA-Z0-9]([-a-zSA-Z0-9]*[a-zA-Z0-9])?$|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9]+$
+ type: string
+ tls:
+ description: |-
+ TLS is the TLS configuration for the Listener. This field is required if
+ the Protocol field is "HTTPS" or "TLS". It is invalid to set this field
+ if the Protocol field is "HTTP", "TCP", or "UDP".
+
+
+ The association of SNIs to Certificate defined in GatewayTLSConfig is
+ defined based on the Hostname field for this listener.
+
+
+ The GatewayClass MUST use the longest matching SNI out of all
+ available certificates for any TLS handshake.
+
+
+ Support: Core
+ properties:
+ certificateRefs:
+ description: |-
+ CertificateRefs contains a series of references to Kubernetes objects that
+ contains TLS certificates and private keys. These certificates are used to
+ establish a TLS handshake for requests that match the hostname of the
+ associated listener.
+
+
+ A single CertificateRef to a Kubernetes Secret has "Core" support.
+ Implementations MAY choose to support attaching multiple certificates to
+ a Listener, but this behavior is implementation-specific.
+
+
+ References to a resource in different namespace are invalid UNLESS there
+ is a ReferenceGrant in the target namespace that allows the certificate
+ to be attached. If a ReferenceGrant does not allow this reference, the
+ "ResolvedRefs" condition MUST be set to False for this listener with the
+ "RefNotPermitted" reason.
+
+
+ This field is required to have at least one element when the mode is set
+ to "Terminate" (default) and is optional otherwise.
+
+
+ CertificateRefs can reference to standard Kubernetes resources, i.e.
+ Secret, or implementation-specific custom resources.
+
+
+ Support: Core - A single reference to a Kubernetes Secret of type kubernetes.io/tls
+
+
+ Support: Implementation-specific (More than one reference or other resource types)
+ items:
+ description: |-
+ SecretObjectReference identifies an API object including its namespace,
+ defaulting to Secret.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
+
+
+ References to objects with invalid Group and Kind are not valid, and must
+ be rejected by the implementation, with appropriate Conditions set
+ on the containing object.
+ properties:
+ group:
+ default: ""
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Secret
+ description: Kind is kind of the referent. For example
+ "Secret".
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referenced object. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - name
+ type: object
+ maxItems: 64
+ type: array
+ frontendValidation:
+ description: |+
+ FrontendValidation holds configuration information for validating the frontend (client).
+ Setting this field will require clients to send a client certificate
+ required for validation during the TLS handshake. In browsers this may result in a dialog appearing
+ that requests a user to specify the client certificate.
+ The maximum depth of a certificate chain accepted in verification is Implementation specific.
+
+
+ Support: Extended
+
+
+ properties:
+ caCertificateRefs:
+ description: |-
+ CACertificateRefs contains one or more references to
+ Kubernetes objects that contain TLS certificates of
+ the Certificate Authorities that can be used
+ as a trust anchor to validate the certificates presented by the client.
+
+
+ A single CA certificate reference to a Kubernetes ConfigMap
+ has "Core" support.
+ Implementations MAY choose to support attaching multiple CA certificates to
+ a Listener, but this behavior is implementation-specific.
+
+
+ Support: Core - A single reference to a Kubernetes ConfigMap
+ with the CA certificate in a key named `ca.crt`.
+
+
+ Support: Implementation-specific (More than one reference, or other kinds
+ of resources).
+
+
+ References to a resource in a different namespace are invalid UNLESS there
+ is a ReferenceGrant in the target namespace that allows the certificate
+ to be attached. If a ReferenceGrant does not allow this reference, the
+ "ResolvedRefs" condition MUST be set to False for this listener with the
+ "RefNotPermitted" reason.
+ items:
+ description: |-
+ ObjectReference identifies an API object including its namespace.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
+
+
+ References to objects with invalid Group and Kind are not valid, and must
+ be rejected by the implementation, with appropriate Conditions set
+ on the containing object.
+ properties:
+ group:
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent. For
+ example "ConfigMap" or "Service".
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referenced object. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ maxItems: 8
+ minItems: 1
+ type: array
+ type: object
+ mode:
+ default: Terminate
+ description: |-
+ Mode defines the TLS behavior for the TLS session initiated by the client.
+ There are two possible modes:
+
+
+ - Terminate: The TLS session between the downstream client and the
+ Gateway is terminated at the Gateway. This mode requires certificates
+ to be specified in some way, such as populating the certificateRefs
+ field.
+ - Passthrough: The TLS session is NOT terminated by the Gateway. This
+ implies that the Gateway can't decipher the TLS stream except for
+ the ClientHello message of the TLS protocol. The certificateRefs field
+ is ignored in this mode.
+
+
+ Support: Core
+ enum:
+ - Terminate
+ - Passthrough
+ type: string
+ options:
+ additionalProperties:
+ description: |-
+ AnnotationValue is the value of an annotation in Gateway API. This is used
+ for validation of maps such as TLS options. This roughly matches Kubernetes
+ annotation validation, although the length validation in that case is based
+ on the entire size of the annotations struct.
+ maxLength: 4096
+ minLength: 0
+ type: string
+ description: |-
+ Options are a list of key/value pairs to enable extended TLS
+ configuration for each implementation. For example, configuring the
+ minimum TLS version or supported cipher suites.
+
+
+ A set of common keys MAY be defined by the API in the future. To avoid
+ any ambiguity, implementation-specific definitions MUST use
+ domain-prefixed names, such as `example.com/my-custom-option`.
+ Un-prefixed names are reserved for key names defined by Gateway API.
+
+
+ Support: Implementation-specific
+ maxProperties: 16
+ type: object
+ type: object
+ x-kubernetes-validations:
+ - message: certificateRefs or options must be specified when
+ mode is Terminate
+ rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs)
+ > 0 || size(self.options) > 0 : true'
+ required:
+ - name
+ - port
+ - protocol
+ type: object
+ maxItems: 64
+ minItems: 1
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ x-kubernetes-validations:
+ - message: tls must not be specified for protocols ['HTTP', 'TCP',
+ 'UDP']
+ rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ?
+ !has(l.tls) : true)'
+ - message: tls mode must be Terminate for protocol HTTPS
+ rule: 'self.all(l, (l.protocol == ''HTTPS'' && has(l.tls)) ? (l.tls.mode
+ == '''' || l.tls.mode == ''Terminate'') : true)'
+ - message: hostname must not be specified for protocols ['TCP', 'UDP']
+ rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname)
+ || l.hostname == '''') : true)'
+ - message: Listener name must be unique within the Gateway
+ rule: self.all(l1, self.exists_one(l2, l1.name == l2.name))
+ - message: Combination of port, protocol and hostname must be unique
+ for each listener
+ rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol
+ == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname
+ == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))'
+ required:
+ - gatewayClassName
+ - listeners
+ type: object
+ status:
+ default:
+ conditions:
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Accepted
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Programmed
+ description: Status defines the current state of Gateway.
+ properties:
+ addresses:
+ description: |+
+ Addresses lists the network addresses that have been bound to the
+ Gateway.
+
+
+ This list may differ from the addresses provided in the spec under some
+ conditions:
+
+
+ * no addresses are specified, all addresses are dynamically assigned
+ * a combination of specified and dynamic addresses are assigned
+ * a specified address was unusable (e.g. already in use)
+
+
+ items:
+ description: GatewayStatusAddress describes a network address that
+ is bound to a Gateway.
+ oneOf:
+ - properties:
+ type:
+ enum:
+ - IPAddress
+ value:
+ anyOf:
+ - format: ipv4
+ - format: ipv6
+ - properties:
+ type:
+ not:
+ enum:
+ - IPAddress
+ properties:
+ type:
+ default: IPAddress
+ description: Type of the address.
+ maxLength: 253
+ minLength: 1
+ pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
+ type: string
+ value:
+ description: |-
+ Value of the address. The validity of the values will depend
+ on the type and support by the controller.
+
+
+ Examples: `1.2.3.4`, `128::1`, `my-ip-address`.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - value
+ type: object
+ x-kubernetes-validations:
+ - message: Hostname value must only contain valid characters (matching
+ ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
+ rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
+ true'
+ maxItems: 16
+ type: array
+ conditions:
+ default:
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Accepted
+ - lastTransitionTime: "1970-01-01T00:00:00Z"
+ message: Waiting for controller
+ reason: Pending
+ status: Unknown
+ type: Programmed
+ description: |-
+ Conditions describe the current conditions of the Gateway.
+
+
+ Implementations should prefer to express Gateway conditions
+ using the `GatewayConditionType` and `GatewayConditionReason`
+ constants so that operators and tools can converge on a common
+ vocabulary to describe Gateway state.
+
+
+ Known condition types are:
+
+
+ * "Accepted"
+ * "Programmed"
+ * "Ready"
+ items:
+ description: "Condition contains details for one aspect of the current
+ state of this API Resource.\n---\nThis struct is intended for
+ direct use as an array at the field path .status.conditions. For
+ example,\n\n\n\ttype FooStatus struct{\n\t // Represents the
+ observations of a foo's current state.\n\t // Known .status.conditions.type
+ are: \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t // +listType=map\n\t
+ \ // +listMapKey=type\n\t Conditions []metav1.Condition `json:\"conditions,omitempty\"
+ patchStrategy:\"merge\" patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False, Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ listeners:
+ description: Listeners provide status for each unique listener port
+ defined in the Spec.
+ items:
+ description: ListenerStatus is the status associated with a Listener.
+ properties:
+ attachedRoutes:
+ description: |-
+ AttachedRoutes represents the total number of Routes that have been
+ successfully attached to this Listener.
+
+
+ Successful attachment of a Route to a Listener is based solely on the
+ combination of the AllowedRoutes field on the corresponding Listener
+ and the Route's ParentRefs field. A Route is successfully attached to
+ a Listener when it is selected by the Listener's AllowedRoutes field
+ AND the Route has a valid ParentRef selecting the whole Gateway
+ resource or a specific Listener as a parent resource (more detail on
+ attachment semantics can be found in the documentation on the various
+ Route kinds ParentRefs fields). Listener or Route status does not impact
+ successful attachment, i.e. the AttachedRoutes field count MUST be set
+ for Listeners with condition Accepted: false and MUST count successfully
+ attached Routes that may themselves have Accepted: false conditions.
+
+
+ Uses for this field include troubleshooting Route attachment and
+ measuring blast radius/impact of changes to a Listener.
+ format: int32
+ type: integer
+ conditions:
+ description: Conditions describe the current condition of this
+ listener.
+ items:
+ description: "Condition contains details for one aspect of
+ the current state of this API Resource.\n---\nThis struct
+ is intended for direct use as an array at the field path
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
+ properties:
+ lastTransitionTime:
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
+ format: date-time
+ type: string
+ message:
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
+ maxLength: 32768
+ type: string
+ observedGeneration:
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
+ format: int64
+ minimum: 0
+ type: integer
+ reason:
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
+ maxLength: 1024
+ minLength: 1
+ pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
+ type: string
+ status:
+ description: status of the condition, one of True, False,
+ Unknown.
+ enum:
+ - "True"
+ - "False"
+ - Unknown
+ type: string
+ type:
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ maxLength: 316
+ pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
+ type: string
+ required:
+ - lastTransitionTime
+ - message
+ - reason
+ - status
+ - type
+ type: object
+ maxItems: 8
+ type: array
+ x-kubernetes-list-map-keys:
+ - type
+ x-kubernetes-list-type: map
+ name:
+ description: Name is the name of the Listener that this status
+ corresponds to.
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ supportedKinds:
+ description: |-
+ SupportedKinds is the list indicating the Kinds supported by this
+ listener. This MUST represent the kinds an implementation supports for
+ that Listener configuration.
+
+
+ If kinds are specified in Spec that are not supported, they MUST NOT
+ appear in this list and an implementation MUST set the "ResolvedRefs"
+ condition to "False" with the "InvalidRouteKinds" reason. If both valid
+ and invalid Route kinds are specified, the implementation MUST
+ reference the valid Route kinds that have been specified.
+ items:
+ description: RouteGroupKind indicates the group and kind of
+ a Route resource.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: Group is the group of the Route.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is the kind of the Route.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ required:
+ - kind
+ type: object
+ maxItems: 8
+ type: array
+ required:
+ - attachedRoutes
+ - conditions
+ - name
+ - supportedKinds
+ type: object
+ maxItems: 64
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ required:
+ - spec
+ type: object
+ served: true
+ storage: false
+ subresources:
+ status: {}
+status:
+ acceptedNames:
+ kind: ""
+ plural: ""
+ conditions: null
+ storedVersions: null
+---
+#
+# config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml
+#
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+ annotations:
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
+ gateway.networking.k8s.io/channel: experimental
+ creationTimestamp: null
+ name: grpcroutes.gateway.networking.k8s.io
+spec:
+ group: gateway.networking.k8s.io
+ names:
+ categories:
+ - gateway-api
+ kind: GRPCRoute
+ listKind: GRPCRouteList
+ plural: grpcroutes
+ singular: grpcroute
+ scope: Namespaced
+ versions:
+ - additionalPrinterColumns:
+ - jsonPath: .spec.hostnames
+ name: Hostnames
+ type: string
+ - jsonPath: .metadata.creationTimestamp
+ name: Age
+ type: date
+ name: v1
+ schema:
+ openAPIV3Schema:
+ description: |-
+ GRPCRoute provides a way to route gRPC requests. This includes the capability
+ to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.
+ Filters can be used to specify additional processing steps. Backends specify
+ where matching requests will be routed.
+
+
+ GRPCRoute falls under extended support within the Gateway API. Within the
+ following specification, the word "MUST" indicates that an implementation
+ supporting GRPCRoute must conform to the indicated requirement, but an
+ implementation not supporting this route type need not follow the requirement
+ unless explicitly indicated.
+
+
+ Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST
+ accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via
+ ALPN. If the implementation does not support this, then it MUST set the
+ "Accepted" condition to "False" for the affected listener with a reason of
+ "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections
+ with an upgrade from HTTP/1.
+
+
+ Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST
+ support HTTP/2 over cleartext TCP (h2c,
+ https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial
+ upgrade from HTTP/1.1, i.e. with prior knowledge
+ (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation
+ does not support this, then it MUST set the "Accepted" condition to "False"
+ for the affected listener with a reason of "UnsupportedProtocol".
+ Implementations MAY also accept HTTP/2 connections with an upgrade from
+ HTTP/1, i.e. without prior knowledge.
+ properties:
+ apiVersion:
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
+ type: string
+ kind:
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
+ type: string
+ metadata:
+ type: object
+ spec:
+ description: Spec defines the desired state of GRPCRoute.
+ properties:
+ hostnames:
+ description: |-
+ Hostnames defines a set of hostnames to match against the GRPC
+ Host header to select a GRPCRoute to process the request. This matches
+ the RFC 1123 definition of a hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label MUST appear by itself as the first label.
+
+
+ If a hostname is specified by both the Listener and GRPCRoute, there
+ MUST be at least one intersecting hostname for the GRPCRoute to be
+ attached to the Listener. For example:
+
+
+ * A Listener with `test.example.com` as the hostname matches GRPCRoutes
+ that have either not specified any hostnames, or have specified at
+ least one of `test.example.com` or `*.example.com`.
+ * A Listener with `*.example.com` as the hostname matches GRPCRoutes
+ that have either not specified any hostnames or have specified at least
+ one hostname that matches the Listener hostname. For example,
+ `test.example.com` and `*.example.com` would both match. On the other
+ hand, `example.com` and `test.example.net` would not match.
+
+
+ Hostnames that are prefixed with a wildcard label (`*.`) are interpreted
+ as a suffix match. That means that a match for `*.example.com` would match
+ both `test.example.com`, and `foo.test.example.com`, but not `example.com`.
+
+
+ If both the Listener and GRPCRoute have specified hostnames, any
+ GRPCRoute hostnames that do not match the Listener hostname MUST be
+ ignored. For example, if a Listener specified `*.example.com`, and the
+ GRPCRoute specified `test.example.com` and `test.example.net`,
+ `test.example.net` MUST NOT be considered for a match.
+
+
+ If both the Listener and GRPCRoute have specified hostnames, and none
+ match with the criteria above, then the GRPCRoute MUST NOT be accepted by
+ the implementation. The implementation MUST raise an 'Accepted' Condition
+ with a status of `False` in the corresponding RouteParentStatus.
+
+
+ If a Route (A) of type HTTPRoute or GRPCRoute is attached to a
+ Listener and that listener already has another Route (B) of the other
+ type attached and the intersection of the hostnames of A and B is
+ non-empty, then the implementation MUST accept exactly one of these two
+ routes, determined by the following criteria, in order:
+
+
+ * The oldest Route based on creation timestamp.
+ * The Route appearing first in alphabetical order by
+ "{namespace}/{name}".
+
+
+ The rejected Route MUST raise an 'Accepted' condition with a status of
+ 'False' in the corresponding RouteParentStatus.
+
+
+ Support: Core
+ items:
+ description: |-
+ Hostname is the fully qualified domain name of a network host. This matches
+ the RFC 1123 definition of a hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label must appear by itself as the first label.
+
+
+ Hostname can be "precise" which is a domain name without the terminating
+ dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
+ domain name prefixed with a single wildcard label (e.g. `*.example.com`).
+
+
+ Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+ alphanumeric characters or '-', and must start and end with an alphanumeric
+ character. No other punctuation is allowed.
+ maxLength: 253
+ minLength: 1
+ pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ maxItems: 16
+ type: array
+ parentRefs:
+ description: |+
+ ParentRefs references the resources (usually Gateways) that a Route wants
+ to be attached to. Note that the referenced parent resource needs to
+ allow this for the attachment to be complete. For Gateways, that means
+ the Gateway needs to allow attachment from Routes of this kind and
+ namespace. For Services, that means the Service must either be in the same
+ namespace for a "producer" route, or the mesh implementation must support
+ and allow "consumer" routes for the referenced Service. ReferenceGrant is
+ not applicable for governing ParentRefs to Services - it is not possible to
+ create a "producer" route for a Service in a different namespace from the
+ Route.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ ParentRefs must be _distinct_. This means either that:
+
+
+ * They select different objects. If this is the case, then parentRef
+ entries are distinct. In terms of fields, this means that the
+ multi-part key defined by `group`, `kind`, `namespace`, and `name` must
+ be unique across all parentRef entries in the Route.
+ * They do not select different objects, but for each optional field used,
+ each ParentRef that selects the same object must set the same set of
+ optional fields to different values. If one ParentRef sets a
+ combination of optional fields, all must set the same combination.
+
+
+ Some examples:
+
+
+ * If one ParentRef sets `sectionName`, all ParentRefs referencing the
+ same object must also set `sectionName`.
+ * If one ParentRef sets `port`, all ParentRefs referencing the same
+ object must also set `port`.
+ * If one ParentRef sets `sectionName` and `port`, all ParentRefs
+ referencing the same object must also set `sectionName` and `port`.
+
+
+ It is possible to separately reference multiple distinct objects that may
+ be collapsed by an implementation. For example, some implementations may
+ choose to merge compatible Gateway Listeners together. If that is the
+ case, the list of routes attached to those resources should also be
+ merged.
+
+
+ Note that for ParentRefs that cross namespace boundaries, there are specific
+ rules. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example,
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable other kinds of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+
+
+
+ items:
+ description: |-
+ ParentReference identifies an API object (usually a Gateway) that can be considered
+ a parent of this resource (usually a route). There are two kinds of parent resources
+ with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Gateway
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ sectionName:
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - name
+ type: object
+ maxItems: 32
+ type: array
+ x-kubernetes-validations:
+ - message: sectionName or port must be specified when parentRefs includes
+ 2 or more references to the same parent
+ rule: 'self.all(p1, self.all(p2, p1.group == p2.group && p1.kind
+ == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
+ || p1.__namespace__ == '''') && (!has(p2.__namespace__) || p2.__namespace__
+ == '''')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
+ p1.__namespace__ == p2.__namespace__)) ? ((!has(p1.sectionName)
+ || p1.sectionName == '''') == (!has(p2.sectionName) || p2.sectionName
+ == '''') && (!has(p1.port) || p1.port == 0) == (!has(p2.port)
+ || p2.port == 0)): true))'
+ - message: sectionName or port must be unique when parentRefs includes
+ 2 or more references to the same parent
+ rule: self.all(p1, self.exists_one(p2, p1.group == p2.group && p1.kind
+ == p2.kind && p1.name == p2.name && (((!has(p1.__namespace__)
+ || p1.__namespace__ == '') && (!has(p2.__namespace__) || p2.__namespace__
+ == '')) || (has(p1.__namespace__) && has(p2.__namespace__) &&
+ p1.__namespace__ == p2.__namespace__ )) && (((!has(p1.sectionName)
+ || p1.sectionName == '') && (!has(p2.sectionName) || p2.sectionName
+ == '')) || ( has(p1.sectionName) && has(p2.sectionName) && p1.sectionName
+ == p2.sectionName)) && (((!has(p1.port) || p1.port == 0) && (!has(p2.port)
+ || p2.port == 0)) || (has(p1.port) && has(p2.port) && p1.port
+ == p2.port))))
+ rules:
+ description: Rules are a list of GRPC matchers, filters and actions.
+ items:
+ description: |-
+ GRPCRouteRule defines the semantics for matching a gRPC request based on
+ conditions (matches), processing it (filters), and forwarding the request to
+ an API object (backendRefs).
+ properties:
+ backendRefs:
+ description: |-
+ BackendRefs defines the backend(s) where matching requests should be
+ sent.
+
+
+ Failure behavior here depends on how many BackendRefs are specified and
+ how many are invalid.
+
+
+ If *all* entries in BackendRefs are invalid, and there are also no filters
+ specified in this route rule, *all* traffic which matches this rule MUST
+ receive an `UNAVAILABLE` status.
+
+
+ See the GRPCBackendRef definition for the rules about what makes a single
+ GRPCBackendRef invalid.
+
+
+ When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for
+ requests that would have otherwise been routed to an invalid backend. If
+ multiple backends are specified, and some are invalid, the proportion of
+ requests that would otherwise have been routed to an invalid backend
+ MUST receive an `UNAVAILABLE` status.
+
+
+ For example, if two backends are specified with equal weights, and one is
+ invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.
+ Implementations may choose how that 50 percent is determined.
+
+
+ Support: Core for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
+
+
+ Support for weight: Core
+ items:
+ description: |-
+ GRPCBackendRef defines how a GRPCRoute forwards a gRPC request.
+
+
+ Note that when a namespace different than the local namespace is specified, a
+ ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+
+
+
+ When the BackendRef points to a Kubernetes Service, implementations SHOULD
+ honor the appProtocol field if it is set for the target Service Port.
+
+
+ Implementations supporting appProtocol SHOULD recognize the Kubernetes
+ Standard Application Protocols defined in KEP-3726.
+
+
+ If a Service appProtocol isn't specified, an implementation MAY infer the
+ backend protocol through its own means. Implementations MAY infer the
+ protocol from the Route type referring to the backend Service.
+
+
+ If a Route is not able to send traffic to the backend using the specified
+ protocol then the backend is considered invalid. Implementations MUST set the
+ "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
+
+
+
+ properties:
+ filters:
+ description: |-
+ Filters defined at this level MUST be executed if and only if the
+ request is being forwarded to the backend defined here.
+
+
+ Support: Implementation-specific (For broader support of filters, use the
+ Filters field in GRPCRouteRule.)
+ items:
+ description: |-
+ GRPCRouteFilter defines processing steps that must be completed during the
+ request or response lifecycle. GRPCRouteFilters are meant as an extension
+ point to express processing that may be done in Gateway implementations. Some
+ examples include request or response modification, implementing
+ authentication strategies, rate-limiting, and traffic shaping. API
+ guarantee/conformance is defined based on the type of the filter.
+ properties:
+ extensionRef:
+ description: |-
+ ExtensionRef is an optional, implementation-specific extension to the
+ "filter" behavior. For example, resource "myroutefilter" in group
+ "networking.example.net"). ExtensionRef MUST NOT be used for core and
+ extended filters.
+
+
+ Support: Implementation-specific
+
+
+ This filter can be used multiple times within the same rule.
+ properties:
+ group:
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent. For
+ example "HTTPRoute" or "Service".
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ requestHeaderModifier:
+ description: |-
+ RequestHeaderModifier defines a schema for a filter that modifies request
+ headers.
+
+
+ Support: Core
+ properties:
+ add:
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
+ items:
+ description: HTTPHeader represents an HTTP
+ Header name and value as defined by RFC
+ 7230.
+ properties:
+ name:
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ description: Value is the value of HTTP
+ Header to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ remove:
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ set:
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
+ items:
+ description: HTTPHeader represents an HTTP
+ Header name and value as defined by RFC
+ 7230.
+ properties:
+ name:
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ description: Value is the value of HTTP
+ Header to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ requestMirror:
+ description: |-
+ RequestMirror defines a schema for a filter that mirrors requests.
+ Requests are sent to the specified destination, but responses from
+ that destination are ignored.
+
+
+ This filter can be used multiple times within the same rule. Note that
+ not all implementations will be able to support mirroring to multiple
+ backends.
+
+
+ Support: Extended
+ properties:
+ backendRef:
+ description: |-
+ BackendRef references a resource where mirrored requests are sent.
+
+
+ Mirrored requests must be sent only to a single destination endpoint
+ within this BackendRef, irrespective of how many endpoints are present
+ within this BackendRef.
+
+
+ If the referent cannot be found, this BackendRef is invalid and must be
+ dropped from the Gateway. The controller must ensure the "ResolvedRefs"
+ condition on the Route status is set to `status: False` and not configure
+ this backend in the underlying implementation.
+
+
+ If there is a cross-namespace reference to an *existing* object
+ that is not allowed by a ReferenceGrant, the controller must ensure the
+ "ResolvedRefs" condition on the Route is set to `status: False`,
+ with the "RefNotPermitted" reason and not configure this backend in the
+ underlying implementation.
+
+
+ In either error case, the Message of the `ResolvedRefs` Condition
+ should be used to provide more detail about the problem.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
+ properties:
+ group:
+ default: ""
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Service
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: Must have port for Service reference
+ rule: '(size(self.group) == 0 && self.kind
+ == ''Service'') ? has(self.port) : true'
+ required:
+ - backendRef
+ type: object
+ responseHeaderModifier:
+ description: |-
+ ResponseHeaderModifier defines a schema for a filter that modifies response
+ headers.
+
+
+ Support: Extended
+ properties:
+ add:
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
+ items:
+ description: HTTPHeader represents an HTTP
+ Header name and value as defined by RFC
+ 7230.
+ properties:
+ name:
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ description: Value is the value of HTTP
+ Header to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ remove:
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ set:
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
+ items:
+ description: HTTPHeader represents an HTTP
+ Header name and value as defined by RFC
+ 7230.
+ properties:
+ name:
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ description: Value is the value of HTTP
+ Header to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |+
+ Type identifies the type of filter to apply. As with other API fields,
+ types are classified into three conformance levels:
+
+
+ - Core: Filter types and their corresponding configuration defined by
+ "Support: Core" in this package, e.g. "RequestHeaderModifier". All
+ implementations supporting GRPCRoute MUST support core filters.
+
+
+ - Extended: Filter types and their corresponding configuration defined by
+ "Support: Extended" in this package, e.g. "RequestMirror". Implementers
+ are encouraged to support extended filters.
+
+
+ - Implementation-specific: Filters that are defined and supported by specific vendors.
+ In the future, filters showing convergence in behavior across multiple
+ implementations will be considered for inclusion in extended or core
+ conformance levels. Filter-specific configuration for such filters
+ is specified using the ExtensionRef field. `Type` MUST be set to
+ "ExtensionRef" for custom filters.
+
+
+ Implementers are encouraged to define custom implementation types to
+ extend the core API with implementation-specific behavior.
+
+
+ If a reference to a custom filter type cannot be resolved, the filter
+ MUST NOT be skipped. Instead, requests that would have been processed by
+ that filter MUST receive a HTTP error response.
+
+
+ enum:
+ - ResponseHeaderModifier
+ - RequestHeaderModifier
+ - RequestMirror
+ - ExtensionRef
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: filter.requestHeaderModifier must be nil
+ if the filter.type is not RequestHeaderModifier
+ rule: '!(has(self.requestHeaderModifier) && self.type
+ != ''RequestHeaderModifier'')'
+ - message: filter.requestHeaderModifier must be specified
+ for RequestHeaderModifier filter.type
+ rule: '!(!has(self.requestHeaderModifier) && self.type
+ == ''RequestHeaderModifier'')'
+ - message: filter.responseHeaderModifier must be nil
+ if the filter.type is not ResponseHeaderModifier
+ rule: '!(has(self.responseHeaderModifier) && self.type
+ != ''ResponseHeaderModifier'')'
+ - message: filter.responseHeaderModifier must be specified
+ for ResponseHeaderModifier filter.type
+ rule: '!(!has(self.responseHeaderModifier) && self.type
+ == ''ResponseHeaderModifier'')'
+ - message: filter.requestMirror must be nil if the filter.type
+ is not RequestMirror
+ rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
+ - message: filter.requestMirror must be specified for
+ RequestMirror filter.type
+ rule: '!(!has(self.requestMirror) && self.type ==
+ ''RequestMirror'')'
+ - message: filter.extensionRef must be nil if the filter.type
+ is not ExtensionRef
+ rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
+ - message: filter.extensionRef must be specified for
+ ExtensionRef filter.type
+ rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
+ maxItems: 16
+ type: array
+ x-kubernetes-validations:
+ - message: RequestHeaderModifier filter cannot be repeated
+ rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
+ <= 1
+ - message: ResponseHeaderModifier filter cannot be repeated
+ rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
+ <= 1
+ group:
+ default: ""
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Service
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ weight:
+ default: 1
+ description: |-
+ Weight specifies the proportion of requests forwarded to the referenced
+ backend. This is computed as weight/(sum of all weights in this
+ BackendRefs list). For non-zero values, there may be some epsilon from
+ the exact proportion defined here depending on the precision an
+ implementation supports. Weight is not a percentage and the sum of
+ weights does not need to equal 100.
+
+
+ If only one backend is specified and it has a weight greater than 0, 100%
+ of the traffic is forwarded to that backend. If weight is set to 0, no
+ traffic should be forwarded for this entry. If unspecified, weight
+ defaults to 1.
+
+
+ Support for this field varies based on the context where used.
+ format: int32
+ maximum: 1000000
+ minimum: 0
+ type: integer
+ required:
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: Must have port for Service reference
+ rule: '(size(self.group) == 0 && self.kind == ''Service'')
+ ? has(self.port) : true'
+ maxItems: 16
+ type: array
+ filters:
+ description: |-
+ Filters define the filters that are applied to requests that match
+ this rule.
+
+
+ The effects of ordering of multiple behaviors are currently unspecified.
+ This can change in the future based on feedback during the alpha stage.
+
+
+ Conformance-levels at this level are defined based on the type of filter:
+
+
+ - ALL core filters MUST be supported by all implementations that support
+ GRPCRoute.
+ - Implementers are encouraged to support extended filters.
+ - Implementation-specific custom filters have no API guarantees across
+ implementations.
+
+
+ Specifying the same filter multiple times is not supported unless explicitly
+ indicated in the filter.
+
+
+ If an implementation can not support a combination of filters, it must clearly
+ document that limitation. In cases where incompatible or unsupported
+ filters are specified and cause the `Accepted` condition to be set to status
+ `False`, implementations may use the `IncompatibleFilters` reason to specify
+ this configuration error.
+
+
+ Support: Core
+ items:
+ description: |-
+ GRPCRouteFilter defines processing steps that must be completed during the
+ request or response lifecycle. GRPCRouteFilters are meant as an extension
+ point to express processing that may be done in Gateway implementations. Some
+ examples include request or response modification, implementing
+ authentication strategies, rate-limiting, and traffic shaping. API
+ guarantee/conformance is defined based on the type of the filter.
+ properties:
+ extensionRef:
+ description: |-
+ ExtensionRef is an optional, implementation-specific extension to the
+ "filter" behavior. For example, resource "myroutefilter" in group
+ "networking.example.net"). ExtensionRef MUST NOT be used for core and
+ extended filters.
+
+
+ Support: Implementation-specific
+
+
+ This filter can be used multiple times within the same rule.
+ properties:
+ group:
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ description: Kind is kind of the referent. For example
+ "HTTPRoute" or "Service".
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ required:
+ - group
+ - kind
+ - name
+ type: object
+ requestHeaderModifier:
+ description: |-
+ RequestHeaderModifier defines a schema for a filter that modifies request
+ headers.
+
+
+ Support: Core
+ properties:
+ add:
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
+ items:
+ description: HTTPHeader represents an HTTP Header
+ name and value as defined by RFC 7230.
+ properties:
+ name:
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ description: Value is the value of HTTP Header
+ to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ remove:
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ set:
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
+ items:
+ description: HTTPHeader represents an HTTP Header
+ name and value as defined by RFC 7230.
+ properties:
+ name:
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ description: Value is the value of HTTP Header
+ to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ requestMirror:
+ description: |-
+ RequestMirror defines a schema for a filter that mirrors requests.
+ Requests are sent to the specified destination, but responses from
+ that destination are ignored.
+
+
+ This filter can be used multiple times within the same rule. Note that
+ not all implementations will be able to support mirroring to multiple
+ backends.
+
+
+ Support: Extended
+ properties:
+ backendRef:
+ description: |-
+ BackendRef references a resource where mirrored requests are sent.
+
+
+ Mirrored requests must be sent only to a single destination endpoint
+ within this BackendRef, irrespective of how many endpoints are present
+ within this BackendRef.
+
+
+ If the referent cannot be found, this BackendRef is invalid and must be
+ dropped from the Gateway. The controller must ensure the "ResolvedRefs"
+ condition on the Route status is set to `status: False` and not configure
+ this backend in the underlying implementation.
+
+
+ If there is a cross-namespace reference to an *existing* object
+ that is not allowed by a ReferenceGrant, the controller must ensure the
+ "ResolvedRefs" condition on the Route is set to `status: False`,
+ with the "RefNotPermitted" reason and not configure this backend in the
+ underlying implementation.
+
+
+ In either error case, the Message of the `ResolvedRefs` Condition
+ should be used to provide more detail about the problem.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
+ properties:
+ group:
+ default: ""
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Service
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: Name is the name of the referent.
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ required:
+ - name
+ type: object
+ x-kubernetes-validations:
+ - message: Must have port for Service reference
+ rule: '(size(self.group) == 0 && self.kind == ''Service'')
+ ? has(self.port) : true'
+ required:
+ - backendRef
+ type: object
+ responseHeaderModifier:
+ description: |-
+ ResponseHeaderModifier defines a schema for a filter that modifies response
+ headers.
+
+
+ Support: Extended
+ properties:
+ add:
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
+ items:
+ description: HTTPHeader represents an HTTP Header
+ name and value as defined by RFC 7230.
+ properties:
+ name:
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ description: Value is the value of HTTP Header
+ to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ remove:
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
+ items:
+ type: string
+ maxItems: 16
+ type: array
+ x-kubernetes-list-type: set
+ set:
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
+ items:
+ description: HTTPHeader represents an HTTP Header
+ name and value as defined by RFC 7230.
+ properties:
+ name:
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ value:
+ description: Value is the value of HTTP Header
+ to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ type: object
+ type:
+ description: |+
+ Type identifies the type of filter to apply. As with other API fields,
+ types are classified into three conformance levels:
+
+
+ - Core: Filter types and their corresponding configuration defined by
+ "Support: Core" in this package, e.g. "RequestHeaderModifier". All
+ implementations supporting GRPCRoute MUST support core filters.
+
+
+ - Extended: Filter types and their corresponding configuration defined by
+ "Support: Extended" in this package, e.g. "RequestMirror". Implementers
+ are encouraged to support extended filters.
+
+
+ - Implementation-specific: Filters that are defined and supported by specific vendors.
+ In the future, filters showing convergence in behavior across multiple
+ implementations will be considered for inclusion in extended or core
+ conformance levels. Filter-specific configuration for such filters
+ is specified using the ExtensionRef field. `Type` MUST be set to
+ "ExtensionRef" for custom filters.
+
+
+ Implementers are encouraged to define custom implementation types to
+ extend the core API with implementation-specific behavior.
+
+
+ If a reference to a custom filter type cannot be resolved, the filter
+ MUST NOT be skipped. Instead, requests that would have been processed by
+ that filter MUST receive a HTTP error response.
+
+
+ enum:
+ - ResponseHeaderModifier
+ - RequestHeaderModifier
+ - RequestMirror
+ - ExtensionRef
+ type: string
+ required:
+ - type
+ type: object
+ x-kubernetes-validations:
+ - message: filter.requestHeaderModifier must be nil if the
+ filter.type is not RequestHeaderModifier
+ rule: '!(has(self.requestHeaderModifier) && self.type !=
+ ''RequestHeaderModifier'')'
+ - message: filter.requestHeaderModifier must be specified
+ for RequestHeaderModifier filter.type
+ rule: '!(!has(self.requestHeaderModifier) && self.type ==
+ ''RequestHeaderModifier'')'
+ - message: filter.responseHeaderModifier must be nil if the
+ filter.type is not ResponseHeaderModifier
+ rule: '!(has(self.responseHeaderModifier) && self.type !=
+ ''ResponseHeaderModifier'')'
+ - message: filter.responseHeaderModifier must be specified
+ for ResponseHeaderModifier filter.type
+ rule: '!(!has(self.responseHeaderModifier) && self.type
+ == ''ResponseHeaderModifier'')'
+ - message: filter.requestMirror must be nil if the filter.type
+ is not RequestMirror
+ rule: '!(has(self.requestMirror) && self.type != ''RequestMirror'')'
+ - message: filter.requestMirror must be specified for RequestMirror
+ filter.type
+ rule: '!(!has(self.requestMirror) && self.type == ''RequestMirror'')'
+ - message: filter.extensionRef must be nil if the filter.type
+ is not ExtensionRef
+ rule: '!(has(self.extensionRef) && self.type != ''ExtensionRef'')'
+ - message: filter.extensionRef must be specified for ExtensionRef
+ filter.type
+ rule: '!(!has(self.extensionRef) && self.type == ''ExtensionRef'')'
+ maxItems: 16
+ type: array
+ x-kubernetes-validations:
+ - message: RequestHeaderModifier filter cannot be repeated
+ rule: self.filter(f, f.type == 'RequestHeaderModifier').size()
+ <= 1
+ - message: ResponseHeaderModifier filter cannot be repeated
+ rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
+ <= 1
+ matches:
+ description: |-
+ Matches define conditions used for matching the rule against incoming
+ gRPC requests. Each match is independent, i.e. this rule will be matched
+ if **any** one of the matches is satisfied.
+
+
+ For example, take the following matches configuration:
+
+
+ ```
+ matches:
+ - method:
+ service: foo.bar
+ headers:
+ values:
+ version: 2
+ - method:
+ service: foo.bar.v2
+ ```
+
+
+ For a request to match against this rule, it MUST satisfy
+ EITHER of the two conditions:
+
+
+ - service of foo.bar AND contains the header `version: 2`
+ - service of foo.bar.v2
+
+
+ See the documentation for GRPCRouteMatch on how to specify multiple
+ match conditions to be ANDed together.
+
+
+ If no matches are specified, the implementation MUST match every gRPC request.
+
+
+ Proxy or Load Balancer routing configuration generated from GRPCRoutes
+ MUST prioritize rules based on the following criteria, continuing on
+ ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.
+ Precedence MUST be given to the rule with the largest number of:
+
+
+ * Characters in a matching non-wildcard hostname.
+ * Characters in a matching hostname.
+ * Characters in a matching service.
+ * Characters in a matching method.
+ * Header matches.
+
+
+ If ties still exist across multiple Routes, matching precedence MUST be
+ determined in order of the following criteria, continuing on ties:
+
+
+ * The oldest Route based on creation timestamp.
+ * The Route appearing first in alphabetical order by
+ "{namespace}/{name}".
+
+
+ If ties still exist within the Route that has been given precedence,
+ matching precedence MUST be granted to the first matching rule meeting
+ the above criteria.
+ items:
+ description: |-
+ GRPCRouteMatch defines the predicate used to match requests to a given
+ action. Multiple match types are ANDed together, i.e. the match will
+ evaluate to true only if all conditions are satisfied.
+
+
+ For example, the match below will match a gRPC request only if its service
+ is `foo` AND it contains the `version: v1` header:
+
+
+ ```
+ matches:
+ - method:
+ type: Exact
+ service: "foo"
+ headers:
+ - name: "version"
+ value "v1"
+
+
+ ```
+ properties:
+ headers:
+ description: |-
+ Headers specifies gRPC request header matchers. Multiple match values are
+ ANDed together, meaning, a request MUST match all the specified headers
+ to select the route.
+ items:
+ description: |-
+ GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request
+ headers.
+ properties:
+ name:
+ description: |-
+ Name is the name of the gRPC Header to be matched.
+
+
+ If multiple entries specify equivalent header names, only the first
+ entry with an equivalent name MUST be considered for a match. Subsequent
+ entries with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+ maxLength: 256
+ minLength: 1
+ pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
+ type: string
+ type:
+ default: Exact
+ description: Type specifies how to match against
+ the value of the header.
+ enum:
+ - Exact
+ - RegularExpression
+ type: string
+ value:
+ description: Value is the value of the gRPC Header
+ to be matched.
+ maxLength: 4096
+ minLength: 1
+ type: string
+ required:
+ - name
+ - value
+ type: object
+ maxItems: 16
+ type: array
+ x-kubernetes-list-map-keys:
+ - name
+ x-kubernetes-list-type: map
+ method:
+ description: |-
+ Method specifies a gRPC request service/method matcher. If this field is
+ not specified, all services and methods will match.
+ properties:
+ method:
+ description: |-
+ Value of the method to match against. If left empty or omitted, will
+ match all services.
+
+
+ At least one of Service and Method MUST be a non-empty string.
+ maxLength: 1024
type: string
- name:
- description: Name is the name of the referent.
- maxLength: 253
- minLength: 1
+ service:
+ description: |-
+ Value of the service to match against. If left empty or omitted, will
+ match any service.
+
+
+ At least one of Service and Method MUST be a non-empty string.
+ maxLength: 1024
type: string
- namespace:
- description: "Namespace is the namespace of the referenced
- object. When unspecified, the local namespace is
- inferred. \n Note that when a namespace different
- than the local namespace is specified, a ReferenceGrant
- object is required in the referent namespace to
- allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details.
- \n Support: Core"
- maxLength: 63
- minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type:
+ default: Exact
+ description: |-
+ Type specifies how to match against the service and/or method.
+ Support: Core (Exact with service and method specified)
+
+
+ Support: Implementation-specific (Exact with method specified but no service specified)
+
+
+ Support: Implementation-specific (RegularExpression)
+ enum:
+ - Exact
+ - RegularExpression
type: string
- required:
- - name
type: object
- maxItems: 64
- type: array
- mode:
- default: Terminate
- description: "Mode defines the TLS behavior for the TLS
- session initiated by the client. There are two possible
- modes: \n - Terminate: The TLS session between the downstream
- client and the Gateway is terminated at the Gateway. This
- mode requires certificateRefs to be set and contain at
- least one element. - Passthrough: The TLS session is NOT
- terminated by the Gateway. This implies that the Gateway
- can't decipher the TLS stream except for the ClientHello
- message of the TLS protocol. CertificateRefs field is
- ignored in this mode. \n Support: Core"
- enum:
- - Terminate
- - Passthrough
+ x-kubernetes-validations:
+ - message: One or both of 'service' or 'method' must be
+ specified
+ rule: 'has(self.type) ? has(self.service) || has(self.method)
+ : true'
+ - message: service must only contain valid characters
+ (matching ^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$)
+ rule: '(!has(self.type) || self.type == ''Exact'') &&
+ has(self.service) ? self.service.matches(r"""^(?i)\.?[a-z_][a-z_0-9]*(\.[a-z_][a-z_0-9]*)*$"""):
+ true'
+ - message: method must only contain valid characters (matching
+ ^[A-Za-z_][A-Za-z_0-9]*$)
+ rule: '(!has(self.type) || self.type == ''Exact'') &&
+ has(self.method) ? self.method.matches(r"""^[A-Za-z_][A-Za-z_0-9]*$"""):
+ true'
+ type: object
+ maxItems: 8
+ type: array
+ sessionPersistence:
+ description: |+
+ SessionPersistence defines and configures session persistence
+ for the route rule.
+
+
+ Support: Extended
+
+
+ properties:
+ absoluteTimeout:
+ description: |-
+ AbsoluteTimeout defines the absolute timeout of the persistent
+ session. Once the AbsoluteTimeout duration has elapsed, the
+ session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
- options:
- additionalProperties:
- description: AnnotationValue is the value of an annotation
- in Gateway API. This is used for validation of maps
- such as TLS options. This roughly matches Kubernetes
- annotation validation, although the length validation
- in that case is based on the entire size of the annotations
- struct.
- maxLength: 4096
- minLength: 0
- type: string
- description: "Options are a list of key/value pairs to enable
- extended TLS configuration for each implementation. For
- example, configuring the minimum TLS version or supported
- cipher suites. \n A set of common keys MAY be defined
- by the API in the future. To avoid any ambiguity, implementation-specific
- definitions MUST use domain-prefixed names, such as `example.com/my-custom-option`.
- Un-prefixed names are reserved for key names defined by
- Gateway API. \n Support: Implementation-specific"
- maxProperties: 16
+ cookieConfig:
+ description: |-
+ CookieConfig provides configuration settings that are specific
+ to cookie-based session persistence.
+
+
+ Support: Core
+ properties:
+ lifetimeType:
+ default: Session
+ description: |-
+ LifetimeType specifies whether the cookie has a permanent or
+ session-based lifetime. A permanent cookie persists until its
+ specified expiry time, defined by the Expires or Max-Age cookie
+ attributes, while a session cookie is deleted when the current
+ session ends.
+
+
+ When set to "Permanent", AbsoluteTimeout indicates the
+ cookie's lifetime via the Expires or Max-Age cookie attributes
+ and is required.
+
+
+ When set to "Session", AbsoluteTimeout indicates the
+ absolute lifetime of the cookie tracked by the gateway and
+ is optional.
+
+
+ Support: Core for "Session" type
+
+
+ Support: Extended for "Permanent" type
+ enum:
+ - Permanent
+ - Session
+ type: string
type: object
+ idleTimeout:
+ description: |-
+ IdleTimeout defines the idle timeout of the persistent session.
+ Once the session has been idle for more than the specified
+ IdleTimeout duration, the session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+ type: string
+ sessionName:
+ description: |-
+ SessionName defines the name of the persistent session token
+ which may be reflected in the cookie or the header. Users
+ should avoid reusing session names to prevent unintended
+ consequences, such as rejection or unpredictable behavior.
+
+
+ Support: Implementation-specific
+ maxLength: 128
+ type: string
+ type:
+ default: Cookie
+ description: |-
+ Type defines the type of session persistence such as through
+ the use a header or cookie. Defaults to cookie based session
+ persistence.
+
+
+ Support: Core for "Cookie" type
+
+
+ Support: Extended for "Header" type
+ enum:
+ - Cookie
+ - Header
+ type: string
type: object
x-kubernetes-validations:
- - message: certificateRefs must be specified when TLSModeType
- is Terminate
- rule: 'self.mode == ''Terminate'' ? size(self.certificateRefs)
- > 0 : true'
- required:
- - name
- - port
- - protocol
+ - message: AbsoluteTimeout must be specified when cookie lifetimeType
+ is Permanent
+ rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
+ != ''Permanent'' || has(self.absoluteTimeout)'
type: object
- maxItems: 64
- minItems: 1
+ maxItems: 16
type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
- x-kubernetes-validations:
- - message: tls must be specified for protocols ['HTTPS', 'TLS']
- rule: 'self.all(l, l.protocol in [''HTTPS'', ''TLS''] ? has(l.tls)
- : true)'
- - message: tls must not be specified for protocols ['HTTP', 'TCP',
- 'UDP']
- rule: 'self.all(l, l.protocol in [''HTTP'', ''TCP'', ''UDP''] ?
- !has(l.tls) : true)'
- - message: hostname must not be specified for protocols ['TCP', 'UDP']
- rule: 'self.all(l, l.protocol in [''TCP'', ''UDP''] ? (!has(l.hostname)
- || l.hostname == '''') : true)'
- - message: Listener name must be unique within the Gateway
- rule: self.all(l1, self.exists_one(l2, l1.name == l2.name))
- - message: Combination of port, protocol and hostname must be unique
- for each listener
- rule: 'self.all(l1, self.exists_one(l2, l1.port == l2.port && l1.protocol
- == l2.protocol && (has(l1.hostname) && has(l2.hostname) ? l1.hostname
- == l2.hostname : !has(l1.hostname) && !has(l2.hostname))))'
- required:
- - gatewayClassName
- - listeners
type: object
status:
- default:
- conditions:
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Accepted
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Programmed
- description: Status defines the current state of Gateway.
+ description: Status defines the current state of GRPCRoute.
properties:
- addresses:
- description: "Addresses lists the network addresses that have been
- bound to the Gateway. \n This list may differ from the addresses
- provided in the spec under some conditions: \n * no addresses are
- specified, all addresses are dynamically assigned * a combination
- of specified and dynamic addresses are assigned * a specified address
- was unusable (e.g. already in use) \n "
- items:
- description: GatewayStatusAddress describes a network address that
- is bound to a Gateway.
- oneOf:
- - properties:
- type:
- enum:
- - IPAddress
- value:
- anyOf:
- - format: ipv4
- - format: ipv6
- - properties:
- type:
- not:
- enum:
- - IPAddress
- properties:
- type:
- default: IPAddress
- description: Type of the address.
- maxLength: 253
- minLength: 1
- pattern: ^Hostname|IPAddress|NamedAddress|[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
- type: string
- value:
- description: "Value of the address. The validity of the values
- will depend on the type and support by the controller. \n
- Examples: `1.2.3.4`, `128::1`, `my-ip-address`."
- maxLength: 253
- minLength: 1
- type: string
- required:
- - value
- type: object
- x-kubernetes-validations:
- - message: Hostname value must only contain valid characters (matching
- ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$)
- rule: 'self.type == ''Hostname'' ? self.value.matches(r"""^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$"""):
- true'
- maxItems: 16
- type: array
- conditions:
- default:
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Accepted
- - lastTransitionTime: "1970-01-01T00:00:00Z"
- message: Waiting for controller
- reason: Pending
- status: Unknown
- type: Programmed
- description: "Conditions describe the current conditions of the Gateway.
- \n Implementations should prefer to express Gateway conditions using
- the `GatewayConditionType` and `GatewayConditionReason` constants
- so that operators and tools can converge on a common vocabulary
- to describe Gateway state. \n Known condition types are: \n * \"Accepted\"
- * \"Programmed\" * \"Ready\""
- items:
- description: "Condition contains details for one aspect of the current
- state of this API Resource. --- This struct is intended for direct
- use as an array at the field path .status.conditions. For example,
- \n type FooStatus struct{ // Represents the observations of a
- foo's current state. // Known .status.conditions.type are: \"Available\",
- \"Progressing\", and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields }"
- properties:
- lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should be when
- the underlying condition changed. If that is not known, then
- using the time when the API field changed is acceptable.
- format: date-time
- type: string
- message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
- maxLength: 32768
- type: string
- observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance, if .metadata.generation
- is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the current
- state of the instance.
- format: int64
- minimum: 0
- type: integer
- reason:
- description: reason contains a programmatic identifier indicating
- the reason for the condition's last transition. Producers
- of specific condition types may define expected values and
- meanings for this field, and whether the values are considered
- a guaranteed API. The value should be a CamelCase string.
- This field may not be empty.
- maxLength: 1024
- minLength: 1
- pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
- type: string
- status:
- description: status of the condition, one of True, False, Unknown.
- enum:
- - "True"
- - "False"
- - Unknown
- type: string
- type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across resources
- like Available, but because arbitrary conditions can be useful
- (see .node.status.conditions), the ability to deconflict is
- important. The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
- maxLength: 316
- pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
- type: string
- required:
- - lastTransitionTime
- - message
- - reason
- - status
- - type
- type: object
- maxItems: 8
- type: array
- x-kubernetes-list-map-keys:
- - type
- x-kubernetes-list-type: map
- listeners:
- description: Listeners provide status for each unique listener port
- defined in the Spec.
+ parents:
+ description: |-
+ Parents is a list of parent resources (usually Gateways) that are
+ associated with the route, and the status of the route with respect to
+ each parent. When this route attaches to a parent, the controller that
+ manages the parent must add an entry to this list when the controller
+ first sees the route and should update the entry as appropriate when the
+ route or gateway is modified.
+
+
+ Note that parent references that cannot be resolved by an implementation
+ of this API will not be added to this list. Implementations of this API
+ can only populate Route status for the Gateways/parent resources they are
+ responsible for.
+
+
+ A maximum of 32 Gateways will be represented in this list. An empty list
+ means the route has not been attached to any Gateway.
items:
- description: ListenerStatus is the status associated with a Listener.
+ description: |-
+ RouteParentStatus describes the status of a route with respect to an
+ associated Parent.
properties:
- attachedRoutes:
- description: "AttachedRoutes represents the total number of
- Routes that have been successfully attached to this Listener.
- \n Successful attachment of a Route to a Listener is based
- solely on the combination of the AllowedRoutes field on the
- corresponding Listener and the Route's ParentRefs field. A
- Route is successfully attached to a Listener when it is selected
- by the Listener's AllowedRoutes field AND the Route has a
- valid ParentRef selecting the whole Gateway resource or a
- specific Listener as a parent resource (more detail on attachment
- semantics can be found in the documentation on the various
- Route kinds ParentRefs fields). Listener or Route status does
- not impact successful attachment, i.e. the AttachedRoutes
- field count MUST be set for Listeners with condition Accepted:
- false and MUST count successfully attached Routes that may
- themselves have Accepted: false conditions. \n Uses for this
- field include troubleshooting Route attachment and measuring
- blast radius/impact of changes to a Listener."
- format: int32
- type: integer
conditions:
- description: Conditions describe the current condition of this
- listener.
+ description: |-
+ Conditions describes the status of the route with respect to the Gateway.
+ Note that the route's availability is also subject to the Gateway's own
+ status conditions and listener status.
+
+
+ If the Route's ParentRef specifies an existing Gateway that supports
+ Routes of this kind AND that Gateway's controller has sufficient access,
+ then that Gateway's controller MUST set the "Accepted" condition on the
+ Route, to indicate whether the route has been accepted or rejected by the
+ Gateway, and why.
+
+
+ A Route MUST be considered "Accepted" if at least one of the Route's
+ rules is implemented by the Gateway.
+
+
+ There are a number of cases where the "Accepted" condition may not be set
+ due to lack of controller visibility, that includes when:
+
+
+ * The Route refers to a non-existent parent.
+ * The Route is of a type that the controller does not support.
+ * The Route is in a namespace the controller does not have access to.
items:
description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
+ the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -2724,12 +6356,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -2741,138 +6373,254 @@ spec:
- type
type: object
maxItems: 8
+ minItems: 1
type: array
x-kubernetes-list-map-keys:
- type
x-kubernetes-list-type: map
- name:
- description: Name is the name of the Listener that this status
- corresponds to.
+ controllerName:
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
maxLength: 253
minLength: 1
- pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
- supportedKinds:
- description: "SupportedKinds is the list indicating the Kinds
- supported by this listener. This MUST represent the kinds
- an implementation supports for that Listener configuration.
- \n If kinds are specified in Spec that are not supported,
- they MUST NOT appear in this list and an implementation MUST
- set the \"ResolvedRefs\" condition to \"False\" with the \"InvalidRouteKinds\"
- reason. If both valid and invalid Route kinds are specified,
- the implementation MUST reference the valid Route kinds that
- have been specified."
- items:
- description: RouteGroupKind indicates the group and kind of
- a Route resource.
- properties:
- group:
- default: gateway.networking.k8s.io
- description: Group is the group of the Route.
- maxLength: 253
- pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
- type: string
- kind:
- description: Kind is the kind of the Route.
- maxLength: 63
- minLength: 1
- pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
- type: string
- required:
- - kind
- type: object
- maxItems: 8
- type: array
+ parentRef:
+ description: |-
+ ParentRef corresponds with a ParentRef in the spec that this
+ RouteParentStatus struct describes the status of.
+ properties:
+ group:
+ default: gateway.networking.k8s.io
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
+ maxLength: 253
+ pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ kind:
+ default: Gateway
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
+ type: string
+ name:
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ type: string
+ namespace:
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
+ maxLength: 63
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
+ type: string
+ port:
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
+ format: int32
+ maximum: 65535
+ minimum: 1
+ type: integer
+ sectionName:
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
+ maxLength: 253
+ minLength: 1
+ pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
+ type: string
+ required:
+ - name
+ type: object
required:
- - attachedRoutes
- - conditions
- - name
- - supportedKinds
+ - controllerName
+ - parentRef
type: object
- maxItems: 64
+ maxItems: 32
type: array
- x-kubernetes-list-map-keys:
- - name
- x-kubernetes-list-type: map
+ required:
+ - parents
type: object
- required:
- - spec
type: object
served: true
storage: true
subresources:
status: {}
-status:
- acceptedNames:
- kind: ""
- plural: ""
- conditions: null
- storedVersions: null
----
-#
-# config/crd/experimental/gateway.networking.k8s.io_grpcroutes.yaml
-#
-apiVersion: apiextensions.k8s.io/v1
-kind: CustomResourceDefinition
-metadata:
- annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
- gateway.networking.k8s.io/channel: experimental
- creationTimestamp: null
- name: grpcroutes.gateway.networking.k8s.io
-spec:
- group: gateway.networking.k8s.io
- names:
- categories:
- - gateway-api
- kind: GRPCRoute
- listKind: GRPCRouteList
- plural: grpcroutes
- singular: grpcroute
- scope: Namespaced
- versions:
- - additionalPrinterColumns:
- - jsonPath: .spec.hostnames
- name: Hostnames
- type: string
- - jsonPath: .metadata.creationTimestamp
- name: Age
- type: date
+ - deprecated: true
+ deprecationWarning: The v1alpha2 version of GRPCRoute has been deprecated and
+ will be removed in a future release of the API. Please upgrade to v1.
name: v1alpha2
schema:
openAPIV3Schema:
- description: "GRPCRoute provides a way to route gRPC requests. This includes
- the capability to match requests by hostname, gRPC service, gRPC method,
- or HTTP/2 header. Filters can be used to specify additional processing steps.
- Backends specify where matching requests will be routed. \n GRPCRoute falls
- under extended support within the Gateway API. Within the following specification,
- the word \"MUST\" indicates that an implementation supporting GRPCRoute
- must conform to the indicated requirement, but an implementation not supporting
- this route type need not follow the requirement unless explicitly indicated.
- \n Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType`
- MUST accept HTTP/2 connections without an initial upgrade from HTTP/1.1,
- i.e. via ALPN. If the implementation does not support this, then it MUST
- set the \"Accepted\" condition to \"False\" for the affected listener with
- a reason of \"UnsupportedProtocol\". Implementations MAY also accept HTTP/2
- connections with an upgrade from HTTP/1. \n Implementations supporting `GRPCRoute`
- with the `HTTP` `ProtocolType` MUST support HTTP/2 over cleartext TCP (h2c,
- https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial upgrade
- from HTTP/1.1, i.e. with prior knowledge (https://www.rfc-editor.org/rfc/rfc7540#section-3.4).
- If the implementation does not support this, then it MUST set the \"Accepted\"
- condition to \"False\" for the affected listener with a reason of \"UnsupportedProtocol\".
+ description: |-
+ GRPCRoute provides a way to route gRPC requests. This includes the capability
+ to match requests by hostname, gRPC service, gRPC method, or HTTP/2 header.
+ Filters can be used to specify additional processing steps. Backends specify
+ where matching requests will be routed.
+
+
+ GRPCRoute falls under extended support within the Gateway API. Within the
+ following specification, the word "MUST" indicates that an implementation
+ supporting GRPCRoute must conform to the indicated requirement, but an
+ implementation not supporting this route type need not follow the requirement
+ unless explicitly indicated.
+
+
+ Implementations supporting `GRPCRoute` with the `HTTPS` `ProtocolType` MUST
+ accept HTTP/2 connections without an initial upgrade from HTTP/1.1, i.e. via
+ ALPN. If the implementation does not support this, then it MUST set the
+ "Accepted" condition to "False" for the affected listener with a reason of
+ "UnsupportedProtocol". Implementations MAY also accept HTTP/2 connections
+ with an upgrade from HTTP/1.
+
+
+ Implementations supporting `GRPCRoute` with the `HTTP` `ProtocolType` MUST
+ support HTTP/2 over cleartext TCP (h2c,
+ https://www.rfc-editor.org/rfc/rfc7540#section-3.1) without an initial
+ upgrade from HTTP/1.1, i.e. with prior knowledge
+ (https://www.rfc-editor.org/rfc/rfc7540#section-3.4). If the implementation
+ does not support this, then it MUST set the "Accepted" condition to "False"
+ for the affected listener with a reason of "UnsupportedProtocol".
Implementations MAY also accept HTTP/2 connections with an upgrade from
- HTTP/1, i.e. without prior knowledge."
+ HTTP/1, i.e. without prior knowledge.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -2880,56 +6628,86 @@ spec:
description: Spec defines the desired state of GRPCRoute.
properties:
hostnames:
- description: "Hostnames defines a set of hostnames to match against
- the GRPC Host header to select a GRPCRoute to process the request.
- This matches the RFC 1123 definition of a hostname with 2 notable
- exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
- with a wildcard label (`*.`). The wildcard label MUST appear by
- itself as the first label. \n If a hostname is specified by both
- the Listener and GRPCRoute, there MUST be at least one intersecting
- hostname for the GRPCRoute to be attached to the Listener. For example:
- \n * A Listener with `test.example.com` as the hostname matches
- GRPCRoutes that have either not specified any hostnames, or have
- specified at least one of `test.example.com` or `*.example.com`.
+ description: |-
+ Hostnames defines a set of hostnames to match against the GRPC
+ Host header to select a GRPCRoute to process the request. This matches
+ the RFC 1123 definition of a hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label MUST appear by itself as the first label.
+
+
+ If a hostname is specified by both the Listener and GRPCRoute, there
+ MUST be at least one intersecting hostname for the GRPCRoute to be
+ attached to the Listener. For example:
+
+
+ * A Listener with `test.example.com` as the hostname matches GRPCRoutes
+ that have either not specified any hostnames, or have specified at
+ least one of `test.example.com` or `*.example.com`.
* A Listener with `*.example.com` as the hostname matches GRPCRoutes
- that have either not specified any hostnames or have specified at
- least one hostname that matches the Listener hostname. For example,
- `test.example.com` and `*.example.com` would both match. On the
- other hand, `example.com` and `test.example.net` would not match.
- \n Hostnames that are prefixed with a wildcard label (`*.`) are
- interpreted as a suffix match. That means that a match for `*.example.com`
- would match both `test.example.com`, and `foo.test.example.com`,
- but not `example.com`. \n If both the Listener and GRPCRoute have
- specified hostnames, any GRPCRoute hostnames that do not match the
- Listener hostname MUST be ignored. For example, if a Listener specified
- `*.example.com`, and the GRPCRoute specified `test.example.com`
- and `test.example.net`, `test.example.net` MUST NOT be considered
- for a match. \n If both the Listener and GRPCRoute have specified
- hostnames, and none match with the criteria above, then the GRPCRoute
- MUST NOT be accepted by the implementation. The implementation MUST
- raise an 'Accepted' Condition with a status of `False` in the corresponding
- RouteParentStatus. \n If a Route (A) of type HTTPRoute or GRPCRoute
- is attached to a Listener and that listener already has another
- Route (B) of the other type attached and the intersection of the
- hostnames of A and B is non-empty, then the implementation MUST
- accept exactly one of these two routes, determined by the following
- criteria, in order: \n * The oldest Route based on creation timestamp.
- * The Route appearing first in alphabetical order by \"{namespace}/{name}\".
- \n The rejected Route MUST raise an 'Accepted' condition with a
- status of 'False' in the corresponding RouteParentStatus. \n Support:
- Core"
+ that have either not specified any hostnames or have specified at least
+ one hostname that matches the Listener hostname. For example,
+ `test.example.com` and `*.example.com` would both match. On the other
+ hand, `example.com` and `test.example.net` would not match.
+
+
+ Hostnames that are prefixed with a wildcard label (`*.`) are interpreted
+ as a suffix match. That means that a match for `*.example.com` would match
+ both `test.example.com`, and `foo.test.example.com`, but not `example.com`.
+
+
+ If both the Listener and GRPCRoute have specified hostnames, any
+ GRPCRoute hostnames that do not match the Listener hostname MUST be
+ ignored. For example, if a Listener specified `*.example.com`, and the
+ GRPCRoute specified `test.example.com` and `test.example.net`,
+ `test.example.net` MUST NOT be considered for a match.
+
+
+ If both the Listener and GRPCRoute have specified hostnames, and none
+ match with the criteria above, then the GRPCRoute MUST NOT be accepted by
+ the implementation. The implementation MUST raise an 'Accepted' Condition
+ with a status of `False` in the corresponding RouteParentStatus.
+
+
+ If a Route (A) of type HTTPRoute or GRPCRoute is attached to a
+ Listener and that listener already has another Route (B) of the other
+ type attached and the intersection of the hostnames of A and B is
+ non-empty, then the implementation MUST accept exactly one of these two
+ routes, determined by the following criteria, in order:
+
+
+ * The oldest Route based on creation timestamp.
+ * The Route appearing first in alphabetical order by
+ "{namespace}/{name}".
+
+
+ The rejected Route MUST raise an 'Accepted' condition with a status of
+ 'False' in the corresponding RouteParentStatus.
+
+
+ Support: Core
items:
- description: "Hostname is the fully qualified domain name of a network
- host. This matches the RFC 1123 definition of a hostname with
- 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
- may be prefixed with a wildcard label (`*.`). The wildcard label
- must appear by itself as the first label. \n Hostname can be \"precise\"
- which is a domain name without the terminating dot of a network
- host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
- name prefixed with a single wildcard label (e.g. `*.example.com`).
- \n Note that as per RFC1035 and RFC1123, a *label* must consist
- of lower case alphanumeric characters or '-', and must start and
- end with an alphanumeric character. No other punctuation is allowed."
+ description: |-
+ Hostname is the fully qualified domain name of a network host. This matches
+ the RFC 1123 definition of a hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label must appear by itself as the first label.
+
+
+ Hostname can be "precise" which is a domain name without the terminating
+ dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
+ domain name prefixed with a single wildcard label (e.g. `*.example.com`).
+
+
+ Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+ alphanumeric characters or '-', and must start and end with an alphanumeric
+ character. No other punctuation is allowed.
maxLength: 253
minLength: 1
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -2937,165 +6715,246 @@ spec:
maxItems: 16
type: array
parentRefs:
- description: "ParentRefs references the resources (usually Gateways)
- that a Route wants to be attached to. Note that the referenced parent
- resource needs to allow this for the attachment to be complete.
- For Gateways, that means the Gateway needs to allow attachment from
- Routes of this kind and namespace. For Services, that means the
- Service must either be in the same namespace for a \"producer\"
- route, or the mesh implementation must support and allow \"consumer\"
- routes for the referenced Service. ReferenceGrant is not applicable
- for governing ParentRefs to Services - it is not possible to create
- a \"producer\" route for a Service in a different namespace from
- the Route. \n There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services only) This
- API may be extended in the future to support additional kinds of
- parent resources. \n ParentRefs must be _distinct_. This means either
- that: \n * They select different objects. If this is the case,
- then parentRef entries are distinct. In terms of fields, this means
- that the multi-part key defined by `group`, `kind`, `namespace`,
- and `name` must be unique across all parentRef entries in the Route.
- * They do not select different objects, but for each optional field
- used, each ParentRef that selects the same object must set the same
- set of optional fields to different values. If one ParentRef sets
- a combination of optional fields, all must set the same combination.
- \n Some examples: \n * If one ParentRef sets `sectionName`, all
- ParentRefs referencing the same object must also set `sectionName`.
+ description: |+
+ ParentRefs references the resources (usually Gateways) that a Route wants
+ to be attached to. Note that the referenced parent resource needs to
+ allow this for the attachment to be complete. For Gateways, that means
+ the Gateway needs to allow attachment from Routes of this kind and
+ namespace. For Services, that means the Service must either be in the same
+ namespace for a "producer" route, or the mesh implementation must support
+ and allow "consumer" routes for the referenced Service. ReferenceGrant is
+ not applicable for governing ParentRefs to Services - it is not possible to
+ create a "producer" route for a Service in a different namespace from the
+ Route.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ ParentRefs must be _distinct_. This means either that:
+
+
+ * They select different objects. If this is the case, then parentRef
+ entries are distinct. In terms of fields, this means that the
+ multi-part key defined by `group`, `kind`, `namespace`, and `name` must
+ be unique across all parentRef entries in the Route.
+ * They do not select different objects, but for each optional field used,
+ each ParentRef that selects the same object must set the same set of
+ optional fields to different values. If one ParentRef sets a
+ combination of optional fields, all must set the same combination.
+
+
+ Some examples:
+
+
+ * If one ParentRef sets `sectionName`, all ParentRefs referencing the
+ same object must also set `sectionName`.
* If one ParentRef sets `port`, all ParentRefs referencing the same
- object must also set `port`. * If one ParentRef sets `sectionName`
- and `port`, all ParentRefs referencing the same object must also
- set `sectionName` and `port`. \n It is possible to separately reference
- multiple distinct objects that may be collapsed by an implementation.
- For example, some implementations may choose to merge compatible
- Gateway Listeners together. If that is the case, the list of routes
- attached to those resources should also be merged. \n Note that
- for ParentRefs that cross namespace boundaries, there are specific
+ object must also set `port`.
+ * If one ParentRef sets `sectionName` and `port`, all ParentRefs
+ referencing the same object must also set `sectionName` and `port`.
+
+
+ It is possible to separately reference multiple distinct objects that may
+ be collapsed by an implementation. For example, some implementations may
+ choose to merge compatible Gateway Listeners together. If that is the
+ case, the list of routes attached to those resources should also be
+ merged.
+
+
+ Note that for ParentRefs that cross namespace boundaries, there are specific
rules. Cross-namespace references are only valid if they are explicitly
- allowed by something in the namespace they are referring to. For
- example, Gateway has the AllowedRoutes field, and ReferenceGrant
- provides a generic way to enable other kinds of cross-namespace
- reference. \n ParentRefs from a Route to a Service in the same
- namespace are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service. \n ParentRefs
- from a Route to a Service in a different namespace are \"consumer\"
- routes, and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for which the
- intended destination of the connections are a Service targeted as
- a ParentRef of the Route. \n "
+ allowed by something in the namespace they are referring to. For example,
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable other kinds of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+
+
+
items:
- description: "ParentReference identifies an API object (usually
- a Gateway) that can be considered a parent of this resource (usually
- a route). There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service
- (Mesh conformance profile, experimental, ClusterIP Services only)
- \n This API may be extended in the future to support additional
- kinds of parent resources. \n The API object must be valid in
- the cluster; the Group and Kind must be registered in the cluster
- for this reference to be valid."
+ description: |-
+ ParentReference identifies an API object (usually a Gateway) that can be considered
+ a parent of this resource (usually a route). There are two kinds of parent resources
+ with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the core
- API group (such as for a \"Service\" kind referent), Group
- must be explicitly set to \"\" (empty string). \n Support:
- Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are two
- kinds of parent resources with \"Core\" support: \n * Gateway
- (Gateway conformance profile) * Service (Mesh conformance
- profile, experimental, ClusterIP Services only) \n Support
- for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent. When
- unspecified, this refers to the local namespace of the Route.
- \n Note that there are specific rules for ParentRefs which
- cross namespace boundaries. Cross-namespace references are
- only valid if they are explicitly allowed by something in
- the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides a
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
- \n ParentRefs from a Route to a Service in the same namespace
- are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service.
- \n ParentRefs from a Route to a Service in a different namespace
- are \"consumer\" routes, and these routing rules are only
- applied to outbound connections originating from the same
- namespace as the Route, for which the intended destination
- of the connections are a Service targeted as a ParentRef of
- the Route. \n Support: Core"
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets. It
- can be interpreted differently based on the type of parent
- resource. \n When the parent resource is a Gateway, this targets
- all listeners listening on the specified port that also support
- this kind of Route(and select this Route). It's not recommended
- to set `Port` unless the networking behaviors specified in
- a Route must apply to a specific port as opposed to a listener(s)
- whose port(s) may be changed. When both Port and SectionName
- are specified, the name and port of the selected listener
- must match both specified values. \n When the parent resource
- is a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are specified,
- the name and port of the selected port must match both specified
- values. \n Implementations MAY choose to support other parent
- resources. Implementations supporting other types of parent
- resources MUST clearly document how/if Port is interpreted.
- \n For the purpose of status, an attachment is considered
- successful as long as the parent resource accepts it partially.
- For example, Gateway listeners can restrict which Routes can
- attach to them by Route kind, namespace, or hostname. If 1
- of 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway. \n
- Support: Extended \n "
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within the
- target resource. In the following resources, SectionName is
- interpreted as the following: \n * Gateway: Listener Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match both
- specified values. * Service: Port Name. When both Port (experimental)
- and SectionName are specified, the name and port of the selected
- listener must match both specified values. Note that attaching
- Routes to Services as Parents is part of experimental Mesh
- support and is not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this will
- reference the entire resource. For the purpose of status,
- an attachment is considered successful if at least one section
- in the parent resource accepts it. For example, Gateway listeners
- can restrict which Routes can attach to them by Route kind,
- namespace, or hostname. If 1 of 2 Gateway listeners accept
- attachment from the referencing Route, the Route MUST be considered
- successfully attached. If no Gateway listeners accept attachment
- from this Route, the Route MUST be considered detached from
- the Gateway. \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -3131,82 +6990,117 @@ spec:
rules:
description: Rules are a list of GRPC matchers, filters and actions.
items:
- description: GRPCRouteRule defines the semantics for matching a
- gRPC request based on conditions (matches), processing it (filters),
- and forwarding the request to an API object (backendRefs).
+ description: |-
+ GRPCRouteRule defines the semantics for matching a gRPC request based on
+ conditions (matches), processing it (filters), and forwarding the request to
+ an API object (backendRefs).
properties:
backendRefs:
- description: "BackendRefs defines the backend(s) where matching
- requests should be sent. \n Failure behavior here depends
- on how many BackendRefs are specified and how many are invalid.
- \n If *all* entries in BackendRefs are invalid, and there
- are also no filters specified in this route rule, *all* traffic
- which matches this rule MUST receive an `UNAVAILABLE` status.
- \n See the GRPCBackendRef definition for the rules about what
- makes a single GRPCBackendRef invalid. \n When a GRPCBackendRef
- is invalid, `UNAVAILABLE` statuses MUST be returned for requests
- that would have otherwise been routed to an invalid backend.
- If multiple backends are specified, and some are invalid,
- the proportion of requests that would otherwise have been
- routed to an invalid backend MUST receive an `UNAVAILABLE`
- status. \n For example, if two backends are specified with
- equal weights, and one is invalid, 50 percent of traffic MUST
- receive an `UNAVAILABLE` status. Implementations may choose
- how that 50 percent is determined. \n Support: Core for Kubernetes
- Service \n Support: Implementation-specific for any other
- resource \n Support for weight: Core"
+ description: |-
+ BackendRefs defines the backend(s) where matching requests should be
+ sent.
+
+
+ Failure behavior here depends on how many BackendRefs are specified and
+ how many are invalid.
+
+
+ If *all* entries in BackendRefs are invalid, and there are also no filters
+ specified in this route rule, *all* traffic which matches this rule MUST
+ receive an `UNAVAILABLE` status.
+
+
+ See the GRPCBackendRef definition for the rules about what makes a single
+ GRPCBackendRef invalid.
+
+
+ When a GRPCBackendRef is invalid, `UNAVAILABLE` statuses MUST be returned for
+ requests that would have otherwise been routed to an invalid backend. If
+ multiple backends are specified, and some are invalid, the proportion of
+ requests that would otherwise have been routed to an invalid backend
+ MUST receive an `UNAVAILABLE` status.
+
+
+ For example, if two backends are specified with equal weights, and one is
+ invalid, 50 percent of traffic MUST receive an `UNAVAILABLE` status.
+ Implementations may choose how that 50 percent is determined.
+
+
+ Support: Core for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
+
+
+ Support for weight: Core
items:
- description: "GRPCBackendRef defines how a GRPCRoute forwards
- a gRPC request. \n Note that when a namespace different
- than the local namespace is specified, a ReferenceGrant
- object is required in the referent namespace to allow that
+ description: |-
+ GRPCBackendRef defines how a GRPCRoute forwards a gRPC request.
+
+
+ Note that when a namespace different than the local namespace is specified, a
+ ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
- documentation for details. \n
- \n When the BackendRef points to a Kubernetes Service, implementations
- SHOULD honor the appProtocol field if it is set for the
- target Service Port. \n Implementations supporting appProtocol
- SHOULD recognize the Kubernetes Standard Application Protocols
- defined in KEP-3726. \n If a Service appProtocol isn't specified,
- an implementation MAY infer the backend protocol through
- its own means. Implementations MAY infer the protocol from
- the Route type referring to the backend Service. \n If a
- Route is not able to send traffic to the backend using the
- specified protocol then the backend is considered invalid.
- Implementations MUST set the \"ResolvedRefs\" condition
- to \"False\" with the \"UnsupportedProtocol\" reason. \n
- "
+ documentation for details.
+
+
+
+
+
+ When the BackendRef points to a Kubernetes Service, implementations SHOULD
+ honor the appProtocol field if it is set for the target Service Port.
+
+
+ Implementations supporting appProtocol SHOULD recognize the Kubernetes
+ Standard Application Protocols defined in KEP-3726.
+
+
+ If a Service appProtocol isn't specified, an implementation MAY infer the
+ backend protocol through its own means. Implementations MAY infer the
+ protocol from the Route type referring to the backend Service.
+
+
+ If a Route is not able to send traffic to the backend using the specified
+ protocol then the backend is considered invalid. Implementations MUST set the
+ "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
+
+
+
properties:
filters:
- description: "Filters defined at this level MUST be executed
- if and only if the request is being forwarded to the
- backend defined here. \n Support: Implementation-specific
- (For broader support of filters, use the Filters field
- in GRPCRouteRule.)"
+ description: |-
+ Filters defined at this level MUST be executed if and only if the
+ request is being forwarded to the backend defined here.
+
+
+ Support: Implementation-specific (For broader support of filters, use the
+ Filters field in GRPCRouteRule.)
items:
- description: GRPCRouteFilter defines processing steps
- that must be completed during the request or response
- lifecycle. GRPCRouteFilters are meant as an extension
- point to express processing that may be done in Gateway
- implementations. Some examples include request or
- response modification, implementing authentication
- strategies, rate-limiting, and traffic shaping. API
- guarantee/conformance is defined based on the type
- of the filter.
+ description: |-
+ GRPCRouteFilter defines processing steps that must be completed during the
+ request or response lifecycle. GRPCRouteFilters are meant as an extension
+ point to express processing that may be done in Gateway implementations. Some
+ examples include request or response modification, implementing
+ authentication strategies, rate-limiting, and traffic shaping. API
+ guarantee/conformance is defined based on the type of the filter.
properties:
extensionRef:
- description: "ExtensionRef is an optional, implementation-specific
- extension to the \"filter\" behavior. For example,
- resource \"myroutefilter\" in group \"networking.example.net\").
- ExtensionRef MUST NOT be used for core and extended
- filters. \n Support: Implementation-specific \n
- This filter can be used multiple times within
- the same rule."
+ description: |-
+ ExtensionRef is an optional, implementation-specific extension to the
+ "filter" behavior. For example, resource "myroutefilter" in group
+ "networking.example.net"). ExtensionRef MUST NOT be used for core and
+ extended filters.
+
+
+ Support: Implementation-specific
+
+
+ This filter can be used multiple times within the same rule.
properties:
group:
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io".
- When unspecified or empty string, core API
- group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
@@ -3228,35 +7122,50 @@ spec:
- name
type: object
requestHeaderModifier:
- description: "RequestHeaderModifier defines a schema
- for a filter that modifies request headers. \n
- Support: Core"
+ description: |-
+ RequestHeaderModifier defines a schema for a filter that modifies request
+ headers.
+
+
+ Support: Core
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It
- appends to any existing values associated
- with the header name. \n Input: GET /foo HTTP/1.1
- my-header: foo \n Config: add: - name: \"my-header\"
- value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
- my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -3277,44 +7186,68 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from
- the HTTP request before the action. The value
- of Remove is a list of HTTP header names.
- Note that the header names are case-insensitive
- (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo
- my-header2: bar my-header3: baz \n Config:
- remove: [\"my-header1\", \"my-header3\"] \n
- Output: GET /foo HTTP/1.1 my-header2: bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with
- the given header (name, value) before the
- action. \n Input: GET /foo HTTP/1.1 my-header:
- foo \n Config: set: - name: \"my-header\"
- value: \"bar\" \n Output: GET /foo HTTP/1.1
- my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -3336,64 +7269,80 @@ spec:
x-kubernetes-list-type: map
type: object
requestMirror:
- description: "RequestMirror defines a schema for
- a filter that mirrors requests. Requests are sent
- to the specified destination, but responses from
- that destination are ignored. \n This filter can
- be used multiple times within the same rule. Note
- that not all implementations will be able to support
- mirroring to multiple backends. \n Support: Extended"
+ description: |-
+ RequestMirror defines a schema for a filter that mirrors requests.
+ Requests are sent to the specified destination, but responses from
+ that destination are ignored.
+
+
+ This filter can be used multiple times within the same rule. Note that
+ not all implementations will be able to support mirroring to multiple
+ backends.
+
+
+ Support: Extended
properties:
backendRef:
- description: "BackendRef references a resource
- where mirrored requests are sent. \n Mirrored
- requests must be sent only to a single destination
- endpoint within this BackendRef, irrespective
- of how many endpoints are present within this
- BackendRef. \n If the referent cannot be found,
- this BackendRef is invalid and must be dropped
- from the Gateway. The controller must ensure
- the \"ResolvedRefs\" condition on the Route
- status is set to `status: False` and not configure
+ description: |-
+ BackendRef references a resource where mirrored requests are sent.
+
+
+ Mirrored requests must be sent only to a single destination endpoint
+ within this BackendRef, irrespective of how many endpoints are present
+ within this BackendRef.
+
+
+ If the referent cannot be found, this BackendRef is invalid and must be
+ dropped from the Gateway. The controller must ensure the "ResolvedRefs"
+ condition on the Route status is set to `status: False` and not configure
this backend in the underlying implementation.
- \n If there is a cross-namespace reference
- to an *existing* object that is not allowed
- by a ReferenceGrant, the controller must ensure
- the \"ResolvedRefs\" condition on the Route
- is set to `status: False`, with the \"RefNotPermitted\"
- reason and not configure this backend in the
- underlying implementation. \n In either error
- case, the Message of the `ResolvedRefs` Condition
- should be used to provide more detail about
- the problem. \n Support: Extended for Kubernetes
- Service \n Support: Implementation-specific
- for any other resource"
+
+
+ If there is a cross-namespace reference to an *existing* object
+ that is not allowed by a ReferenceGrant, the controller must ensure the
+ "ResolvedRefs" condition on the Route is set to `status: False`,
+ with the "RefNotPermitted" reason and not configure this backend in the
+ underlying implementation.
+
+
+ In either error case, the Message of the `ResolvedRefs` Condition
+ should be used to provide more detail about the problem.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
properties:
group:
default: ""
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io".
- When unspecified or empty string, core
- API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource
- kind of the referent. For example \"Service\".
- \n Defaults to \"Service\" when not specified.
- \n ExternalName services can refer to
- CNAME DNS records that may live outside
- of the cluster and as such are difficult
- to reason about in terms of conformance.
- They also may not be safe to forward to
- (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName
- Services. \n Support: Core (Services with
- a type other than ExternalName) \n Support:
- Implementation-specific (Services with
- type ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -3404,29 +7353,29 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace
- of the backend. When unspecified, the
- local namespace is inferred. \n Note that
- when a namespace different than the local
- namespace is specified, a ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept
- the reference. See the ReferenceGrant
- documentation for details. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination
- port number to use for this resource.
- Port is required when the referent is
- a Kubernetes Service. In this case, the
- port number is the service port number,
- not the target port. For other resources,
- destination port might be derived from
- the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
@@ -3442,35 +7391,50 @@ spec:
- backendRef
type: object
responseHeaderModifier:
- description: "ResponseHeaderModifier defines a schema
- for a filter that modifies response headers. \n
- Support: Extended"
+ description: |-
+ ResponseHeaderModifier defines a schema for a filter that modifies response
+ headers.
+
+
+ Support: Extended
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It
- appends to any existing values associated
- with the header name. \n Input: GET /foo HTTP/1.1
- my-header: foo \n Config: add: - name: \"my-header\"
- value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
- my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -3491,44 +7455,68 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from
- the HTTP request before the action. The value
- of Remove is a list of HTTP header names.
- Note that the header names are case-insensitive
- (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo
- my-header2: bar my-header3: baz \n Config:
- remove: [\"my-header1\", \"my-header3\"] \n
- Output: GET /foo HTTP/1.1 my-header2: bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with
- the given header (name, value) before the
- action. \n Input: GET /foo HTTP/1.1 my-header:
- foo \n Config: set: - name: \"my-header\"
- value: \"bar\" \n Output: GET /foo HTTP/1.1
- my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -3550,32 +7538,38 @@ spec:
x-kubernetes-list-type: map
type: object
type:
- description: "Type identifies the type of filter
- to apply. As with other API fields, types are
- classified into three conformance levels: \n -
- Core: Filter types and their corresponding configuration
- defined by \"Support: Core\" in this package,
- e.g. \"RequestHeaderModifier\". All implementations
- supporting GRPCRoute MUST support core filters.
- \n - Extended: Filter types and their corresponding
- configuration defined by \"Support: Extended\"
- in this package, e.g. \"RequestMirror\". Implementers
- are encouraged to support extended filters. \n
- - Implementation-specific: Filters that are defined
- and supported by specific vendors. In the future,
- filters showing convergence in behavior across
- multiple implementations will be considered for
- inclusion in extended or core conformance levels.
- Filter-specific configuration for such filters
- is specified using the ExtensionRef field. `Type`
- MUST be set to \"ExtensionRef\" for custom filters.
- \n Implementers are encouraged to define custom
- implementation types to extend the core API with
- implementation-specific behavior. \n If a reference
- to a custom filter type cannot be resolved, the
- filter MUST NOT be skipped. Instead, requests
- that would have been processed by that filter
- MUST receive a HTTP error response. \n "
+ description: |+
+ Type identifies the type of filter to apply. As with other API fields,
+ types are classified into three conformance levels:
+
+
+ - Core: Filter types and their corresponding configuration defined by
+ "Support: Core" in this package, e.g. "RequestHeaderModifier". All
+ implementations supporting GRPCRoute MUST support core filters.
+
+
+ - Extended: Filter types and their corresponding configuration defined by
+ "Support: Extended" in this package, e.g. "RequestMirror". Implementers
+ are encouraged to support extended filters.
+
+
+ - Implementation-specific: Filters that are defined and supported by specific vendors.
+ In the future, filters showing convergence in behavior across multiple
+ implementations will be considered for inclusion in extended or core
+ conformance levels. Filter-specific configuration for such filters
+ is specified using the ExtensionRef field. `Type` MUST be set to
+ "ExtensionRef" for custom filters.
+
+
+ Implementers are encouraged to define custom implementation types to
+ extend the core API with implementation-specific behavior.
+
+
+ If a reference to a custom filter type cannot be resolved, the filter
+ MUST NOT be skipped. Instead, requests that would have been processed by
+ that filter MUST receive a HTTP error response.
+
+
enum:
- ResponseHeaderModifier
- RequestHeaderModifier
@@ -3626,25 +7620,33 @@ spec:
<= 1
group:
default: ""
- description: Group is the group of the referent. For example,
- "gateway.networking.k8s.io". When unspecified or empty
- string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource kind of
- the referent. For example \"Service\". \n Defaults to
- \"Service\" when not specified. \n ExternalName services
- can refer to CNAME DNS records that may live outside
- of the cluster and as such are difficult to reason about
- in terms of conformance. They also may not be safe to
- forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName Services.
- \n Support: Core (Services with a type other than ExternalName)
- \n Support: Implementation-specific (Services with type
- ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -3655,43 +7657,51 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the backend.
- When unspecified, the local namespace is inferred. \n
- Note that when a namespace different than the local
- namespace is specified, a ReferenceGrant object is required
- in the referent namespace to allow that namespace's
- owner to accept the reference. See the ReferenceGrant
- documentation for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port number
- to use for this resource. Port is required when the
- referent is a Kubernetes Service. In this case, the
- port number is the service port number, not the target
- port. For other resources, destination port might be
- derived from the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
weight:
default: 1
- description: "Weight specifies the proportion of requests
- forwarded to the referenced backend. This is computed
- as weight/(sum of all weights in this BackendRefs list).
- For non-zero values, there may be some epsilon from
- the exact proportion defined here depending on the precision
- an implementation supports. Weight is not a percentage
- and the sum of weights does not need to equal 100. \n
- If only one backend is specified and it has a weight
- greater than 0, 100% of the traffic is forwarded to
- that backend. If weight is set to 0, no traffic should
- be forwarded for this entry. If unspecified, weight
- defaults to 1. \n Support for this field varies based
- on the context where used."
+ description: |-
+ Weight specifies the proportion of requests forwarded to the referenced
+ backend. This is computed as weight/(sum of all weights in this
+ BackendRefs list). For non-zero values, there may be some epsilon from
+ the exact proportion defined here depending on the precision an
+ implementation supports. Weight is not a percentage and the sum of
+ weights does not need to equal 100.
+
+
+ If only one backend is specified and it has a weight greater than 0, 100%
+ of the traffic is forwarded to that backend. If weight is set to 0, no
+ traffic should be forwarded for this entry. If unspecified, weight
+ defaults to 1.
+
+
+ Support for this field varies based on the context where used.
format: int32
maximum: 1000000
minimum: 0
@@ -3706,44 +7716,63 @@ spec:
maxItems: 16
type: array
filters:
- description: "Filters define the filters that are applied to
- requests that match this rule. \n The effects of ordering
- of multiple behaviors are currently unspecified. This can
- change in the future based on feedback during the alpha stage.
- \n Conformance-levels at this level are defined based on the
- type of filter: \n - ALL core filters MUST be supported by
- all implementations that support GRPCRoute. - Implementers
- are encouraged to support extended filters. - Implementation-specific
- custom filters have no API guarantees across implementations.
- \n Specifying the same filter multiple times is not supported
- unless explicitly indicated in the filter. \n If an implementation
- can not support a combination of filters, it must clearly
+ description: |-
+ Filters define the filters that are applied to requests that match
+ this rule.
+
+
+ The effects of ordering of multiple behaviors are currently unspecified.
+ This can change in the future based on feedback during the alpha stage.
+
+
+ Conformance-levels at this level are defined based on the type of filter:
+
+
+ - ALL core filters MUST be supported by all implementations that support
+ GRPCRoute.
+ - Implementers are encouraged to support extended filters.
+ - Implementation-specific custom filters have no API guarantees across
+ implementations.
+
+
+ Specifying the same filter multiple times is not supported unless explicitly
+ indicated in the filter.
+
+
+ If an implementation can not support a combination of filters, it must clearly
document that limitation. In cases where incompatible or unsupported
- filters are specified and cause the `Accepted` condition to
- be set to status `False`, implementations may use the `IncompatibleFilters`
- reason to specify this configuration error. \n Support: Core"
+ filters are specified and cause the `Accepted` condition to be set to status
+ `False`, implementations may use the `IncompatibleFilters` reason to specify
+ this configuration error.
+
+
+ Support: Core
items:
- description: GRPCRouteFilter defines processing steps that
- must be completed during the request or response lifecycle.
- GRPCRouteFilters are meant as an extension point to express
- processing that may be done in Gateway implementations.
- Some examples include request or response modification,
- implementing authentication strategies, rate-limiting, and
- traffic shaping. API guarantee/conformance is defined based
- on the type of the filter.
+ description: |-
+ GRPCRouteFilter defines processing steps that must be completed during the
+ request or response lifecycle. GRPCRouteFilters are meant as an extension
+ point to express processing that may be done in Gateway implementations. Some
+ examples include request or response modification, implementing
+ authentication strategies, rate-limiting, and traffic shaping. API
+ guarantee/conformance is defined based on the type of the filter.
properties:
extensionRef:
- description: "ExtensionRef is an optional, implementation-specific
- extension to the \"filter\" behavior. For example,
- resource \"myroutefilter\" in group \"networking.example.net\").
- ExtensionRef MUST NOT be used for core and extended
- filters. \n Support: Implementation-specific \n This
- filter can be used multiple times within the same rule."
+ description: |-
+ ExtensionRef is an optional, implementation-specific extension to the
+ "filter" behavior. For example, resource "myroutefilter" in group
+ "networking.example.net"). ExtensionRef MUST NOT be used for core and
+ extended filters.
+
+
+ Support: Implementation-specific
+
+
+ This filter can be used multiple times within the same rule.
properties:
group:
- description: Group is the group of the referent. For
- example, "gateway.networking.k8s.io". When unspecified
- or empty string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
@@ -3765,32 +7794,49 @@ spec:
- name
type: object
requestHeaderModifier:
- description: "RequestHeaderModifier defines a schema for
- a filter that modifies request headers. \n Support:
- Core"
+ description: |-
+ RequestHeaderModifier defines a schema for a filter that modifies request
+ headers.
+
+
+ Support: Core
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It appends
- to any existing values associated with the header
- name. \n Input: GET /foo HTTP/1.1 my-header: foo
- \n Config: add: - name: \"my-header\" value: \"bar,baz\"
- \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -3811,40 +7857,67 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from the
- HTTP request before the action. The value of Remove
- is a list of HTTP header names. Note that the header
- names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
- bar my-header3: baz \n Config: remove: [\"my-header1\",
- \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
- bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with the
- given header (name, value) before the action. \n
- Input: GET /foo HTTP/1.1 my-header: foo \n Config:
- set: - name: \"my-header\" value: \"bar\" \n Output:
- GET /foo HTTP/1.1 my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -3866,60 +7939,80 @@ spec:
x-kubernetes-list-type: map
type: object
requestMirror:
- description: "RequestMirror defines a schema for a filter
- that mirrors requests. Requests are sent to the specified
- destination, but responses from that destination are
- ignored. \n This filter can be used multiple times within
- the same rule. Note that not all implementations will
- be able to support mirroring to multiple backends. \n
- Support: Extended"
+ description: |-
+ RequestMirror defines a schema for a filter that mirrors requests.
+ Requests are sent to the specified destination, but responses from
+ that destination are ignored.
+
+
+ This filter can be used multiple times within the same rule. Note that
+ not all implementations will be able to support mirroring to multiple
+ backends.
+
+
+ Support: Extended
properties:
backendRef:
- description: "BackendRef references a resource where
- mirrored requests are sent. \n Mirrored requests
- must be sent only to a single destination endpoint
- within this BackendRef, irrespective of how many
- endpoints are present within this BackendRef. \n
- If the referent cannot be found, this BackendRef
- is invalid and must be dropped from the Gateway.
- The controller must ensure the \"ResolvedRefs\"
- condition on the Route status is set to `status:
- False` and not configure this backend in the underlying
- implementation. \n If there is a cross-namespace
- reference to an *existing* object that is not allowed
- by a ReferenceGrant, the controller must ensure
- the \"ResolvedRefs\" condition on the Route is
- set to `status: False`, with the \"RefNotPermitted\"
- reason and not configure this backend in the underlying
- implementation. \n In either error case, the Message
- of the `ResolvedRefs` Condition should be used to
- provide more detail about the problem. \n Support:
- Extended for Kubernetes Service \n Support: Implementation-specific
- for any other resource"
+ description: |-
+ BackendRef references a resource where mirrored requests are sent.
+
+
+ Mirrored requests must be sent only to a single destination endpoint
+ within this BackendRef, irrespective of how many endpoints are present
+ within this BackendRef.
+
+
+ If the referent cannot be found, this BackendRef is invalid and must be
+ dropped from the Gateway. The controller must ensure the "ResolvedRefs"
+ condition on the Route status is set to `status: False` and not configure
+ this backend in the underlying implementation.
+
+
+ If there is a cross-namespace reference to an *existing* object
+ that is not allowed by a ReferenceGrant, the controller must ensure the
+ "ResolvedRefs" condition on the Route is set to `status: False`,
+ with the "RefNotPermitted" reason and not configure this backend in the
+ underlying implementation.
+
+
+ In either error case, the Message of the `ResolvedRefs` Condition
+ should be used to provide more detail about the problem.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
properties:
group:
default: ""
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io". When
- unspecified or empty string, core API group
- is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource
- kind of the referent. For example \"Service\".
- \n Defaults to \"Service\" when not specified.
- \n ExternalName services can refer to CNAME
- DNS records that may live outside of the cluster
- and as such are difficult to reason about in
- terms of conformance. They also may not be safe
- to forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName
- Services. \n Support: Core (Services with a
- type other than ExternalName) \n Support: Implementation-specific
- (Services with type ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -3930,25 +8023,28 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the
- backend. When unspecified, the local namespace
- is inferred. \n Note that when a namespace different
- than the local namespace is specified, a ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept the
- reference. See the ReferenceGrant documentation
- for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port
- number to use for this resource. Port is required
- when the referent is a Kubernetes Service. In
- this case, the port number is the service port
- number, not the target port. For other resources,
- destination port might be derived from the referent
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
@@ -3965,32 +8061,49 @@ spec:
- backendRef
type: object
responseHeaderModifier:
- description: "ResponseHeaderModifier defines a schema
- for a filter that modifies response headers. \n Support:
- Extended"
+ description: |-
+ ResponseHeaderModifier defines a schema for a filter that modifies response
+ headers.
+
+
+ Support: Extended
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It appends
- to any existing values associated with the header
- name. \n Input: GET /foo HTTP/1.1 my-header: foo
- \n Config: add: - name: \"my-header\" value: \"bar,baz\"
- \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -4011,40 +8124,67 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from the
- HTTP request before the action. The value of Remove
- is a list of HTTP header names. Note that the header
- names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
- bar my-header3: baz \n Config: remove: [\"my-header1\",
- \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
- bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with the
- given header (name, value) before the action. \n
- Input: GET /foo HTTP/1.1 my-header: foo \n Config:
- set: - name: \"my-header\" value: \"bar\" \n Output:
- GET /foo HTTP/1.1 my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -4066,29 +8206,38 @@ spec:
x-kubernetes-list-type: map
type: object
type:
- description: "Type identifies the type of filter to apply.
- As with other API fields, types are classified into
- three conformance levels: \n - Core: Filter types and
- their corresponding configuration defined by \"Support:
- Core\" in this package, e.g. \"RequestHeaderModifier\".
- All implementations supporting GRPCRoute MUST support
- core filters. \n - Extended: Filter types and their
- corresponding configuration defined by \"Support: Extended\"
- in this package, e.g. \"RequestMirror\". Implementers
- are encouraged to support extended filters. \n - Implementation-specific:
- Filters that are defined and supported by specific vendors.
- In the future, filters showing convergence in behavior
- across multiple implementations will be considered for
- inclusion in extended or core conformance levels. Filter-specific
- configuration for such filters is specified using the
- ExtensionRef field. `Type` MUST be set to \"ExtensionRef\"
- for custom filters. \n Implementers are encouraged to
- define custom implementation types to extend the core
- API with implementation-specific behavior. \n If a reference
- to a custom filter type cannot be resolved, the filter
- MUST NOT be skipped. Instead, requests that would have
- been processed by that filter MUST receive a HTTP error
- response. \n "
+ description: |+
+ Type identifies the type of filter to apply. As with other API fields,
+ types are classified into three conformance levels:
+
+
+ - Core: Filter types and their corresponding configuration defined by
+ "Support: Core" in this package, e.g. "RequestHeaderModifier". All
+ implementations supporting GRPCRoute MUST support core filters.
+
+
+ - Extended: Filter types and their corresponding configuration defined by
+ "Support: Extended" in this package, e.g. "RequestMirror". Implementers
+ are encouraged to support extended filters.
+
+
+ - Implementation-specific: Filters that are defined and supported by specific vendors.
+ In the future, filters showing convergence in behavior across multiple
+ implementations will be considered for inclusion in extended or core
+ conformance levels. Filter-specific configuration for such filters
+ is specified using the ExtensionRef field. `Type` MUST be set to
+ "ExtensionRef" for custom filters.
+
+
+ Implementers are encouraged to define custom implementation types to
+ extend the core API with implementation-specific behavior.
+
+
+ If a reference to a custom filter type cannot be resolved, the filter
+ MUST NOT be skipped. Instead, requests that would have been processed by
+ that filter MUST receive a HTTP error response.
+
+
enum:
- ResponseHeaderModifier
- RequestHeaderModifier
@@ -4137,60 +8286,110 @@ spec:
rule: self.filter(f, f.type == 'ResponseHeaderModifier').size()
<= 1
matches:
- description: "Matches define conditions used for matching the
- rule against incoming gRPC requests. Each match is independent,
- i.e. this rule will be matched if **any** one of the matches
- is satisfied. \n For example, take the following matches configuration:
- \n ``` matches: - method: service: foo.bar headers: values:
- version: 2 - method: service: foo.bar.v2 ``` \n For a request
- to match against this rule, it MUST satisfy EITHER of the
- two conditions: \n - service of foo.bar AND contains the header
- `version: 2` - service of foo.bar.v2 \n See the documentation
- for GRPCRouteMatch on how to specify multiple match conditions
- to be ANDed together. \n If no matches are specified, the
- implementation MUST match every gRPC request. \n Proxy or
- Load Balancer routing configuration generated from GRPCRoutes
- MUST prioritize rules based on the following criteria, continuing
- on ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.
- Precedence MUST be given to the rule with the largest number
- of: \n * Characters in a matching non-wildcard hostname. *
- Characters in a matching hostname. * Characters in a matching
- service. * Characters in a matching method. * Header matches.
- \n If ties still exist across multiple Routes, matching precedence
- MUST be determined in order of the following criteria, continuing
- on ties: \n * The oldest Route based on creation timestamp.
- * The Route appearing first in alphabetical order by \"{namespace}/{name}\".
- \n If ties still exist within the Route that has been given
- precedence, matching precedence MUST be granted to the first
- matching rule meeting the above criteria."
+ description: |-
+ Matches define conditions used for matching the rule against incoming
+ gRPC requests. Each match is independent, i.e. this rule will be matched
+ if **any** one of the matches is satisfied.
+
+
+ For example, take the following matches configuration:
+
+
+ ```
+ matches:
+ - method:
+ service: foo.bar
+ headers:
+ values:
+ version: 2
+ - method:
+ service: foo.bar.v2
+ ```
+
+
+ For a request to match against this rule, it MUST satisfy
+ EITHER of the two conditions:
+
+
+ - service of foo.bar AND contains the header `version: 2`
+ - service of foo.bar.v2
+
+
+ See the documentation for GRPCRouteMatch on how to specify multiple
+ match conditions to be ANDed together.
+
+
+ If no matches are specified, the implementation MUST match every gRPC request.
+
+
+ Proxy or Load Balancer routing configuration generated from GRPCRoutes
+ MUST prioritize rules based on the following criteria, continuing on
+ ties. Merging MUST not be done between GRPCRoutes and HTTPRoutes.
+ Precedence MUST be given to the rule with the largest number of:
+
+
+ * Characters in a matching non-wildcard hostname.
+ * Characters in a matching hostname.
+ * Characters in a matching service.
+ * Characters in a matching method.
+ * Header matches.
+
+
+ If ties still exist across multiple Routes, matching precedence MUST be
+ determined in order of the following criteria, continuing on ties:
+
+
+ * The oldest Route based on creation timestamp.
+ * The Route appearing first in alphabetical order by
+ "{namespace}/{name}".
+
+
+ If ties still exist within the Route that has been given precedence,
+ matching precedence MUST be granted to the first matching rule meeting
+ the above criteria.
items:
- description: "GRPCRouteMatch defines the predicate used to
- match requests to a given action. Multiple match types are
- ANDed together, i.e. the match will evaluate to true only
- if all conditions are satisfied. \n For example, the match
- below will match a gRPC request only if its service is `foo`
- AND it contains the `version: v1` header: \n ``` matches:
- - method: type: Exact service: \"foo\" headers: - name:
- \"version\" value \"v1\" \n ```"
+ description: |-
+ GRPCRouteMatch defines the predicate used to match requests to a given
+ action. Multiple match types are ANDed together, i.e. the match will
+ evaluate to true only if all conditions are satisfied.
+
+
+ For example, the match below will match a gRPC request only if its service
+ is `foo` AND it contains the `version: v1` header:
+
+
+ ```
+ matches:
+ - method:
+ type: Exact
+ service: "foo"
+ headers:
+ - name: "version"
+ value "v1"
+
+
+ ```
properties:
headers:
- description: Headers specifies gRPC request header matchers.
- Multiple match values are ANDed together, meaning, a
- request MUST match all the specified headers to select
- the route.
+ description: |-
+ Headers specifies gRPC request header matchers. Multiple match values are
+ ANDed together, meaning, a request MUST match all the specified headers
+ to select the route.
items:
- description: GRPCHeaderMatch describes how to select
- a gRPC route by matching gRPC request headers.
+ description: |-
+ GRPCHeaderMatch describes how to select a gRPC route by matching gRPC request
+ headers.
properties:
name:
- description: "Name is the name of the gRPC Header
- to be matched. \n If multiple entries specify
- equivalent header names, only the first entry
- with an equivalent name MUST be considered for
- a match. Subsequent entries with an equivalent
- header name MUST be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the gRPC Header to be matched.
+
+
+ If multiple entries specify equivalent header names, only the first
+ entry with an equivalent name MUST be considered for a match. Subsequent
+ entries with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -4219,31 +8418,39 @@ spec:
- name
x-kubernetes-list-type: map
method:
- description: Method specifies a gRPC request service/method
- matcher. If this field is not specified, all services
- and methods will match.
+ description: |-
+ Method specifies a gRPC request service/method matcher. If this field is
+ not specified, all services and methods will match.
properties:
method:
- description: "Value of the method to match against.
- If left empty or omitted, will match all services.
- \n At least one of Service and Method MUST be a
- non-empty string."
+ description: |-
+ Value of the method to match against. If left empty or omitted, will
+ match all services.
+
+
+ At least one of Service and Method MUST be a non-empty string.
maxLength: 1024
type: string
service:
- description: "Value of the service to match against.
- If left empty or omitted, will match any service.
- \n At least one of Service and Method MUST be a
- non-empty string."
+ description: |-
+ Value of the service to match against. If left empty or omitted, will
+ match any service.
+
+
+ At least one of Service and Method MUST be a non-empty string.
maxLength: 1024
type: string
type:
default: Exact
- description: "Type specifies how to match against
- the service and/or method. Support: Core (Exact
- with service and method specified) \n Support: Implementation-specific
- (Exact with method specified but no service specified)
- \n Support: Implementation-specific (RegularExpression)"
+ description: |-
+ Type specifies how to match against the service and/or method.
+ Support: Core (Exact with service and method specified)
+
+
+ Support: Implementation-specific (Exact with method specified but no service specified)
+
+
+ Support: Implementation-specific (RegularExpression)
enum:
- Exact
- RegularExpression
@@ -4267,6 +8474,106 @@ spec:
type: object
maxItems: 8
type: array
+ sessionPersistence:
+ description: |+
+ SessionPersistence defines and configures session persistence
+ for the route rule.
+
+
+ Support: Extended
+
+
+ properties:
+ absoluteTimeout:
+ description: |-
+ AbsoluteTimeout defines the absolute timeout of the persistent
+ session. Once the AbsoluteTimeout duration has elapsed, the
+ session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+ type: string
+ cookieConfig:
+ description: |-
+ CookieConfig provides configuration settings that are specific
+ to cookie-based session persistence.
+
+
+ Support: Core
+ properties:
+ lifetimeType:
+ default: Session
+ description: |-
+ LifetimeType specifies whether the cookie has a permanent or
+ session-based lifetime. A permanent cookie persists until its
+ specified expiry time, defined by the Expires or Max-Age cookie
+ attributes, while a session cookie is deleted when the current
+ session ends.
+
+
+ When set to "Permanent", AbsoluteTimeout indicates the
+ cookie's lifetime via the Expires or Max-Age cookie attributes
+ and is required.
+
+
+ When set to "Session", AbsoluteTimeout indicates the
+ absolute lifetime of the cookie tracked by the gateway and
+ is optional.
+
+
+ Support: Core for "Session" type
+
+
+ Support: Extended for "Permanent" type
+ enum:
+ - Permanent
+ - Session
+ type: string
+ type: object
+ idleTimeout:
+ description: |-
+ IdleTimeout defines the idle timeout of the persistent session.
+ Once the session has been idle for more than the specified
+ IdleTimeout duration, the session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+ type: string
+ sessionName:
+ description: |-
+ SessionName defines the name of the persistent session token
+ which may be reflected in the cookie or the header. Users
+ should avoid reusing session names to prevent unintended
+ consequences, such as rejection or unpredictable behavior.
+
+
+ Support: Implementation-specific
+ maxLength: 128
+ type: string
+ type:
+ default: Cookie
+ description: |-
+ Type defines the type of session persistence such as through
+ the use a header or cookie. Defaults to cookie based session
+ persistence.
+
+
+ Support: Core for "Cookie" type
+
+
+ Support: Extended for "Header" type
+ enum:
+ - Cookie
+ - Header
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: AbsoluteTimeout must be specified when cookie lifetimeType
+ is Permanent
+ rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
+ != ''Permanent'' || has(self.absoluteTimeout)'
type: object
maxItems: 16
type: array
@@ -4275,81 +8582,94 @@ spec:
description: Status defines the current state of GRPCRoute.
properties:
parents:
- description: "Parents is a list of parent resources (usually Gateways)
- that are associated with the route, and the status of the route
- with respect to each parent. When this route attaches to a parent,
- the controller that manages the parent must add an entry to this
- list when the controller first sees the route and should update
- the entry as appropriate when the route or gateway is modified.
- \n Note that parent references that cannot be resolved by an implementation
- of this API will not be added to this list. Implementations of this
- API can only populate Route status for the Gateways/parent resources
- they are responsible for. \n A maximum of 32 Gateways will be represented
- in this list. An empty list means the route has not been attached
- to any Gateway."
+ description: |-
+ Parents is a list of parent resources (usually Gateways) that are
+ associated with the route, and the status of the route with respect to
+ each parent. When this route attaches to a parent, the controller that
+ manages the parent must add an entry to this list when the controller
+ first sees the route and should update the entry as appropriate when the
+ route or gateway is modified.
+
+
+ Note that parent references that cannot be resolved by an implementation
+ of this API will not be added to this list. Implementations of this API
+ can only populate Route status for the Gateways/parent resources they are
+ responsible for.
+
+
+ A maximum of 32 Gateways will be represented in this list. An empty list
+ means the route has not been attached to any Gateway.
items:
- description: RouteParentStatus describes the status of a route with
- respect to an associated Parent.
+ description: |-
+ RouteParentStatus describes the status of a route with respect to an
+ associated Parent.
properties:
conditions:
- description: "Conditions describes the status of the route with
- respect to the Gateway. Note that the route's availability
- is also subject to the Gateway's own status conditions and
- listener status. \n If the Route's ParentRef specifies an
- existing Gateway that supports Routes of this kind AND that
- Gateway's controller has sufficient access, then that Gateway's
- controller MUST set the \"Accepted\" condition on the Route,
- to indicate whether the route has been accepted or rejected
- by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
- if at least one of the Route's rules is implemented by the
- Gateway. \n There are a number of cases where the \"Accepted\"
- condition may not be set due to lack of controller visibility,
- that includes when: \n * The Route refers to a non-existent
- parent. * The Route is of a type that the controller does
- not support. * The Route is in a namespace the controller
- does not have access to."
+ description: |-
+ Conditions describes the status of the route with respect to the Gateway.
+ Note that the route's availability is also subject to the Gateway's own
+ status conditions and listener status.
+
+
+ If the Route's ParentRef specifies an existing Gateway that supports
+ Routes of this kind AND that Gateway's controller has sufficient access,
+ then that Gateway's controller MUST set the "Accepted" condition on the
+ Route, to indicate whether the route has been accepted or rejected by the
+ Gateway, and why.
+
+
+ A Route MUST be considered "Accepted" if at least one of the Route's
+ rules is implemented by the Gateway.
+
+
+ There are a number of cases where the "Accepted" condition may not be set
+ due to lack of controller visibility, that includes when:
+
+
+ * The Route refers to a non-existent parent.
+ * The Route is of a type that the controller does not support.
+ * The Route is in a namespace the controller does not have access to.
items:
description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
+ the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -4363,12 +8683,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -4386,131 +8706,175 @@ spec:
- type
x-kubernetes-list-type: map
controllerName:
- description: "ControllerName is a domain/path string that indicates
- the name of the controller that wrote this status. This corresponds
- with the controllerName field on GatewayClass. \n Example:
- \"example.net/gateway-controller\". \n The format of this
- field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
- Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- \n Controllers MUST populate this field when writing status.
- Controllers should ensure that entries to status populated
- with their ControllerName are cleaned up when they are no
- longer necessary."
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
- description: ParentRef corresponds with a ParentRef in the spec
- that this RouteParentStatus struct describes the status of.
+ description: |-
+ ParentRef corresponds with a ParentRef in the spec that this
+ RouteParentStatus struct describes the status of.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the
- core API group (such as for a \"Service\" kind referent),
- Group must be explicitly set to \"\" (empty string). \n
- Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are
- two kinds of parent resources with \"Core\" support: \n
- * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services
- only) \n Support for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent.
- When unspecified, this refers to the local namespace of
- the Route. \n Note that there are specific rules for ParentRefs
- which cross namespace boundaries. Cross-namespace references
- are only valid if they are explicitly allowed by something
- in the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides
- a generic way to enable any other kind of cross-namespace
- reference. \n ParentRefs from a Route to a Service in
- the same namespace are \"producer\" routes, which apply
- default routing rules to inbound connections from any
- namespace to the Service. \n ParentRefs from a Route to
- a Service in a different namespace are \"consumer\" routes,
- and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for
- which the intended destination of the connections are
- a Service targeted as a ParentRef of the Route. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets.
- It can be interpreted differently based on the type of
- parent resource. \n When the parent resource is a Gateway,
- this targets all listeners listening on the specified
- port that also support this kind of Route(and select this
- Route). It's not recommended to set `Port` unless the
- networking behaviors specified in a Route must apply to
- a specific port as opposed to a listener(s) whose port(s)
- may be changed. When both Port and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. \n When the parent resource is
- a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are
- specified, the name and port of the selected port must
- match both specified values. \n Implementations MAY choose
- to support other parent resources. Implementations supporting
- other types of parent resources MUST clearly document
- how/if Port is interpreted. \n For the purpose of status,
- an attachment is considered successful as long as the
- parent resource accepts it partially. For example, Gateway
- listeners can restrict which Routes can attach to them
- by Route kind, namespace, or hostname. If 1 of 2 Gateway
- listeners accept attachment from the referencing Route,
- the Route MUST be considered successfully attached. If
- no Gateway listeners accept attachment from this Route,
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
- \n Support: Extended \n "
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within
- the target resource. In the following resources, SectionName
- is interpreted as the following: \n * Gateway: Listener
- Name. When both Port (experimental) and SectionName are
- specified, the name and port of the selected listener
- must match both specified values. * Service: Port Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services
- as Parents is part of experimental Mesh support and is
- not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this
- will reference the entire resource. For the purpose of
- status, an attachment is considered successful if at least
- one section in the parent resource accepts it. For example,
- Gateway listeners can restrict which Routes can attach
- to them by Route kind, namespace, or hostname. If 1 of
- 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway.
- \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -4529,9 +8893,7 @@ spec:
type: object
type: object
served: true
- storage: true
- subresources:
- status: {}
+ storage: false
status:
acceptedNames:
kind: ""
@@ -4546,8 +8908,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
name: httproutes.gateway.networking.k8s.io
@@ -4572,20 +8934,26 @@ spec:
name: v1
schema:
openAPIV3Schema:
- description: HTTPRoute provides a way to route HTTP requests. This includes
- the capability to match requests by hostname, path, header, or query param.
- Filters can be used to specify additional processing steps. Backends specify
- where matching requests should be routed.
+ description: |-
+ HTTPRoute provides a way to route HTTP requests. This includes the capability
+ to match requests by hostname, path, header, or query param. Filters can be
+ used to specify additional processing steps. Backends specify where matching
+ requests should be routed.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -4593,57 +8961,90 @@ spec:
description: Spec defines the desired state of HTTPRoute.
properties:
hostnames:
- description: "Hostnames defines a set of hostnames that should match
- against the HTTP Host header to select a HTTPRoute used to process
- the request. Implementations MUST ignore any port value specified
- in the HTTP Host header while performing a match and (absent of
- any applicable header modification configuration) MUST forward this
- header unmodified to the backend. \n Valid values for Hostnames
- are determined by RFC 1123 definition of a hostname with 2 notable
- exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
- with a wildcard label (`*.`). The wildcard label must appear by
- itself as the first label. \n If a hostname is specified by both
- the Listener and HTTPRoute, there must be at least one intersecting
- hostname for the HTTPRoute to be attached to the Listener. For example:
- \n * A Listener with `test.example.com` as the hostname matches
- HTTPRoutes that have either not specified any hostnames, or have
- specified at least one of `test.example.com` or `*.example.com`.
+ description: |-
+ Hostnames defines a set of hostnames that should match against the HTTP Host
+ header to select a HTTPRoute used to process the request. Implementations
+ MUST ignore any port value specified in the HTTP Host header while
+ performing a match and (absent of any applicable header modification
+ configuration) MUST forward this header unmodified to the backend.
+
+
+ Valid values for Hostnames are determined by RFC 1123 definition of a
+ hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label must appear by itself as the first label.
+
+
+ If a hostname is specified by both the Listener and HTTPRoute, there
+ must be at least one intersecting hostname for the HTTPRoute to be
+ attached to the Listener. For example:
+
+
+ * A Listener with `test.example.com` as the hostname matches HTTPRoutes
+ that have either not specified any hostnames, or have specified at
+ least one of `test.example.com` or `*.example.com`.
* A Listener with `*.example.com` as the hostname matches HTTPRoutes
- that have either not specified any hostnames or have specified at
- least one hostname that matches the Listener hostname. For example,
- `*.example.com`, `test.example.com`, and `foo.test.example.com`
- would all match. On the other hand, `example.com` and `test.example.net`
- would not match. \n Hostnames that are prefixed with a wildcard
- label (`*.`) are interpreted as a suffix match. That means that
- a match for `*.example.com` would match both `test.example.com`,
- and `foo.test.example.com`, but not `example.com`. \n If both the
- Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
- that do not match the Listener hostname MUST be ignored. For example,
- if a Listener specified `*.example.com`, and the HTTPRoute specified
- `test.example.com` and `test.example.net`, `test.example.net` must
- not be considered for a match. \n If both the Listener and HTTPRoute
- have specified hostnames, and none match with the criteria above,
- then the HTTPRoute is not accepted. The implementation must raise
- an 'Accepted' Condition with a status of `False` in the corresponding
- RouteParentStatus. \n In the event that multiple HTTPRoutes specify
- intersecting hostnames (e.g. overlapping wildcard matching and exact
- matching hostnames), precedence must be given to rules from the
- HTTPRoute with the largest number of: \n * Characters in a matching
- non-wildcard hostname. * Characters in a matching hostname. \n If
- ties exist across multiple Routes, the matching precedence rules
- for HTTPRouteMatches takes over. \n Support: Core"
+ that have either not specified any hostnames or have specified at least
+ one hostname that matches the Listener hostname. For example,
+ `*.example.com`, `test.example.com`, and `foo.test.example.com` would
+ all match. On the other hand, `example.com` and `test.example.net` would
+ not match.
+
+
+ Hostnames that are prefixed with a wildcard label (`*.`) are interpreted
+ as a suffix match. That means that a match for `*.example.com` would match
+ both `test.example.com`, and `foo.test.example.com`, but not `example.com`.
+
+
+ If both the Listener and HTTPRoute have specified hostnames, any
+ HTTPRoute hostnames that do not match the Listener hostname MUST be
+ ignored. For example, if a Listener specified `*.example.com`, and the
+ HTTPRoute specified `test.example.com` and `test.example.net`,
+ `test.example.net` must not be considered for a match.
+
+
+ If both the Listener and HTTPRoute have specified hostnames, and none
+ match with the criteria above, then the HTTPRoute is not accepted. The
+ implementation must raise an 'Accepted' Condition with a status of
+ `False` in the corresponding RouteParentStatus.
+
+
+ In the event that multiple HTTPRoutes specify intersecting hostnames (e.g.
+ overlapping wildcard matching and exact matching hostnames), precedence must
+ be given to rules from the HTTPRoute with the largest number of:
+
+
+ * Characters in a matching non-wildcard hostname.
+ * Characters in a matching hostname.
+
+
+ If ties exist across multiple Routes, the matching precedence rules for
+ HTTPRouteMatches takes over.
+
+
+ Support: Core
items:
- description: "Hostname is the fully qualified domain name of a network
- host. This matches the RFC 1123 definition of a hostname with
- 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
- may be prefixed with a wildcard label (`*.`). The wildcard label
- must appear by itself as the first label. \n Hostname can be \"precise\"
- which is a domain name without the terminating dot of a network
- host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
- name prefixed with a single wildcard label (e.g. `*.example.com`).
- \n Note that as per RFC1035 and RFC1123, a *label* must consist
- of lower case alphanumeric characters or '-', and must start and
- end with an alphanumeric character. No other punctuation is allowed."
+ description: |-
+ Hostname is the fully qualified domain name of a network host. This matches
+ the RFC 1123 definition of a hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label must appear by itself as the first label.
+
+
+ Hostname can be "precise" which is a domain name without the terminating
+ dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
+ domain name prefixed with a single wildcard label (e.g. `*.example.com`).
+
+
+ Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+ alphanumeric characters or '-', and must start and end with an alphanumeric
+ character. No other punctuation is allowed.
maxLength: 253
minLength: 1
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -4651,165 +9052,246 @@ spec:
maxItems: 16
type: array
parentRefs:
- description: "ParentRefs references the resources (usually Gateways)
- that a Route wants to be attached to. Note that the referenced parent
- resource needs to allow this for the attachment to be complete.
- For Gateways, that means the Gateway needs to allow attachment from
- Routes of this kind and namespace. For Services, that means the
- Service must either be in the same namespace for a \"producer\"
- route, or the mesh implementation must support and allow \"consumer\"
- routes for the referenced Service. ReferenceGrant is not applicable
- for governing ParentRefs to Services - it is not possible to create
- a \"producer\" route for a Service in a different namespace from
- the Route. \n There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services only) This
- API may be extended in the future to support additional kinds of
- parent resources. \n ParentRefs must be _distinct_. This means either
- that: \n * They select different objects. If this is the case,
- then parentRef entries are distinct. In terms of fields, this means
- that the multi-part key defined by `group`, `kind`, `namespace`,
- and `name` must be unique across all parentRef entries in the Route.
- * They do not select different objects, but for each optional field
- used, each ParentRef that selects the same object must set the same
- set of optional fields to different values. If one ParentRef sets
- a combination of optional fields, all must set the same combination.
- \n Some examples: \n * If one ParentRef sets `sectionName`, all
- ParentRefs referencing the same object must also set `sectionName`.
+ description: |+
+ ParentRefs references the resources (usually Gateways) that a Route wants
+ to be attached to. Note that the referenced parent resource needs to
+ allow this for the attachment to be complete. For Gateways, that means
+ the Gateway needs to allow attachment from Routes of this kind and
+ namespace. For Services, that means the Service must either be in the same
+ namespace for a "producer" route, or the mesh implementation must support
+ and allow "consumer" routes for the referenced Service. ReferenceGrant is
+ not applicable for governing ParentRefs to Services - it is not possible to
+ create a "producer" route for a Service in a different namespace from the
+ Route.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ ParentRefs must be _distinct_. This means either that:
+
+
+ * They select different objects. If this is the case, then parentRef
+ entries are distinct. In terms of fields, this means that the
+ multi-part key defined by `group`, `kind`, `namespace`, and `name` must
+ be unique across all parentRef entries in the Route.
+ * They do not select different objects, but for each optional field used,
+ each ParentRef that selects the same object must set the same set of
+ optional fields to different values. If one ParentRef sets a
+ combination of optional fields, all must set the same combination.
+
+
+ Some examples:
+
+
+ * If one ParentRef sets `sectionName`, all ParentRefs referencing the
+ same object must also set `sectionName`.
* If one ParentRef sets `port`, all ParentRefs referencing the same
- object must also set `port`. * If one ParentRef sets `sectionName`
- and `port`, all ParentRefs referencing the same object must also
- set `sectionName` and `port`. \n It is possible to separately reference
- multiple distinct objects that may be collapsed by an implementation.
- For example, some implementations may choose to merge compatible
- Gateway Listeners together. If that is the case, the list of routes
- attached to those resources should also be merged. \n Note that
- for ParentRefs that cross namespace boundaries, there are specific
+ object must also set `port`.
+ * If one ParentRef sets `sectionName` and `port`, all ParentRefs
+ referencing the same object must also set `sectionName` and `port`.
+
+
+ It is possible to separately reference multiple distinct objects that may
+ be collapsed by an implementation. For example, some implementations may
+ choose to merge compatible Gateway Listeners together. If that is the
+ case, the list of routes attached to those resources should also be
+ merged.
+
+
+ Note that for ParentRefs that cross namespace boundaries, there are specific
rules. Cross-namespace references are only valid if they are explicitly
- allowed by something in the namespace they are referring to. For
- example, Gateway has the AllowedRoutes field, and ReferenceGrant
- provides a generic way to enable other kinds of cross-namespace
- reference. \n ParentRefs from a Route to a Service in the same
- namespace are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service. \n ParentRefs
- from a Route to a Service in a different namespace are \"consumer\"
- routes, and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for which the
- intended destination of the connections are a Service targeted as
- a ParentRef of the Route. \n "
+ allowed by something in the namespace they are referring to. For example,
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable other kinds of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+
+
+
items:
- description: "ParentReference identifies an API object (usually
- a Gateway) that can be considered a parent of this resource (usually
- a route). There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service
- (Mesh conformance profile, experimental, ClusterIP Services only)
- \n This API may be extended in the future to support additional
- kinds of parent resources. \n The API object must be valid in
- the cluster; the Group and Kind must be registered in the cluster
- for this reference to be valid."
+ description: |-
+ ParentReference identifies an API object (usually a Gateway) that can be considered
+ a parent of this resource (usually a route). There are two kinds of parent resources
+ with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the core
- API group (such as for a \"Service\" kind referent), Group
- must be explicitly set to \"\" (empty string). \n Support:
- Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are two
- kinds of parent resources with \"Core\" support: \n * Gateway
- (Gateway conformance profile) * Service (Mesh conformance
- profile, experimental, ClusterIP Services only) \n Support
- for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent. When
- unspecified, this refers to the local namespace of the Route.
- \n Note that there are specific rules for ParentRefs which
- cross namespace boundaries. Cross-namespace references are
- only valid if they are explicitly allowed by something in
- the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides a
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
- \n ParentRefs from a Route to a Service in the same namespace
- are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service.
- \n ParentRefs from a Route to a Service in a different namespace
- are \"consumer\" routes, and these routing rules are only
- applied to outbound connections originating from the same
- namespace as the Route, for which the intended destination
- of the connections are a Service targeted as a ParentRef of
- the Route. \n Support: Core"
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets. It
- can be interpreted differently based on the type of parent
- resource. \n When the parent resource is a Gateway, this targets
- all listeners listening on the specified port that also support
- this kind of Route(and select this Route). It's not recommended
- to set `Port` unless the networking behaviors specified in
- a Route must apply to a specific port as opposed to a listener(s)
- whose port(s) may be changed. When both Port and SectionName
- are specified, the name and port of the selected listener
- must match both specified values. \n When the parent resource
- is a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are specified,
- the name and port of the selected port must match both specified
- values. \n Implementations MAY choose to support other parent
- resources. Implementations supporting other types of parent
- resources MUST clearly document how/if Port is interpreted.
- \n For the purpose of status, an attachment is considered
- successful as long as the parent resource accepts it partially.
- For example, Gateway listeners can restrict which Routes can
- attach to them by Route kind, namespace, or hostname. If 1
- of 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway. \n
- Support: Extended \n "
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within the
- target resource. In the following resources, SectionName is
- interpreted as the following: \n * Gateway: Listener Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match both
- specified values. * Service: Port Name. When both Port (experimental)
- and SectionName are specified, the name and port of the selected
- listener must match both specified values. Note that attaching
- Routes to Services as Parents is part of experimental Mesh
- support and is not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this will
- reference the entire resource. For the purpose of status,
- an attachment is considered successful if at least one section
- in the parent resource accepts it. For example, Gateway listeners
- can restrict which Routes can attach to them by Route kind,
- namespace, or hostname. If 1 of 2 Gateway listeners accept
- attachment from the referencing Route, the Route MUST be considered
- successfully attached. If no Gateway listeners accept attachment
- from this Route, the Route MUST be considered detached from
- the Gateway. \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -4850,81 +9332,120 @@ spec:
value: /
description: Rules are a list of HTTP matchers, filters and actions.
items:
- description: HTTPRouteRule defines semantics for matching an HTTP
- request based on conditions (matches), processing it (filters),
- and forwarding the request to an API object (backendRefs).
+ description: |-
+ HTTPRouteRule defines semantics for matching an HTTP request based on
+ conditions (matches), processing it (filters), and forwarding the request to
+ an API object (backendRefs).
properties:
backendRefs:
- description: "BackendRefs defines the backend(s) where matching
- requests should be sent. \n Failure behavior here depends
- on how many BackendRefs are specified and how many are invalid.
- \n If *all* entries in BackendRefs are invalid, and there
- are also no filters specified in this route rule, *all* traffic
- which matches this rule MUST receive a 500 status code. \n
- See the HTTPBackendRef definition for the rules about what
- makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
- is invalid, 500 status codes MUST be returned for requests
- that would have otherwise been routed to an invalid backend.
- If multiple backends are specified, and some are invalid,
- the proportion of requests that would otherwise have been
- routed to an invalid backend MUST receive a 500 status code.
- \n For example, if two backends are specified with equal weights,
- and one is invalid, 50 percent of traffic must receive a 500.
- Implementations may choose how that 50 percent is determined.
- \n Support: Core for Kubernetes Service \n Support: Extended
- for Kubernetes ServiceImport \n Support: Implementation-specific
- for any other resource \n Support for weight: Core"
+ description: |-
+ BackendRefs defines the backend(s) where matching requests should be
+ sent.
+
+
+ Failure behavior here depends on how many BackendRefs are specified and
+ how many are invalid.
+
+
+ If *all* entries in BackendRefs are invalid, and there are also no filters
+ specified in this route rule, *all* traffic which matches this rule MUST
+ receive a 500 status code.
+
+
+ See the HTTPBackendRef definition for the rules about what makes a single
+ HTTPBackendRef invalid.
+
+
+ When a HTTPBackendRef is invalid, 500 status codes MUST be returned for
+ requests that would have otherwise been routed to an invalid backend. If
+ multiple backends are specified, and some are invalid, the proportion of
+ requests that would otherwise have been routed to an invalid backend
+ MUST receive a 500 status code.
+
+
+ For example, if two backends are specified with equal weights, and one is
+ invalid, 50 percent of traffic must receive a 500. Implementations may
+ choose how that 50 percent is determined.
+
+
+ Support: Core for Kubernetes Service
+
+
+ Support: Extended for Kubernetes ServiceImport
+
+
+ Support: Implementation-specific for any other resource
+
+
+ Support for weight: Core
items:
- description: "HTTPBackendRef defines how a HTTPRoute forwards
- a HTTP request. \n Note that when a namespace different
- than the local namespace is specified, a ReferenceGrant
- object is required in the referent namespace to allow that
+ description: |-
+ HTTPBackendRef defines how a HTTPRoute forwards a HTTP request.
+
+
+ Note that when a namespace different than the local namespace is specified, a
+ ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
- documentation for details. \n
- \n When the BackendRef points to a Kubernetes Service, implementations
- SHOULD honor the appProtocol field if it is set for the
- target Service Port. \n Implementations supporting appProtocol
- SHOULD recognize the Kubernetes Standard Application Protocols
- defined in KEP-3726. \n If a Service appProtocol isn't specified,
- an implementation MAY infer the backend protocol through
- its own means. Implementations MAY infer the protocol from
- the Route type referring to the backend Service. \n If a
- Route is not able to send traffic to the backend using the
- specified protocol then the backend is considered invalid.
- Implementations MUST set the \"ResolvedRefs\" condition
- to \"False\" with the \"UnsupportedProtocol\" reason. \n
- "
+ documentation for details.
+
+
+
+
+
+ When the BackendRef points to a Kubernetes Service, implementations SHOULD
+ honor the appProtocol field if it is set for the target Service Port.
+
+
+ Implementations supporting appProtocol SHOULD recognize the Kubernetes
+ Standard Application Protocols defined in KEP-3726.
+
+
+ If a Service appProtocol isn't specified, an implementation MAY infer the
+ backend protocol through its own means. Implementations MAY infer the
+ protocol from the Route type referring to the backend Service.
+
+
+ If a Route is not able to send traffic to the backend using the specified
+ protocol then the backend is considered invalid. Implementations MUST set the
+ "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
+
+
+
properties:
filters:
- description: "Filters defined at this level should be
- executed if and only if the request is being forwarded
- to the backend defined here. \n Support: Implementation-specific
- (For broader support of filters, use the Filters field
- in HTTPRouteRule.)"
+ description: |-
+ Filters defined at this level should be executed if and only if the
+ request is being forwarded to the backend defined here.
+
+
+ Support: Implementation-specific (For broader support of filters, use the
+ Filters field in HTTPRouteRule.)
items:
- description: HTTPRouteFilter defines processing steps
- that must be completed during the request or response
- lifecycle. HTTPRouteFilters are meant as an extension
- point to express processing that may be done in Gateway
- implementations. Some examples include request or
- response modification, implementing authentication
- strategies, rate-limiting, and traffic shaping. API
- guarantee/conformance is defined based on the type
- of the filter.
+ description: |-
+ HTTPRouteFilter defines processing steps that must be completed during the
+ request or response lifecycle. HTTPRouteFilters are meant as an extension
+ point to express processing that may be done in Gateway implementations. Some
+ examples include request or response modification, implementing
+ authentication strategies, rate-limiting, and traffic shaping. API
+ guarantee/conformance is defined based on the type of the filter.
properties:
extensionRef:
- description: "ExtensionRef is an optional, implementation-specific
- extension to the \"filter\" behavior. For example,
- resource \"myroutefilter\" in group \"networking.example.net\").
- ExtensionRef MUST NOT be used for core and extended
- filters. \n This filter can be used multiple times
- within the same rule. \n Support: Implementation-specific"
+ description: |-
+ ExtensionRef is an optional, implementation-specific extension to the
+ "filter" behavior. For example, resource "myroutefilter" in group
+ "networking.example.net"). ExtensionRef MUST NOT be used for core and
+ extended filters.
+
+
+ This filter can be used multiple times within the same rule.
+
+
+ Support: Implementation-specific
properties:
group:
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io".
- When unspecified or empty string, core API
- group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
@@ -4946,35 +9467,50 @@ spec:
- name
type: object
requestHeaderModifier:
- description: "RequestHeaderModifier defines a schema
- for a filter that modifies request headers. \n
- Support: Core"
+ description: |-
+ RequestHeaderModifier defines a schema for a filter that modifies request
+ headers.
+
+
+ Support: Core
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It
- appends to any existing values associated
- with the header name. \n Input: GET /foo HTTP/1.1
- my-header: foo \n Config: add: - name: \"my-header\"
- value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
- my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -4995,44 +9531,68 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from
- the HTTP request before the action. The value
- of Remove is a list of HTTP header names.
- Note that the header names are case-insensitive
- (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo
- my-header2: bar my-header3: baz \n Config:
- remove: [\"my-header1\", \"my-header3\"] \n
- Output: GET /foo HTTP/1.1 my-header2: bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with
- the given header (name, value) before the
- action. \n Input: GET /foo HTTP/1.1 my-header:
- foo \n Config: set: - name: \"my-header\"
- value: \"bar\" \n Output: GET /foo HTTP/1.1
- my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -5054,64 +9614,80 @@ spec:
x-kubernetes-list-type: map
type: object
requestMirror:
- description: "RequestMirror defines a schema for
- a filter that mirrors requests. Requests are sent
- to the specified destination, but responses from
- that destination are ignored. \n This filter can
- be used multiple times within the same rule. Note
- that not all implementations will be able to support
- mirroring to multiple backends. \n Support: Extended"
+ description: |-
+ RequestMirror defines a schema for a filter that mirrors requests.
+ Requests are sent to the specified destination, but responses from
+ that destination are ignored.
+
+
+ This filter can be used multiple times within the same rule. Note that
+ not all implementations will be able to support mirroring to multiple
+ backends.
+
+
+ Support: Extended
properties:
backendRef:
- description: "BackendRef references a resource
- where mirrored requests are sent. \n Mirrored
- requests must be sent only to a single destination
- endpoint within this BackendRef, irrespective
- of how many endpoints are present within this
- BackendRef. \n If the referent cannot be found,
- this BackendRef is invalid and must be dropped
- from the Gateway. The controller must ensure
- the \"ResolvedRefs\" condition on the Route
- status is set to `status: False` and not configure
+ description: |-
+ BackendRef references a resource where mirrored requests are sent.
+
+
+ Mirrored requests must be sent only to a single destination endpoint
+ within this BackendRef, irrespective of how many endpoints are present
+ within this BackendRef.
+
+
+ If the referent cannot be found, this BackendRef is invalid and must be
+ dropped from the Gateway. The controller must ensure the "ResolvedRefs"
+ condition on the Route status is set to `status: False` and not configure
this backend in the underlying implementation.
- \n If there is a cross-namespace reference
- to an *existing* object that is not allowed
- by a ReferenceGrant, the controller must ensure
- the \"ResolvedRefs\" condition on the Route
- is set to `status: False`, with the \"RefNotPermitted\"
- reason and not configure this backend in the
- underlying implementation. \n In either error
- case, the Message of the `ResolvedRefs` Condition
- should be used to provide more detail about
- the problem. \n Support: Extended for Kubernetes
- Service \n Support: Implementation-specific
- for any other resource"
+
+
+ If there is a cross-namespace reference to an *existing* object
+ that is not allowed by a ReferenceGrant, the controller must ensure the
+ "ResolvedRefs" condition on the Route is set to `status: False`,
+ with the "RefNotPermitted" reason and not configure this backend in the
+ underlying implementation.
+
+
+ In either error case, the Message of the `ResolvedRefs` Condition
+ should be used to provide more detail about the problem.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
properties:
group:
default: ""
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io".
- When unspecified or empty string, core
- API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource
- kind of the referent. For example \"Service\".
- \n Defaults to \"Service\" when not specified.
- \n ExternalName services can refer to
- CNAME DNS records that may live outside
- of the cluster and as such are difficult
- to reason about in terms of conformance.
- They also may not be safe to forward to
- (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName
- Services. \n Support: Core (Services with
- a type other than ExternalName) \n Support:
- Implementation-specific (Services with
- type ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -5122,29 +9698,29 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace
- of the backend. When unspecified, the
- local namespace is inferred. \n Note that
- when a namespace different than the local
- namespace is specified, a ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept
- the reference. See the ReferenceGrant
- documentation for details. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination
- port number to use for this resource.
- Port is required when the referent is
- a Kubernetes Service. In this case, the
- port number is the service port number,
- not the target port. For other resources,
- destination port might be derived from
- the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
@@ -5160,84 +9736,88 @@ spec:
- backendRef
type: object
requestRedirect:
- description: "RequestRedirect defines a schema for
- a filter that responds to the request with an
- HTTP redirection. \n Support: Core"
+ description: |-
+ RequestRedirect defines a schema for a filter that responds to the
+ request with an HTTP redirection.
+
+
+ Support: Core
properties:
hostname:
- description: "Hostname is the hostname to be
- used in the value of the `Location` header
- in the response. When empty, the hostname
- in the `Host` header of the request is used.
- \n Support: Core"
+ description: |-
+ Hostname is the hostname to be used in the value of the `Location`
+ header in the response.
+ When empty, the hostname in the `Host` header of the request is used.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
- description: "Path defines parameters used to
- modify the path of the incoming request. The
- modified path is then used to construct the
- `Location` header. When empty, the request
- path is used as-is. \n Support: Extended"
+ description: |-
+ Path defines parameters used to modify the path of the incoming request.
+ The modified path is then used to construct the `Location` header. When
+ empty, the request path is used as-is.
+
+
+ Support: Extended
properties:
replaceFullPath:
- description: ReplaceFullPath specifies the
- value with which to replace the full path
+ description: |-
+ ReplaceFullPath specifies the value with which to replace the full path
of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
- description: "ReplacePrefixMatch specifies
- the value with which to replace the prefix
- match of a request during a rewrite or
- redirect. For example, a request to \"/foo/bar\"
- with a prefix match of \"/foo\" and a
- ReplacePrefixMatch of \"/xyz\" would be
- modified to \"/xyz/bar\". \n Note that
- this matches the behavior of the PathPrefix
- match type. This matches full path elements.
- A path element refers to the list of labels
- in the path split by the `/` separator.
- When specified, a trailing `/` is ignored.
- For example, the paths `/abc`, `/abc/`,
- and `/abc/def` would all match the prefix
- `/abc`, but the path `/abcd` would not.
- \n ReplacePrefixMatch is only compatible
- with a `PathPrefix` HTTPRouteMatch. Using
- any other HTTPRouteMatch type on the same
- HTTPRouteRule will result in the implementation
- setting the Accepted Condition for the
- Route to `status: False`. \n Request Path
- | Prefix Match | Replace Prefix | Modified
- Path -------------|--------------|----------------|----------
- /foo/bar | /foo | /xyz |
- /xyz/bar /foo/bar | /foo |
- /xyz/ | /xyz/bar /foo/bar |
- /foo/ | /xyz | /xyz/bar
- /foo/bar | /foo/ | /xyz/ |
- /xyz/bar /foo | /foo |
- /xyz | /xyz /foo/ | /foo
- \ | /xyz | /xyz/ /foo/bar
- \ | /foo | |
- /bar /foo/ | /foo | | / /foo | /foo |
- | / /foo/ | /foo
- \ | / | / /foo |
- /foo | / | /"
+ description: |-
+ ReplacePrefixMatch specifies the value with which to replace the prefix
+ match of a request during a rewrite or redirect. For example, a request
+ to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+ of "/xyz" would be modified to "/xyz/bar".
+
+
+ Note that this matches the behavior of the PathPrefix match type. This
+ matches full path elements. A path element refers to the list of labels
+ in the path split by the `/` separator. When specified, a trailing `/` is
+ ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
+ match the prefix `/abc`, but the path `/abcd` would not.
+
+
+ ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.
+ Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+ the implementation setting the Accepted Condition for the Route to `status: False`.
+
+
+ Request Path | Prefix Match | Replace Prefix | Modified Path
+ -------------|--------------|----------------|----------
+ /foo/bar | /foo | /xyz | /xyz/bar
+ /foo/bar | /foo | /xyz/ | /xyz/bar
+ /foo/bar | /foo/ | /xyz | /xyz/bar
+ /foo/bar | /foo/ | /xyz/ | /xyz/bar
+ /foo | /foo | /xyz | /xyz
+ /foo/ | /foo | /xyz | /xyz/
+ /foo/bar | /foo | | /bar
+ /foo/ | /foo | | /
+ /foo | /foo | | /
+ /foo/ | /foo | / | /
+ /foo | /foo | / | /
maxLength: 1024
type: string
type:
- description: "Type defines the type of path
- modifier. Additional types may be added
- in a future release of the API. \n Note
- that values may be added to this enum,
- implementations must ensure that unknown
- values will not cause a crash. \n Unknown
- values here must result in the implementation
- setting the Accepted Condition for the
- Route to `status: False`, with a Reason
- of `UnsupportedValue`."
+ description: |-
+ Type defines the type of path modifier. Additional types may be
+ added in a future release of the API.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- ReplaceFullPath
- ReplacePrefixMatch
@@ -5263,95 +9843,128 @@ spec:
rule: 'has(self.replacePrefixMatch) ? self.type
== ''ReplacePrefixMatch'' : true'
port:
- description: "Port is the port to be used in
- the value of the `Location` header in the
- response. \n If no port is specified, the
- redirect port MUST be derived using the following
- rules: \n * If redirect scheme is not-empty,
- the redirect port MUST be the well-known port
- associated with the redirect scheme. Specifically
- \"http\" to port 80 and \"https\" to port
- 443. If the redirect scheme does not have
- a well-known port, the listener port of the
- Gateway SHOULD be used. * If redirect scheme
- is empty, the redirect port MUST be the Gateway
- Listener port. \n Implementations SHOULD NOT
- add the port number in the 'Location' header
- in the following cases: \n * A Location header
- that will use HTTP (whether that is determined
- via the Listener protocol or the Scheme field)
- _and_ use port 80. * A Location header that
- will use HTTPS (whether that is determined
- via the Listener protocol or the Scheme field)
- _and_ use port 443. \n Support: Extended"
+ description: |-
+ Port is the port to be used in the value of the `Location`
+ header in the response.
+
+
+ If no port is specified, the redirect port MUST be derived using the
+ following rules:
+
+
+ * If redirect scheme is not-empty, the redirect port MUST be the well-known
+ port associated with the redirect scheme. Specifically "http" to port 80
+ and "https" to port 443. If the redirect scheme does not have a
+ well-known port, the listener port of the Gateway SHOULD be used.
+ * If redirect scheme is empty, the redirect port MUST be the Gateway
+ Listener port.
+
+
+ Implementations SHOULD NOT add the port number in the 'Location'
+ header in the following cases:
+
+
+ * A Location header that will use HTTP (whether that is determined via
+ the Listener protocol or the Scheme field) _and_ use port 80.
+ * A Location header that will use HTTPS (whether that is determined via
+ the Listener protocol or the Scheme field) _and_ use port 443.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
scheme:
- description: "Scheme is the scheme to be used
- in the value of the `Location` header in the
- response. When empty, the scheme of the request
- is used. \n Scheme redirects can affect the
- port of the redirect, for more information,
- refer to the documentation for the port field
- of this filter. \n Note that values may be
- added to this enum, implementations must ensure
- that unknown values will not cause a crash.
- \n Unknown values here must result in the
- implementation setting the Accepted Condition
- for the Route to `status: False`, with a Reason
- of `UnsupportedValue`. \n Support: Extended"
+ description: |-
+ Scheme is the scheme to be used in the value of the `Location` header in
+ the response. When empty, the scheme of the request is used.
+
+
+ Scheme redirects can affect the port of the redirect, for more information,
+ refer to the documentation for the port field of this filter.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
+
+
+ Support: Extended
enum:
- http
- https
type: string
statusCode:
default: 302
- description: "StatusCode is the HTTP status
- code to be used in response. \n Note that
- values may be added to this enum, implementations
- must ensure that unknown values will not cause
- a crash. \n Unknown values here must result
- in the implementation setting the Accepted
- Condition for the Route to `status: False`,
- with a Reason of `UnsupportedValue`. \n Support:
- Core"
+ description: |-
+ StatusCode is the HTTP status code to be used in response.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
+
+
+ Support: Core
enum:
- 301
- 302
type: integer
type: object
responseHeaderModifier:
- description: "ResponseHeaderModifier defines a schema
- for a filter that modifies response headers. \n
- Support: Extended"
+ description: |-
+ ResponseHeaderModifier defines a schema for a filter that modifies response
+ headers.
+
+
+ Support: Extended
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It
- appends to any existing values associated
- with the header name. \n Input: GET /foo HTTP/1.1
- my-header: foo \n Config: add: - name: \"my-header\"
- value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
- my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -5372,44 +9985,68 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from
- the HTTP request before the action. The value
- of Remove is a list of HTTP header names.
- Note that the header names are case-insensitive
- (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo
- my-header2: bar my-header3: baz \n Config:
- remove: [\"my-header1\", \"my-header3\"] \n
- Output: GET /foo HTTP/1.1 my-header2: bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with
- the given header (name, value) before the
- action. \n Input: GET /foo HTTP/1.1 my-header:
- foo \n Config: set: - name: \"my-header\"
- value: \"bar\" \n Output: GET /foo HTTP/1.1
- my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -5431,37 +10068,46 @@ spec:
x-kubernetes-list-type: map
type: object
type:
- description: "Type identifies the type of filter
- to apply. As with other API fields, types are
- classified into three conformance levels: \n -
- Core: Filter types and their corresponding configuration
- defined by \"Support: Core\" in this package,
- e.g. \"RequestHeaderModifier\". All implementations
- must support core filters. \n - Extended: Filter
- types and their corresponding configuration defined
- by \"Support: Extended\" in this package, e.g.
- \"RequestMirror\". Implementers are encouraged
- to support extended filters. \n - Implementation-specific:
- Filters that are defined and supported by specific
- vendors. In the future, filters showing convergence
- in behavior across multiple implementations will
- be considered for inclusion in extended or core
- conformance levels. Filter-specific configuration
- for such filters is specified using the ExtensionRef
- field. `Type` should be set to \"ExtensionRef\"
- for custom filters. \n Implementers are encouraged
- to define custom implementation types to extend
- the core API with implementation-specific behavior.
- \n If a reference to a custom filter type cannot
- be resolved, the filter MUST NOT be skipped. Instead,
- requests that would have been processed by that
- filter MUST receive a HTTP error response. \n
+ description: |-
+ Type identifies the type of filter to apply. As with other API fields,
+ types are classified into three conformance levels:
+
+
+ - Core: Filter types and their corresponding configuration defined by
+ "Support: Core" in this package, e.g. "RequestHeaderModifier". All
+ implementations must support core filters.
+
+
+ - Extended: Filter types and their corresponding configuration defined by
+ "Support: Extended" in this package, e.g. "RequestMirror". Implementers
+ are encouraged to support extended filters.
+
+
+ - Implementation-specific: Filters that are defined and supported by
+ specific vendors.
+ In the future, filters showing convergence in behavior across multiple
+ implementations will be considered for inclusion in extended or core
+ conformance levels. Filter-specific configuration for such filters
+ is specified using the ExtensionRef field. `Type` should be set to
+ "ExtensionRef" for custom filters.
+
+
+ Implementers are encouraged to define custom implementation types to
+ extend the core API with implementation-specific behavior.
+
+
+ If a reference to a custom filter type cannot be resolved, the filter
+ MUST NOT be skipped. Instead, requests that would have been processed by
+ that filter MUST receive a HTTP error response.
+
+
Note that values may be added to this enum, implementations
- must ensure that unknown values will not cause
- a crash. \n Unknown values here must result in
- the implementation setting the Accepted Condition
- for the Route to `status: False`, with a Reason
- of `UnsupportedValue`."
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- RequestHeaderModifier
- ResponseHeaderModifier
@@ -5471,79 +10117,84 @@ spec:
- ExtensionRef
type: string
urlRewrite:
- description: "URLRewrite defines a schema for a
- filter that modifies a request during forwarding.
- \n Support: Extended"
+ description: |-
+ URLRewrite defines a schema for a filter that modifies a request during forwarding.
+
+
+ Support: Extended
properties:
hostname:
- description: "Hostname is the value to be used
- to replace the Host header value during forwarding.
- \n Support: Extended"
+ description: |-
+ Hostname is the value to be used to replace the Host header value during
+ forwarding.
+
+
+ Support: Extended
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
- description: "Path defines a path rewrite. \n
- Support: Extended"
+ description: |-
+ Path defines a path rewrite.
+
+
+ Support: Extended
properties:
replaceFullPath:
- description: ReplaceFullPath specifies the
- value with which to replace the full path
+ description: |-
+ ReplaceFullPath specifies the value with which to replace the full path
of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
- description: "ReplacePrefixMatch specifies
- the value with which to replace the prefix
- match of a request during a rewrite or
- redirect. For example, a request to \"/foo/bar\"
- with a prefix match of \"/foo\" and a
- ReplacePrefixMatch of \"/xyz\" would be
- modified to \"/xyz/bar\". \n Note that
- this matches the behavior of the PathPrefix
- match type. This matches full path elements.
- A path element refers to the list of labels
- in the path split by the `/` separator.
- When specified, a trailing `/` is ignored.
- For example, the paths `/abc`, `/abc/`,
- and `/abc/def` would all match the prefix
- `/abc`, but the path `/abcd` would not.
- \n ReplacePrefixMatch is only compatible
- with a `PathPrefix` HTTPRouteMatch. Using
- any other HTTPRouteMatch type on the same
- HTTPRouteRule will result in the implementation
- setting the Accepted Condition for the
- Route to `status: False`. \n Request Path
- | Prefix Match | Replace Prefix | Modified
- Path -------------|--------------|----------------|----------
- /foo/bar | /foo | /xyz |
- /xyz/bar /foo/bar | /foo |
- /xyz/ | /xyz/bar /foo/bar |
- /foo/ | /xyz | /xyz/bar
- /foo/bar | /foo/ | /xyz/ |
- /xyz/bar /foo | /foo |
- /xyz | /xyz /foo/ | /foo
- \ | /xyz | /xyz/ /foo/bar
- \ | /foo | |
- /bar /foo/ | /foo | | / /foo | /foo |
- | / /foo/ | /foo
- \ | / | / /foo |
- /foo | / | /"
+ description: |-
+ ReplacePrefixMatch specifies the value with which to replace the prefix
+ match of a request during a rewrite or redirect. For example, a request
+ to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+ of "/xyz" would be modified to "/xyz/bar".
+
+
+ Note that this matches the behavior of the PathPrefix match type. This
+ matches full path elements. A path element refers to the list of labels
+ in the path split by the `/` separator. When specified, a trailing `/` is
+ ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
+ match the prefix `/abc`, but the path `/abcd` would not.
+
+
+ ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.
+ Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+ the implementation setting the Accepted Condition for the Route to `status: False`.
+
+
+ Request Path | Prefix Match | Replace Prefix | Modified Path
+ -------------|--------------|----------------|----------
+ /foo/bar | /foo | /xyz | /xyz/bar
+ /foo/bar | /foo | /xyz/ | /xyz/bar
+ /foo/bar | /foo/ | /xyz | /xyz/bar
+ /foo/bar | /foo/ | /xyz/ | /xyz/bar
+ /foo | /foo | /xyz | /xyz
+ /foo/ | /foo | /xyz | /xyz/
+ /foo/bar | /foo | | /bar
+ /foo/ | /foo | | /
+ /foo | /foo | | /
+ /foo/ | /foo | / | /
+ /foo | /foo | / | /
maxLength: 1024
type: string
type:
- description: "Type defines the type of path
- modifier. Additional types may be added
- in a future release of the API. \n Note
- that values may be added to this enum,
- implementations must ensure that unknown
- values will not cause a crash. \n Unknown
- values here must result in the implementation
- setting the Accepted Condition for the
- Route to `status: False`, with a Reason
- of `UnsupportedValue`."
+ description: |-
+ Type defines the type of path modifier. Additional types may be
+ added in a future release of the API.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- ReplaceFullPath
- ReplacePrefixMatch
@@ -5641,25 +10292,33 @@ spec:
<= 1
group:
default: ""
- description: Group is the group of the referent. For example,
- "gateway.networking.k8s.io". When unspecified or empty
- string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource kind of
- the referent. For example \"Service\". \n Defaults to
- \"Service\" when not specified. \n ExternalName services
- can refer to CNAME DNS records that may live outside
- of the cluster and as such are difficult to reason about
- in terms of conformance. They also may not be safe to
- forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName Services.
- \n Support: Core (Services with a type other than ExternalName)
- \n Support: Implementation-specific (Services with type
- ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -5670,43 +10329,51 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the backend.
- When unspecified, the local namespace is inferred. \n
- Note that when a namespace different than the local
- namespace is specified, a ReferenceGrant object is required
- in the referent namespace to allow that namespace's
- owner to accept the reference. See the ReferenceGrant
- documentation for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port number
- to use for this resource. Port is required when the
- referent is a Kubernetes Service. In this case, the
- port number is the service port number, not the target
- port. For other resources, destination port might be
- derived from the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
weight:
default: 1
- description: "Weight specifies the proportion of requests
- forwarded to the referenced backend. This is computed
- as weight/(sum of all weights in this BackendRefs list).
- For non-zero values, there may be some epsilon from
- the exact proportion defined here depending on the precision
- an implementation supports. Weight is not a percentage
- and the sum of weights does not need to equal 100. \n
- If only one backend is specified and it has a weight
- greater than 0, 100% of the traffic is forwarded to
- that backend. If weight is set to 0, no traffic should
- be forwarded for this entry. If unspecified, weight
- defaults to 1. \n Support for this field varies based
- on the context where used."
+ description: |-
+ Weight specifies the proportion of requests forwarded to the referenced
+ backend. This is computed as weight/(sum of all weights in this
+ BackendRefs list). For non-zero values, there may be some epsilon from
+ the exact proportion defined here depending on the precision an
+ implementation supports. Weight is not a percentage and the sum of
+ weights does not need to equal 100.
+
+
+ If only one backend is specified and it has a weight greater than 0, 100%
+ of the traffic is forwarded to that backend. If weight is set to 0, no
+ traffic should be forwarded for this entry. If unspecified, weight
+ defaults to 1.
+
+
+ Support for this field varies based on the context where used.
format: int32
maximum: 1000000
minimum: 0
@@ -5721,46 +10388,77 @@ spec:
maxItems: 16
type: array
filters:
- description: "Filters define the filters that are applied to
- requests that match this rule. \n The effects of ordering
- of multiple behaviors are currently unspecified. This can
- change in the future based on feedback during the alpha stage.
- \n Conformance-levels at this level are defined based on the
- type of filter: \n - ALL core filters MUST be supported by
- all implementations. - Implementers are encouraged to support
- extended filters. - Implementation-specific custom filters
- have no API guarantees across implementations. \n Specifying
- the same filter multiple times is not supported unless explicitly
- indicated in the filter. \n All filters are expected to be
- compatible with each other except for the URLRewrite and RequestRedirect
- filters, which may not be combined. If an implementation can
- not support other combinations of filters, they must clearly
+ description: |-
+ Filters define the filters that are applied to requests that match
+ this rule.
+
+
+ Wherever possible, implementations SHOULD implement filters in the order
+ they are specified.
+
+
+ Implementations MAY choose to implement this ordering strictly, rejecting
+ any combination or order of filters that can not be supported. If implementations
+ choose a strict interpretation of filter ordering, they MUST clearly document
+ that behavior.
+
+
+ To reject an invalid combination or order of filters, implementations SHOULD
+ consider the Route Rules with this configuration invalid. If all Route Rules
+ in a Route are invalid, the entire Route would be considered invalid. If only
+ a portion of Route Rules are invalid, implementations MUST set the
+ "PartiallyInvalid" condition for the Route.
+
+
+ Conformance-levels at this level are defined based on the type of filter:
+
+
+ - ALL core filters MUST be supported by all implementations.
+ - Implementers are encouraged to support extended filters.
+ - Implementation-specific custom filters have no API guarantees across
+ implementations.
+
+
+ Specifying the same filter multiple times is not supported unless explicitly
+ indicated in the filter.
+
+
+ All filters are expected to be compatible with each other except for the
+ URLRewrite and RequestRedirect filters, which may not be combined. If an
+ implementation can not support other combinations of filters, they must clearly
document that limitation. In cases where incompatible or unsupported
- filters are specified and cause the `Accepted` condition to
- be set to status `False`, implementations may use the `IncompatibleFilters`
- reason to specify this configuration error. \n Support: Core"
+ filters are specified and cause the `Accepted` condition to be set to status
+ `False`, implementations may use the `IncompatibleFilters` reason to specify
+ this configuration error.
+
+
+ Support: Core
items:
- description: HTTPRouteFilter defines processing steps that
- must be completed during the request or response lifecycle.
- HTTPRouteFilters are meant as an extension point to express
- processing that may be done in Gateway implementations.
- Some examples include request or response modification,
- implementing authentication strategies, rate-limiting, and
- traffic shaping. API guarantee/conformance is defined based
- on the type of the filter.
+ description: |-
+ HTTPRouteFilter defines processing steps that must be completed during the
+ request or response lifecycle. HTTPRouteFilters are meant as an extension
+ point to express processing that may be done in Gateway implementations. Some
+ examples include request or response modification, implementing
+ authentication strategies, rate-limiting, and traffic shaping. API
+ guarantee/conformance is defined based on the type of the filter.
properties:
extensionRef:
- description: "ExtensionRef is an optional, implementation-specific
- extension to the \"filter\" behavior. For example,
- resource \"myroutefilter\" in group \"networking.example.net\").
- ExtensionRef MUST NOT be used for core and extended
- filters. \n This filter can be used multiple times within
- the same rule. \n Support: Implementation-specific"
+ description: |-
+ ExtensionRef is an optional, implementation-specific extension to the
+ "filter" behavior. For example, resource "myroutefilter" in group
+ "networking.example.net"). ExtensionRef MUST NOT be used for core and
+ extended filters.
+
+
+ This filter can be used multiple times within the same rule.
+
+
+ Support: Implementation-specific
properties:
group:
- description: Group is the group of the referent. For
- example, "gateway.networking.k8s.io". When unspecified
- or empty string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
@@ -5782,32 +10480,49 @@ spec:
- name
type: object
requestHeaderModifier:
- description: "RequestHeaderModifier defines a schema for
- a filter that modifies request headers. \n Support:
- Core"
+ description: |-
+ RequestHeaderModifier defines a schema for a filter that modifies request
+ headers.
+
+
+ Support: Core
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It appends
- to any existing values associated with the header
- name. \n Input: GET /foo HTTP/1.1 my-header: foo
- \n Config: add: - name: \"my-header\" value: \"bar,baz\"
- \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -5828,40 +10543,67 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from the
- HTTP request before the action. The value of Remove
- is a list of HTTP header names. Note that the header
- names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
- bar my-header3: baz \n Config: remove: [\"my-header1\",
- \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
- bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with the
- given header (name, value) before the action. \n
- Input: GET /foo HTTP/1.1 my-header: foo \n Config:
- set: - name: \"my-header\" value: \"bar\" \n Output:
- GET /foo HTTP/1.1 my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -5883,60 +10625,80 @@ spec:
x-kubernetes-list-type: map
type: object
requestMirror:
- description: "RequestMirror defines a schema for a filter
- that mirrors requests. Requests are sent to the specified
- destination, but responses from that destination are
- ignored. \n This filter can be used multiple times within
- the same rule. Note that not all implementations will
- be able to support mirroring to multiple backends. \n
- Support: Extended"
+ description: |-
+ RequestMirror defines a schema for a filter that mirrors requests.
+ Requests are sent to the specified destination, but responses from
+ that destination are ignored.
+
+
+ This filter can be used multiple times within the same rule. Note that
+ not all implementations will be able to support mirroring to multiple
+ backends.
+
+
+ Support: Extended
properties:
backendRef:
- description: "BackendRef references a resource where
- mirrored requests are sent. \n Mirrored requests
- must be sent only to a single destination endpoint
- within this BackendRef, irrespective of how many
- endpoints are present within this BackendRef. \n
- If the referent cannot be found, this BackendRef
- is invalid and must be dropped from the Gateway.
- The controller must ensure the \"ResolvedRefs\"
- condition on the Route status is set to `status:
- False` and not configure this backend in the underlying
- implementation. \n If there is a cross-namespace
- reference to an *existing* object that is not allowed
- by a ReferenceGrant, the controller must ensure
- the \"ResolvedRefs\" condition on the Route is
- set to `status: False`, with the \"RefNotPermitted\"
- reason and not configure this backend in the underlying
- implementation. \n In either error case, the Message
- of the `ResolvedRefs` Condition should be used to
- provide more detail about the problem. \n Support:
- Extended for Kubernetes Service \n Support: Implementation-specific
- for any other resource"
+ description: |-
+ BackendRef references a resource where mirrored requests are sent.
+
+
+ Mirrored requests must be sent only to a single destination endpoint
+ within this BackendRef, irrespective of how many endpoints are present
+ within this BackendRef.
+
+
+ If the referent cannot be found, this BackendRef is invalid and must be
+ dropped from the Gateway. The controller must ensure the "ResolvedRefs"
+ condition on the Route status is set to `status: False` and not configure
+ this backend in the underlying implementation.
+
+
+ If there is a cross-namespace reference to an *existing* object
+ that is not allowed by a ReferenceGrant, the controller must ensure the
+ "ResolvedRefs" condition on the Route is set to `status: False`,
+ with the "RefNotPermitted" reason and not configure this backend in the
+ underlying implementation.
+
+
+ In either error case, the Message of the `ResolvedRefs` Condition
+ should be used to provide more detail about the problem.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
properties:
group:
default: ""
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io". When
- unspecified or empty string, core API group
- is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource
- kind of the referent. For example \"Service\".
- \n Defaults to \"Service\" when not specified.
- \n ExternalName services can refer to CNAME
- DNS records that may live outside of the cluster
- and as such are difficult to reason about in
- terms of conformance. They also may not be safe
- to forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName
- Services. \n Support: Core (Services with a
- type other than ExternalName) \n Support: Implementation-specific
- (Services with type ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -5947,25 +10709,28 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the
- backend. When unspecified, the local namespace
- is inferred. \n Note that when a namespace different
- than the local namespace is specified, a ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept the
- reference. See the ReferenceGrant documentation
- for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port
- number to use for this resource. Port is required
- when the referent is a Kubernetes Service. In
- this case, the port number is the service port
- number, not the target port. For other resources,
- destination port might be derived from the referent
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
@@ -5982,77 +10747,88 @@ spec:
- backendRef
type: object
requestRedirect:
- description: "RequestRedirect defines a schema for a filter
- that responds to the request with an HTTP redirection.
- \n Support: Core"
+ description: |-
+ RequestRedirect defines a schema for a filter that responds to the
+ request with an HTTP redirection.
+
+
+ Support: Core
properties:
hostname:
- description: "Hostname is the hostname to be used
- in the value of the `Location` header in the response.
- When empty, the hostname in the `Host` header of
- the request is used. \n Support: Core"
+ description: |-
+ Hostname is the hostname to be used in the value of the `Location`
+ header in the response.
+ When empty, the hostname in the `Host` header of the request is used.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
- description: "Path defines parameters used to modify
- the path of the incoming request. The modified path
- is then used to construct the `Location` header.
- When empty, the request path is used as-is. \n Support:
- Extended"
+ description: |-
+ Path defines parameters used to modify the path of the incoming request.
+ The modified path is then used to construct the `Location` header. When
+ empty, the request path is used as-is.
+
+
+ Support: Extended
properties:
replaceFullPath:
- description: ReplaceFullPath specifies the value
- with which to replace the full path of a request
- during a rewrite or redirect.
+ description: |-
+ ReplaceFullPath specifies the value with which to replace the full path
+ of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
- description: "ReplacePrefixMatch specifies the
- value with which to replace the prefix match
- of a request during a rewrite or redirect. For
- example, a request to \"/foo/bar\" with a prefix
- match of \"/foo\" and a ReplacePrefixMatch of
- \"/xyz\" would be modified to \"/xyz/bar\".
- \n Note that this matches the behavior of the
- PathPrefix match type. This matches full path
- elements. A path element refers to the list
- of labels in the path split by the `/` separator.
- When specified, a trailing `/` is ignored. For
- example, the paths `/abc`, `/abc/`, and `/abc/def`
- would all match the prefix `/abc`, but the path
- `/abcd` would not. \n ReplacePrefixMatch is
- only compatible with a `PathPrefix` HTTPRouteMatch.
- Using any other HTTPRouteMatch type on the same
- HTTPRouteRule will result in the implementation
- setting the Accepted Condition for the Route
- to `status: False`. \n Request Path | Prefix
- Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
- /foo/bar | /foo | /xyz |
- /xyz/bar /foo/bar | /foo | /xyz/
- \ | /xyz/bar /foo/bar | /foo/ |
- /xyz | /xyz/bar /foo/bar | /foo/
- \ | /xyz/ | /xyz/bar /foo |
- /foo | /xyz | /xyz /foo/ |
- /foo | /xyz | /xyz/ /foo/bar
- \ | /foo | | /bar
- /foo/ | /foo |
- | / /foo | /foo |
- | / /foo/ | /foo | / |
- / /foo | /foo | / |
- /"
+ description: |-
+ ReplacePrefixMatch specifies the value with which to replace the prefix
+ match of a request during a rewrite or redirect. For example, a request
+ to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+ of "/xyz" would be modified to "/xyz/bar".
+
+
+ Note that this matches the behavior of the PathPrefix match type. This
+ matches full path elements. A path element refers to the list of labels
+ in the path split by the `/` separator. When specified, a trailing `/` is
+ ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
+ match the prefix `/abc`, but the path `/abcd` would not.
+
+
+ ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.
+ Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+ the implementation setting the Accepted Condition for the Route to `status: False`.
+
+
+ Request Path | Prefix Match | Replace Prefix | Modified Path
+ -------------|--------------|----------------|----------
+ /foo/bar | /foo | /xyz | /xyz/bar
+ /foo/bar | /foo | /xyz/ | /xyz/bar
+ /foo/bar | /foo/ | /xyz | /xyz/bar
+ /foo/bar | /foo/ | /xyz/ | /xyz/bar
+ /foo | /foo | /xyz | /xyz
+ /foo/ | /foo | /xyz | /xyz/
+ /foo/bar | /foo | | /bar
+ /foo/ | /foo | | /
+ /foo | /foo | | /
+ /foo/ | /foo | / | /
+ /foo | /foo | / | /
maxLength: 1024
type: string
type:
- description: "Type defines the type of path modifier.
- Additional types may be added in a future release
- of the API. \n Note that values may be added
- to this enum, implementations must ensure that
- unknown values will not cause a crash. \n Unknown
- values here must result in the implementation
- setting the Accepted Condition for the Route
- to `status: False`, with a Reason of `UnsupportedValue`."
+ description: |-
+ Type defines the type of path modifier. Additional types may be
+ added in a future release of the API.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- ReplaceFullPath
- ReplacePrefixMatch
@@ -6078,88 +10854,127 @@ spec:
rule: 'has(self.replacePrefixMatch) ? self.type
== ''ReplacePrefixMatch'' : true'
port:
- description: "Port is the port to be used in the value
- of the `Location` header in the response. \n If
- no port is specified, the redirect port MUST be
- derived using the following rules: \n * If redirect
- scheme is not-empty, the redirect port MUST be the
- well-known port associated with the redirect scheme.
- Specifically \"http\" to port 80 and \"https\" to
- port 443. If the redirect scheme does not have a
- well-known port, the listener port of the Gateway
- SHOULD be used. * If redirect scheme is empty, the
- redirect port MUST be the Gateway Listener port.
- \n Implementations SHOULD NOT add the port number
- in the 'Location' header in the following cases:
- \n * A Location header that will use HTTP (whether
- that is determined via the Listener protocol or
- the Scheme field) _and_ use port 80. * A Location
- header that will use HTTPS (whether that is determined
- via the Listener protocol or the Scheme field) _and_
- use port 443. \n Support: Extended"
+ description: |-
+ Port is the port to be used in the value of the `Location`
+ header in the response.
+
+
+ If no port is specified, the redirect port MUST be derived using the
+ following rules:
+
+
+ * If redirect scheme is not-empty, the redirect port MUST be the well-known
+ port associated with the redirect scheme. Specifically "http" to port 80
+ and "https" to port 443. If the redirect scheme does not have a
+ well-known port, the listener port of the Gateway SHOULD be used.
+ * If redirect scheme is empty, the redirect port MUST be the Gateway
+ Listener port.
+
+
+ Implementations SHOULD NOT add the port number in the 'Location'
+ header in the following cases:
+
+
+ * A Location header that will use HTTP (whether that is determined via
+ the Listener protocol or the Scheme field) _and_ use port 80.
+ * A Location header that will use HTTPS (whether that is determined via
+ the Listener protocol or the Scheme field) _and_ use port 443.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
scheme:
- description: "Scheme is the scheme to be used in the
- value of the `Location` header in the response.
- When empty, the scheme of the request is used. \n
- Scheme redirects can affect the port of the redirect,
- for more information, refer to the documentation
- for the port field of this filter. \n Note that
- values may be added to this enum, implementations
- must ensure that unknown values will not cause a
- crash. \n Unknown values here must result in the
- implementation setting the Accepted Condition for
- the Route to `status: False`, with a Reason of `UnsupportedValue`.
- \n Support: Extended"
+ description: |-
+ Scheme is the scheme to be used in the value of the `Location` header in
+ the response. When empty, the scheme of the request is used.
+
+
+ Scheme redirects can affect the port of the redirect, for more information,
+ refer to the documentation for the port field of this filter.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
+
+
+ Support: Extended
enum:
- http
- https
type: string
statusCode:
default: 302
- description: "StatusCode is the HTTP status code to
- be used in response. \n Note that values may be
- added to this enum, implementations must ensure
- that unknown values will not cause a crash. \n Unknown
- values here must result in the implementation setting
- the Accepted Condition for the Route to `status:
- False`, with a Reason of `UnsupportedValue`. \n
- Support: Core"
+ description: |-
+ StatusCode is the HTTP status code to be used in response.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
+
+
+ Support: Core
enum:
- 301
- 302
type: integer
type: object
responseHeaderModifier:
- description: "ResponseHeaderModifier defines a schema
- for a filter that modifies response headers. \n Support:
- Extended"
+ description: |-
+ ResponseHeaderModifier defines a schema for a filter that modifies response
+ headers.
+
+
+ Support: Extended
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It appends
- to any existing values associated with the header
- name. \n Input: GET /foo HTTP/1.1 my-header: foo
- \n Config: add: - name: \"my-header\" value: \"bar,baz\"
- \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -6180,40 +10995,67 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from the
- HTTP request before the action. The value of Remove
- is a list of HTTP header names. Note that the header
- names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
- bar my-header3: baz \n Config: remove: [\"my-header1\",
- \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
- bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with the
- given header (name, value) before the action. \n
- Input: GET /foo HTTP/1.1 my-header: foo \n Config:
- set: - name: \"my-header\" value: \"bar\" \n Output:
- GET /foo HTTP/1.1 my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -6235,33 +11077,46 @@ spec:
x-kubernetes-list-type: map
type: object
type:
- description: "Type identifies the type of filter to apply.
- As with other API fields, types are classified into
- three conformance levels: \n - Core: Filter types and
- their corresponding configuration defined by \"Support:
- Core\" in this package, e.g. \"RequestHeaderModifier\".
- All implementations must support core filters. \n -
- Extended: Filter types and their corresponding configuration
- defined by \"Support: Extended\" in this package, e.g.
- \"RequestMirror\". Implementers are encouraged to support
- extended filters. \n - Implementation-specific: Filters
- that are defined and supported by specific vendors.
- In the future, filters showing convergence in behavior
- across multiple implementations will be considered for
- inclusion in extended or core conformance levels. Filter-specific
- configuration for such filters is specified using the
- ExtensionRef field. `Type` should be set to \"ExtensionRef\"
- for custom filters. \n Implementers are encouraged to
- define custom implementation types to extend the core
- API with implementation-specific behavior. \n If a reference
- to a custom filter type cannot be resolved, the filter
- MUST NOT be skipped. Instead, requests that would have
- been processed by that filter MUST receive a HTTP error
- response. \n Note that values may be added to this enum,
- implementations must ensure that unknown values will
- not cause a crash. \n Unknown values here must result
- in the implementation setting the Accepted Condition
- for the Route to `status: False`, with a Reason of `UnsupportedValue`."
+ description: |-
+ Type identifies the type of filter to apply. As with other API fields,
+ types are classified into three conformance levels:
+
+
+ - Core: Filter types and their corresponding configuration defined by
+ "Support: Core" in this package, e.g. "RequestHeaderModifier". All
+ implementations must support core filters.
+
+
+ - Extended: Filter types and their corresponding configuration defined by
+ "Support: Extended" in this package, e.g. "RequestMirror". Implementers
+ are encouraged to support extended filters.
+
+
+ - Implementation-specific: Filters that are defined and supported by
+ specific vendors.
+ In the future, filters showing convergence in behavior across multiple
+ implementations will be considered for inclusion in extended or core
+ conformance levels. Filter-specific configuration for such filters
+ is specified using the ExtensionRef field. `Type` should be set to
+ "ExtensionRef" for custom filters.
+
+
+ Implementers are encouraged to define custom implementation types to
+ extend the core API with implementation-specific behavior.
+
+
+ If a reference to a custom filter type cannot be resolved, the filter
+ MUST NOT be skipped. Instead, requests that would have been processed by
+ that filter MUST receive a HTTP error response.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- RequestHeaderModifier
- ResponseHeaderModifier
@@ -6271,73 +11126,84 @@ spec:
- ExtensionRef
type: string
urlRewrite:
- description: "URLRewrite defines a schema for a filter
- that modifies a request during forwarding. \n Support:
- Extended"
+ description: |-
+ URLRewrite defines a schema for a filter that modifies a request during forwarding.
+
+
+ Support: Extended
properties:
hostname:
- description: "Hostname is the value to be used to
- replace the Host header value during forwarding.
- \n Support: Extended"
+ description: |-
+ Hostname is the value to be used to replace the Host header value during
+ forwarding.
+
+
+ Support: Extended
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
- description: "Path defines a path rewrite. \n Support:
- Extended"
+ description: |-
+ Path defines a path rewrite.
+
+
+ Support: Extended
properties:
replaceFullPath:
- description: ReplaceFullPath specifies the value
- with which to replace the full path of a request
- during a rewrite or redirect.
+ description: |-
+ ReplaceFullPath specifies the value with which to replace the full path
+ of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
- description: "ReplacePrefixMatch specifies the
- value with which to replace the prefix match
- of a request during a rewrite or redirect. For
- example, a request to \"/foo/bar\" with a prefix
- match of \"/foo\" and a ReplacePrefixMatch of
- \"/xyz\" would be modified to \"/xyz/bar\".
- \n Note that this matches the behavior of the
- PathPrefix match type. This matches full path
- elements. A path element refers to the list
- of labels in the path split by the `/` separator.
- When specified, a trailing `/` is ignored. For
- example, the paths `/abc`, `/abc/`, and `/abc/def`
- would all match the prefix `/abc`, but the path
- `/abcd` would not. \n ReplacePrefixMatch is
- only compatible with a `PathPrefix` HTTPRouteMatch.
- Using any other HTTPRouteMatch type on the same
- HTTPRouteRule will result in the implementation
- setting the Accepted Condition for the Route
- to `status: False`. \n Request Path | Prefix
- Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
- /foo/bar | /foo | /xyz |
- /xyz/bar /foo/bar | /foo | /xyz/
- \ | /xyz/bar /foo/bar | /foo/ |
- /xyz | /xyz/bar /foo/bar | /foo/
- \ | /xyz/ | /xyz/bar /foo |
- /foo | /xyz | /xyz /foo/ |
- /foo | /xyz | /xyz/ /foo/bar
- \ | /foo | | /bar
- /foo/ | /foo |
- | / /foo | /foo |
- | / /foo/ | /foo | / |
- / /foo | /foo | / |
- /"
+ description: |-
+ ReplacePrefixMatch specifies the value with which to replace the prefix
+ match of a request during a rewrite or redirect. For example, a request
+ to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+ of "/xyz" would be modified to "/xyz/bar".
+
+
+ Note that this matches the behavior of the PathPrefix match type. This
+ matches full path elements. A path element refers to the list of labels
+ in the path split by the `/` separator. When specified, a trailing `/` is
+ ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
+ match the prefix `/abc`, but the path `/abcd` would not.
+
+
+ ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.
+ Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+ the implementation setting the Accepted Condition for the Route to `status: False`.
+
+
+ Request Path | Prefix Match | Replace Prefix | Modified Path
+ -------------|--------------|----------------|----------
+ /foo/bar | /foo | /xyz | /xyz/bar
+ /foo/bar | /foo | /xyz/ | /xyz/bar
+ /foo/bar | /foo/ | /xyz | /xyz/bar
+ /foo/bar | /foo/ | /xyz/ | /xyz/bar
+ /foo | /foo | /xyz | /xyz
+ /foo/ | /foo | /xyz | /xyz/
+ /foo/bar | /foo | | /bar
+ /foo/ | /foo | | /
+ /foo | /foo | | /
+ /foo/ | /foo | / | /
+ /foo | /foo | / | /
maxLength: 1024
type: string
type:
- description: "Type defines the type of path modifier.
- Additional types may be added in a future release
- of the API. \n Note that values may be added
- to this enum, implementations must ensure that
- unknown values will not cause a crash. \n Unknown
- values here must result in the implementation
- setting the Accepted Condition for the Route
- to `status: False`, with a Reason of `UnsupportedValue`."
+ description: |-
+ Type defines the type of path modifier. Additional types may be
+ added in a future release of the API.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- ReplaceFullPath
- ReplacePrefixMatch
@@ -6430,86 +11296,134 @@ spec:
- path:
type: PathPrefix
value: /
- description: "Matches define conditions used for matching the
- rule against incoming HTTP requests. Each match is independent,
- i.e. this rule will be matched if **any** one of the matches
- is satisfied. \n For example, take the following matches configuration:
- \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
- value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
- to match against this rule, a request must satisfy EITHER
- of the two conditions: \n - path prefixed with `/foo` AND
- contains the header `version: v2` - path prefix of `/v2/foo`
- \n See the documentation for HTTPRouteMatch on how to specify
- multiple match conditions that should be ANDed together. \n
- If no matches are specified, the default is a prefix path
- match on \"/\", which has the effect of matching every HTTP
- request. \n Proxy or Load Balancer routing configuration generated
- from HTTPRoutes MUST prioritize matches based on the following
- criteria, continuing on ties. Across all rules specified on
- applicable Routes, precedence must be given to the match having:
- \n * \"Exact\" path match. * \"Prefix\" path match with largest
- number of characters. * Method match. * Largest number of
- header matches. * Largest number of query param matches. \n
- Note: The precedence of RegularExpression path matches are
- implementation-specific. \n If ties still exist across multiple
- Routes, matching precedence MUST be determined in order of
- the following criteria, continuing on ties: \n * The oldest
- Route based on creation timestamp. * The Route appearing first
- in alphabetical order by \"{namespace}/{name}\". \n If ties
- still exist within an HTTPRoute, matching precedence MUST
- be granted to the FIRST matching rule (in list order) with
- a match meeting the above criteria. \n When no rules matching
- a request have been successfully attached to the parent a
- request is coming from, a HTTP 404 status code MUST be returned."
+ description: |-
+ Matches define conditions used for matching the rule against incoming
+ HTTP requests. Each match is independent, i.e. this rule will be matched
+ if **any** one of the matches is satisfied.
+
+
+ For example, take the following matches configuration:
+
+
+ ```
+ matches:
+ - path:
+ value: "/foo"
+ headers:
+ - name: "version"
+ value: "v2"
+ - path:
+ value: "/v2/foo"
+ ```
+
+
+ For a request to match against this rule, a request must satisfy
+ EITHER of the two conditions:
+
+
+ - path prefixed with `/foo` AND contains the header `version: v2`
+ - path prefix of `/v2/foo`
+
+
+ See the documentation for HTTPRouteMatch on how to specify multiple
+ match conditions that should be ANDed together.
+
+
+ If no matches are specified, the default is a prefix
+ path match on "/", which has the effect of matching every
+ HTTP request.
+
+
+ Proxy or Load Balancer routing configuration generated from HTTPRoutes
+ MUST prioritize matches based on the following criteria, continuing on
+ ties. Across all rules specified on applicable Routes, precedence must be
+ given to the match having:
+
+
+ * "Exact" path match.
+ * "Prefix" path match with largest number of characters.
+ * Method match.
+ * Largest number of header matches.
+ * Largest number of query param matches.
+
+
+ Note: The precedence of RegularExpression path matches are implementation-specific.
+
+
+ If ties still exist across multiple Routes, matching precedence MUST be
+ determined in order of the following criteria, continuing on ties:
+
+
+ * The oldest Route based on creation timestamp.
+ * The Route appearing first in alphabetical order by
+ "{namespace}/{name}".
+
+
+ If ties still exist within an HTTPRoute, matching precedence MUST be granted
+ to the FIRST matching rule (in list order) with a match meeting the above
+ criteria.
+
+
+ When no rules matching a request have been successfully attached to the
+ parent a request is coming from, a HTTP 404 status code MUST be returned.
items:
description: "HTTPRouteMatch defines the predicate used to
- match requests to a given action. Multiple match types are
- ANDed together, i.e. the match will evaluate to true only
- if all conditions are satisfied. \n For example, the match
- below will match a HTTP request only if its path starts
- with `/foo` AND it contains the `version: v1` header: \n
- ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
- value \"v1\" \n ```"
+ match requests to a given\naction. Multiple match types
+ are ANDed together, i.e. the match will\nevaluate to true
+ only if all conditions are satisfied.\n\n\nFor example,
+ the match below will match a HTTP request only if its path\nstarts
+ with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t
+ \ value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t
+ \ value \"v1\"\n\n\n```"
properties:
headers:
- description: Headers specifies HTTP request header matchers.
- Multiple match values are ANDed together, meaning, a
- request must match all the specified headers to select
- the route.
+ description: |-
+ Headers specifies HTTP request header matchers. Multiple match values are
+ ANDed together, meaning, a request must match all the specified headers
+ to select the route.
items:
- description: HTTPHeaderMatch describes how to select
- a HTTP route by matching HTTP request headers.
+ description: |-
+ HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
+ headers.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case insensitive.
- (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent header
- names, only the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST be
- ignored. Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered equivalent.
- \n When a header is repeated in an HTTP request,
- it is implementation-specific behavior as to how
- this is represented. Generally, proxies should
- follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
- regarding processing a repeated header, with special
- handling for \"Set-Cookie\"."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, only the first
+ entry with an equivalent name MUST be considered for a match. Subsequent
+ entries with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+
+
+ When a header is repeated in an HTTP request, it is
+ implementation-specific behavior as to how this is represented.
+ Generally, proxies should follow the guidance from the RFC:
+ https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
+ processing a repeated header, with special handling for "Set-Cookie".
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
type:
default: Exact
- description: "Type specifies how to match against
- the value of the header. \n Support: Core (Exact)
- \n Support: Implementation-specific (RegularExpression)
- \n Since RegularExpression HeaderMatchType has
- implementation-specific conformance, implementations
- can support POSIX, PCRE or any other dialects
- of regular expressions. Please read the implementation's
- documentation to determine the supported dialect."
+ description: |-
+ Type specifies how to match against the value of the header.
+
+
+ Support: Core (Exact)
+
+
+ Support: Implementation-specific (RegularExpression)
+
+
+ Since RegularExpression HeaderMatchType has implementation-specific
+ conformance, implementations can support POSIX, PCRE or any other dialects
+ of regular expressions. Please read the implementation's documentation to
+ determine the supported dialect.
enum:
- Exact
- RegularExpression
@@ -6530,9 +11444,13 @@ spec:
- name
x-kubernetes-list-type: map
method:
- description: "Method specifies HTTP method matcher. When
- specified, this route will be matched only if the request
- has the specified method. \n Support: Extended"
+ description: |-
+ Method specifies HTTP method matcher.
+ When specified, this route will be matched only if the request has the
+ specified method.
+
+
+ Support: Extended
enum:
- GET
- HEAD
@@ -6548,15 +11466,20 @@ spec:
default:
type: PathPrefix
value: /
- description: Path specifies a HTTP request path matcher.
- If this field is not specified, a default prefix match
- on the "/" path is provided.
+ description: |-
+ Path specifies a HTTP request path matcher. If this field is not
+ specified, a default prefix match on the "/" path is provided.
properties:
type:
default: PathPrefix
- description: "Type specifies how to match against
- the path Value. \n Support: Core (Exact, PathPrefix)
- \n Support: Implementation-specific (RegularExpression)"
+ description: |-
+ Type specifies how to match against the path Value.
+
+
+ Support: Core (Exact, PathPrefix)
+
+
+ Support: Implementation-specific (RegularExpression)
enum:
- Exact
- PathPrefix
@@ -6615,48 +11538,60 @@ spec:
rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""")
: true'
queryParams:
- description: "QueryParams specifies HTTP query parameter
- matchers. Multiple match values are ANDed together,
- meaning, a request must match all the specified query
- parameters to select the route. \n Support: Extended"
+ description: |-
+ QueryParams specifies HTTP query parameter matchers. Multiple match
+ values are ANDed together, meaning, a request must match all the
+ specified query parameters to select the route.
+
+
+ Support: Extended
items:
- description: HTTPQueryParamMatch describes how to select
- a HTTP route by matching HTTP query parameters.
+ description: |-
+ HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP
+ query parameters.
properties:
name:
- description: "Name is the name of the HTTP query
- param to be matched. This must be an exact string
- match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
- \n If multiple entries specify equivalent query
- param names, only the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent query param name MUST
- be ignored. \n If a query param is repeated in
- an HTTP request, the behavior is purposely left
- undefined, since different data planes have different
- capabilities. However, it is *recommended* that
- implementations should match against the first
- value of the param if the data plane supports
- it, as this behavior is expected in other load
- balancing contexts outside of the Gateway API.
- \n Users SHOULD NOT route traffic based on repeated
- query params to guard themselves against potential
- differences in the implementations."
+ description: |-
+ Name is the name of the HTTP query param to be matched. This must be an
+ exact string match. (See
+ https://tools.ietf.org/html/rfc7230#section-2.7.3).
+
+
+ If multiple entries specify equivalent query param names, only the first
+ entry with an equivalent name MUST be considered for a match. Subsequent
+ entries with an equivalent query param name MUST be ignored.
+
+
+ If a query param is repeated in an HTTP request, the behavior is
+ purposely left undefined, since different data planes have different
+ capabilities. However, it is *recommended* that implementations should
+ match against the first value of the param if the data plane supports it,
+ as this behavior is expected in other load balancing contexts outside of
+ the Gateway API.
+
+
+ Users SHOULD NOT route traffic based on repeated query params to guard
+ themselves against potential differences in the implementations.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
type:
default: Exact
- description: "Type specifies how to match against
- the value of the query parameter. \n Support:
- Extended (Exact) \n Support: Implementation-specific
- (RegularExpression) \n Since RegularExpression
- QueryParamMatchType has Implementation-specific
- conformance, implementations can support POSIX,
- PCRE or any other dialects of regular expressions.
- Please read the implementation's documentation
- to determine the supported dialect."
+ description: |-
+ Type specifies how to match against the value of the query parameter.
+
+
+ Support: Extended (Exact)
+
+
+ Support: Implementation-specific (RegularExpression)
+
+
+ Since RegularExpression QueryParamMatchType has Implementation-specific
+ conformance, implementations can support POSIX, PCRE or any other
+ dialects of regular expressions. Please read the implementation's
+ documentation to determine the supported dialect.
enum:
- Exact
- RegularExpression
@@ -6679,39 +11614,168 @@ spec:
type: object
maxItems: 8
type: array
+ sessionPersistence:
+ description: |+
+ SessionPersistence defines and configures session persistence
+ for the route rule.
+
+
+ Support: Extended
+
+
+ properties:
+ absoluteTimeout:
+ description: |-
+ AbsoluteTimeout defines the absolute timeout of the persistent
+ session. Once the AbsoluteTimeout duration has elapsed, the
+ session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+ type: string
+ cookieConfig:
+ description: |-
+ CookieConfig provides configuration settings that are specific
+ to cookie-based session persistence.
+
+
+ Support: Core
+ properties:
+ lifetimeType:
+ default: Session
+ description: |-
+ LifetimeType specifies whether the cookie has a permanent or
+ session-based lifetime. A permanent cookie persists until its
+ specified expiry time, defined by the Expires or Max-Age cookie
+ attributes, while a session cookie is deleted when the current
+ session ends.
+
+
+ When set to "Permanent", AbsoluteTimeout indicates the
+ cookie's lifetime via the Expires or Max-Age cookie attributes
+ and is required.
+
+
+ When set to "Session", AbsoluteTimeout indicates the
+ absolute lifetime of the cookie tracked by the gateway and
+ is optional.
+
+
+ Support: Core for "Session" type
+
+
+ Support: Extended for "Permanent" type
+ enum:
+ - Permanent
+ - Session
+ type: string
+ type: object
+ idleTimeout:
+ description: |-
+ IdleTimeout defines the idle timeout of the persistent session.
+ Once the session has been idle for more than the specified
+ IdleTimeout duration, the session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+ type: string
+ sessionName:
+ description: |-
+ SessionName defines the name of the persistent session token
+ which may be reflected in the cookie or the header. Users
+ should avoid reusing session names to prevent unintended
+ consequences, such as rejection or unpredictable behavior.
+
+
+ Support: Implementation-specific
+ maxLength: 128
+ type: string
+ type:
+ default: Cookie
+ description: |-
+ Type defines the type of session persistence such as through
+ the use a header or cookie. Defaults to cookie based session
+ persistence.
+
+
+ Support: Core for "Cookie" type
+
+
+ Support: Extended for "Header" type
+ enum:
+ - Cookie
+ - Header
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: AbsoluteTimeout must be specified when cookie lifetimeType
+ is Permanent
+ rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
+ != ''Permanent'' || has(self.absoluteTimeout)'
timeouts:
- description: "Timeouts defines the timeouts that can be configured
- for an HTTP request. \n Support: Extended \n "
+ description: |+
+ Timeouts defines the timeouts that can be configured for an HTTP request.
+
+
+ Support: Extended
+
+
properties:
backendRequest:
- description: "BackendRequest specifies a timeout for an
- individual request from the gateway to a backend. This
- covers the time from when the request first starts being
- sent from the gateway to when the full response has been
- received from the backend. \n An entire client HTTP transaction
- with a gateway, covered by the Request timeout, may result
- in more than one call from the gateway to the destination
- backend, for example, if automatic retries are supported.
- \n Because the Request timeout encompasses the BackendRequest
- timeout, the value of BackendRequest must be <= the value
- of Request timeout. \n Support: Extended"
+ description: |-
+ BackendRequest specifies a timeout for an individual request from the gateway
+ to a backend. This covers the time from when the request first starts being
+ sent from the gateway to when the full response has been received from the backend.
+
+
+ Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout
+ completely. Implementations that cannot completely disable the timeout MUST
+ instead interpret the zero duration as the longest possible value to which
+ the timeout can be set.
+
+
+ An entire client HTTP transaction with a gateway, covered by the Request timeout,
+ may result in more than one call from the gateway to the destination backend,
+ for example, if automatic retries are supported.
+
+
+ Because the Request timeout encompasses the BackendRequest timeout, the value of
+ BackendRequest must be <= the value of Request timeout.
+
+
+ Support: Extended
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
request:
- description: "Request specifies the maximum duration for
- a gateway to respond to an HTTP request. If the gateway
- has not been able to respond before this deadline is met,
- the gateway MUST return a timeout error. \n For example,
- setting the `rules.timeouts.request` field to the value
- `10s` in an `HTTPRoute` will cause a timeout if a client
- request is taking longer than 10 seconds to complete.
- \n This timeout is intended to cover as close to the whole
- request-response transaction as possible although an implementation
- MAY choose to start the timeout after the entire request
- stream has been received instead of immediately after
- the transaction is initiated by the client. \n When this
- field is unspecified, request timeout behavior is implementation-specific.
- \n Support: Extended"
+ description: |-
+ Request specifies the maximum duration for a gateway to respond to an HTTP request.
+ If the gateway has not been able to respond before this deadline is met, the gateway
+ MUST return a timeout error.
+
+
+ For example, setting the `rules.timeouts.request` field to the value `10s` in an
+ `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds
+ to complete.
+
+
+ Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout
+ completely. Implementations that cannot completely disable the timeout MUST
+ instead interpret the zero duration as the longest possible value to which
+ the timeout can be set.
+
+
+ This timeout is intended to cover as close to the whole request-response transaction
+ as possible although an implementation MAY choose to start the timeout after the entire
+ request stream has been received instead of immediately after the transaction is
+ initiated by the client.
+
+
+ When this field is unspecified, request timeout behavior is implementation-specific.
+
+
+ Support: Extended
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
type: object
@@ -6769,81 +11833,94 @@ spec:
description: Status defines the current state of HTTPRoute.
properties:
parents:
- description: "Parents is a list of parent resources (usually Gateways)
- that are associated with the route, and the status of the route
- with respect to each parent. When this route attaches to a parent,
- the controller that manages the parent must add an entry to this
- list when the controller first sees the route and should update
- the entry as appropriate when the route or gateway is modified.
- \n Note that parent references that cannot be resolved by an implementation
- of this API will not be added to this list. Implementations of this
- API can only populate Route status for the Gateways/parent resources
- they are responsible for. \n A maximum of 32 Gateways will be represented
- in this list. An empty list means the route has not been attached
- to any Gateway."
+ description: |-
+ Parents is a list of parent resources (usually Gateways) that are
+ associated with the route, and the status of the route with respect to
+ each parent. When this route attaches to a parent, the controller that
+ manages the parent must add an entry to this list when the controller
+ first sees the route and should update the entry as appropriate when the
+ route or gateway is modified.
+
+
+ Note that parent references that cannot be resolved by an implementation
+ of this API will not be added to this list. Implementations of this API
+ can only populate Route status for the Gateways/parent resources they are
+ responsible for.
+
+
+ A maximum of 32 Gateways will be represented in this list. An empty list
+ means the route has not been attached to any Gateway.
items:
- description: RouteParentStatus describes the status of a route with
- respect to an associated Parent.
+ description: |-
+ RouteParentStatus describes the status of a route with respect to an
+ associated Parent.
properties:
conditions:
- description: "Conditions describes the status of the route with
- respect to the Gateway. Note that the route's availability
- is also subject to the Gateway's own status conditions and
- listener status. \n If the Route's ParentRef specifies an
- existing Gateway that supports Routes of this kind AND that
- Gateway's controller has sufficient access, then that Gateway's
- controller MUST set the \"Accepted\" condition on the Route,
- to indicate whether the route has been accepted or rejected
- by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
- if at least one of the Route's rules is implemented by the
- Gateway. \n There are a number of cases where the \"Accepted\"
- condition may not be set due to lack of controller visibility,
- that includes when: \n * The Route refers to a non-existent
- parent. * The Route is of a type that the controller does
- not support. * The Route is in a namespace the controller
- does not have access to."
+ description: |-
+ Conditions describes the status of the route with respect to the Gateway.
+ Note that the route's availability is also subject to the Gateway's own
+ status conditions and listener status.
+
+
+ If the Route's ParentRef specifies an existing Gateway that supports
+ Routes of this kind AND that Gateway's controller has sufficient access,
+ then that Gateway's controller MUST set the "Accepted" condition on the
+ Route, to indicate whether the route has been accepted or rejected by the
+ Gateway, and why.
+
+
+ A Route MUST be considered "Accepted" if at least one of the Route's
+ rules is implemented by the Gateway.
+
+
+ There are a number of cases where the "Accepted" condition may not be set
+ due to lack of controller visibility, that includes when:
+
+
+ * The Route refers to a non-existent parent.
+ * The Route is of a type that the controller does not support.
+ * The Route is in a namespace the controller does not have access to.
items:
description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
+ the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -6857,12 +11934,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -6880,131 +11957,175 @@ spec:
- type
x-kubernetes-list-type: map
controllerName:
- description: "ControllerName is a domain/path string that indicates
- the name of the controller that wrote this status. This corresponds
- with the controllerName field on GatewayClass. \n Example:
- \"example.net/gateway-controller\". \n The format of this
- field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
- Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- \n Controllers MUST populate this field when writing status.
- Controllers should ensure that entries to status populated
- with their ControllerName are cleaned up when they are no
- longer necessary."
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
- description: ParentRef corresponds with a ParentRef in the spec
- that this RouteParentStatus struct describes the status of.
+ description: |-
+ ParentRef corresponds with a ParentRef in the spec that this
+ RouteParentStatus struct describes the status of.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the
- core API group (such as for a \"Service\" kind referent),
- Group must be explicitly set to \"\" (empty string). \n
- Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are
- two kinds of parent resources with \"Core\" support: \n
- * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services
- only) \n Support for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent.
- When unspecified, this refers to the local namespace of
- the Route. \n Note that there are specific rules for ParentRefs
- which cross namespace boundaries. Cross-namespace references
- are only valid if they are explicitly allowed by something
- in the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides
- a generic way to enable any other kind of cross-namespace
- reference. \n ParentRefs from a Route to a Service in
- the same namespace are \"producer\" routes, which apply
- default routing rules to inbound connections from any
- namespace to the Service. \n ParentRefs from a Route to
- a Service in a different namespace are \"consumer\" routes,
- and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for
- which the intended destination of the connections are
- a Service targeted as a ParentRef of the Route. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets.
- It can be interpreted differently based on the type of
- parent resource. \n When the parent resource is a Gateway,
- this targets all listeners listening on the specified
- port that also support this kind of Route(and select this
- Route). It's not recommended to set `Port` unless the
- networking behaviors specified in a Route must apply to
- a specific port as opposed to a listener(s) whose port(s)
- may be changed. When both Port and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. \n When the parent resource is
- a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are
- specified, the name and port of the selected port must
- match both specified values. \n Implementations MAY choose
- to support other parent resources. Implementations supporting
- other types of parent resources MUST clearly document
- how/if Port is interpreted. \n For the purpose of status,
- an attachment is considered successful as long as the
- parent resource accepts it partially. For example, Gateway
- listeners can restrict which Routes can attach to them
- by Route kind, namespace, or hostname. If 1 of 2 Gateway
- listeners accept attachment from the referencing Route,
- the Route MUST be considered successfully attached. If
- no Gateway listeners accept attachment from this Route,
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
- \n Support: Extended \n "
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within
- the target resource. In the following resources, SectionName
- is interpreted as the following: \n * Gateway: Listener
- Name. When both Port (experimental) and SectionName are
- specified, the name and port of the selected listener
- must match both specified values. * Service: Port Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services
- as Parents is part of experimental Mesh support and is
- not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this
- will reference the entire resource. For the purpose of
- status, an attachment is considered successful if at least
- one section in the parent resource accepts it. For example,
- Gateway listeners can restrict which Routes can attach
- to them by Route kind, namespace, or hostname. If 1 of
- 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway.
- \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -7025,7 +12146,7 @@ spec:
- spec
type: object
served: true
- storage: false
+ storage: true
subresources:
status: {}
- additionalPrinterColumns:
@@ -7038,20 +12159,26 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
- description: HTTPRoute provides a way to route HTTP requests. This includes
- the capability to match requests by hostname, path, header, or query param.
- Filters can be used to specify additional processing steps. Backends specify
- where matching requests should be routed.
+ description: |-
+ HTTPRoute provides a way to route HTTP requests. This includes the capability
+ to match requests by hostname, path, header, or query param. Filters can be
+ used to specify additional processing steps. Backends specify where matching
+ requests should be routed.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -7059,57 +12186,90 @@ spec:
description: Spec defines the desired state of HTTPRoute.
properties:
hostnames:
- description: "Hostnames defines a set of hostnames that should match
- against the HTTP Host header to select a HTTPRoute used to process
- the request. Implementations MUST ignore any port value specified
- in the HTTP Host header while performing a match and (absent of
- any applicable header modification configuration) MUST forward this
- header unmodified to the backend. \n Valid values for Hostnames
- are determined by RFC 1123 definition of a hostname with 2 notable
- exceptions: \n 1. IPs are not allowed. 2. A hostname may be prefixed
- with a wildcard label (`*.`). The wildcard label must appear by
- itself as the first label. \n If a hostname is specified by both
- the Listener and HTTPRoute, there must be at least one intersecting
- hostname for the HTTPRoute to be attached to the Listener. For example:
- \n * A Listener with `test.example.com` as the hostname matches
- HTTPRoutes that have either not specified any hostnames, or have
- specified at least one of `test.example.com` or `*.example.com`.
+ description: |-
+ Hostnames defines a set of hostnames that should match against the HTTP Host
+ header to select a HTTPRoute used to process the request. Implementations
+ MUST ignore any port value specified in the HTTP Host header while
+ performing a match and (absent of any applicable header modification
+ configuration) MUST forward this header unmodified to the backend.
+
+
+ Valid values for Hostnames are determined by RFC 1123 definition of a
+ hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label must appear by itself as the first label.
+
+
+ If a hostname is specified by both the Listener and HTTPRoute, there
+ must be at least one intersecting hostname for the HTTPRoute to be
+ attached to the Listener. For example:
+
+
+ * A Listener with `test.example.com` as the hostname matches HTTPRoutes
+ that have either not specified any hostnames, or have specified at
+ least one of `test.example.com` or `*.example.com`.
* A Listener with `*.example.com` as the hostname matches HTTPRoutes
- that have either not specified any hostnames or have specified at
- least one hostname that matches the Listener hostname. For example,
- `*.example.com`, `test.example.com`, and `foo.test.example.com`
- would all match. On the other hand, `example.com` and `test.example.net`
- would not match. \n Hostnames that are prefixed with a wildcard
- label (`*.`) are interpreted as a suffix match. That means that
- a match for `*.example.com` would match both `test.example.com`,
- and `foo.test.example.com`, but not `example.com`. \n If both the
- Listener and HTTPRoute have specified hostnames, any HTTPRoute hostnames
- that do not match the Listener hostname MUST be ignored. For example,
- if a Listener specified `*.example.com`, and the HTTPRoute specified
- `test.example.com` and `test.example.net`, `test.example.net` must
- not be considered for a match. \n If both the Listener and HTTPRoute
- have specified hostnames, and none match with the criteria above,
- then the HTTPRoute is not accepted. The implementation must raise
- an 'Accepted' Condition with a status of `False` in the corresponding
- RouteParentStatus. \n In the event that multiple HTTPRoutes specify
- intersecting hostnames (e.g. overlapping wildcard matching and exact
- matching hostnames), precedence must be given to rules from the
- HTTPRoute with the largest number of: \n * Characters in a matching
- non-wildcard hostname. * Characters in a matching hostname. \n If
- ties exist across multiple Routes, the matching precedence rules
- for HTTPRouteMatches takes over. \n Support: Core"
+ that have either not specified any hostnames or have specified at least
+ one hostname that matches the Listener hostname. For example,
+ `*.example.com`, `test.example.com`, and `foo.test.example.com` would
+ all match. On the other hand, `example.com` and `test.example.net` would
+ not match.
+
+
+ Hostnames that are prefixed with a wildcard label (`*.`) are interpreted
+ as a suffix match. That means that a match for `*.example.com` would match
+ both `test.example.com`, and `foo.test.example.com`, but not `example.com`.
+
+
+ If both the Listener and HTTPRoute have specified hostnames, any
+ HTTPRoute hostnames that do not match the Listener hostname MUST be
+ ignored. For example, if a Listener specified `*.example.com`, and the
+ HTTPRoute specified `test.example.com` and `test.example.net`,
+ `test.example.net` must not be considered for a match.
+
+
+ If both the Listener and HTTPRoute have specified hostnames, and none
+ match with the criteria above, then the HTTPRoute is not accepted. The
+ implementation must raise an 'Accepted' Condition with a status of
+ `False` in the corresponding RouteParentStatus.
+
+
+ In the event that multiple HTTPRoutes specify intersecting hostnames (e.g.
+ overlapping wildcard matching and exact matching hostnames), precedence must
+ be given to rules from the HTTPRoute with the largest number of:
+
+
+ * Characters in a matching non-wildcard hostname.
+ * Characters in a matching hostname.
+
+
+ If ties exist across multiple Routes, the matching precedence rules for
+ HTTPRouteMatches takes over.
+
+
+ Support: Core
items:
- description: "Hostname is the fully qualified domain name of a network
- host. This matches the RFC 1123 definition of a hostname with
- 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
- may be prefixed with a wildcard label (`*.`). The wildcard label
- must appear by itself as the first label. \n Hostname can be \"precise\"
- which is a domain name without the terminating dot of a network
- host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
- name prefixed with a single wildcard label (e.g. `*.example.com`).
- \n Note that as per RFC1035 and RFC1123, a *label* must consist
- of lower case alphanumeric characters or '-', and must start and
- end with an alphanumeric character. No other punctuation is allowed."
+ description: |-
+ Hostname is the fully qualified domain name of a network host. This matches
+ the RFC 1123 definition of a hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label must appear by itself as the first label.
+
+
+ Hostname can be "precise" which is a domain name without the terminating
+ dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
+ domain name prefixed with a single wildcard label (e.g. `*.example.com`).
+
+
+ Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+ alphanumeric characters or '-', and must start and end with an alphanumeric
+ character. No other punctuation is allowed.
maxLength: 253
minLength: 1
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -7117,165 +12277,246 @@ spec:
maxItems: 16
type: array
parentRefs:
- description: "ParentRefs references the resources (usually Gateways)
- that a Route wants to be attached to. Note that the referenced parent
- resource needs to allow this for the attachment to be complete.
- For Gateways, that means the Gateway needs to allow attachment from
- Routes of this kind and namespace. For Services, that means the
- Service must either be in the same namespace for a \"producer\"
- route, or the mesh implementation must support and allow \"consumer\"
- routes for the referenced Service. ReferenceGrant is not applicable
- for governing ParentRefs to Services - it is not possible to create
- a \"producer\" route for a Service in a different namespace from
- the Route. \n There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services only) This
- API may be extended in the future to support additional kinds of
- parent resources. \n ParentRefs must be _distinct_. This means either
- that: \n * They select different objects. If this is the case,
- then parentRef entries are distinct. In terms of fields, this means
- that the multi-part key defined by `group`, `kind`, `namespace`,
- and `name` must be unique across all parentRef entries in the Route.
- * They do not select different objects, but for each optional field
- used, each ParentRef that selects the same object must set the same
- set of optional fields to different values. If one ParentRef sets
- a combination of optional fields, all must set the same combination.
- \n Some examples: \n * If one ParentRef sets `sectionName`, all
- ParentRefs referencing the same object must also set `sectionName`.
+ description: |+
+ ParentRefs references the resources (usually Gateways) that a Route wants
+ to be attached to. Note that the referenced parent resource needs to
+ allow this for the attachment to be complete. For Gateways, that means
+ the Gateway needs to allow attachment from Routes of this kind and
+ namespace. For Services, that means the Service must either be in the same
+ namespace for a "producer" route, or the mesh implementation must support
+ and allow "consumer" routes for the referenced Service. ReferenceGrant is
+ not applicable for governing ParentRefs to Services - it is not possible to
+ create a "producer" route for a Service in a different namespace from the
+ Route.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ ParentRefs must be _distinct_. This means either that:
+
+
+ * They select different objects. If this is the case, then parentRef
+ entries are distinct. In terms of fields, this means that the
+ multi-part key defined by `group`, `kind`, `namespace`, and `name` must
+ be unique across all parentRef entries in the Route.
+ * They do not select different objects, but for each optional field used,
+ each ParentRef that selects the same object must set the same set of
+ optional fields to different values. If one ParentRef sets a
+ combination of optional fields, all must set the same combination.
+
+
+ Some examples:
+
+
+ * If one ParentRef sets `sectionName`, all ParentRefs referencing the
+ same object must also set `sectionName`.
* If one ParentRef sets `port`, all ParentRefs referencing the same
- object must also set `port`. * If one ParentRef sets `sectionName`
- and `port`, all ParentRefs referencing the same object must also
- set `sectionName` and `port`. \n It is possible to separately reference
- multiple distinct objects that may be collapsed by an implementation.
- For example, some implementations may choose to merge compatible
- Gateway Listeners together. If that is the case, the list of routes
- attached to those resources should also be merged. \n Note that
- for ParentRefs that cross namespace boundaries, there are specific
+ object must also set `port`.
+ * If one ParentRef sets `sectionName` and `port`, all ParentRefs
+ referencing the same object must also set `sectionName` and `port`.
+
+
+ It is possible to separately reference multiple distinct objects that may
+ be collapsed by an implementation. For example, some implementations may
+ choose to merge compatible Gateway Listeners together. If that is the
+ case, the list of routes attached to those resources should also be
+ merged.
+
+
+ Note that for ParentRefs that cross namespace boundaries, there are specific
rules. Cross-namespace references are only valid if they are explicitly
- allowed by something in the namespace they are referring to. For
- example, Gateway has the AllowedRoutes field, and ReferenceGrant
- provides a generic way to enable other kinds of cross-namespace
- reference. \n ParentRefs from a Route to a Service in the same
- namespace are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service. \n ParentRefs
- from a Route to a Service in a different namespace are \"consumer\"
- routes, and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for which the
- intended destination of the connections are a Service targeted as
- a ParentRef of the Route. \n "
+ allowed by something in the namespace they are referring to. For example,
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable other kinds of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+
+
+
items:
- description: "ParentReference identifies an API object (usually
- a Gateway) that can be considered a parent of this resource (usually
- a route). There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service
- (Mesh conformance profile, experimental, ClusterIP Services only)
- \n This API may be extended in the future to support additional
- kinds of parent resources. \n The API object must be valid in
- the cluster; the Group and Kind must be registered in the cluster
- for this reference to be valid."
+ description: |-
+ ParentReference identifies an API object (usually a Gateway) that can be considered
+ a parent of this resource (usually a route). There are two kinds of parent resources
+ with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the core
- API group (such as for a \"Service\" kind referent), Group
- must be explicitly set to \"\" (empty string). \n Support:
- Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are two
- kinds of parent resources with \"Core\" support: \n * Gateway
- (Gateway conformance profile) * Service (Mesh conformance
- profile, experimental, ClusterIP Services only) \n Support
- for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent. When
- unspecified, this refers to the local namespace of the Route.
- \n Note that there are specific rules for ParentRefs which
- cross namespace boundaries. Cross-namespace references are
- only valid if they are explicitly allowed by something in
- the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides a
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
- \n ParentRefs from a Route to a Service in the same namespace
- are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service.
- \n ParentRefs from a Route to a Service in a different namespace
- are \"consumer\" routes, and these routing rules are only
- applied to outbound connections originating from the same
- namespace as the Route, for which the intended destination
- of the connections are a Service targeted as a ParentRef of
- the Route. \n Support: Core"
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets. It
- can be interpreted differently based on the type of parent
- resource. \n When the parent resource is a Gateway, this targets
- all listeners listening on the specified port that also support
- this kind of Route(and select this Route). It's not recommended
- to set `Port` unless the networking behaviors specified in
- a Route must apply to a specific port as opposed to a listener(s)
- whose port(s) may be changed. When both Port and SectionName
- are specified, the name and port of the selected listener
- must match both specified values. \n When the parent resource
- is a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are specified,
- the name and port of the selected port must match both specified
- values. \n Implementations MAY choose to support other parent
- resources. Implementations supporting other types of parent
- resources MUST clearly document how/if Port is interpreted.
- \n For the purpose of status, an attachment is considered
- successful as long as the parent resource accepts it partially.
- For example, Gateway listeners can restrict which Routes can
- attach to them by Route kind, namespace, or hostname. If 1
- of 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway. \n
- Support: Extended \n "
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within the
- target resource. In the following resources, SectionName is
- interpreted as the following: \n * Gateway: Listener Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match both
- specified values. * Service: Port Name. When both Port (experimental)
- and SectionName are specified, the name and port of the selected
- listener must match both specified values. Note that attaching
- Routes to Services as Parents is part of experimental Mesh
- support and is not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this will
- reference the entire resource. For the purpose of status,
- an attachment is considered successful if at least one section
- in the parent resource accepts it. For example, Gateway listeners
- can restrict which Routes can attach to them by Route kind,
- namespace, or hostname. If 1 of 2 Gateway listeners accept
- attachment from the referencing Route, the Route MUST be considered
- successfully attached. If no Gateway listeners accept attachment
- from this Route, the Route MUST be considered detached from
- the Gateway. \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -7316,81 +12557,120 @@ spec:
value: /
description: Rules are a list of HTTP matchers, filters and actions.
items:
- description: HTTPRouteRule defines semantics for matching an HTTP
- request based on conditions (matches), processing it (filters),
- and forwarding the request to an API object (backendRefs).
+ description: |-
+ HTTPRouteRule defines semantics for matching an HTTP request based on
+ conditions (matches), processing it (filters), and forwarding the request to
+ an API object (backendRefs).
properties:
backendRefs:
- description: "BackendRefs defines the backend(s) where matching
- requests should be sent. \n Failure behavior here depends
- on how many BackendRefs are specified and how many are invalid.
- \n If *all* entries in BackendRefs are invalid, and there
- are also no filters specified in this route rule, *all* traffic
- which matches this rule MUST receive a 500 status code. \n
- See the HTTPBackendRef definition for the rules about what
- makes a single HTTPBackendRef invalid. \n When a HTTPBackendRef
- is invalid, 500 status codes MUST be returned for requests
- that would have otherwise been routed to an invalid backend.
- If multiple backends are specified, and some are invalid,
- the proportion of requests that would otherwise have been
- routed to an invalid backend MUST receive a 500 status code.
- \n For example, if two backends are specified with equal weights,
- and one is invalid, 50 percent of traffic must receive a 500.
- Implementations may choose how that 50 percent is determined.
- \n Support: Core for Kubernetes Service \n Support: Extended
- for Kubernetes ServiceImport \n Support: Implementation-specific
- for any other resource \n Support for weight: Core"
+ description: |-
+ BackendRefs defines the backend(s) where matching requests should be
+ sent.
+
+
+ Failure behavior here depends on how many BackendRefs are specified and
+ how many are invalid.
+
+
+ If *all* entries in BackendRefs are invalid, and there are also no filters
+ specified in this route rule, *all* traffic which matches this rule MUST
+ receive a 500 status code.
+
+
+ See the HTTPBackendRef definition for the rules about what makes a single
+ HTTPBackendRef invalid.
+
+
+ When a HTTPBackendRef is invalid, 500 status codes MUST be returned for
+ requests that would have otherwise been routed to an invalid backend. If
+ multiple backends are specified, and some are invalid, the proportion of
+ requests that would otherwise have been routed to an invalid backend
+ MUST receive a 500 status code.
+
+
+ For example, if two backends are specified with equal weights, and one is
+ invalid, 50 percent of traffic must receive a 500. Implementations may
+ choose how that 50 percent is determined.
+
+
+ Support: Core for Kubernetes Service
+
+
+ Support: Extended for Kubernetes ServiceImport
+
+
+ Support: Implementation-specific for any other resource
+
+
+ Support for weight: Core
items:
- description: "HTTPBackendRef defines how a HTTPRoute forwards
- a HTTP request. \n Note that when a namespace different
- than the local namespace is specified, a ReferenceGrant
- object is required in the referent namespace to allow that
+ description: |-
+ HTTPBackendRef defines how a HTTPRoute forwards a HTTP request.
+
+
+ Note that when a namespace different than the local namespace is specified, a
+ ReferenceGrant object is required in the referent namespace to allow that
namespace's owner to accept the reference. See the ReferenceGrant
- documentation for details. \n
- \n When the BackendRef points to a Kubernetes Service, implementations
- SHOULD honor the appProtocol field if it is set for the
- target Service Port. \n Implementations supporting appProtocol
- SHOULD recognize the Kubernetes Standard Application Protocols
- defined in KEP-3726. \n If a Service appProtocol isn't specified,
- an implementation MAY infer the backend protocol through
- its own means. Implementations MAY infer the protocol from
- the Route type referring to the backend Service. \n If a
- Route is not able to send traffic to the backend using the
- specified protocol then the backend is considered invalid.
- Implementations MUST set the \"ResolvedRefs\" condition
- to \"False\" with the \"UnsupportedProtocol\" reason. \n
- "
+ documentation for details.
+
+
+
+
+
+ When the BackendRef points to a Kubernetes Service, implementations SHOULD
+ honor the appProtocol field if it is set for the target Service Port.
+
+
+ Implementations supporting appProtocol SHOULD recognize the Kubernetes
+ Standard Application Protocols defined in KEP-3726.
+
+
+ If a Service appProtocol isn't specified, an implementation MAY infer the
+ backend protocol through its own means. Implementations MAY infer the
+ protocol from the Route type referring to the backend Service.
+
+
+ If a Route is not able to send traffic to the backend using the specified
+ protocol then the backend is considered invalid. Implementations MUST set the
+ "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
+
+
+
properties:
filters:
- description: "Filters defined at this level should be
- executed if and only if the request is being forwarded
- to the backend defined here. \n Support: Implementation-specific
- (For broader support of filters, use the Filters field
- in HTTPRouteRule.)"
+ description: |-
+ Filters defined at this level should be executed if and only if the
+ request is being forwarded to the backend defined here.
+
+
+ Support: Implementation-specific (For broader support of filters, use the
+ Filters field in HTTPRouteRule.)
items:
- description: HTTPRouteFilter defines processing steps
- that must be completed during the request or response
- lifecycle. HTTPRouteFilters are meant as an extension
- point to express processing that may be done in Gateway
- implementations. Some examples include request or
- response modification, implementing authentication
- strategies, rate-limiting, and traffic shaping. API
- guarantee/conformance is defined based on the type
- of the filter.
+ description: |-
+ HTTPRouteFilter defines processing steps that must be completed during the
+ request or response lifecycle. HTTPRouteFilters are meant as an extension
+ point to express processing that may be done in Gateway implementations. Some
+ examples include request or response modification, implementing
+ authentication strategies, rate-limiting, and traffic shaping. API
+ guarantee/conformance is defined based on the type of the filter.
properties:
extensionRef:
- description: "ExtensionRef is an optional, implementation-specific
- extension to the \"filter\" behavior. For example,
- resource \"myroutefilter\" in group \"networking.example.net\").
- ExtensionRef MUST NOT be used for core and extended
- filters. \n This filter can be used multiple times
- within the same rule. \n Support: Implementation-specific"
+ description: |-
+ ExtensionRef is an optional, implementation-specific extension to the
+ "filter" behavior. For example, resource "myroutefilter" in group
+ "networking.example.net"). ExtensionRef MUST NOT be used for core and
+ extended filters.
+
+
+ This filter can be used multiple times within the same rule.
+
+
+ Support: Implementation-specific
properties:
group:
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io".
- When unspecified or empty string, core API
- group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
@@ -7412,35 +12692,50 @@ spec:
- name
type: object
requestHeaderModifier:
- description: "RequestHeaderModifier defines a schema
- for a filter that modifies request headers. \n
- Support: Core"
+ description: |-
+ RequestHeaderModifier defines a schema for a filter that modifies request
+ headers.
+
+
+ Support: Core
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It
- appends to any existing values associated
- with the header name. \n Input: GET /foo HTTP/1.1
- my-header: foo \n Config: add: - name: \"my-header\"
- value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
- my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -7461,44 +12756,68 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from
- the HTTP request before the action. The value
- of Remove is a list of HTTP header names.
- Note that the header names are case-insensitive
- (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo
- my-header2: bar my-header3: baz \n Config:
- remove: [\"my-header1\", \"my-header3\"] \n
- Output: GET /foo HTTP/1.1 my-header2: bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with
- the given header (name, value) before the
- action. \n Input: GET /foo HTTP/1.1 my-header:
- foo \n Config: set: - name: \"my-header\"
- value: \"bar\" \n Output: GET /foo HTTP/1.1
- my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -7520,64 +12839,80 @@ spec:
x-kubernetes-list-type: map
type: object
requestMirror:
- description: "RequestMirror defines a schema for
- a filter that mirrors requests. Requests are sent
- to the specified destination, but responses from
- that destination are ignored. \n This filter can
- be used multiple times within the same rule. Note
- that not all implementations will be able to support
- mirroring to multiple backends. \n Support: Extended"
+ description: |-
+ RequestMirror defines a schema for a filter that mirrors requests.
+ Requests are sent to the specified destination, but responses from
+ that destination are ignored.
+
+
+ This filter can be used multiple times within the same rule. Note that
+ not all implementations will be able to support mirroring to multiple
+ backends.
+
+
+ Support: Extended
properties:
backendRef:
- description: "BackendRef references a resource
- where mirrored requests are sent. \n Mirrored
- requests must be sent only to a single destination
- endpoint within this BackendRef, irrespective
- of how many endpoints are present within this
- BackendRef. \n If the referent cannot be found,
- this BackendRef is invalid and must be dropped
- from the Gateway. The controller must ensure
- the \"ResolvedRefs\" condition on the Route
- status is set to `status: False` and not configure
+ description: |-
+ BackendRef references a resource where mirrored requests are sent.
+
+
+ Mirrored requests must be sent only to a single destination endpoint
+ within this BackendRef, irrespective of how many endpoints are present
+ within this BackendRef.
+
+
+ If the referent cannot be found, this BackendRef is invalid and must be
+ dropped from the Gateway. The controller must ensure the "ResolvedRefs"
+ condition on the Route status is set to `status: False` and not configure
this backend in the underlying implementation.
- \n If there is a cross-namespace reference
- to an *existing* object that is not allowed
- by a ReferenceGrant, the controller must ensure
- the \"ResolvedRefs\" condition on the Route
- is set to `status: False`, with the \"RefNotPermitted\"
- reason and not configure this backend in the
- underlying implementation. \n In either error
- case, the Message of the `ResolvedRefs` Condition
- should be used to provide more detail about
- the problem. \n Support: Extended for Kubernetes
- Service \n Support: Implementation-specific
- for any other resource"
+
+
+ If there is a cross-namespace reference to an *existing* object
+ that is not allowed by a ReferenceGrant, the controller must ensure the
+ "ResolvedRefs" condition on the Route is set to `status: False`,
+ with the "RefNotPermitted" reason and not configure this backend in the
+ underlying implementation.
+
+
+ In either error case, the Message of the `ResolvedRefs` Condition
+ should be used to provide more detail about the problem.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
properties:
group:
default: ""
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io".
- When unspecified or empty string, core
- API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource
- kind of the referent. For example \"Service\".
- \n Defaults to \"Service\" when not specified.
- \n ExternalName services can refer to
- CNAME DNS records that may live outside
- of the cluster and as such are difficult
- to reason about in terms of conformance.
- They also may not be safe to forward to
- (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName
- Services. \n Support: Core (Services with
- a type other than ExternalName) \n Support:
- Implementation-specific (Services with
- type ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -7588,29 +12923,29 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace
- of the backend. When unspecified, the
- local namespace is inferred. \n Note that
- when a namespace different than the local
- namespace is specified, a ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept
- the reference. See the ReferenceGrant
- documentation for details. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination
- port number to use for this resource.
- Port is required when the referent is
- a Kubernetes Service. In this case, the
- port number is the service port number,
- not the target port. For other resources,
- destination port might be derived from
- the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
@@ -7626,84 +12961,88 @@ spec:
- backendRef
type: object
requestRedirect:
- description: "RequestRedirect defines a schema for
- a filter that responds to the request with an
- HTTP redirection. \n Support: Core"
+ description: |-
+ RequestRedirect defines a schema for a filter that responds to the
+ request with an HTTP redirection.
+
+
+ Support: Core
properties:
hostname:
- description: "Hostname is the hostname to be
- used in the value of the `Location` header
- in the response. When empty, the hostname
- in the `Host` header of the request is used.
- \n Support: Core"
+ description: |-
+ Hostname is the hostname to be used in the value of the `Location`
+ header in the response.
+ When empty, the hostname in the `Host` header of the request is used.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
- description: "Path defines parameters used to
- modify the path of the incoming request. The
- modified path is then used to construct the
- `Location` header. When empty, the request
- path is used as-is. \n Support: Extended"
+ description: |-
+ Path defines parameters used to modify the path of the incoming request.
+ The modified path is then used to construct the `Location` header. When
+ empty, the request path is used as-is.
+
+
+ Support: Extended
properties:
replaceFullPath:
- description: ReplaceFullPath specifies the
- value with which to replace the full path
+ description: |-
+ ReplaceFullPath specifies the value with which to replace the full path
of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
- description: "ReplacePrefixMatch specifies
- the value with which to replace the prefix
- match of a request during a rewrite or
- redirect. For example, a request to \"/foo/bar\"
- with a prefix match of \"/foo\" and a
- ReplacePrefixMatch of \"/xyz\" would be
- modified to \"/xyz/bar\". \n Note that
- this matches the behavior of the PathPrefix
- match type. This matches full path elements.
- A path element refers to the list of labels
- in the path split by the `/` separator.
- When specified, a trailing `/` is ignored.
- For example, the paths `/abc`, `/abc/`,
- and `/abc/def` would all match the prefix
- `/abc`, but the path `/abcd` would not.
- \n ReplacePrefixMatch is only compatible
- with a `PathPrefix` HTTPRouteMatch. Using
- any other HTTPRouteMatch type on the same
- HTTPRouteRule will result in the implementation
- setting the Accepted Condition for the
- Route to `status: False`. \n Request Path
- | Prefix Match | Replace Prefix | Modified
- Path -------------|--------------|----------------|----------
- /foo/bar | /foo | /xyz |
- /xyz/bar /foo/bar | /foo |
- /xyz/ | /xyz/bar /foo/bar |
- /foo/ | /xyz | /xyz/bar
- /foo/bar | /foo/ | /xyz/ |
- /xyz/bar /foo | /foo |
- /xyz | /xyz /foo/ | /foo
- \ | /xyz | /xyz/ /foo/bar
- \ | /foo | |
- /bar /foo/ | /foo | | / /foo | /foo |
- | / /foo/ | /foo
- \ | / | / /foo |
- /foo | / | /"
+ description: |-
+ ReplacePrefixMatch specifies the value with which to replace the prefix
+ match of a request during a rewrite or redirect. For example, a request
+ to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+ of "/xyz" would be modified to "/xyz/bar".
+
+
+ Note that this matches the behavior of the PathPrefix match type. This
+ matches full path elements. A path element refers to the list of labels
+ in the path split by the `/` separator. When specified, a trailing `/` is
+ ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
+ match the prefix `/abc`, but the path `/abcd` would not.
+
+
+ ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.
+ Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+ the implementation setting the Accepted Condition for the Route to `status: False`.
+
+
+ Request Path | Prefix Match | Replace Prefix | Modified Path
+ -------------|--------------|----------------|----------
+ /foo/bar | /foo | /xyz | /xyz/bar
+ /foo/bar | /foo | /xyz/ | /xyz/bar
+ /foo/bar | /foo/ | /xyz | /xyz/bar
+ /foo/bar | /foo/ | /xyz/ | /xyz/bar
+ /foo | /foo | /xyz | /xyz
+ /foo/ | /foo | /xyz | /xyz/
+ /foo/bar | /foo | | /bar
+ /foo/ | /foo | | /
+ /foo | /foo | | /
+ /foo/ | /foo | / | /
+ /foo | /foo | / | /
maxLength: 1024
type: string
type:
- description: "Type defines the type of path
- modifier. Additional types may be added
- in a future release of the API. \n Note
- that values may be added to this enum,
- implementations must ensure that unknown
- values will not cause a crash. \n Unknown
- values here must result in the implementation
- setting the Accepted Condition for the
- Route to `status: False`, with a Reason
- of `UnsupportedValue`."
+ description: |-
+ Type defines the type of path modifier. Additional types may be
+ added in a future release of the API.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- ReplaceFullPath
- ReplacePrefixMatch
@@ -7729,95 +13068,128 @@ spec:
rule: 'has(self.replacePrefixMatch) ? self.type
== ''ReplacePrefixMatch'' : true'
port:
- description: "Port is the port to be used in
- the value of the `Location` header in the
- response. \n If no port is specified, the
- redirect port MUST be derived using the following
- rules: \n * If redirect scheme is not-empty,
- the redirect port MUST be the well-known port
- associated with the redirect scheme. Specifically
- \"http\" to port 80 and \"https\" to port
- 443. If the redirect scheme does not have
- a well-known port, the listener port of the
- Gateway SHOULD be used. * If redirect scheme
- is empty, the redirect port MUST be the Gateway
- Listener port. \n Implementations SHOULD NOT
- add the port number in the 'Location' header
- in the following cases: \n * A Location header
- that will use HTTP (whether that is determined
- via the Listener protocol or the Scheme field)
- _and_ use port 80. * A Location header that
- will use HTTPS (whether that is determined
- via the Listener protocol or the Scheme field)
- _and_ use port 443. \n Support: Extended"
+ description: |-
+ Port is the port to be used in the value of the `Location`
+ header in the response.
+
+
+ If no port is specified, the redirect port MUST be derived using the
+ following rules:
+
+
+ * If redirect scheme is not-empty, the redirect port MUST be the well-known
+ port associated with the redirect scheme. Specifically "http" to port 80
+ and "https" to port 443. If the redirect scheme does not have a
+ well-known port, the listener port of the Gateway SHOULD be used.
+ * If redirect scheme is empty, the redirect port MUST be the Gateway
+ Listener port.
+
+
+ Implementations SHOULD NOT add the port number in the 'Location'
+ header in the following cases:
+
+
+ * A Location header that will use HTTP (whether that is determined via
+ the Listener protocol or the Scheme field) _and_ use port 80.
+ * A Location header that will use HTTPS (whether that is determined via
+ the Listener protocol or the Scheme field) _and_ use port 443.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
scheme:
- description: "Scheme is the scheme to be used
- in the value of the `Location` header in the
- response. When empty, the scheme of the request
- is used. \n Scheme redirects can affect the
- port of the redirect, for more information,
- refer to the documentation for the port field
- of this filter. \n Note that values may be
- added to this enum, implementations must ensure
- that unknown values will not cause a crash.
- \n Unknown values here must result in the
- implementation setting the Accepted Condition
- for the Route to `status: False`, with a Reason
- of `UnsupportedValue`. \n Support: Extended"
+ description: |-
+ Scheme is the scheme to be used in the value of the `Location` header in
+ the response. When empty, the scheme of the request is used.
+
+
+ Scheme redirects can affect the port of the redirect, for more information,
+ refer to the documentation for the port field of this filter.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
+
+
+ Support: Extended
enum:
- http
- https
type: string
statusCode:
default: 302
- description: "StatusCode is the HTTP status
- code to be used in response. \n Note that
- values may be added to this enum, implementations
- must ensure that unknown values will not cause
- a crash. \n Unknown values here must result
- in the implementation setting the Accepted
- Condition for the Route to `status: False`,
- with a Reason of `UnsupportedValue`. \n Support:
- Core"
+ description: |-
+ StatusCode is the HTTP status code to be used in response.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
+
+
+ Support: Core
enum:
- 301
- 302
type: integer
type: object
responseHeaderModifier:
- description: "ResponseHeaderModifier defines a schema
- for a filter that modifies response headers. \n
- Support: Extended"
+ description: |-
+ ResponseHeaderModifier defines a schema for a filter that modifies response
+ headers.
+
+
+ Support: Extended
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It
- appends to any existing values associated
- with the header name. \n Input: GET /foo HTTP/1.1
- my-header: foo \n Config: add: - name: \"my-header\"
- value: \"bar,baz\" \n Output: GET /foo HTTP/1.1
- my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -7838,44 +13210,68 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from
- the HTTP request before the action. The value
- of Remove is a list of HTTP header names.
- Note that the header names are case-insensitive
- (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo
- my-header2: bar my-header3: baz \n Config:
- remove: [\"my-header1\", \"my-header3\"] \n
- Output: GET /foo HTTP/1.1 my-header2: bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with
- the given header (name, value) before the
- action. \n Input: GET /foo HTTP/1.1 my-header:
- foo \n Config: set: - name: \"my-header\"
- value: \"bar\" \n Output: GET /foo HTTP/1.1
- my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP
Header name and value as defined by RFC
7230.
properties:
name:
- description: "Name is the name of the
- HTTP Header to be matched. Name matching
- MUST be case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an
- equivalent name MUST be considered for
- a match. Subsequent entries with an
- equivalent header name MUST be ignored.
- Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -7897,37 +13293,46 @@ spec:
x-kubernetes-list-type: map
type: object
type:
- description: "Type identifies the type of filter
- to apply. As with other API fields, types are
- classified into three conformance levels: \n -
- Core: Filter types and their corresponding configuration
- defined by \"Support: Core\" in this package,
- e.g. \"RequestHeaderModifier\". All implementations
- must support core filters. \n - Extended: Filter
- types and their corresponding configuration defined
- by \"Support: Extended\" in this package, e.g.
- \"RequestMirror\". Implementers are encouraged
- to support extended filters. \n - Implementation-specific:
- Filters that are defined and supported by specific
- vendors. In the future, filters showing convergence
- in behavior across multiple implementations will
- be considered for inclusion in extended or core
- conformance levels. Filter-specific configuration
- for such filters is specified using the ExtensionRef
- field. `Type` should be set to \"ExtensionRef\"
- for custom filters. \n Implementers are encouraged
- to define custom implementation types to extend
- the core API with implementation-specific behavior.
- \n If a reference to a custom filter type cannot
- be resolved, the filter MUST NOT be skipped. Instead,
- requests that would have been processed by that
- filter MUST receive a HTTP error response. \n
+ description: |-
+ Type identifies the type of filter to apply. As with other API fields,
+ types are classified into three conformance levels:
+
+
+ - Core: Filter types and their corresponding configuration defined by
+ "Support: Core" in this package, e.g. "RequestHeaderModifier". All
+ implementations must support core filters.
+
+
+ - Extended: Filter types and their corresponding configuration defined by
+ "Support: Extended" in this package, e.g. "RequestMirror". Implementers
+ are encouraged to support extended filters.
+
+
+ - Implementation-specific: Filters that are defined and supported by
+ specific vendors.
+ In the future, filters showing convergence in behavior across multiple
+ implementations will be considered for inclusion in extended or core
+ conformance levels. Filter-specific configuration for such filters
+ is specified using the ExtensionRef field. `Type` should be set to
+ "ExtensionRef" for custom filters.
+
+
+ Implementers are encouraged to define custom implementation types to
+ extend the core API with implementation-specific behavior.
+
+
+ If a reference to a custom filter type cannot be resolved, the filter
+ MUST NOT be skipped. Instead, requests that would have been processed by
+ that filter MUST receive a HTTP error response.
+
+
Note that values may be added to this enum, implementations
- must ensure that unknown values will not cause
- a crash. \n Unknown values here must result in
- the implementation setting the Accepted Condition
- for the Route to `status: False`, with a Reason
- of `UnsupportedValue`."
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- RequestHeaderModifier
- ResponseHeaderModifier
@@ -7937,79 +13342,84 @@ spec:
- ExtensionRef
type: string
urlRewrite:
- description: "URLRewrite defines a schema for a
- filter that modifies a request during forwarding.
- \n Support: Extended"
+ description: |-
+ URLRewrite defines a schema for a filter that modifies a request during forwarding.
+
+
+ Support: Extended
properties:
hostname:
- description: "Hostname is the value to be used
- to replace the Host header value during forwarding.
- \n Support: Extended"
+ description: |-
+ Hostname is the value to be used to replace the Host header value during
+ forwarding.
+
+
+ Support: Extended
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
- description: "Path defines a path rewrite. \n
- Support: Extended"
+ description: |-
+ Path defines a path rewrite.
+
+
+ Support: Extended
properties:
replaceFullPath:
- description: ReplaceFullPath specifies the
- value with which to replace the full path
+ description: |-
+ ReplaceFullPath specifies the value with which to replace the full path
of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
- description: "ReplacePrefixMatch specifies
- the value with which to replace the prefix
- match of a request during a rewrite or
- redirect. For example, a request to \"/foo/bar\"
- with a prefix match of \"/foo\" and a
- ReplacePrefixMatch of \"/xyz\" would be
- modified to \"/xyz/bar\". \n Note that
- this matches the behavior of the PathPrefix
- match type. This matches full path elements.
- A path element refers to the list of labels
- in the path split by the `/` separator.
- When specified, a trailing `/` is ignored.
- For example, the paths `/abc`, `/abc/`,
- and `/abc/def` would all match the prefix
- `/abc`, but the path `/abcd` would not.
- \n ReplacePrefixMatch is only compatible
- with a `PathPrefix` HTTPRouteMatch. Using
- any other HTTPRouteMatch type on the same
- HTTPRouteRule will result in the implementation
- setting the Accepted Condition for the
- Route to `status: False`. \n Request Path
- | Prefix Match | Replace Prefix | Modified
- Path -------------|--------------|----------------|----------
- /foo/bar | /foo | /xyz |
- /xyz/bar /foo/bar | /foo |
- /xyz/ | /xyz/bar /foo/bar |
- /foo/ | /xyz | /xyz/bar
- /foo/bar | /foo/ | /xyz/ |
- /xyz/bar /foo | /foo |
- /xyz | /xyz /foo/ | /foo
- \ | /xyz | /xyz/ /foo/bar
- \ | /foo | |
- /bar /foo/ | /foo | | / /foo | /foo |
- | / /foo/ | /foo
- \ | / | / /foo |
- /foo | / | /"
+ description: |-
+ ReplacePrefixMatch specifies the value with which to replace the prefix
+ match of a request during a rewrite or redirect. For example, a request
+ to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+ of "/xyz" would be modified to "/xyz/bar".
+
+
+ Note that this matches the behavior of the PathPrefix match type. This
+ matches full path elements. A path element refers to the list of labels
+ in the path split by the `/` separator. When specified, a trailing `/` is
+ ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
+ match the prefix `/abc`, but the path `/abcd` would not.
+
+
+ ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.
+ Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+ the implementation setting the Accepted Condition for the Route to `status: False`.
+
+
+ Request Path | Prefix Match | Replace Prefix | Modified Path
+ -------------|--------------|----------------|----------
+ /foo/bar | /foo | /xyz | /xyz/bar
+ /foo/bar | /foo | /xyz/ | /xyz/bar
+ /foo/bar | /foo/ | /xyz | /xyz/bar
+ /foo/bar | /foo/ | /xyz/ | /xyz/bar
+ /foo | /foo | /xyz | /xyz
+ /foo/ | /foo | /xyz | /xyz/
+ /foo/bar | /foo | | /bar
+ /foo/ | /foo | | /
+ /foo | /foo | | /
+ /foo/ | /foo | / | /
+ /foo | /foo | / | /
maxLength: 1024
type: string
type:
- description: "Type defines the type of path
- modifier. Additional types may be added
- in a future release of the API. \n Note
- that values may be added to this enum,
- implementations must ensure that unknown
- values will not cause a crash. \n Unknown
- values here must result in the implementation
- setting the Accepted Condition for the
- Route to `status: False`, with a Reason
- of `UnsupportedValue`."
+ description: |-
+ Type defines the type of path modifier. Additional types may be
+ added in a future release of the API.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- ReplaceFullPath
- ReplacePrefixMatch
@@ -8107,25 +13517,33 @@ spec:
<= 1
group:
default: ""
- description: Group is the group of the referent. For example,
- "gateway.networking.k8s.io". When unspecified or empty
- string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource kind of
- the referent. For example \"Service\". \n Defaults to
- \"Service\" when not specified. \n ExternalName services
- can refer to CNAME DNS records that may live outside
- of the cluster and as such are difficult to reason about
- in terms of conformance. They also may not be safe to
- forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName Services.
- \n Support: Core (Services with a type other than ExternalName)
- \n Support: Implementation-specific (Services with type
- ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -8136,43 +13554,51 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the backend.
- When unspecified, the local namespace is inferred. \n
- Note that when a namespace different than the local
- namespace is specified, a ReferenceGrant object is required
- in the referent namespace to allow that namespace's
- owner to accept the reference. See the ReferenceGrant
- documentation for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port number
- to use for this resource. Port is required when the
- referent is a Kubernetes Service. In this case, the
- port number is the service port number, not the target
- port. For other resources, destination port might be
- derived from the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
weight:
default: 1
- description: "Weight specifies the proportion of requests
- forwarded to the referenced backend. This is computed
- as weight/(sum of all weights in this BackendRefs list).
- For non-zero values, there may be some epsilon from
- the exact proportion defined here depending on the precision
- an implementation supports. Weight is not a percentage
- and the sum of weights does not need to equal 100. \n
- If only one backend is specified and it has a weight
- greater than 0, 100% of the traffic is forwarded to
- that backend. If weight is set to 0, no traffic should
- be forwarded for this entry. If unspecified, weight
- defaults to 1. \n Support for this field varies based
- on the context where used."
+ description: |-
+ Weight specifies the proportion of requests forwarded to the referenced
+ backend. This is computed as weight/(sum of all weights in this
+ BackendRefs list). For non-zero values, there may be some epsilon from
+ the exact proportion defined here depending on the precision an
+ implementation supports. Weight is not a percentage and the sum of
+ weights does not need to equal 100.
+
+
+ If only one backend is specified and it has a weight greater than 0, 100%
+ of the traffic is forwarded to that backend. If weight is set to 0, no
+ traffic should be forwarded for this entry. If unspecified, weight
+ defaults to 1.
+
+
+ Support for this field varies based on the context where used.
format: int32
maximum: 1000000
minimum: 0
@@ -8187,46 +13613,77 @@ spec:
maxItems: 16
type: array
filters:
- description: "Filters define the filters that are applied to
- requests that match this rule. \n The effects of ordering
- of multiple behaviors are currently unspecified. This can
- change in the future based on feedback during the alpha stage.
- \n Conformance-levels at this level are defined based on the
- type of filter: \n - ALL core filters MUST be supported by
- all implementations. - Implementers are encouraged to support
- extended filters. - Implementation-specific custom filters
- have no API guarantees across implementations. \n Specifying
- the same filter multiple times is not supported unless explicitly
- indicated in the filter. \n All filters are expected to be
- compatible with each other except for the URLRewrite and RequestRedirect
- filters, which may not be combined. If an implementation can
- not support other combinations of filters, they must clearly
+ description: |-
+ Filters define the filters that are applied to requests that match
+ this rule.
+
+
+ Wherever possible, implementations SHOULD implement filters in the order
+ they are specified.
+
+
+ Implementations MAY choose to implement this ordering strictly, rejecting
+ any combination or order of filters that can not be supported. If implementations
+ choose a strict interpretation of filter ordering, they MUST clearly document
+ that behavior.
+
+
+ To reject an invalid combination or order of filters, implementations SHOULD
+ consider the Route Rules with this configuration invalid. If all Route Rules
+ in a Route are invalid, the entire Route would be considered invalid. If only
+ a portion of Route Rules are invalid, implementations MUST set the
+ "PartiallyInvalid" condition for the Route.
+
+
+ Conformance-levels at this level are defined based on the type of filter:
+
+
+ - ALL core filters MUST be supported by all implementations.
+ - Implementers are encouraged to support extended filters.
+ - Implementation-specific custom filters have no API guarantees across
+ implementations.
+
+
+ Specifying the same filter multiple times is not supported unless explicitly
+ indicated in the filter.
+
+
+ All filters are expected to be compatible with each other except for the
+ URLRewrite and RequestRedirect filters, which may not be combined. If an
+ implementation can not support other combinations of filters, they must clearly
document that limitation. In cases where incompatible or unsupported
- filters are specified and cause the `Accepted` condition to
- be set to status `False`, implementations may use the `IncompatibleFilters`
- reason to specify this configuration error. \n Support: Core"
+ filters are specified and cause the `Accepted` condition to be set to status
+ `False`, implementations may use the `IncompatibleFilters` reason to specify
+ this configuration error.
+
+
+ Support: Core
items:
- description: HTTPRouteFilter defines processing steps that
- must be completed during the request or response lifecycle.
- HTTPRouteFilters are meant as an extension point to express
- processing that may be done in Gateway implementations.
- Some examples include request or response modification,
- implementing authentication strategies, rate-limiting, and
- traffic shaping. API guarantee/conformance is defined based
- on the type of the filter.
+ description: |-
+ HTTPRouteFilter defines processing steps that must be completed during the
+ request or response lifecycle. HTTPRouteFilters are meant as an extension
+ point to express processing that may be done in Gateway implementations. Some
+ examples include request or response modification, implementing
+ authentication strategies, rate-limiting, and traffic shaping. API
+ guarantee/conformance is defined based on the type of the filter.
properties:
extensionRef:
- description: "ExtensionRef is an optional, implementation-specific
- extension to the \"filter\" behavior. For example,
- resource \"myroutefilter\" in group \"networking.example.net\").
- ExtensionRef MUST NOT be used for core and extended
- filters. \n This filter can be used multiple times within
- the same rule. \n Support: Implementation-specific"
+ description: |-
+ ExtensionRef is an optional, implementation-specific extension to the
+ "filter" behavior. For example, resource "myroutefilter" in group
+ "networking.example.net"). ExtensionRef MUST NOT be used for core and
+ extended filters.
+
+
+ This filter can be used multiple times within the same rule.
+
+
+ Support: Implementation-specific
properties:
group:
- description: Group is the group of the referent. For
- example, "gateway.networking.k8s.io". When unspecified
- or empty string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
@@ -8248,32 +13705,49 @@ spec:
- name
type: object
requestHeaderModifier:
- description: "RequestHeaderModifier defines a schema for
- a filter that modifies request headers. \n Support:
- Core"
+ description: |-
+ RequestHeaderModifier defines a schema for a filter that modifies request
+ headers.
+
+
+ Support: Core
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It appends
- to any existing values associated with the header
- name. \n Input: GET /foo HTTP/1.1 my-header: foo
- \n Config: add: - name: \"my-header\" value: \"bar,baz\"
- \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -8294,40 +13768,67 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from the
- HTTP request before the action. The value of Remove
- is a list of HTTP header names. Note that the header
- names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
- bar my-header3: baz \n Config: remove: [\"my-header1\",
- \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
- bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with the
- given header (name, value) before the action. \n
- Input: GET /foo HTTP/1.1 my-header: foo \n Config:
- set: - name: \"my-header\" value: \"bar\" \n Output:
- GET /foo HTTP/1.1 my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -8349,60 +13850,80 @@ spec:
x-kubernetes-list-type: map
type: object
requestMirror:
- description: "RequestMirror defines a schema for a filter
- that mirrors requests. Requests are sent to the specified
- destination, but responses from that destination are
- ignored. \n This filter can be used multiple times within
- the same rule. Note that not all implementations will
- be able to support mirroring to multiple backends. \n
- Support: Extended"
+ description: |-
+ RequestMirror defines a schema for a filter that mirrors requests.
+ Requests are sent to the specified destination, but responses from
+ that destination are ignored.
+
+
+ This filter can be used multiple times within the same rule. Note that
+ not all implementations will be able to support mirroring to multiple
+ backends.
+
+
+ Support: Extended
properties:
backendRef:
- description: "BackendRef references a resource where
- mirrored requests are sent. \n Mirrored requests
- must be sent only to a single destination endpoint
- within this BackendRef, irrespective of how many
- endpoints are present within this BackendRef. \n
- If the referent cannot be found, this BackendRef
- is invalid and must be dropped from the Gateway.
- The controller must ensure the \"ResolvedRefs\"
- condition on the Route status is set to `status:
- False` and not configure this backend in the underlying
- implementation. \n If there is a cross-namespace
- reference to an *existing* object that is not allowed
- by a ReferenceGrant, the controller must ensure
- the \"ResolvedRefs\" condition on the Route is
- set to `status: False`, with the \"RefNotPermitted\"
- reason and not configure this backend in the underlying
- implementation. \n In either error case, the Message
- of the `ResolvedRefs` Condition should be used to
- provide more detail about the problem. \n Support:
- Extended for Kubernetes Service \n Support: Implementation-specific
- for any other resource"
+ description: |-
+ BackendRef references a resource where mirrored requests are sent.
+
+
+ Mirrored requests must be sent only to a single destination endpoint
+ within this BackendRef, irrespective of how many endpoints are present
+ within this BackendRef.
+
+
+ If the referent cannot be found, this BackendRef is invalid and must be
+ dropped from the Gateway. The controller must ensure the "ResolvedRefs"
+ condition on the Route status is set to `status: False` and not configure
+ this backend in the underlying implementation.
+
+
+ If there is a cross-namespace reference to an *existing* object
+ that is not allowed by a ReferenceGrant, the controller must ensure the
+ "ResolvedRefs" condition on the Route is set to `status: False`,
+ with the "RefNotPermitted" reason and not configure this backend in the
+ underlying implementation.
+
+
+ In either error case, the Message of the `ResolvedRefs` Condition
+ should be used to provide more detail about the problem.
+
+
+ Support: Extended for Kubernetes Service
+
+
+ Support: Implementation-specific for any other resource
properties:
group:
default: ""
- description: Group is the group of the referent.
- For example, "gateway.networking.k8s.io". When
- unspecified or empty string, core API group
- is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource
- kind of the referent. For example \"Service\".
- \n Defaults to \"Service\" when not specified.
- \n ExternalName services can refer to CNAME
- DNS records that may live outside of the cluster
- and as such are difficult to reason about in
- terms of conformance. They also may not be safe
- to forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName
- Services. \n Support: Core (Services with a
- type other than ExternalName) \n Support: Implementation-specific
- (Services with type ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -8413,25 +13934,28 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the
- backend. When unspecified, the local namespace
- is inferred. \n Note that when a namespace different
- than the local namespace is specified, a ReferenceGrant
- object is required in the referent namespace
- to allow that namespace's owner to accept the
- reference. See the ReferenceGrant documentation
- for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port
- number to use for this resource. Port is required
- when the referent is a Kubernetes Service. In
- this case, the port number is the service port
- number, not the target port. For other resources,
- destination port might be derived from the referent
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
resource or this field.
format: int32
maximum: 65535
@@ -8448,77 +13972,88 @@ spec:
- backendRef
type: object
requestRedirect:
- description: "RequestRedirect defines a schema for a filter
- that responds to the request with an HTTP redirection.
- \n Support: Core"
+ description: |-
+ RequestRedirect defines a schema for a filter that responds to the
+ request with an HTTP redirection.
+
+
+ Support: Core
properties:
hostname:
- description: "Hostname is the hostname to be used
- in the value of the `Location` header in the response.
- When empty, the hostname in the `Host` header of
- the request is used. \n Support: Core"
+ description: |-
+ Hostname is the hostname to be used in the value of the `Location`
+ header in the response.
+ When empty, the hostname in the `Host` header of the request is used.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
- description: "Path defines parameters used to modify
- the path of the incoming request. The modified path
- is then used to construct the `Location` header.
- When empty, the request path is used as-is. \n Support:
- Extended"
+ description: |-
+ Path defines parameters used to modify the path of the incoming request.
+ The modified path is then used to construct the `Location` header. When
+ empty, the request path is used as-is.
+
+
+ Support: Extended
properties:
replaceFullPath:
- description: ReplaceFullPath specifies the value
- with which to replace the full path of a request
- during a rewrite or redirect.
+ description: |-
+ ReplaceFullPath specifies the value with which to replace the full path
+ of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
- description: "ReplacePrefixMatch specifies the
- value with which to replace the prefix match
- of a request during a rewrite or redirect. For
- example, a request to \"/foo/bar\" with a prefix
- match of \"/foo\" and a ReplacePrefixMatch of
- \"/xyz\" would be modified to \"/xyz/bar\".
- \n Note that this matches the behavior of the
- PathPrefix match type. This matches full path
- elements. A path element refers to the list
- of labels in the path split by the `/` separator.
- When specified, a trailing `/` is ignored. For
- example, the paths `/abc`, `/abc/`, and `/abc/def`
- would all match the prefix `/abc`, but the path
- `/abcd` would not. \n ReplacePrefixMatch is
- only compatible with a `PathPrefix` HTTPRouteMatch.
- Using any other HTTPRouteMatch type on the same
- HTTPRouteRule will result in the implementation
- setting the Accepted Condition for the Route
- to `status: False`. \n Request Path | Prefix
- Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
- /foo/bar | /foo | /xyz |
- /xyz/bar /foo/bar | /foo | /xyz/
- \ | /xyz/bar /foo/bar | /foo/ |
- /xyz | /xyz/bar /foo/bar | /foo/
- \ | /xyz/ | /xyz/bar /foo |
- /foo | /xyz | /xyz /foo/ |
- /foo | /xyz | /xyz/ /foo/bar
- \ | /foo | | /bar
- /foo/ | /foo |
- | / /foo | /foo |
- | / /foo/ | /foo | / |
- / /foo | /foo | / |
- /"
+ description: |-
+ ReplacePrefixMatch specifies the value with which to replace the prefix
+ match of a request during a rewrite or redirect. For example, a request
+ to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+ of "/xyz" would be modified to "/xyz/bar".
+
+
+ Note that this matches the behavior of the PathPrefix match type. This
+ matches full path elements. A path element refers to the list of labels
+ in the path split by the `/` separator. When specified, a trailing `/` is
+ ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
+ match the prefix `/abc`, but the path `/abcd` would not.
+
+
+ ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.
+ Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+ the implementation setting the Accepted Condition for the Route to `status: False`.
+
+
+ Request Path | Prefix Match | Replace Prefix | Modified Path
+ -------------|--------------|----------------|----------
+ /foo/bar | /foo | /xyz | /xyz/bar
+ /foo/bar | /foo | /xyz/ | /xyz/bar
+ /foo/bar | /foo/ | /xyz | /xyz/bar
+ /foo/bar | /foo/ | /xyz/ | /xyz/bar
+ /foo | /foo | /xyz | /xyz
+ /foo/ | /foo | /xyz | /xyz/
+ /foo/bar | /foo | | /bar
+ /foo/ | /foo | | /
+ /foo | /foo | | /
+ /foo/ | /foo | / | /
+ /foo | /foo | / | /
maxLength: 1024
type: string
type:
- description: "Type defines the type of path modifier.
- Additional types may be added in a future release
- of the API. \n Note that values may be added
- to this enum, implementations must ensure that
- unknown values will not cause a crash. \n Unknown
- values here must result in the implementation
- setting the Accepted Condition for the Route
- to `status: False`, with a Reason of `UnsupportedValue`."
+ description: |-
+ Type defines the type of path modifier. Additional types may be
+ added in a future release of the API.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- ReplaceFullPath
- ReplacePrefixMatch
@@ -8544,88 +14079,127 @@ spec:
rule: 'has(self.replacePrefixMatch) ? self.type
== ''ReplacePrefixMatch'' : true'
port:
- description: "Port is the port to be used in the value
- of the `Location` header in the response. \n If
- no port is specified, the redirect port MUST be
- derived using the following rules: \n * If redirect
- scheme is not-empty, the redirect port MUST be the
- well-known port associated with the redirect scheme.
- Specifically \"http\" to port 80 and \"https\" to
- port 443. If the redirect scheme does not have a
- well-known port, the listener port of the Gateway
- SHOULD be used. * If redirect scheme is empty, the
- redirect port MUST be the Gateway Listener port.
- \n Implementations SHOULD NOT add the port number
- in the 'Location' header in the following cases:
- \n * A Location header that will use HTTP (whether
- that is determined via the Listener protocol or
- the Scheme field) _and_ use port 80. * A Location
- header that will use HTTPS (whether that is determined
- via the Listener protocol or the Scheme field) _and_
- use port 443. \n Support: Extended"
+ description: |-
+ Port is the port to be used in the value of the `Location`
+ header in the response.
+
+
+ If no port is specified, the redirect port MUST be derived using the
+ following rules:
+
+
+ * If redirect scheme is not-empty, the redirect port MUST be the well-known
+ port associated with the redirect scheme. Specifically "http" to port 80
+ and "https" to port 443. If the redirect scheme does not have a
+ well-known port, the listener port of the Gateway SHOULD be used.
+ * If redirect scheme is empty, the redirect port MUST be the Gateway
+ Listener port.
+
+
+ Implementations SHOULD NOT add the port number in the 'Location'
+ header in the following cases:
+
+
+ * A Location header that will use HTTP (whether that is determined via
+ the Listener protocol or the Scheme field) _and_ use port 80.
+ * A Location header that will use HTTPS (whether that is determined via
+ the Listener protocol or the Scheme field) _and_ use port 443.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
scheme:
- description: "Scheme is the scheme to be used in the
- value of the `Location` header in the response.
- When empty, the scheme of the request is used. \n
- Scheme redirects can affect the port of the redirect,
- for more information, refer to the documentation
- for the port field of this filter. \n Note that
- values may be added to this enum, implementations
- must ensure that unknown values will not cause a
- crash. \n Unknown values here must result in the
- implementation setting the Accepted Condition for
- the Route to `status: False`, with a Reason of `UnsupportedValue`.
- \n Support: Extended"
+ description: |-
+ Scheme is the scheme to be used in the value of the `Location` header in
+ the response. When empty, the scheme of the request is used.
+
+
+ Scheme redirects can affect the port of the redirect, for more information,
+ refer to the documentation for the port field of this filter.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
+
+
+ Support: Extended
enum:
- http
- https
type: string
statusCode:
default: 302
- description: "StatusCode is the HTTP status code to
- be used in response. \n Note that values may be
- added to this enum, implementations must ensure
- that unknown values will not cause a crash. \n Unknown
- values here must result in the implementation setting
- the Accepted Condition for the Route to `status:
- False`, with a Reason of `UnsupportedValue`. \n
- Support: Core"
+ description: |-
+ StatusCode is the HTTP status code to be used in response.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
+
+
+ Support: Core
enum:
- 301
- 302
type: integer
type: object
responseHeaderModifier:
- description: "ResponseHeaderModifier defines a schema
- for a filter that modifies response headers. \n Support:
- Extended"
+ description: |-
+ ResponseHeaderModifier defines a schema for a filter that modifies response
+ headers.
+
+
+ Support: Extended
properties:
add:
- description: "Add adds the given header(s) (name,
- value) to the request before the action. It appends
- to any existing values associated with the header
- name. \n Input: GET /foo HTTP/1.1 my-header: foo
- \n Config: add: - name: \"my-header\" value: \"bar,baz\"
- \n Output: GET /foo HTTP/1.1 my-header: foo,bar,baz"
+ description: |-
+ Add adds the given header(s) (name, value) to the request
+ before the action. It appends to any existing values associated
+ with the header name.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ add:
+ - name: "my-header"
+ value: "bar,baz"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: foo,bar,baz
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -8646,40 +14220,67 @@ spec:
- name
x-kubernetes-list-type: map
remove:
- description: "Remove the given header(s) from the
- HTTP request before the action. The value of Remove
- is a list of HTTP header names. Note that the header
- names are case-insensitive (see https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
- \n Input: GET /foo HTTP/1.1 my-header1: foo my-header2:
- bar my-header3: baz \n Config: remove: [\"my-header1\",
- \"my-header3\"] \n Output: GET /foo HTTP/1.1 my-header2:
- bar"
+ description: |-
+ Remove the given header(s) from the HTTP request before the action. The
+ value of Remove is a list of HTTP header names. Note that the header
+ names are case-insensitive (see
+ https://datatracker.ietf.org/doc/html/rfc2616#section-4.2).
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header1: foo
+ my-header2: bar
+ my-header3: baz
+
+
+ Config:
+ remove: ["my-header1", "my-header3"]
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header2: bar
items:
type: string
maxItems: 16
type: array
x-kubernetes-list-type: set
set:
- description: "Set overwrites the request with the
- given header (name, value) before the action. \n
- Input: GET /foo HTTP/1.1 my-header: foo \n Config:
- set: - name: \"my-header\" value: \"bar\" \n Output:
- GET /foo HTTP/1.1 my-header: bar"
+ description: |-
+ Set overwrites the request with the given header (name, value)
+ before the action.
+
+
+ Input:
+ GET /foo HTTP/1.1
+ my-header: foo
+
+
+ Config:
+ set:
+ - name: "my-header"
+ value: "bar"
+
+
+ Output:
+ GET /foo HTTP/1.1
+ my-header: bar
items:
description: HTTPHeader represents an HTTP Header
name and value as defined by RFC 7230.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case
- insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent
- header names, the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST
- be ignored. Due to the case-insensitivity
- of header names, \"foo\" and \"Foo\" are considered
- equivalent."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, the first entry with
+ an equivalent name MUST be considered for a match. Subsequent entries
+ with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
@@ -8701,33 +14302,46 @@ spec:
x-kubernetes-list-type: map
type: object
type:
- description: "Type identifies the type of filter to apply.
- As with other API fields, types are classified into
- three conformance levels: \n - Core: Filter types and
- their corresponding configuration defined by \"Support:
- Core\" in this package, e.g. \"RequestHeaderModifier\".
- All implementations must support core filters. \n -
- Extended: Filter types and their corresponding configuration
- defined by \"Support: Extended\" in this package, e.g.
- \"RequestMirror\". Implementers are encouraged to support
- extended filters. \n - Implementation-specific: Filters
- that are defined and supported by specific vendors.
- In the future, filters showing convergence in behavior
- across multiple implementations will be considered for
- inclusion in extended or core conformance levels. Filter-specific
- configuration for such filters is specified using the
- ExtensionRef field. `Type` should be set to \"ExtensionRef\"
- for custom filters. \n Implementers are encouraged to
- define custom implementation types to extend the core
- API with implementation-specific behavior. \n If a reference
- to a custom filter type cannot be resolved, the filter
- MUST NOT be skipped. Instead, requests that would have
- been processed by that filter MUST receive a HTTP error
- response. \n Note that values may be added to this enum,
- implementations must ensure that unknown values will
- not cause a crash. \n Unknown values here must result
- in the implementation setting the Accepted Condition
- for the Route to `status: False`, with a Reason of `UnsupportedValue`."
+ description: |-
+ Type identifies the type of filter to apply. As with other API fields,
+ types are classified into three conformance levels:
+
+
+ - Core: Filter types and their corresponding configuration defined by
+ "Support: Core" in this package, e.g. "RequestHeaderModifier". All
+ implementations must support core filters.
+
+
+ - Extended: Filter types and their corresponding configuration defined by
+ "Support: Extended" in this package, e.g. "RequestMirror". Implementers
+ are encouraged to support extended filters.
+
+
+ - Implementation-specific: Filters that are defined and supported by
+ specific vendors.
+ In the future, filters showing convergence in behavior across multiple
+ implementations will be considered for inclusion in extended or core
+ conformance levels. Filter-specific configuration for such filters
+ is specified using the ExtensionRef field. `Type` should be set to
+ "ExtensionRef" for custom filters.
+
+
+ Implementers are encouraged to define custom implementation types to
+ extend the core API with implementation-specific behavior.
+
+
+ If a reference to a custom filter type cannot be resolved, the filter
+ MUST NOT be skipped. Instead, requests that would have been processed by
+ that filter MUST receive a HTTP error response.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- RequestHeaderModifier
- ResponseHeaderModifier
@@ -8737,73 +14351,84 @@ spec:
- ExtensionRef
type: string
urlRewrite:
- description: "URLRewrite defines a schema for a filter
- that modifies a request during forwarding. \n Support:
- Extended"
+ description: |-
+ URLRewrite defines a schema for a filter that modifies a request during forwarding.
+
+
+ Support: Extended
properties:
hostname:
- description: "Hostname is the value to be used to
- replace the Host header value during forwarding.
- \n Support: Extended"
+ description: |-
+ Hostname is the value to be used to replace the Host header value during
+ forwarding.
+
+
+ Support: Extended
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
path:
- description: "Path defines a path rewrite. \n Support:
- Extended"
+ description: |-
+ Path defines a path rewrite.
+
+
+ Support: Extended
properties:
replaceFullPath:
- description: ReplaceFullPath specifies the value
- with which to replace the full path of a request
- during a rewrite or redirect.
+ description: |-
+ ReplaceFullPath specifies the value with which to replace the full path
+ of a request during a rewrite or redirect.
maxLength: 1024
type: string
replacePrefixMatch:
- description: "ReplacePrefixMatch specifies the
- value with which to replace the prefix match
- of a request during a rewrite or redirect. For
- example, a request to \"/foo/bar\" with a prefix
- match of \"/foo\" and a ReplacePrefixMatch of
- \"/xyz\" would be modified to \"/xyz/bar\".
- \n Note that this matches the behavior of the
- PathPrefix match type. This matches full path
- elements. A path element refers to the list
- of labels in the path split by the `/` separator.
- When specified, a trailing `/` is ignored. For
- example, the paths `/abc`, `/abc/`, and `/abc/def`
- would all match the prefix `/abc`, but the path
- `/abcd` would not. \n ReplacePrefixMatch is
- only compatible with a `PathPrefix` HTTPRouteMatch.
- Using any other HTTPRouteMatch type on the same
- HTTPRouteRule will result in the implementation
- setting the Accepted Condition for the Route
- to `status: False`. \n Request Path | Prefix
- Match | Replace Prefix | Modified Path -------------|--------------|----------------|----------
- /foo/bar | /foo | /xyz |
- /xyz/bar /foo/bar | /foo | /xyz/
- \ | /xyz/bar /foo/bar | /foo/ |
- /xyz | /xyz/bar /foo/bar | /foo/
- \ | /xyz/ | /xyz/bar /foo |
- /foo | /xyz | /xyz /foo/ |
- /foo | /xyz | /xyz/ /foo/bar
- \ | /foo | | /bar
- /foo/ | /foo |
- | / /foo | /foo |
- | / /foo/ | /foo | / |
- / /foo | /foo | / |
- /"
+ description: |-
+ ReplacePrefixMatch specifies the value with which to replace the prefix
+ match of a request during a rewrite or redirect. For example, a request
+ to "/foo/bar" with a prefix match of "/foo" and a ReplacePrefixMatch
+ of "/xyz" would be modified to "/xyz/bar".
+
+
+ Note that this matches the behavior of the PathPrefix match type. This
+ matches full path elements. A path element refers to the list of labels
+ in the path split by the `/` separator. When specified, a trailing `/` is
+ ignored. For example, the paths `/abc`, `/abc/`, and `/abc/def` would all
+ match the prefix `/abc`, but the path `/abcd` would not.
+
+
+ ReplacePrefixMatch is only compatible with a `PathPrefix` HTTPRouteMatch.
+ Using any other HTTPRouteMatch type on the same HTTPRouteRule will result in
+ the implementation setting the Accepted Condition for the Route to `status: False`.
+
+
+ Request Path | Prefix Match | Replace Prefix | Modified Path
+ -------------|--------------|----------------|----------
+ /foo/bar | /foo | /xyz | /xyz/bar
+ /foo/bar | /foo | /xyz/ | /xyz/bar
+ /foo/bar | /foo/ | /xyz | /xyz/bar
+ /foo/bar | /foo/ | /xyz/ | /xyz/bar
+ /foo | /foo | /xyz | /xyz
+ /foo/ | /foo | /xyz | /xyz/
+ /foo/bar | /foo | | /bar
+ /foo/ | /foo | | /
+ /foo | /foo | | /
+ /foo/ | /foo | / | /
+ /foo | /foo | / | /
maxLength: 1024
type: string
type:
- description: "Type defines the type of path modifier.
- Additional types may be added in a future release
- of the API. \n Note that values may be added
- to this enum, implementations must ensure that
- unknown values will not cause a crash. \n Unknown
- values here must result in the implementation
- setting the Accepted Condition for the Route
- to `status: False`, with a Reason of `UnsupportedValue`."
+ description: |-
+ Type defines the type of path modifier. Additional types may be
+ added in a future release of the API.
+
+
+ Note that values may be added to this enum, implementations
+ must ensure that unknown values will not cause a crash.
+
+
+ Unknown values here must result in the implementation setting the
+ Accepted Condition for the Route to `status: False`, with a
+ Reason of `UnsupportedValue`.
enum:
- ReplaceFullPath
- ReplacePrefixMatch
@@ -8896,86 +14521,134 @@ spec:
- path:
type: PathPrefix
value: /
- description: "Matches define conditions used for matching the
- rule against incoming HTTP requests. Each match is independent,
- i.e. this rule will be matched if **any** one of the matches
- is satisfied. \n For example, take the following matches configuration:
- \n ``` matches: - path: value: \"/foo\" headers: - name: \"version\"
- value: \"v2\" - path: value: \"/v2/foo\" ``` \n For a request
- to match against this rule, a request must satisfy EITHER
- of the two conditions: \n - path prefixed with `/foo` AND
- contains the header `version: v2` - path prefix of `/v2/foo`
- \n See the documentation for HTTPRouteMatch on how to specify
- multiple match conditions that should be ANDed together. \n
- If no matches are specified, the default is a prefix path
- match on \"/\", which has the effect of matching every HTTP
- request. \n Proxy or Load Balancer routing configuration generated
- from HTTPRoutes MUST prioritize matches based on the following
- criteria, continuing on ties. Across all rules specified on
- applicable Routes, precedence must be given to the match having:
- \n * \"Exact\" path match. * \"Prefix\" path match with largest
- number of characters. * Method match. * Largest number of
- header matches. * Largest number of query param matches. \n
- Note: The precedence of RegularExpression path matches are
- implementation-specific. \n If ties still exist across multiple
- Routes, matching precedence MUST be determined in order of
- the following criteria, continuing on ties: \n * The oldest
- Route based on creation timestamp. * The Route appearing first
- in alphabetical order by \"{namespace}/{name}\". \n If ties
- still exist within an HTTPRoute, matching precedence MUST
- be granted to the FIRST matching rule (in list order) with
- a match meeting the above criteria. \n When no rules matching
- a request have been successfully attached to the parent a
- request is coming from, a HTTP 404 status code MUST be returned."
+ description: |-
+ Matches define conditions used for matching the rule against incoming
+ HTTP requests. Each match is independent, i.e. this rule will be matched
+ if **any** one of the matches is satisfied.
+
+
+ For example, take the following matches configuration:
+
+
+ ```
+ matches:
+ - path:
+ value: "/foo"
+ headers:
+ - name: "version"
+ value: "v2"
+ - path:
+ value: "/v2/foo"
+ ```
+
+
+ For a request to match against this rule, a request must satisfy
+ EITHER of the two conditions:
+
+
+ - path prefixed with `/foo` AND contains the header `version: v2`
+ - path prefix of `/v2/foo`
+
+
+ See the documentation for HTTPRouteMatch on how to specify multiple
+ match conditions that should be ANDed together.
+
+
+ If no matches are specified, the default is a prefix
+ path match on "/", which has the effect of matching every
+ HTTP request.
+
+
+ Proxy or Load Balancer routing configuration generated from HTTPRoutes
+ MUST prioritize matches based on the following criteria, continuing on
+ ties. Across all rules specified on applicable Routes, precedence must be
+ given to the match having:
+
+
+ * "Exact" path match.
+ * "Prefix" path match with largest number of characters.
+ * Method match.
+ * Largest number of header matches.
+ * Largest number of query param matches.
+
+
+ Note: The precedence of RegularExpression path matches are implementation-specific.
+
+
+ If ties still exist across multiple Routes, matching precedence MUST be
+ determined in order of the following criteria, continuing on ties:
+
+
+ * The oldest Route based on creation timestamp.
+ * The Route appearing first in alphabetical order by
+ "{namespace}/{name}".
+
+
+ If ties still exist within an HTTPRoute, matching precedence MUST be granted
+ to the FIRST matching rule (in list order) with a match meeting the above
+ criteria.
+
+
+ When no rules matching a request have been successfully attached to the
+ parent a request is coming from, a HTTP 404 status code MUST be returned.
items:
description: "HTTPRouteMatch defines the predicate used to
- match requests to a given action. Multiple match types are
- ANDed together, i.e. the match will evaluate to true only
- if all conditions are satisfied. \n For example, the match
- below will match a HTTP request only if its path starts
- with `/foo` AND it contains the `version: v1` header: \n
- ``` match: \n path: value: \"/foo\" headers: - name: \"version\"
- value \"v1\" \n ```"
+ match requests to a given\naction. Multiple match types
+ are ANDed together, i.e. the match will\nevaluate to true
+ only if all conditions are satisfied.\n\n\nFor example,
+ the match below will match a HTTP request only if its path\nstarts
+ with `/foo` AND it contains the `version: v1` header:\n\n\n```\nmatch:\n\n\n\tpath:\n\t
+ \ value: \"/foo\"\n\theaders:\n\t- name: \"version\"\n\t
+ \ value \"v1\"\n\n\n```"
properties:
headers:
- description: Headers specifies HTTP request header matchers.
- Multiple match values are ANDed together, meaning, a
- request must match all the specified headers to select
- the route.
+ description: |-
+ Headers specifies HTTP request header matchers. Multiple match values are
+ ANDed together, meaning, a request must match all the specified headers
+ to select the route.
items:
- description: HTTPHeaderMatch describes how to select
- a HTTP route by matching HTTP request headers.
+ description: |-
+ HTTPHeaderMatch describes how to select a HTTP route by matching HTTP request
+ headers.
properties:
name:
- description: "Name is the name of the HTTP Header
- to be matched. Name matching MUST be case insensitive.
- (See https://tools.ietf.org/html/rfc7230#section-3.2).
- \n If multiple entries specify equivalent header
- names, only the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent header name MUST be
- ignored. Due to the case-insensitivity of header
- names, \"foo\" and \"Foo\" are considered equivalent.
- \n When a header is repeated in an HTTP request,
- it is implementation-specific behavior as to how
- this is represented. Generally, proxies should
- follow the guidance from the RFC: https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2
- regarding processing a repeated header, with special
- handling for \"Set-Cookie\"."
+ description: |-
+ Name is the name of the HTTP Header to be matched. Name matching MUST be
+ case insensitive. (See https://tools.ietf.org/html/rfc7230#section-3.2).
+
+
+ If multiple entries specify equivalent header names, only the first
+ entry with an equivalent name MUST be considered for a match. Subsequent
+ entries with an equivalent header name MUST be ignored. Due to the
+ case-insensitivity of header names, "foo" and "Foo" are considered
+ equivalent.
+
+
+ When a header is repeated in an HTTP request, it is
+ implementation-specific behavior as to how this is represented.
+ Generally, proxies should follow the guidance from the RFC:
+ https://www.rfc-editor.org/rfc/rfc7230.html#section-3.2.2 regarding
+ processing a repeated header, with special handling for "Set-Cookie".
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
type:
default: Exact
- description: "Type specifies how to match against
- the value of the header. \n Support: Core (Exact)
- \n Support: Implementation-specific (RegularExpression)
- \n Since RegularExpression HeaderMatchType has
- implementation-specific conformance, implementations
- can support POSIX, PCRE or any other dialects
- of regular expressions. Please read the implementation's
- documentation to determine the supported dialect."
+ description: |-
+ Type specifies how to match against the value of the header.
+
+
+ Support: Core (Exact)
+
+
+ Support: Implementation-specific (RegularExpression)
+
+
+ Since RegularExpression HeaderMatchType has implementation-specific
+ conformance, implementations can support POSIX, PCRE or any other dialects
+ of regular expressions. Please read the implementation's documentation to
+ determine the supported dialect.
enum:
- Exact
- RegularExpression
@@ -8996,9 +14669,13 @@ spec:
- name
x-kubernetes-list-type: map
method:
- description: "Method specifies HTTP method matcher. When
- specified, this route will be matched only if the request
- has the specified method. \n Support: Extended"
+ description: |-
+ Method specifies HTTP method matcher.
+ When specified, this route will be matched only if the request has the
+ specified method.
+
+
+ Support: Extended
enum:
- GET
- HEAD
@@ -9014,15 +14691,20 @@ spec:
default:
type: PathPrefix
value: /
- description: Path specifies a HTTP request path matcher.
- If this field is not specified, a default prefix match
- on the "/" path is provided.
+ description: |-
+ Path specifies a HTTP request path matcher. If this field is not
+ specified, a default prefix match on the "/" path is provided.
properties:
type:
default: PathPrefix
- description: "Type specifies how to match against
- the path Value. \n Support: Core (Exact, PathPrefix)
- \n Support: Implementation-specific (RegularExpression)"
+ description: |-
+ Type specifies how to match against the path Value.
+
+
+ Support: Core (Exact, PathPrefix)
+
+
+ Support: Implementation-specific (RegularExpression)
enum:
- Exact
- PathPrefix
@@ -9081,48 +14763,60 @@ spec:
rule: '(self.type in [''Exact'',''PathPrefix'']) ? self.value.matches(r"""^(?:[-A-Za-z0-9/._~!$&''()*+,;=:@]|[%][0-9a-fA-F]{2})+$""")
: true'
queryParams:
- description: "QueryParams specifies HTTP query parameter
- matchers. Multiple match values are ANDed together,
- meaning, a request must match all the specified query
- parameters to select the route. \n Support: Extended"
+ description: |-
+ QueryParams specifies HTTP query parameter matchers. Multiple match
+ values are ANDed together, meaning, a request must match all the
+ specified query parameters to select the route.
+
+
+ Support: Extended
items:
- description: HTTPQueryParamMatch describes how to select
- a HTTP route by matching HTTP query parameters.
+ description: |-
+ HTTPQueryParamMatch describes how to select a HTTP route by matching HTTP
+ query parameters.
properties:
name:
- description: "Name is the name of the HTTP query
- param to be matched. This must be an exact string
- match. (See https://tools.ietf.org/html/rfc7230#section-2.7.3).
- \n If multiple entries specify equivalent query
- param names, only the first entry with an equivalent
- name MUST be considered for a match. Subsequent
- entries with an equivalent query param name MUST
- be ignored. \n If a query param is repeated in
- an HTTP request, the behavior is purposely left
- undefined, since different data planes have different
- capabilities. However, it is *recommended* that
- implementations should match against the first
- value of the param if the data plane supports
- it, as this behavior is expected in other load
- balancing contexts outside of the Gateway API.
- \n Users SHOULD NOT route traffic based on repeated
- query params to guard themselves against potential
- differences in the implementations."
+ description: |-
+ Name is the name of the HTTP query param to be matched. This must be an
+ exact string match. (See
+ https://tools.ietf.org/html/rfc7230#section-2.7.3).
+
+
+ If multiple entries specify equivalent query param names, only the first
+ entry with an equivalent name MUST be considered for a match. Subsequent
+ entries with an equivalent query param name MUST be ignored.
+
+
+ If a query param is repeated in an HTTP request, the behavior is
+ purposely left undefined, since different data planes have different
+ capabilities. However, it is *recommended* that implementations should
+ match against the first value of the param if the data plane supports it,
+ as this behavior is expected in other load balancing contexts outside of
+ the Gateway API.
+
+
+ Users SHOULD NOT route traffic based on repeated query params to guard
+ themselves against potential differences in the implementations.
maxLength: 256
minLength: 1
pattern: ^[A-Za-z0-9!#$%&'*+\-.^_\x60|~]+$
type: string
type:
default: Exact
- description: "Type specifies how to match against
- the value of the query parameter. \n Support:
- Extended (Exact) \n Support: Implementation-specific
- (RegularExpression) \n Since RegularExpression
- QueryParamMatchType has Implementation-specific
- conformance, implementations can support POSIX,
- PCRE or any other dialects of regular expressions.
- Please read the implementation's documentation
- to determine the supported dialect."
+ description: |-
+ Type specifies how to match against the value of the query parameter.
+
+
+ Support: Extended (Exact)
+
+
+ Support: Implementation-specific (RegularExpression)
+
+
+ Since RegularExpression QueryParamMatchType has Implementation-specific
+ conformance, implementations can support POSIX, PCRE or any other
+ dialects of regular expressions. Please read the implementation's
+ documentation to determine the supported dialect.
enum:
- Exact
- RegularExpression
@@ -9145,39 +14839,168 @@ spec:
type: object
maxItems: 8
type: array
+ sessionPersistence:
+ description: |+
+ SessionPersistence defines and configures session persistence
+ for the route rule.
+
+
+ Support: Extended
+
+
+ properties:
+ absoluteTimeout:
+ description: |-
+ AbsoluteTimeout defines the absolute timeout of the persistent
+ session. Once the AbsoluteTimeout duration has elapsed, the
+ session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+ type: string
+ cookieConfig:
+ description: |-
+ CookieConfig provides configuration settings that are specific
+ to cookie-based session persistence.
+
+
+ Support: Core
+ properties:
+ lifetimeType:
+ default: Session
+ description: |-
+ LifetimeType specifies whether the cookie has a permanent or
+ session-based lifetime. A permanent cookie persists until its
+ specified expiry time, defined by the Expires or Max-Age cookie
+ attributes, while a session cookie is deleted when the current
+ session ends.
+
+
+ When set to "Permanent", AbsoluteTimeout indicates the
+ cookie's lifetime via the Expires or Max-Age cookie attributes
+ and is required.
+
+
+ When set to "Session", AbsoluteTimeout indicates the
+ absolute lifetime of the cookie tracked by the gateway and
+ is optional.
+
+
+ Support: Core for "Session" type
+
+
+ Support: Extended for "Permanent" type
+ enum:
+ - Permanent
+ - Session
+ type: string
+ type: object
+ idleTimeout:
+ description: |-
+ IdleTimeout defines the idle timeout of the persistent session.
+ Once the session has been idle for more than the specified
+ IdleTimeout duration, the session becomes invalid.
+
+
+ Support: Extended
+ pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
+ type: string
+ sessionName:
+ description: |-
+ SessionName defines the name of the persistent session token
+ which may be reflected in the cookie or the header. Users
+ should avoid reusing session names to prevent unintended
+ consequences, such as rejection or unpredictable behavior.
+
+
+ Support: Implementation-specific
+ maxLength: 128
+ type: string
+ type:
+ default: Cookie
+ description: |-
+ Type defines the type of session persistence such as through
+ the use a header or cookie. Defaults to cookie based session
+ persistence.
+
+
+ Support: Core for "Cookie" type
+
+
+ Support: Extended for "Header" type
+ enum:
+ - Cookie
+ - Header
+ type: string
+ type: object
+ x-kubernetes-validations:
+ - message: AbsoluteTimeout must be specified when cookie lifetimeType
+ is Permanent
+ rule: '!has(self.cookieConfig.lifetimeType) || self.cookieConfig.lifetimeType
+ != ''Permanent'' || has(self.absoluteTimeout)'
timeouts:
- description: "Timeouts defines the timeouts that can be configured
- for an HTTP request. \n Support: Extended \n "
+ description: |+
+ Timeouts defines the timeouts that can be configured for an HTTP request.
+
+
+ Support: Extended
+
+
properties:
backendRequest:
- description: "BackendRequest specifies a timeout for an
- individual request from the gateway to a backend. This
- covers the time from when the request first starts being
- sent from the gateway to when the full response has been
- received from the backend. \n An entire client HTTP transaction
- with a gateway, covered by the Request timeout, may result
- in more than one call from the gateway to the destination
- backend, for example, if automatic retries are supported.
- \n Because the Request timeout encompasses the BackendRequest
- timeout, the value of BackendRequest must be <= the value
- of Request timeout. \n Support: Extended"
+ description: |-
+ BackendRequest specifies a timeout for an individual request from the gateway
+ to a backend. This covers the time from when the request first starts being
+ sent from the gateway to when the full response has been received from the backend.
+
+
+ Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout
+ completely. Implementations that cannot completely disable the timeout MUST
+ instead interpret the zero duration as the longest possible value to which
+ the timeout can be set.
+
+
+ An entire client HTTP transaction with a gateway, covered by the Request timeout,
+ may result in more than one call from the gateway to the destination backend,
+ for example, if automatic retries are supported.
+
+
+ Because the Request timeout encompasses the BackendRequest timeout, the value of
+ BackendRequest must be <= the value of Request timeout.
+
+
+ Support: Extended
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
request:
- description: "Request specifies the maximum duration for
- a gateway to respond to an HTTP request. If the gateway
- has not been able to respond before this deadline is met,
- the gateway MUST return a timeout error. \n For example,
- setting the `rules.timeouts.request` field to the value
- `10s` in an `HTTPRoute` will cause a timeout if a client
- request is taking longer than 10 seconds to complete.
- \n This timeout is intended to cover as close to the whole
- request-response transaction as possible although an implementation
- MAY choose to start the timeout after the entire request
- stream has been received instead of immediately after
- the transaction is initiated by the client. \n When this
- field is unspecified, request timeout behavior is implementation-specific.
- \n Support: Extended"
+ description: |-
+ Request specifies the maximum duration for a gateway to respond to an HTTP request.
+ If the gateway has not been able to respond before this deadline is met, the gateway
+ MUST return a timeout error.
+
+
+ For example, setting the `rules.timeouts.request` field to the value `10s` in an
+ `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds
+ to complete.
+
+
+ Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout
+ completely. Implementations that cannot completely disable the timeout MUST
+ instead interpret the zero duration as the longest possible value to which
+ the timeout can be set.
+
+
+ This timeout is intended to cover as close to the whole request-response transaction
+ as possible although an implementation MAY choose to start the timeout after the entire
+ request stream has been received instead of immediately after the transaction is
+ initiated by the client.
+
+
+ When this field is unspecified, request timeout behavior is implementation-specific.
+
+
+ Support: Extended
pattern: ^([0-9]{1,5}(h|m|s|ms)){1,4}$
type: string
type: object
@@ -9235,81 +15058,94 @@ spec:
description: Status defines the current state of HTTPRoute.
properties:
parents:
- description: "Parents is a list of parent resources (usually Gateways)
- that are associated with the route, and the status of the route
- with respect to each parent. When this route attaches to a parent,
- the controller that manages the parent must add an entry to this
- list when the controller first sees the route and should update
- the entry as appropriate when the route or gateway is modified.
- \n Note that parent references that cannot be resolved by an implementation
- of this API will not be added to this list. Implementations of this
- API can only populate Route status for the Gateways/parent resources
- they are responsible for. \n A maximum of 32 Gateways will be represented
- in this list. An empty list means the route has not been attached
- to any Gateway."
+ description: |-
+ Parents is a list of parent resources (usually Gateways) that are
+ associated with the route, and the status of the route with respect to
+ each parent. When this route attaches to a parent, the controller that
+ manages the parent must add an entry to this list when the controller
+ first sees the route and should update the entry as appropriate when the
+ route or gateway is modified.
+
+
+ Note that parent references that cannot be resolved by an implementation
+ of this API will not be added to this list. Implementations of this API
+ can only populate Route status for the Gateways/parent resources they are
+ responsible for.
+
+
+ A maximum of 32 Gateways will be represented in this list. An empty list
+ means the route has not been attached to any Gateway.
items:
- description: RouteParentStatus describes the status of a route with
- respect to an associated Parent.
+ description: |-
+ RouteParentStatus describes the status of a route with respect to an
+ associated Parent.
properties:
conditions:
- description: "Conditions describes the status of the route with
- respect to the Gateway. Note that the route's availability
- is also subject to the Gateway's own status conditions and
- listener status. \n If the Route's ParentRef specifies an
- existing Gateway that supports Routes of this kind AND that
- Gateway's controller has sufficient access, then that Gateway's
- controller MUST set the \"Accepted\" condition on the Route,
- to indicate whether the route has been accepted or rejected
- by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
- if at least one of the Route's rules is implemented by the
- Gateway. \n There are a number of cases where the \"Accepted\"
- condition may not be set due to lack of controller visibility,
- that includes when: \n * The Route refers to a non-existent
- parent. * The Route is of a type that the controller does
- not support. * The Route is in a namespace the controller
- does not have access to."
+ description: |-
+ Conditions describes the status of the route with respect to the Gateway.
+ Note that the route's availability is also subject to the Gateway's own
+ status conditions and listener status.
+
+
+ If the Route's ParentRef specifies an existing Gateway that supports
+ Routes of this kind AND that Gateway's controller has sufficient access,
+ then that Gateway's controller MUST set the "Accepted" condition on the
+ Route, to indicate whether the route has been accepted or rejected by the
+ Gateway, and why.
+
+
+ A Route MUST be considered "Accepted" if at least one of the Route's
+ rules is implemented by the Gateway.
+
+
+ There are a number of cases where the "Accepted" condition may not be set
+ due to lack of controller visibility, that includes when:
+
+
+ * The Route refers to a non-existent parent.
+ * The Route is of a type that the controller does not support.
+ * The Route is in a namespace the controller does not have access to.
items:
description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
+ the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -9323,12 +15159,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -9346,131 +15182,175 @@ spec:
- type
x-kubernetes-list-type: map
controllerName:
- description: "ControllerName is a domain/path string that indicates
- the name of the controller that wrote this status. This corresponds
- with the controllerName field on GatewayClass. \n Example:
- \"example.net/gateway-controller\". \n The format of this
- field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
- Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- \n Controllers MUST populate this field when writing status.
- Controllers should ensure that entries to status populated
- with their ControllerName are cleaned up when they are no
- longer necessary."
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
- description: ParentRef corresponds with a ParentRef in the spec
- that this RouteParentStatus struct describes the status of.
+ description: |-
+ ParentRef corresponds with a ParentRef in the spec that this
+ RouteParentStatus struct describes the status of.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the
- core API group (such as for a \"Service\" kind referent),
- Group must be explicitly set to \"\" (empty string). \n
- Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are
- two kinds of parent resources with \"Core\" support: \n
- * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services
- only) \n Support for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent.
- When unspecified, this refers to the local namespace of
- the Route. \n Note that there are specific rules for ParentRefs
- which cross namespace boundaries. Cross-namespace references
- are only valid if they are explicitly allowed by something
- in the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides
- a generic way to enable any other kind of cross-namespace
- reference. \n ParentRefs from a Route to a Service in
- the same namespace are \"producer\" routes, which apply
- default routing rules to inbound connections from any
- namespace to the Service. \n ParentRefs from a Route to
- a Service in a different namespace are \"consumer\" routes,
- and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for
- which the intended destination of the connections are
- a Service targeted as a ParentRef of the Route. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets.
- It can be interpreted differently based on the type of
- parent resource. \n When the parent resource is a Gateway,
- this targets all listeners listening on the specified
- port that also support this kind of Route(and select this
- Route). It's not recommended to set `Port` unless the
- networking behaviors specified in a Route must apply to
- a specific port as opposed to a listener(s) whose port(s)
- may be changed. When both Port and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. \n When the parent resource is
- a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are
- specified, the name and port of the selected port must
- match both specified values. \n Implementations MAY choose
- to support other parent resources. Implementations supporting
- other types of parent resources MUST clearly document
- how/if Port is interpreted. \n For the purpose of status,
- an attachment is considered successful as long as the
- parent resource accepts it partially. For example, Gateway
- listeners can restrict which Routes can attach to them
- by Route kind, namespace, or hostname. If 1 of 2 Gateway
- listeners accept attachment from the referencing Route,
- the Route MUST be considered successfully attached. If
- no Gateway listeners accept attachment from this Route,
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
- \n Support: Extended \n "
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within
- the target resource. In the following resources, SectionName
- is interpreted as the following: \n * Gateway: Listener
- Name. When both Port (experimental) and SectionName are
- specified, the name and port of the selected listener
- must match both specified values. * Service: Port Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services
- as Parents is part of experimental Mesh support and is
- not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this
- will reference the entire resource. For the purpose of
- status, an attachment is considered successful if at least
- one section in the parent resource accepts it. For example,
- Gateway listeners can restrict which Routes can attach
- to them by Route kind, namespace, or hostname. If 1 of
- 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway.
- \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -9491,7 +15371,7 @@ spec:
- spec
type: object
served: true
- storage: true
+ storage: false
subresources:
status: {}
status:
@@ -9508,8 +15388,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
name: referencegrants.gateway.networking.k8s.io
@@ -9536,32 +15416,45 @@ spec:
name: v1alpha2
schema:
openAPIV3Schema:
- description: "ReferenceGrant identifies kinds of resources in other namespaces
- that are trusted to reference the specified kinds of resources in the same
- namespace as the policy. \n Each ReferenceGrant can be used to represent
- a unique trust relationship. Additional Reference Grants can be used to
- add to the set of trusted sources of inbound references for the namespace
- they are defined within. \n A ReferenceGrant is required for all cross-namespace
- references in Gateway API (with the exception of cross-namespace Route-Gateway
- attachment, which is governed by the AllowedRoutes configuration on the
- Gateway, and cross-namespace Service ParentRefs on a \"consumer\" mesh Route,
- which defines routing rules applicable only to workloads in the Route namespace).
- ReferenceGrants allowing a reference from a Route to a Service are only
- applicable to BackendRefs. \n ReferenceGrant is a form of runtime verification
- allowing users to assert which cross-namespace object references are permitted.
- Implementations that support ReferenceGrant MUST NOT permit cross-namespace
- references which have no grant, and MUST respond to the removal of a grant
- by revoking the access that the grant allowed."
+ description: |-
+ ReferenceGrant identifies kinds of resources in other namespaces that are
+ trusted to reference the specified kinds of resources in the same namespace
+ as the policy.
+
+
+ Each ReferenceGrant can be used to represent a unique trust relationship.
+ Additional Reference Grants can be used to add to the set of trusted
+ sources of inbound references for the namespace they are defined within.
+
+
+ A ReferenceGrant is required for all cross-namespace references in Gateway API
+ (with the exception of cross-namespace Route-Gateway attachment, which is
+ governed by the AllowedRoutes configuration on the Gateway, and cross-namespace
+ Service ParentRefs on a "consumer" mesh Route, which defines routing rules
+ applicable only to workloads in the Route namespace). ReferenceGrants allowing
+ a reference from a Route to a Service are only applicable to BackendRefs.
+
+
+ ReferenceGrant is a form of runtime verification allowing users to assert
+ which cross-namespace object references are permitted. Implementations that
+ support ReferenceGrant MUST NOT permit cross-namespace references which have
+ no grant, and MUST respond to the removal of a grant by revoking the access
+ that the grant allowed.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -9569,35 +15462,59 @@ spec:
description: Spec defines the desired state of ReferenceGrant.
properties:
from:
- description: "From describes the trusted namespaces and kinds that
- can reference the resources described in \"To\". Each entry in this
- list MUST be considered to be an additional place that references
- can be valid from, or to put this another way, entries MUST be combined
- using OR. \n Support: Core"
+ description: |-
+ From describes the trusted namespaces and kinds that can reference the
+ resources described in "To". Each entry in this list MUST be considered
+ to be an additional place that references can be valid from, or to put
+ this another way, entries MUST be combined using OR.
+
+
+ Support: Core
items:
description: ReferenceGrantFrom describes trusted namespaces and
kinds.
properties:
group:
- description: "Group is the group of the referent. When empty,
- the Kubernetes core API group is inferred. \n Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When empty, the Kubernetes core API group is inferred.
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
- description: "Kind is the kind of the referent. Although implementations
- may support additional resources, the following types are
- part of the \"Core\" support level for this field. \n When
- used to permit a SecretObjectReference: \n * Gateway \n When
- used to permit a BackendObjectReference: \n * GRPCRoute *
- HTTPRoute * TCPRoute * TLSRoute * UDPRoute"
+ description: |-
+ Kind is the kind of the referent. Although implementations may support
+ additional resources, the following types are part of the "Core"
+ support level for this field.
+
+
+ When used to permit a SecretObjectReference:
+
+
+ * Gateway
+
+
+ When used to permit a BackendObjectReference:
+
+
+ * GRPCRoute
+ * HTTPRoute
+ * TCPRoute
+ * TLSRoute
+ * UDPRoute
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
namespace:
- description: "Namespace is the namespace of the referent. \n
- Support: Core"
+ description: |-
+ Namespace is the namespace of the referent.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
@@ -9611,35 +15528,47 @@ spec:
minItems: 1
type: array
to:
- description: "To describes the resources that may be referenced by
- the resources described in \"From\". Each entry in this list MUST
- be considered to be an additional place that references can be valid
- to, or to put this another way, entries MUST be combined using OR.
- \n Support: Core"
+ description: |-
+ To describes the resources that may be referenced by the resources
+ described in "From". Each entry in this list MUST be considered to be an
+ additional place that references can be valid to, or to put this another
+ way, entries MUST be combined using OR.
+
+
+ Support: Core
items:
- description: ReferenceGrantTo describes what Kinds are allowed as
- targets of the references.
+ description: |-
+ ReferenceGrantTo describes what Kinds are allowed as targets of the
+ references.
properties:
group:
- description: "Group is the group of the referent. When empty,
- the Kubernetes core API group is inferred. \n Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When empty, the Kubernetes core API group is inferred.
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
- description: "Kind is the kind of the referent. Although implementations
- may support additional resources, the following types are
- part of the \"Core\" support level for this field: \n * Secret
- when used to permit a SecretObjectReference * Service when
- used to permit a BackendObjectReference"
+ description: |-
+ Kind is the kind of the referent. Although implementations may support
+ additional resources, the following types are part of the "Core"
+ support level for this field:
+
+
+ * Secret when used to permit a SecretObjectReference
+ * Service when used to permit a BackendObjectReference
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: Name is the name of the referent. When unspecified,
- this policy refers to all resources of the specified Group
- and Kind in the local namespace.
+ description: |-
+ Name is the name of the referent. When unspecified, this policy
+ refers to all resources of the specified Group and Kind in the local
+ namespace.
maxLength: 253
minLength: 1
type: string
@@ -9665,28 +15594,41 @@ spec:
name: v1beta1
schema:
openAPIV3Schema:
- description: "ReferenceGrant identifies kinds of resources in other namespaces
- that are trusted to reference the specified kinds of resources in the same
- namespace as the policy. \n Each ReferenceGrant can be used to represent
- a unique trust relationship. Additional Reference Grants can be used to
- add to the set of trusted sources of inbound references for the namespace
- they are defined within. \n All cross-namespace references in Gateway API
- (with the exception of cross-namespace Gateway-route attachment) require
- a ReferenceGrant. \n ReferenceGrant is a form of runtime verification allowing
- users to assert which cross-namespace object references are permitted. Implementations
- that support ReferenceGrant MUST NOT permit cross-namespace references which
- have no grant, and MUST respond to the removal of a grant by revoking the
- access that the grant allowed."
+ description: |-
+ ReferenceGrant identifies kinds of resources in other namespaces that are
+ trusted to reference the specified kinds of resources in the same namespace
+ as the policy.
+
+
+ Each ReferenceGrant can be used to represent a unique trust relationship.
+ Additional Reference Grants can be used to add to the set of trusted
+ sources of inbound references for the namespace they are defined within.
+
+
+ All cross-namespace references in Gateway API (with the exception of cross-namespace
+ Gateway-route attachment) require a ReferenceGrant.
+
+
+ ReferenceGrant is a form of runtime verification allowing users to assert
+ which cross-namespace object references are permitted. Implementations that
+ support ReferenceGrant MUST NOT permit cross-namespace references which have
+ no grant, and MUST respond to the removal of a grant by revoking the access
+ that the grant allowed.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -9694,35 +15636,59 @@ spec:
description: Spec defines the desired state of ReferenceGrant.
properties:
from:
- description: "From describes the trusted namespaces and kinds that
- can reference the resources described in \"To\". Each entry in this
- list MUST be considered to be an additional place that references
- can be valid from, or to put this another way, entries MUST be combined
- using OR. \n Support: Core"
+ description: |-
+ From describes the trusted namespaces and kinds that can reference the
+ resources described in "To". Each entry in this list MUST be considered
+ to be an additional place that references can be valid from, or to put
+ this another way, entries MUST be combined using OR.
+
+
+ Support: Core
items:
description: ReferenceGrantFrom describes trusted namespaces and
kinds.
properties:
group:
- description: "Group is the group of the referent. When empty,
- the Kubernetes core API group is inferred. \n Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When empty, the Kubernetes core API group is inferred.
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
- description: "Kind is the kind of the referent. Although implementations
- may support additional resources, the following types are
- part of the \"Core\" support level for this field. \n When
- used to permit a SecretObjectReference: \n * Gateway \n When
- used to permit a BackendObjectReference: \n * GRPCRoute *
- HTTPRoute * TCPRoute * TLSRoute * UDPRoute"
+ description: |-
+ Kind is the kind of the referent. Although implementations may support
+ additional resources, the following types are part of the "Core"
+ support level for this field.
+
+
+ When used to permit a SecretObjectReference:
+
+
+ * Gateway
+
+
+ When used to permit a BackendObjectReference:
+
+
+ * GRPCRoute
+ * HTTPRoute
+ * TCPRoute
+ * TLSRoute
+ * UDPRoute
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
namespace:
- description: "Namespace is the namespace of the referent. \n
- Support: Core"
+ description: |-
+ Namespace is the namespace of the referent.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
@@ -9736,35 +15702,47 @@ spec:
minItems: 1
type: array
to:
- description: "To describes the resources that may be referenced by
- the resources described in \"From\". Each entry in this list MUST
- be considered to be an additional place that references can be valid
- to, or to put this another way, entries MUST be combined using OR.
- \n Support: Core"
+ description: |-
+ To describes the resources that may be referenced by the resources
+ described in "From". Each entry in this list MUST be considered to be an
+ additional place that references can be valid to, or to put this another
+ way, entries MUST be combined using OR.
+
+
+ Support: Core
items:
- description: ReferenceGrantTo describes what Kinds are allowed as
- targets of the references.
+ description: |-
+ ReferenceGrantTo describes what Kinds are allowed as targets of the
+ references.
properties:
group:
- description: "Group is the group of the referent. When empty,
- the Kubernetes core API group is inferred. \n Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When empty, the Kubernetes core API group is inferred.
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
- description: "Kind is the kind of the referent. Although implementations
- may support additional resources, the following types are
- part of the \"Core\" support level for this field: \n * Secret
- when used to permit a SecretObjectReference * Service when
- used to permit a BackendObjectReference"
+ description: |-
+ Kind is the kind of the referent. Although implementations may support
+ additional resources, the following types are part of the "Core"
+ support level for this field:
+
+
+ * Secret when used to permit a SecretObjectReference
+ * Service when used to permit a BackendObjectReference
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: Name is the name of the referent. When unspecified,
- this policy refers to all resources of the specified Group
- and Kind in the local namespace.
+ description: |-
+ Name is the name of the referent. When unspecified, this policy
+ refers to all resources of the specified Group and Kind in the local
+ namespace.
maxLength: 253
minLength: 1
type: string
@@ -9797,8 +15775,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
name: tcproutes.gateway.networking.k8s.io
@@ -9820,19 +15798,25 @@ spec:
name: v1alpha2
schema:
openAPIV3Schema:
- description: TCPRoute provides a way to route TCP requests. When combined
- with a Gateway listener, it can be used to forward connections on the port
- specified by the listener to a set of backends specified by the TCPRoute.
+ description: |-
+ TCPRoute provides a way to route TCP requests. When combined with a Gateway
+ listener, it can be used to forward connections on the port specified by the
+ listener to a set of backends specified by the TCPRoute.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -9840,165 +15824,246 @@ spec:
description: Spec defines the desired state of TCPRoute.
properties:
parentRefs:
- description: "ParentRefs references the resources (usually Gateways)
- that a Route wants to be attached to. Note that the referenced parent
- resource needs to allow this for the attachment to be complete.
- For Gateways, that means the Gateway needs to allow attachment from
- Routes of this kind and namespace. For Services, that means the
- Service must either be in the same namespace for a \"producer\"
- route, or the mesh implementation must support and allow \"consumer\"
- routes for the referenced Service. ReferenceGrant is not applicable
- for governing ParentRefs to Services - it is not possible to create
- a \"producer\" route for a Service in a different namespace from
- the Route. \n There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services only) This
- API may be extended in the future to support additional kinds of
- parent resources. \n ParentRefs must be _distinct_. This means either
- that: \n * They select different objects. If this is the case,
- then parentRef entries are distinct. In terms of fields, this means
- that the multi-part key defined by `group`, `kind`, `namespace`,
- and `name` must be unique across all parentRef entries in the Route.
- * They do not select different objects, but for each optional field
- used, each ParentRef that selects the same object must set the same
- set of optional fields to different values. If one ParentRef sets
- a combination of optional fields, all must set the same combination.
- \n Some examples: \n * If one ParentRef sets `sectionName`, all
- ParentRefs referencing the same object must also set `sectionName`.
+ description: |+
+ ParentRefs references the resources (usually Gateways) that a Route wants
+ to be attached to. Note that the referenced parent resource needs to
+ allow this for the attachment to be complete. For Gateways, that means
+ the Gateway needs to allow attachment from Routes of this kind and
+ namespace. For Services, that means the Service must either be in the same
+ namespace for a "producer" route, or the mesh implementation must support
+ and allow "consumer" routes for the referenced Service. ReferenceGrant is
+ not applicable for governing ParentRefs to Services - it is not possible to
+ create a "producer" route for a Service in a different namespace from the
+ Route.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ ParentRefs must be _distinct_. This means either that:
+
+
+ * They select different objects. If this is the case, then parentRef
+ entries are distinct. In terms of fields, this means that the
+ multi-part key defined by `group`, `kind`, `namespace`, and `name` must
+ be unique across all parentRef entries in the Route.
+ * They do not select different objects, but for each optional field used,
+ each ParentRef that selects the same object must set the same set of
+ optional fields to different values. If one ParentRef sets a
+ combination of optional fields, all must set the same combination.
+
+
+ Some examples:
+
+
+ * If one ParentRef sets `sectionName`, all ParentRefs referencing the
+ same object must also set `sectionName`.
* If one ParentRef sets `port`, all ParentRefs referencing the same
- object must also set `port`. * If one ParentRef sets `sectionName`
- and `port`, all ParentRefs referencing the same object must also
- set `sectionName` and `port`. \n It is possible to separately reference
- multiple distinct objects that may be collapsed by an implementation.
- For example, some implementations may choose to merge compatible
- Gateway Listeners together. If that is the case, the list of routes
- attached to those resources should also be merged. \n Note that
- for ParentRefs that cross namespace boundaries, there are specific
+ object must also set `port`.
+ * If one ParentRef sets `sectionName` and `port`, all ParentRefs
+ referencing the same object must also set `sectionName` and `port`.
+
+
+ It is possible to separately reference multiple distinct objects that may
+ be collapsed by an implementation. For example, some implementations may
+ choose to merge compatible Gateway Listeners together. If that is the
+ case, the list of routes attached to those resources should also be
+ merged.
+
+
+ Note that for ParentRefs that cross namespace boundaries, there are specific
rules. Cross-namespace references are only valid if they are explicitly
- allowed by something in the namespace they are referring to. For
- example, Gateway has the AllowedRoutes field, and ReferenceGrant
- provides a generic way to enable other kinds of cross-namespace
- reference. \n ParentRefs from a Route to a Service in the same
- namespace are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service. \n ParentRefs
- from a Route to a Service in a different namespace are \"consumer\"
- routes, and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for which the
- intended destination of the connections are a Service targeted as
- a ParentRef of the Route. \n "
+ allowed by something in the namespace they are referring to. For example,
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable other kinds of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+
+
+
items:
- description: "ParentReference identifies an API object (usually
- a Gateway) that can be considered a parent of this resource (usually
- a route). There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service
- (Mesh conformance profile, experimental, ClusterIP Services only)
- \n This API may be extended in the future to support additional
- kinds of parent resources. \n The API object must be valid in
- the cluster; the Group and Kind must be registered in the cluster
- for this reference to be valid."
+ description: |-
+ ParentReference identifies an API object (usually a Gateway) that can be considered
+ a parent of this resource (usually a route). There are two kinds of parent resources
+ with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the core
- API group (such as for a \"Service\" kind referent), Group
- must be explicitly set to \"\" (empty string). \n Support:
- Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are two
- kinds of parent resources with \"Core\" support: \n * Gateway
- (Gateway conformance profile) * Service (Mesh conformance
- profile, experimental, ClusterIP Services only) \n Support
- for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent. When
- unspecified, this refers to the local namespace of the Route.
- \n Note that there are specific rules for ParentRefs which
- cross namespace boundaries. Cross-namespace references are
- only valid if they are explicitly allowed by something in
- the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides a
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
- \n ParentRefs from a Route to a Service in the same namespace
- are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service.
- \n ParentRefs from a Route to a Service in a different namespace
- are \"consumer\" routes, and these routing rules are only
- applied to outbound connections originating from the same
- namespace as the Route, for which the intended destination
- of the connections are a Service targeted as a ParentRef of
- the Route. \n Support: Core"
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets. It
- can be interpreted differently based on the type of parent
- resource. \n When the parent resource is a Gateway, this targets
- all listeners listening on the specified port that also support
- this kind of Route(and select this Route). It's not recommended
- to set `Port` unless the networking behaviors specified in
- a Route must apply to a specific port as opposed to a listener(s)
- whose port(s) may be changed. When both Port and SectionName
- are specified, the name and port of the selected listener
- must match both specified values. \n When the parent resource
- is a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are specified,
- the name and port of the selected port must match both specified
- values. \n Implementations MAY choose to support other parent
- resources. Implementations supporting other types of parent
- resources MUST clearly document how/if Port is interpreted.
- \n For the purpose of status, an attachment is considered
- successful as long as the parent resource accepts it partially.
- For example, Gateway listeners can restrict which Routes can
- attach to them by Route kind, namespace, or hostname. If 1
- of 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway. \n
- Support: Extended \n "
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within the
- target resource. In the following resources, SectionName is
- interpreted as the following: \n * Gateway: Listener Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match both
- specified values. * Service: Port Name. When both Port (experimental)
- and SectionName are specified, the name and port of the selected
- listener must match both specified values. Note that attaching
- Routes to Services as Parents is part of experimental Mesh
- support and is not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this will
- reference the entire resource. For the purpose of status,
- an attachment is considered successful if at least one section
- in the parent resource accepts it. For example, Gateway listeners
- can restrict which Routes can attach to them by Route kind,
- namespace, or hostname. If 1 of 2 Gateway listeners accept
- attachment from the referencing Route, the Route MUST be considered
- successfully attached. If no Gateway listeners accept attachment
- from this Route, the Route MUST be considered detached from
- the Gateway. \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -10037,62 +16102,94 @@ spec:
description: TCPRouteRule is the configuration for a given rule.
properties:
backendRefs:
- description: "BackendRefs defines the backend(s) where matching
- requests should be sent. If unspecified or invalid (refers
- to a non-existent resource or a Service with no endpoints),
- the underlying implementation MUST actively reject connection
- attempts to this backend. Connection rejections must respect
- weight; if an invalid backend is requested to have 80% of
+ description: |-
+ BackendRefs defines the backend(s) where matching requests should be
+ sent. If unspecified or invalid (refers to a non-existent resource or a
+ Service with no endpoints), the underlying implementation MUST actively
+ reject connection attempts to this backend. Connection rejections must
+ respect weight; if an invalid backend is requested to have 80% of
connections, then 80% of connections must be rejected instead.
- \n Support: Core for Kubernetes Service \n Support: Extended
- for Kubernetes ServiceImport \n Support: Implementation-specific
- for any other resource \n Support for weight: Extended"
+
+
+ Support: Core for Kubernetes Service
+
+
+ Support: Extended for Kubernetes ServiceImport
+
+
+ Support: Implementation-specific for any other resource
+
+
+ Support for weight: Extended
items:
- description: "BackendRef defines how a Route should forward
- a request to a Kubernetes resource. \n Note that when a
- namespace different than the local namespace is specified,
- a ReferenceGrant object is required in the referent namespace
- to allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details. \n
- \n When the BackendRef points to a Kubernetes Service, implementations
- SHOULD honor the appProtocol field if it is set for the
- target Service Port. \n Implementations supporting appProtocol
- SHOULD recognize the Kubernetes Standard Application Protocols
- defined in KEP-3726. \n If a Service appProtocol isn't specified,
- an implementation MAY infer the backend protocol through
- its own means. Implementations MAY infer the protocol from
- the Route type referring to the backend Service. \n If a
- Route is not able to send traffic to the backend using the
- specified protocol then the backend is considered invalid.
- Implementations MUST set the \"ResolvedRefs\" condition
- to \"False\" with the \"UnsupportedProtocol\" reason. \n
- \n Note that when the
- BackendTLSPolicy object is enabled by the implementation,
- there are some extra rules about validity to consider here.
- See the fields where this struct is used for more information
- about the exact behavior."
+ description: |-
+ BackendRef defines how a Route should forward a request to a Kubernetes
+ resource.
+
+
+ Note that when a namespace different than the local namespace is specified, a
+ ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+
+
+
+ When the BackendRef points to a Kubernetes Service, implementations SHOULD
+ honor the appProtocol field if it is set for the target Service Port.
+
+
+ Implementations supporting appProtocol SHOULD recognize the Kubernetes
+ Standard Application Protocols defined in KEP-3726.
+
+
+ If a Service appProtocol isn't specified, an implementation MAY infer the
+ backend protocol through its own means. Implementations MAY infer the
+ protocol from the Route type referring to the backend Service.
+
+
+ If a Route is not able to send traffic to the backend using the specified
+ protocol then the backend is considered invalid. Implementations MUST set the
+ "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
+
+
+
+
+
+ Note that when the BackendTLSPolicy object is enabled by the implementation,
+ there are some extra rules about validity to consider here. See the fields
+ where this struct is used for more information about the exact behavior.
properties:
group:
default: ""
- description: Group is the group of the referent. For example,
- "gateway.networking.k8s.io". When unspecified or empty
- string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource kind of
- the referent. For example \"Service\". \n Defaults to
- \"Service\" when not specified. \n ExternalName services
- can refer to CNAME DNS records that may live outside
- of the cluster and as such are difficult to reason about
- in terms of conformance. They also may not be safe to
- forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName Services.
- \n Support: Core (Services with a type other than ExternalName)
- \n Support: Implementation-specific (Services with type
- ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -10103,43 +16200,51 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the backend.
- When unspecified, the local namespace is inferred. \n
- Note that when a namespace different than the local
- namespace is specified, a ReferenceGrant object is required
- in the referent namespace to allow that namespace's
- owner to accept the reference. See the ReferenceGrant
- documentation for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port number
- to use for this resource. Port is required when the
- referent is a Kubernetes Service. In this case, the
- port number is the service port number, not the target
- port. For other resources, destination port might be
- derived from the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
weight:
default: 1
- description: "Weight specifies the proportion of requests
- forwarded to the referenced backend. This is computed
- as weight/(sum of all weights in this BackendRefs list).
- For non-zero values, there may be some epsilon from
- the exact proportion defined here depending on the precision
- an implementation supports. Weight is not a percentage
- and the sum of weights does not need to equal 100. \n
- If only one backend is specified and it has a weight
- greater than 0, 100% of the traffic is forwarded to
- that backend. If weight is set to 0, no traffic should
- be forwarded for this entry. If unspecified, weight
- defaults to 1. \n Support for this field varies based
- on the context where used."
+ description: |-
+ Weight specifies the proportion of requests forwarded to the referenced
+ backend. This is computed as weight/(sum of all weights in this
+ BackendRefs list). For non-zero values, there may be some epsilon from
+ the exact proportion defined here depending on the precision an
+ implementation supports. Weight is not a percentage and the sum of
+ weights does not need to equal 100.
+
+
+ If only one backend is specified and it has a weight greater than 0, 100%
+ of the traffic is forwarded to that backend. If weight is set to 0, no
+ traffic should be forwarded for this entry. If unspecified, weight
+ defaults to 1.
+
+
+ Support for this field varies based on the context where used.
format: int32
maximum: 1000000
minimum: 0
@@ -10165,81 +16270,94 @@ spec:
description: Status defines the current state of TCPRoute.
properties:
parents:
- description: "Parents is a list of parent resources (usually Gateways)
- that are associated with the route, and the status of the route
- with respect to each parent. When this route attaches to a parent,
- the controller that manages the parent must add an entry to this
- list when the controller first sees the route and should update
- the entry as appropriate when the route or gateway is modified.
- \n Note that parent references that cannot be resolved by an implementation
- of this API will not be added to this list. Implementations of this
- API can only populate Route status for the Gateways/parent resources
- they are responsible for. \n A maximum of 32 Gateways will be represented
- in this list. An empty list means the route has not been attached
- to any Gateway."
+ description: |-
+ Parents is a list of parent resources (usually Gateways) that are
+ associated with the route, and the status of the route with respect to
+ each parent. When this route attaches to a parent, the controller that
+ manages the parent must add an entry to this list when the controller
+ first sees the route and should update the entry as appropriate when the
+ route or gateway is modified.
+
+
+ Note that parent references that cannot be resolved by an implementation
+ of this API will not be added to this list. Implementations of this API
+ can only populate Route status for the Gateways/parent resources they are
+ responsible for.
+
+
+ A maximum of 32 Gateways will be represented in this list. An empty list
+ means the route has not been attached to any Gateway.
items:
- description: RouteParentStatus describes the status of a route with
- respect to an associated Parent.
+ description: |-
+ RouteParentStatus describes the status of a route with respect to an
+ associated Parent.
properties:
conditions:
- description: "Conditions describes the status of the route with
- respect to the Gateway. Note that the route's availability
- is also subject to the Gateway's own status conditions and
- listener status. \n If the Route's ParentRef specifies an
- existing Gateway that supports Routes of this kind AND that
- Gateway's controller has sufficient access, then that Gateway's
- controller MUST set the \"Accepted\" condition on the Route,
- to indicate whether the route has been accepted or rejected
- by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
- if at least one of the Route's rules is implemented by the
- Gateway. \n There are a number of cases where the \"Accepted\"
- condition may not be set due to lack of controller visibility,
- that includes when: \n * The Route refers to a non-existent
- parent. * The Route is of a type that the controller does
- not support. * The Route is in a namespace the controller
- does not have access to."
+ description: |-
+ Conditions describes the status of the route with respect to the Gateway.
+ Note that the route's availability is also subject to the Gateway's own
+ status conditions and listener status.
+
+
+ If the Route's ParentRef specifies an existing Gateway that supports
+ Routes of this kind AND that Gateway's controller has sufficient access,
+ then that Gateway's controller MUST set the "Accepted" condition on the
+ Route, to indicate whether the route has been accepted or rejected by the
+ Gateway, and why.
+
+
+ A Route MUST be considered "Accepted" if at least one of the Route's
+ rules is implemented by the Gateway.
+
+
+ There are a number of cases where the "Accepted" condition may not be set
+ due to lack of controller visibility, that includes when:
+
+
+ * The Route refers to a non-existent parent.
+ * The Route is of a type that the controller does not support.
+ * The Route is in a namespace the controller does not have access to.
items:
description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
+ the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -10253,12 +16371,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -10276,131 +16394,175 @@ spec:
- type
x-kubernetes-list-type: map
controllerName:
- description: "ControllerName is a domain/path string that indicates
- the name of the controller that wrote this status. This corresponds
- with the controllerName field on GatewayClass. \n Example:
- \"example.net/gateway-controller\". \n The format of this
- field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
- Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- \n Controllers MUST populate this field when writing status.
- Controllers should ensure that entries to status populated
- with their ControllerName are cleaned up when they are no
- longer necessary."
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
- description: ParentRef corresponds with a ParentRef in the spec
- that this RouteParentStatus struct describes the status of.
+ description: |-
+ ParentRef corresponds with a ParentRef in the spec that this
+ RouteParentStatus struct describes the status of.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the
- core API group (such as for a \"Service\" kind referent),
- Group must be explicitly set to \"\" (empty string). \n
- Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are
- two kinds of parent resources with \"Core\" support: \n
- * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services
- only) \n Support for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent.
- When unspecified, this refers to the local namespace of
- the Route. \n Note that there are specific rules for ParentRefs
- which cross namespace boundaries. Cross-namespace references
- are only valid if they are explicitly allowed by something
- in the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides
- a generic way to enable any other kind of cross-namespace
- reference. \n ParentRefs from a Route to a Service in
- the same namespace are \"producer\" routes, which apply
- default routing rules to inbound connections from any
- namespace to the Service. \n ParentRefs from a Route to
- a Service in a different namespace are \"consumer\" routes,
- and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for
- which the intended destination of the connections are
- a Service targeted as a ParentRef of the Route. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets.
- It can be interpreted differently based on the type of
- parent resource. \n When the parent resource is a Gateway,
- this targets all listeners listening on the specified
- port that also support this kind of Route(and select this
- Route). It's not recommended to set `Port` unless the
- networking behaviors specified in a Route must apply to
- a specific port as opposed to a listener(s) whose port(s)
- may be changed. When both Port and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. \n When the parent resource is
- a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are
- specified, the name and port of the selected port must
- match both specified values. \n Implementations MAY choose
- to support other parent resources. Implementations supporting
- other types of parent resources MUST clearly document
- how/if Port is interpreted. \n For the purpose of status,
- an attachment is considered successful as long as the
- parent resource accepts it partially. For example, Gateway
- listeners can restrict which Routes can attach to them
- by Route kind, namespace, or hostname. If 1 of 2 Gateway
- listeners accept attachment from the referencing Route,
- the Route MUST be considered successfully attached. If
- no Gateway listeners accept attachment from this Route,
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
- \n Support: Extended \n "
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within
- the target resource. In the following resources, SectionName
- is interpreted as the following: \n * Gateway: Listener
- Name. When both Port (experimental) and SectionName are
- specified, the name and port of the selected listener
- must match both specified values. * Service: Port Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services
- as Parents is part of experimental Mesh support and is
- not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this
- will reference the entire resource. For the purpose of
- status, an attachment is considered successful if at least
- one section in the parent resource accepts it. For example,
- Gateway listeners can restrict which Routes can attach
- to them by Route kind, namespace, or hostname. If 1 of
- 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway.
- \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -10438,8 +16600,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
name: tlsroutes.gateway.networking.k8s.io
@@ -10461,21 +16623,29 @@ spec:
name: v1alpha2
schema:
openAPIV3Schema:
- description: "The TLSRoute resource is similar to TCPRoute, but can be configured
- to match against TLS-specific metadata. This allows more flexibility in
- matching streams for a given TLS listener. \n If you need to forward traffic
- to a single target for a TLS listener, you could choose to use a TCPRoute
- with a TLS listener."
+ description: |-
+ The TLSRoute resource is similar to TCPRoute, but can be configured
+ to match against TLS-specific metadata. This allows more flexibility
+ in matching streams for a given TLS listener.
+
+
+ If you need to forward traffic to a single target for a TLS listener, you
+ could choose to use a TCPRoute with a TLS listener.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -10483,43 +16653,65 @@ spec:
description: Spec defines the desired state of TLSRoute.
properties:
hostnames:
- description: "Hostnames defines a set of SNI names that should match
- against the SNI attribute of TLS ClientHello message in TLS handshake.
- This matches the RFC 1123 definition of a hostname with 2 notable
- exceptions: \n 1. IPs are not allowed in SNI names per RFC 6066.
- 2. A hostname may be prefixed with a wildcard label (`*.`). The
- wildcard label must appear by itself as the first label. \n If a
- hostname is specified by both the Listener and TLSRoute, there must
- be at least one intersecting hostname for the TLSRoute to be attached
- to the Listener. For example: \n * A Listener with `test.example.com`
- as the hostname matches TLSRoutes that have either not specified
- any hostnames, or have specified at least one of `test.example.com`
- or `*.example.com`. * A Listener with `*.example.com` as the hostname
- matches TLSRoutes that have either not specified any hostnames or
- have specified at least one hostname that matches the Listener hostname.
- For example, `test.example.com` and `*.example.com` would both match.
- On the other hand, `example.com` and `test.example.net` would not
- match. \n If both the Listener and TLSRoute have specified hostnames,
- any TLSRoute hostnames that do not match the Listener hostname MUST
- be ignored. For example, if a Listener specified `*.example.com`,
- and the TLSRoute specified `test.example.com` and `test.example.net`,
- `test.example.net` must not be considered for a match. \n If both
- the Listener and TLSRoute have specified hostnames, and none match
- with the criteria above, then the TLSRoute is not accepted. The
- implementation must raise an 'Accepted' Condition with a status
- of `False` in the corresponding RouteParentStatus. \n Support: Core"
+ description: |-
+ Hostnames defines a set of SNI names that should match against the
+ SNI attribute of TLS ClientHello message in TLS handshake. This matches
+ the RFC 1123 definition of a hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed in SNI names per RFC 6066.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label must appear by itself as the first label.
+
+
+ If a hostname is specified by both the Listener and TLSRoute, there
+ must be at least one intersecting hostname for the TLSRoute to be
+ attached to the Listener. For example:
+
+
+ * A Listener with `test.example.com` as the hostname matches TLSRoutes
+ that have either not specified any hostnames, or have specified at
+ least one of `test.example.com` or `*.example.com`.
+ * A Listener with `*.example.com` as the hostname matches TLSRoutes
+ that have either not specified any hostnames or have specified at least
+ one hostname that matches the Listener hostname. For example,
+ `test.example.com` and `*.example.com` would both match. On the other
+ hand, `example.com` and `test.example.net` would not match.
+
+
+ If both the Listener and TLSRoute have specified hostnames, any
+ TLSRoute hostnames that do not match the Listener hostname MUST be
+ ignored. For example, if a Listener specified `*.example.com`, and the
+ TLSRoute specified `test.example.com` and `test.example.net`,
+ `test.example.net` must not be considered for a match.
+
+
+ If both the Listener and TLSRoute have specified hostnames, and none
+ match with the criteria above, then the TLSRoute is not accepted. The
+ implementation must raise an 'Accepted' Condition with a status of
+ `False` in the corresponding RouteParentStatus.
+
+
+ Support: Core
items:
- description: "Hostname is the fully qualified domain name of a network
- host. This matches the RFC 1123 definition of a hostname with
- 2 notable exceptions: \n 1. IPs are not allowed. 2. A hostname
- may be prefixed with a wildcard label (`*.`). The wildcard label
- must appear by itself as the first label. \n Hostname can be \"precise\"
- which is a domain name without the terminating dot of a network
- host (e.g. \"foo.example.com\") or \"wildcard\", which is a domain
- name prefixed with a single wildcard label (e.g. `*.example.com`).
- \n Note that as per RFC1035 and RFC1123, a *label* must consist
- of lower case alphanumeric characters or '-', and must start and
- end with an alphanumeric character. No other punctuation is allowed."
+ description: |-
+ Hostname is the fully qualified domain name of a network host. This matches
+ the RFC 1123 definition of a hostname with 2 notable exceptions:
+
+
+ 1. IPs are not allowed.
+ 2. A hostname may be prefixed with a wildcard label (`*.`). The wildcard
+ label must appear by itself as the first label.
+
+
+ Hostname can be "precise" which is a domain name without the terminating
+ dot of a network host (e.g. "foo.example.com") or "wildcard", which is a
+ domain name prefixed with a single wildcard label (e.g. `*.example.com`).
+
+
+ Note that as per RFC1035 and RFC1123, a *label* must consist of lower case
+ alphanumeric characters or '-', and must start and end with an alphanumeric
+ character. No other punctuation is allowed.
maxLength: 253
minLength: 1
pattern: ^(\*\.)?[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -10527,165 +16719,246 @@ spec:
maxItems: 16
type: array
parentRefs:
- description: "ParentRefs references the resources (usually Gateways)
- that a Route wants to be attached to. Note that the referenced parent
- resource needs to allow this for the attachment to be complete.
- For Gateways, that means the Gateway needs to allow attachment from
- Routes of this kind and namespace. For Services, that means the
- Service must either be in the same namespace for a \"producer\"
- route, or the mesh implementation must support and allow \"consumer\"
- routes for the referenced Service. ReferenceGrant is not applicable
- for governing ParentRefs to Services - it is not possible to create
- a \"producer\" route for a Service in a different namespace from
- the Route. \n There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services only) This
- API may be extended in the future to support additional kinds of
- parent resources. \n ParentRefs must be _distinct_. This means either
- that: \n * They select different objects. If this is the case,
- then parentRef entries are distinct. In terms of fields, this means
- that the multi-part key defined by `group`, `kind`, `namespace`,
- and `name` must be unique across all parentRef entries in the Route.
- * They do not select different objects, but for each optional field
- used, each ParentRef that selects the same object must set the same
- set of optional fields to different values. If one ParentRef sets
- a combination of optional fields, all must set the same combination.
- \n Some examples: \n * If one ParentRef sets `sectionName`, all
- ParentRefs referencing the same object must also set `sectionName`.
+ description: |+
+ ParentRefs references the resources (usually Gateways) that a Route wants
+ to be attached to. Note that the referenced parent resource needs to
+ allow this for the attachment to be complete. For Gateways, that means
+ the Gateway needs to allow attachment from Routes of this kind and
+ namespace. For Services, that means the Service must either be in the same
+ namespace for a "producer" route, or the mesh implementation must support
+ and allow "consumer" routes for the referenced Service. ReferenceGrant is
+ not applicable for governing ParentRefs to Services - it is not possible to
+ create a "producer" route for a Service in a different namespace from the
+ Route.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ ParentRefs must be _distinct_. This means either that:
+
+
+ * They select different objects. If this is the case, then parentRef
+ entries are distinct. In terms of fields, this means that the
+ multi-part key defined by `group`, `kind`, `namespace`, and `name` must
+ be unique across all parentRef entries in the Route.
+ * They do not select different objects, but for each optional field used,
+ each ParentRef that selects the same object must set the same set of
+ optional fields to different values. If one ParentRef sets a
+ combination of optional fields, all must set the same combination.
+
+
+ Some examples:
+
+
+ * If one ParentRef sets `sectionName`, all ParentRefs referencing the
+ same object must also set `sectionName`.
* If one ParentRef sets `port`, all ParentRefs referencing the same
- object must also set `port`. * If one ParentRef sets `sectionName`
- and `port`, all ParentRefs referencing the same object must also
- set `sectionName` and `port`. \n It is possible to separately reference
- multiple distinct objects that may be collapsed by an implementation.
- For example, some implementations may choose to merge compatible
- Gateway Listeners together. If that is the case, the list of routes
- attached to those resources should also be merged. \n Note that
- for ParentRefs that cross namespace boundaries, there are specific
+ object must also set `port`.
+ * If one ParentRef sets `sectionName` and `port`, all ParentRefs
+ referencing the same object must also set `sectionName` and `port`.
+
+
+ It is possible to separately reference multiple distinct objects that may
+ be collapsed by an implementation. For example, some implementations may
+ choose to merge compatible Gateway Listeners together. If that is the
+ case, the list of routes attached to those resources should also be
+ merged.
+
+
+ Note that for ParentRefs that cross namespace boundaries, there are specific
rules. Cross-namespace references are only valid if they are explicitly
- allowed by something in the namespace they are referring to. For
- example, Gateway has the AllowedRoutes field, and ReferenceGrant
- provides a generic way to enable other kinds of cross-namespace
- reference. \n ParentRefs from a Route to a Service in the same
- namespace are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service. \n ParentRefs
- from a Route to a Service in a different namespace are \"consumer\"
- routes, and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for which the
- intended destination of the connections are a Service targeted as
- a ParentRef of the Route. \n "
+ allowed by something in the namespace they are referring to. For example,
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable other kinds of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+
+
+
items:
- description: "ParentReference identifies an API object (usually
- a Gateway) that can be considered a parent of this resource (usually
- a route). There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service
- (Mesh conformance profile, experimental, ClusterIP Services only)
- \n This API may be extended in the future to support additional
- kinds of parent resources. \n The API object must be valid in
- the cluster; the Group and Kind must be registered in the cluster
- for this reference to be valid."
+ description: |-
+ ParentReference identifies an API object (usually a Gateway) that can be considered
+ a parent of this resource (usually a route). There are two kinds of parent resources
+ with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the core
- API group (such as for a \"Service\" kind referent), Group
- must be explicitly set to \"\" (empty string). \n Support:
- Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are two
- kinds of parent resources with \"Core\" support: \n * Gateway
- (Gateway conformance profile) * Service (Mesh conformance
- profile, experimental, ClusterIP Services only) \n Support
- for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent. When
- unspecified, this refers to the local namespace of the Route.
- \n Note that there are specific rules for ParentRefs which
- cross namespace boundaries. Cross-namespace references are
- only valid if they are explicitly allowed by something in
- the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides a
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
- \n ParentRefs from a Route to a Service in the same namespace
- are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service.
- \n ParentRefs from a Route to a Service in a different namespace
- are \"consumer\" routes, and these routing rules are only
- applied to outbound connections originating from the same
- namespace as the Route, for which the intended destination
- of the connections are a Service targeted as a ParentRef of
- the Route. \n Support: Core"
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets. It
- can be interpreted differently based on the type of parent
- resource. \n When the parent resource is a Gateway, this targets
- all listeners listening on the specified port that also support
- this kind of Route(and select this Route). It's not recommended
- to set `Port` unless the networking behaviors specified in
- a Route must apply to a specific port as opposed to a listener(s)
- whose port(s) may be changed. When both Port and SectionName
- are specified, the name and port of the selected listener
- must match both specified values. \n When the parent resource
- is a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are specified,
- the name and port of the selected port must match both specified
- values. \n Implementations MAY choose to support other parent
- resources. Implementations supporting other types of parent
- resources MUST clearly document how/if Port is interpreted.
- \n For the purpose of status, an attachment is considered
- successful as long as the parent resource accepts it partially.
- For example, Gateway listeners can restrict which Routes can
- attach to them by Route kind, namespace, or hostname. If 1
- of 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway. \n
- Support: Extended \n "
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within the
- target resource. In the following resources, SectionName is
- interpreted as the following: \n * Gateway: Listener Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match both
- specified values. * Service: Port Name. When both Port (experimental)
- and SectionName are specified, the name and port of the selected
- listener must match both specified values. Note that attaching
- Routes to Services as Parents is part of experimental Mesh
- support and is not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this will
- reference the entire resource. For the purpose of status,
- an attachment is considered successful if at least one section
- in the parent resource accepts it. For example, Gateway listeners
- can restrict which Routes can attach to them by Route kind,
- namespace, or hostname. If 1 of 2 Gateway listeners accept
- attachment from the referencing Route, the Route MUST be considered
- successfully attached. If no Gateway listeners accept attachment
- from this Route, the Route MUST be considered detached from
- the Gateway. \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -10724,65 +16997,97 @@ spec:
description: TLSRouteRule is the configuration for a given rule.
properties:
backendRefs:
- description: "BackendRefs defines the backend(s) where matching
- requests should be sent. If unspecified or invalid (refers
- to a non-existent resource or a Service with no endpoints),
- the rule performs no forwarding; if no filters are specified
- that would result in a response being sent, the underlying
- implementation must actively reject request attempts to this
- backend, by rejecting the connection or returning a 500 status
- code. Request rejections must respect weight; if an invalid
- backend is requested to have 80% of requests, then 80% of
- requests must be rejected instead. \n Support: Core for Kubernetes
- Service \n Support: Extended for Kubernetes ServiceImport
- \n Support: Implementation-specific for any other resource
- \n Support for weight: Extended"
+ description: |-
+ BackendRefs defines the backend(s) where matching requests should be
+ sent. If unspecified or invalid (refers to a non-existent resource or
+ a Service with no endpoints), the rule performs no forwarding; if no
+ filters are specified that would result in a response being sent, the
+ underlying implementation must actively reject request attempts to this
+ backend, by rejecting the connection or returning a 500 status code.
+ Request rejections must respect weight; if an invalid backend is
+ requested to have 80% of requests, then 80% of requests must be rejected
+ instead.
+
+
+ Support: Core for Kubernetes Service
+
+
+ Support: Extended for Kubernetes ServiceImport
+
+
+ Support: Implementation-specific for any other resource
+
+
+ Support for weight: Extended
items:
- description: "BackendRef defines how a Route should forward
- a request to a Kubernetes resource. \n Note that when a
- namespace different than the local namespace is specified,
- a ReferenceGrant object is required in the referent namespace
- to allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details. \n
- \n When the BackendRef points to a Kubernetes Service, implementations
- SHOULD honor the appProtocol field if it is set for the
- target Service Port. \n Implementations supporting appProtocol
- SHOULD recognize the Kubernetes Standard Application Protocols
- defined in KEP-3726. \n If a Service appProtocol isn't specified,
- an implementation MAY infer the backend protocol through
- its own means. Implementations MAY infer the protocol from
- the Route type referring to the backend Service. \n If a
- Route is not able to send traffic to the backend using the
- specified protocol then the backend is considered invalid.
- Implementations MUST set the \"ResolvedRefs\" condition
- to \"False\" with the \"UnsupportedProtocol\" reason. \n
- \n Note that when the
- BackendTLSPolicy object is enabled by the implementation,
- there are some extra rules about validity to consider here.
- See the fields where this struct is used for more information
- about the exact behavior."
+ description: |-
+ BackendRef defines how a Route should forward a request to a Kubernetes
+ resource.
+
+
+ Note that when a namespace different than the local namespace is specified, a
+ ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+
+
+
+ When the BackendRef points to a Kubernetes Service, implementations SHOULD
+ honor the appProtocol field if it is set for the target Service Port.
+
+
+ Implementations supporting appProtocol SHOULD recognize the Kubernetes
+ Standard Application Protocols defined in KEP-3726.
+
+
+ If a Service appProtocol isn't specified, an implementation MAY infer the
+ backend protocol through its own means. Implementations MAY infer the
+ protocol from the Route type referring to the backend Service.
+
+
+ If a Route is not able to send traffic to the backend using the specified
+ protocol then the backend is considered invalid. Implementations MUST set the
+ "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
+
+
+
+
+
+ Note that when the BackendTLSPolicy object is enabled by the implementation,
+ there are some extra rules about validity to consider here. See the fields
+ where this struct is used for more information about the exact behavior.
properties:
group:
default: ""
- description: Group is the group of the referent. For example,
- "gateway.networking.k8s.io". When unspecified or empty
- string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource kind of
- the referent. For example \"Service\". \n Defaults to
- \"Service\" when not specified. \n ExternalName services
- can refer to CNAME DNS records that may live outside
- of the cluster and as such are difficult to reason about
- in terms of conformance. They also may not be safe to
- forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName Services.
- \n Support: Core (Services with a type other than ExternalName)
- \n Support: Implementation-specific (Services with type
- ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -10793,43 +17098,51 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the backend.
- When unspecified, the local namespace is inferred. \n
- Note that when a namespace different than the local
- namespace is specified, a ReferenceGrant object is required
- in the referent namespace to allow that namespace's
- owner to accept the reference. See the ReferenceGrant
- documentation for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port number
- to use for this resource. Port is required when the
- referent is a Kubernetes Service. In this case, the
- port number is the service port number, not the target
- port. For other resources, destination port might be
- derived from the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
weight:
default: 1
- description: "Weight specifies the proportion of requests
- forwarded to the referenced backend. This is computed
- as weight/(sum of all weights in this BackendRefs list).
- For non-zero values, there may be some epsilon from
- the exact proportion defined here depending on the precision
- an implementation supports. Weight is not a percentage
- and the sum of weights does not need to equal 100. \n
- If only one backend is specified and it has a weight
- greater than 0, 100% of the traffic is forwarded to
- that backend. If weight is set to 0, no traffic should
- be forwarded for this entry. If unspecified, weight
- defaults to 1. \n Support for this field varies based
- on the context where used."
+ description: |-
+ Weight specifies the proportion of requests forwarded to the referenced
+ backend. This is computed as weight/(sum of all weights in this
+ BackendRefs list). For non-zero values, there may be some epsilon from
+ the exact proportion defined here depending on the precision an
+ implementation supports. Weight is not a percentage and the sum of
+ weights does not need to equal 100.
+
+
+ If only one backend is specified and it has a weight greater than 0, 100%
+ of the traffic is forwarded to that backend. If weight is set to 0, no
+ traffic should be forwarded for this entry. If unspecified, weight
+ defaults to 1.
+
+
+ Support for this field varies based on the context where used.
format: int32
maximum: 1000000
minimum: 0
@@ -10855,81 +17168,94 @@ spec:
description: Status defines the current state of TLSRoute.
properties:
parents:
- description: "Parents is a list of parent resources (usually Gateways)
- that are associated with the route, and the status of the route
- with respect to each parent. When this route attaches to a parent,
- the controller that manages the parent must add an entry to this
- list when the controller first sees the route and should update
- the entry as appropriate when the route or gateway is modified.
- \n Note that parent references that cannot be resolved by an implementation
- of this API will not be added to this list. Implementations of this
- API can only populate Route status for the Gateways/parent resources
- they are responsible for. \n A maximum of 32 Gateways will be represented
- in this list. An empty list means the route has not been attached
- to any Gateway."
+ description: |-
+ Parents is a list of parent resources (usually Gateways) that are
+ associated with the route, and the status of the route with respect to
+ each parent. When this route attaches to a parent, the controller that
+ manages the parent must add an entry to this list when the controller
+ first sees the route and should update the entry as appropriate when the
+ route or gateway is modified.
+
+
+ Note that parent references that cannot be resolved by an implementation
+ of this API will not be added to this list. Implementations of this API
+ can only populate Route status for the Gateways/parent resources they are
+ responsible for.
+
+
+ A maximum of 32 Gateways will be represented in this list. An empty list
+ means the route has not been attached to any Gateway.
items:
- description: RouteParentStatus describes the status of a route with
- respect to an associated Parent.
+ description: |-
+ RouteParentStatus describes the status of a route with respect to an
+ associated Parent.
properties:
conditions:
- description: "Conditions describes the status of the route with
- respect to the Gateway. Note that the route's availability
- is also subject to the Gateway's own status conditions and
- listener status. \n If the Route's ParentRef specifies an
- existing Gateway that supports Routes of this kind AND that
- Gateway's controller has sufficient access, then that Gateway's
- controller MUST set the \"Accepted\" condition on the Route,
- to indicate whether the route has been accepted or rejected
- by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
- if at least one of the Route's rules is implemented by the
- Gateway. \n There are a number of cases where the \"Accepted\"
- condition may not be set due to lack of controller visibility,
- that includes when: \n * The Route refers to a non-existent
- parent. * The Route is of a type that the controller does
- not support. * The Route is in a namespace the controller
- does not have access to."
+ description: |-
+ Conditions describes the status of the route with respect to the Gateway.
+ Note that the route's availability is also subject to the Gateway's own
+ status conditions and listener status.
+
+
+ If the Route's ParentRef specifies an existing Gateway that supports
+ Routes of this kind AND that Gateway's controller has sufficient access,
+ then that Gateway's controller MUST set the "Accepted" condition on the
+ Route, to indicate whether the route has been accepted or rejected by the
+ Gateway, and why.
+
+
+ A Route MUST be considered "Accepted" if at least one of the Route's
+ rules is implemented by the Gateway.
+
+
+ There are a number of cases where the "Accepted" condition may not be set
+ due to lack of controller visibility, that includes when:
+
+
+ * The Route refers to a non-existent parent.
+ * The Route is of a type that the controller does not support.
+ * The Route is in a namespace the controller does not have access to.
items:
description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
+ the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -10943,12 +17269,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -10966,131 +17292,175 @@ spec:
- type
x-kubernetes-list-type: map
controllerName:
- description: "ControllerName is a domain/path string that indicates
- the name of the controller that wrote this status. This corresponds
- with the controllerName field on GatewayClass. \n Example:
- \"example.net/gateway-controller\". \n The format of this
- field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
- Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- \n Controllers MUST populate this field when writing status.
- Controllers should ensure that entries to status populated
- with their ControllerName are cleaned up when they are no
- longer necessary."
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
- description: ParentRef corresponds with a ParentRef in the spec
- that this RouteParentStatus struct describes the status of.
+ description: |-
+ ParentRef corresponds with a ParentRef in the spec that this
+ RouteParentStatus struct describes the status of.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the
- core API group (such as for a \"Service\" kind referent),
- Group must be explicitly set to \"\" (empty string). \n
- Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are
- two kinds of parent resources with \"Core\" support: \n
- * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services
- only) \n Support for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent.
- When unspecified, this refers to the local namespace of
- the Route. \n Note that there are specific rules for ParentRefs
- which cross namespace boundaries. Cross-namespace references
- are only valid if they are explicitly allowed by something
- in the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides
- a generic way to enable any other kind of cross-namespace
- reference. \n ParentRefs from a Route to a Service in
- the same namespace are \"producer\" routes, which apply
- default routing rules to inbound connections from any
- namespace to the Service. \n ParentRefs from a Route to
- a Service in a different namespace are \"consumer\" routes,
- and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for
- which the intended destination of the connections are
- a Service targeted as a ParentRef of the Route. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets.
- It can be interpreted differently based on the type of
- parent resource. \n When the parent resource is a Gateway,
- this targets all listeners listening on the specified
- port that also support this kind of Route(and select this
- Route). It's not recommended to set `Port` unless the
- networking behaviors specified in a Route must apply to
- a specific port as opposed to a listener(s) whose port(s)
- may be changed. When both Port and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. \n When the parent resource is
- a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are
- specified, the name and port of the selected port must
- match both specified values. \n Implementations MAY choose
- to support other parent resources. Implementations supporting
- other types of parent resources MUST clearly document
- how/if Port is interpreted. \n For the purpose of status,
- an attachment is considered successful as long as the
- parent resource accepts it partially. For example, Gateway
- listeners can restrict which Routes can attach to them
- by Route kind, namespace, or hostname. If 1 of 2 Gateway
- listeners accept attachment from the referencing Route,
- the Route MUST be considered successfully attached. If
- no Gateway listeners accept attachment from this Route,
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
- \n Support: Extended \n "
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within
- the target resource. In the following resources, SectionName
- is interpreted as the following: \n * Gateway: Listener
- Name. When both Port (experimental) and SectionName are
- specified, the name and port of the selected listener
- must match both specified values. * Service: Port Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services
- as Parents is part of experimental Mesh support and is
- not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this
- will reference the entire resource. For the purpose of
- status, an attachment is considered successful if at least
- one section in the parent resource accepts it. For example,
- Gateway listeners can restrict which Routes can attach
- to them by Route kind, namespace, or hostname. If 1 of
- 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway.
- \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -11128,8 +17498,8 @@ apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
annotations:
- api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2466
- gateway.networking.k8s.io/bundle-version: v1.0.0
+ api-approved.kubernetes.io: https://github.com/kubernetes-sigs/gateway-api/pull/2997
+ gateway.networking.k8s.io/bundle-version: v1.1.0
gateway.networking.k8s.io/channel: experimental
creationTimestamp: null
name: udproutes.gateway.networking.k8s.io
@@ -11151,19 +17521,25 @@ spec:
name: v1alpha2
schema:
openAPIV3Schema:
- description: UDPRoute provides a way to route UDP traffic. When combined with
- a Gateway listener, it can be used to forward traffic on the port specified
- by the listener to a set of backends specified by the UDPRoute.
+ description: |-
+ UDPRoute provides a way to route UDP traffic. When combined with a Gateway
+ listener, it can be used to forward traffic on the port specified by the
+ listener to a set of backends specified by the UDPRoute.
properties:
apiVersion:
- description: 'APIVersion defines the versioned schema of this representation
- of an object. Servers should convert recognized schemas to the latest
- internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+ description: |-
+ APIVersion defines the versioned schema of this representation of an object.
+ Servers should convert recognized schemas to the latest internal value, and
+ may reject unrecognized values.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
type: string
kind:
- description: 'Kind is a string value representing the REST resource this
- object represents. Servers may infer this from the endpoint the client
- submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+ description: |-
+ Kind is a string value representing the REST resource this object represents.
+ Servers may infer this from the endpoint the client submits requests to.
+ Cannot be updated.
+ In CamelCase.
+ More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
type: string
metadata:
type: object
@@ -11171,165 +17547,246 @@ spec:
description: Spec defines the desired state of UDPRoute.
properties:
parentRefs:
- description: "ParentRefs references the resources (usually Gateways)
- that a Route wants to be attached to. Note that the referenced parent
- resource needs to allow this for the attachment to be complete.
- For Gateways, that means the Gateway needs to allow attachment from
- Routes of this kind and namespace. For Services, that means the
- Service must either be in the same namespace for a \"producer\"
- route, or the mesh implementation must support and allow \"consumer\"
- routes for the referenced Service. ReferenceGrant is not applicable
- for governing ParentRefs to Services - it is not possible to create
- a \"producer\" route for a Service in a different namespace from
- the Route. \n There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services only) This
- API may be extended in the future to support additional kinds of
- parent resources. \n ParentRefs must be _distinct_. This means either
- that: \n * They select different objects. If this is the case,
- then parentRef entries are distinct. In terms of fields, this means
- that the multi-part key defined by `group`, `kind`, `namespace`,
- and `name` must be unique across all parentRef entries in the Route.
- * They do not select different objects, but for each optional field
- used, each ParentRef that selects the same object must set the same
- set of optional fields to different values. If one ParentRef sets
- a combination of optional fields, all must set the same combination.
- \n Some examples: \n * If one ParentRef sets `sectionName`, all
- ParentRefs referencing the same object must also set `sectionName`.
+ description: |+
+ ParentRefs references the resources (usually Gateways) that a Route wants
+ to be attached to. Note that the referenced parent resource needs to
+ allow this for the attachment to be complete. For Gateways, that means
+ the Gateway needs to allow attachment from Routes of this kind and
+ namespace. For Services, that means the Service must either be in the same
+ namespace for a "producer" route, or the mesh implementation must support
+ and allow "consumer" routes for the referenced Service. ReferenceGrant is
+ not applicable for governing ParentRefs to Services - it is not possible to
+ create a "producer" route for a Service in a different namespace from the
+ Route.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ ParentRefs must be _distinct_. This means either that:
+
+
+ * They select different objects. If this is the case, then parentRef
+ entries are distinct. In terms of fields, this means that the
+ multi-part key defined by `group`, `kind`, `namespace`, and `name` must
+ be unique across all parentRef entries in the Route.
+ * They do not select different objects, but for each optional field used,
+ each ParentRef that selects the same object must set the same set of
+ optional fields to different values. If one ParentRef sets a
+ combination of optional fields, all must set the same combination.
+
+
+ Some examples:
+
+
+ * If one ParentRef sets `sectionName`, all ParentRefs referencing the
+ same object must also set `sectionName`.
* If one ParentRef sets `port`, all ParentRefs referencing the same
- object must also set `port`. * If one ParentRef sets `sectionName`
- and `port`, all ParentRefs referencing the same object must also
- set `sectionName` and `port`. \n It is possible to separately reference
- multiple distinct objects that may be collapsed by an implementation.
- For example, some implementations may choose to merge compatible
- Gateway Listeners together. If that is the case, the list of routes
- attached to those resources should also be merged. \n Note that
- for ParentRefs that cross namespace boundaries, there are specific
+ object must also set `port`.
+ * If one ParentRef sets `sectionName` and `port`, all ParentRefs
+ referencing the same object must also set `sectionName` and `port`.
+
+
+ It is possible to separately reference multiple distinct objects that may
+ be collapsed by an implementation. For example, some implementations may
+ choose to merge compatible Gateway Listeners together. If that is the
+ case, the list of routes attached to those resources should also be
+ merged.
+
+
+ Note that for ParentRefs that cross namespace boundaries, there are specific
rules. Cross-namespace references are only valid if they are explicitly
- allowed by something in the namespace they are referring to. For
- example, Gateway has the AllowedRoutes field, and ReferenceGrant
- provides a generic way to enable other kinds of cross-namespace
- reference. \n ParentRefs from a Route to a Service in the same
- namespace are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service. \n ParentRefs
- from a Route to a Service in a different namespace are \"consumer\"
- routes, and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for which the
- intended destination of the connections are a Service targeted as
- a ParentRef of the Route. \n "
+ allowed by something in the namespace they are referring to. For example,
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable other kinds of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+
+
+
items:
- description: "ParentReference identifies an API object (usually
- a Gateway) that can be considered a parent of this resource (usually
- a route). There are two kinds of parent resources with \"Core\"
- support: \n * Gateway (Gateway conformance profile) * Service
- (Mesh conformance profile, experimental, ClusterIP Services only)
- \n This API may be extended in the future to support additional
- kinds of parent resources. \n The API object must be valid in
- the cluster; the Group and Kind must be registered in the cluster
- for this reference to be valid."
+ description: |-
+ ParentReference identifies an API object (usually a Gateway) that can be considered
+ a parent of this resource (usually a route). There are two kinds of parent resources
+ with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ This API may be extended in the future to support additional kinds of parent
+ resources.
+
+
+ The API object must be valid in the cluster; the Group and Kind must
+ be registered in the cluster for this reference to be valid.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the core
- API group (such as for a \"Service\" kind referent), Group
- must be explicitly set to \"\" (empty string). \n Support:
- Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are two
- kinds of parent resources with \"Core\" support: \n * Gateway
- (Gateway conformance profile) * Service (Mesh conformance
- profile, experimental, ClusterIP Services only) \n Support
- for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent. When
- unspecified, this refers to the local namespace of the Route.
- \n Note that there are specific rules for ParentRefs which
- cross namespace boundaries. Cross-namespace references are
- only valid if they are explicitly allowed by something in
- the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides a
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
generic way to enable any other kind of cross-namespace reference.
- \n ParentRefs from a Route to a Service in the same namespace
- are \"producer\" routes, which apply default routing rules
- to inbound connections from any namespace to the Service.
- \n ParentRefs from a Route to a Service in a different namespace
- are \"consumer\" routes, and these routing rules are only
- applied to outbound connections originating from the same
- namespace as the Route, for which the intended destination
- of the connections are a Service targeted as a ParentRef of
- the Route. \n Support: Core"
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets. It
- can be interpreted differently based on the type of parent
- resource. \n When the parent resource is a Gateway, this targets
- all listeners listening on the specified port that also support
- this kind of Route(and select this Route). It's not recommended
- to set `Port` unless the networking behaviors specified in
- a Route must apply to a specific port as opposed to a listener(s)
- whose port(s) may be changed. When both Port and SectionName
- are specified, the name and port of the selected listener
- must match both specified values. \n When the parent resource
- is a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are specified,
- the name and port of the selected port must match both specified
- values. \n Implementations MAY choose to support other parent
- resources. Implementations supporting other types of parent
- resources MUST clearly document how/if Port is interpreted.
- \n For the purpose of status, an attachment is considered
- successful as long as the parent resource accepts it partially.
- For example, Gateway listeners can restrict which Routes can
- attach to them by Route kind, namespace, or hostname. If 1
- of 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway. \n
- Support: Extended \n "
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
+ the Route MUST be considered detached from the Gateway.
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within the
- target resource. In the following resources, SectionName is
- interpreted as the following: \n * Gateway: Listener Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match both
- specified values. * Service: Port Name. When both Port (experimental)
- and SectionName are specified, the name and port of the selected
- listener must match both specified values. Note that attaching
- Routes to Services as Parents is part of experimental Mesh
- support and is not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this will
- reference the entire resource. For the purpose of status,
- an attachment is considered successful if at least one section
- in the parent resource accepts it. For example, Gateway listeners
- can restrict which Routes can attach to them by Route kind,
- namespace, or hostname. If 1 of 2 Gateway listeners accept
- attachment from the referencing Route, the Route MUST be considered
- successfully attached. If no Gateway listeners accept attachment
- from this Route, the Route MUST be considered detached from
- the Gateway. \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
@@ -11368,62 +17825,94 @@ spec:
description: UDPRouteRule is the configuration for a given rule.
properties:
backendRefs:
- description: "BackendRefs defines the backend(s) where matching
- requests should be sent. If unspecified or invalid (refers
- to a non-existent resource or a Service with no endpoints),
- the underlying implementation MUST actively reject connection
- attempts to this backend. Packet drops must respect weight;
- if an invalid backend is requested to have 80% of the packets,
- then 80% of packets must be dropped instead. \n Support: Core
- for Kubernetes Service \n Support: Extended for Kubernetes
- ServiceImport \n Support: Implementation-specific for any
- other resource \n Support for weight: Extended"
+ description: |-
+ BackendRefs defines the backend(s) where matching requests should be
+ sent. If unspecified or invalid (refers to a non-existent resource or a
+ Service with no endpoints), the underlying implementation MUST actively
+ reject connection attempts to this backend. Packet drops must
+ respect weight; if an invalid backend is requested to have 80% of
+ the packets, then 80% of packets must be dropped instead.
+
+
+ Support: Core for Kubernetes Service
+
+
+ Support: Extended for Kubernetes ServiceImport
+
+
+ Support: Implementation-specific for any other resource
+
+
+ Support for weight: Extended
items:
- description: "BackendRef defines how a Route should forward
- a request to a Kubernetes resource. \n Note that when a
- namespace different than the local namespace is specified,
- a ReferenceGrant object is required in the referent namespace
- to allow that namespace's owner to accept the reference.
- See the ReferenceGrant documentation for details. \n
- \n When the BackendRef points to a Kubernetes Service, implementations
- SHOULD honor the appProtocol field if it is set for the
- target Service Port. \n Implementations supporting appProtocol
- SHOULD recognize the Kubernetes Standard Application Protocols
- defined in KEP-3726. \n If a Service appProtocol isn't specified,
- an implementation MAY infer the backend protocol through
- its own means. Implementations MAY infer the protocol from
- the Route type referring to the backend Service. \n If a
- Route is not able to send traffic to the backend using the
- specified protocol then the backend is considered invalid.
- Implementations MUST set the \"ResolvedRefs\" condition
- to \"False\" with the \"UnsupportedProtocol\" reason. \n
- \n Note that when the
- BackendTLSPolicy object is enabled by the implementation,
- there are some extra rules about validity to consider here.
- See the fields where this struct is used for more information
- about the exact behavior."
+ description: |-
+ BackendRef defines how a Route should forward a request to a Kubernetes
+ resource.
+
+
+ Note that when a namespace different than the local namespace is specified, a
+ ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+
+
+
+ When the BackendRef points to a Kubernetes Service, implementations SHOULD
+ honor the appProtocol field if it is set for the target Service Port.
+
+
+ Implementations supporting appProtocol SHOULD recognize the Kubernetes
+ Standard Application Protocols defined in KEP-3726.
+
+
+ If a Service appProtocol isn't specified, an implementation MAY infer the
+ backend protocol through its own means. Implementations MAY infer the
+ protocol from the Route type referring to the backend Service.
+
+
+ If a Route is not able to send traffic to the backend using the specified
+ protocol then the backend is considered invalid. Implementations MUST set the
+ "ResolvedRefs" condition to "False" with the "UnsupportedProtocol" reason.
+
+
+
+
+
+ Note that when the BackendTLSPolicy object is enabled by the implementation,
+ there are some extra rules about validity to consider here. See the fields
+ where this struct is used for more information about the exact behavior.
properties:
group:
default: ""
- description: Group is the group of the referent. For example,
- "gateway.networking.k8s.io". When unspecified or empty
- string, core API group is inferred.
+ description: |-
+ Group is the group of the referent. For example, "gateway.networking.k8s.io".
+ When unspecified or empty string, core API group is inferred.
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Service
- description: "Kind is the Kubernetes resource kind of
- the referent. For example \"Service\". \n Defaults to
- \"Service\" when not specified. \n ExternalName services
- can refer to CNAME DNS records that may live outside
- of the cluster and as such are difficult to reason about
- in terms of conformance. They also may not be safe to
- forward to (see CVE-2021-25740 for more information).
- Implementations SHOULD NOT support ExternalName Services.
- \n Support: Core (Services with a type other than ExternalName)
- \n Support: Implementation-specific (Services with type
- ExternalName)"
+ description: |-
+ Kind is the Kubernetes resource kind of the referent. For example
+ "Service".
+
+
+ Defaults to "Service" when not specified.
+
+
+ ExternalName services can refer to CNAME DNS records that may live
+ outside of the cluster and as such are difficult to reason about in
+ terms of conformance. They also may not be safe to forward to (see
+ CVE-2021-25740 for more information). Implementations SHOULD NOT
+ support ExternalName Services.
+
+
+ Support: Core (Services with a type other than ExternalName)
+
+
+ Support: Implementation-specific (Services with type ExternalName)
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
@@ -11434,43 +17923,51 @@ spec:
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the backend.
- When unspecified, the local namespace is inferred. \n
- Note that when a namespace different than the local
- namespace is specified, a ReferenceGrant object is required
- in the referent namespace to allow that namespace's
- owner to accept the reference. See the ReferenceGrant
- documentation for details. \n Support: Core"
+ description: |-
+ Namespace is the namespace of the backend. When unspecified, the local
+ namespace is inferred.
+
+
+ Note that when a namespace different than the local namespace is specified,
+ a ReferenceGrant object is required in the referent namespace to allow that
+ namespace's owner to accept the reference. See the ReferenceGrant
+ documentation for details.
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: Port specifies the destination port number
- to use for this resource. Port is required when the
- referent is a Kubernetes Service. In this case, the
- port number is the service port number, not the target
- port. For other resources, destination port might be
- derived from the referent resource or this field.
+ description: |-
+ Port specifies the destination port number to use for this resource.
+ Port is required when the referent is a Kubernetes Service. In this
+ case, the port number is the service port number, not the target port.
+ For other resources, destination port might be derived from the referent
+ resource or this field.
format: int32
maximum: 65535
minimum: 1
type: integer
weight:
default: 1
- description: "Weight specifies the proportion of requests
- forwarded to the referenced backend. This is computed
- as weight/(sum of all weights in this BackendRefs list).
- For non-zero values, there may be some epsilon from
- the exact proportion defined here depending on the precision
- an implementation supports. Weight is not a percentage
- and the sum of weights does not need to equal 100. \n
- If only one backend is specified and it has a weight
- greater than 0, 100% of the traffic is forwarded to
- that backend. If weight is set to 0, no traffic should
- be forwarded for this entry. If unspecified, weight
- defaults to 1. \n Support for this field varies based
- on the context where used."
+ description: |-
+ Weight specifies the proportion of requests forwarded to the referenced
+ backend. This is computed as weight/(sum of all weights in this
+ BackendRefs list). For non-zero values, there may be some epsilon from
+ the exact proportion defined here depending on the precision an
+ implementation supports. Weight is not a percentage and the sum of
+ weights does not need to equal 100.
+
+
+ If only one backend is specified and it has a weight greater than 0, 100%
+ of the traffic is forwarded to that backend. If weight is set to 0, no
+ traffic should be forwarded for this entry. If unspecified, weight
+ defaults to 1.
+
+
+ Support for this field varies based on the context where used.
format: int32
maximum: 1000000
minimum: 0
@@ -11496,81 +17993,94 @@ spec:
description: Status defines the current state of UDPRoute.
properties:
parents:
- description: "Parents is a list of parent resources (usually Gateways)
- that are associated with the route, and the status of the route
- with respect to each parent. When this route attaches to a parent,
- the controller that manages the parent must add an entry to this
- list when the controller first sees the route and should update
- the entry as appropriate when the route or gateway is modified.
- \n Note that parent references that cannot be resolved by an implementation
- of this API will not be added to this list. Implementations of this
- API can only populate Route status for the Gateways/parent resources
- they are responsible for. \n A maximum of 32 Gateways will be represented
- in this list. An empty list means the route has not been attached
- to any Gateway."
+ description: |-
+ Parents is a list of parent resources (usually Gateways) that are
+ associated with the route, and the status of the route with respect to
+ each parent. When this route attaches to a parent, the controller that
+ manages the parent must add an entry to this list when the controller
+ first sees the route and should update the entry as appropriate when the
+ route or gateway is modified.
+
+
+ Note that parent references that cannot be resolved by an implementation
+ of this API will not be added to this list. Implementations of this API
+ can only populate Route status for the Gateways/parent resources they are
+ responsible for.
+
+
+ A maximum of 32 Gateways will be represented in this list. An empty list
+ means the route has not been attached to any Gateway.
items:
- description: RouteParentStatus describes the status of a route with
- respect to an associated Parent.
+ description: |-
+ RouteParentStatus describes the status of a route with respect to an
+ associated Parent.
properties:
conditions:
- description: "Conditions describes the status of the route with
- respect to the Gateway. Note that the route's availability
- is also subject to the Gateway's own status conditions and
- listener status. \n If the Route's ParentRef specifies an
- existing Gateway that supports Routes of this kind AND that
- Gateway's controller has sufficient access, then that Gateway's
- controller MUST set the \"Accepted\" condition on the Route,
- to indicate whether the route has been accepted or rejected
- by the Gateway, and why. \n A Route MUST be considered \"Accepted\"
- if at least one of the Route's rules is implemented by the
- Gateway. \n There are a number of cases where the \"Accepted\"
- condition may not be set due to lack of controller visibility,
- that includes when: \n * The Route refers to a non-existent
- parent. * The Route is of a type that the controller does
- not support. * The Route is in a namespace the controller
- does not have access to."
+ description: |-
+ Conditions describes the status of the route with respect to the Gateway.
+ Note that the route's availability is also subject to the Gateway's own
+ status conditions and listener status.
+
+
+ If the Route's ParentRef specifies an existing Gateway that supports
+ Routes of this kind AND that Gateway's controller has sufficient access,
+ then that Gateway's controller MUST set the "Accepted" condition on the
+ Route, to indicate whether the route has been accepted or rejected by the
+ Gateway, and why.
+
+
+ A Route MUST be considered "Accepted" if at least one of the Route's
+ rules is implemented by the Gateway.
+
+
+ There are a number of cases where the "Accepted" condition may not be set
+ due to lack of controller visibility, that includes when:
+
+
+ * The Route refers to a non-existent parent.
+ * The Route is of a type that the controller does not support.
+ * The Route is in a namespace the controller does not have access to.
items:
description: "Condition contains details for one aspect of
- the current state of this API Resource. --- This struct
+ the current state of this API Resource.\n---\nThis struct
is intended for direct use as an array at the field path
- .status.conditions. For example, \n type FooStatus struct{
- // Represents the observations of a foo's current state.
- // Known .status.conditions.type are: \"Available\", \"Progressing\",
- and \"Degraded\" // +patchMergeKey=type // +patchStrategy=merge
- // +listType=map // +listMapKey=type Conditions []metav1.Condition
- `json:\"conditions,omitempty\" patchStrategy:\"merge\" patchMergeKey:\"type\"
- protobuf:\"bytes,1,rep,name=conditions\"` \n // other fields
- }"
+ .status.conditions. For example,\n\n\n\ttype FooStatus
+ struct{\n\t // Represents the observations of a foo's
+ current state.\n\t // Known .status.conditions.type are:
+ \"Available\", \"Progressing\", and \"Degraded\"\n\t //
+ +patchMergeKey=type\n\t // +patchStrategy=merge\n\t //
+ +listType=map\n\t // +listMapKey=type\n\t Conditions
+ []metav1.Condition `json:\"conditions,omitempty\" patchStrategy:\"merge\"
+ patchMergeKey:\"type\" protobuf:\"bytes,1,rep,name=conditions\"`\n\n\n\t
+ \ // other fields\n\t}"
properties:
lastTransitionTime:
- description: lastTransitionTime is the last time the condition
- transitioned from one status to another. This should
- be when the underlying condition changed. If that is
- not known, then using the time when the API field changed
- is acceptable.
+ description: |-
+ lastTransitionTime is the last time the condition transitioned from one status to another.
+ This should be when the underlying condition changed. If that is not known, then using the time when the API field changed is acceptable.
format: date-time
type: string
message:
- description: message is a human readable message indicating
- details about the transition. This may be an empty string.
+ description: |-
+ message is a human readable message indicating details about the transition.
+ This may be an empty string.
maxLength: 32768
type: string
observedGeneration:
- description: observedGeneration represents the .metadata.generation
- that the condition was set based upon. For instance,
- if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration
- is 9, the condition is out of date with respect to the
- current state of the instance.
+ description: |-
+ observedGeneration represents the .metadata.generation that the condition was set based upon.
+ For instance, if .metadata.generation is currently 12, but the .status.conditions[x].observedGeneration is 9, the condition is out of date
+ with respect to the current state of the instance.
format: int64
minimum: 0
type: integer
reason:
- description: reason contains a programmatic identifier
- indicating the reason for the condition's last transition.
- Producers of specific condition types may define expected
- values and meanings for this field, and whether the
- values are considered a guaranteed API. The value should
- be a CamelCase string. This field may not be empty.
+ description: |-
+ reason contains a programmatic identifier indicating the reason for the condition's last transition.
+ Producers of specific condition types may define expected values and meanings for this field,
+ and whether the values are considered a guaranteed API.
+ The value should be a CamelCase string.
+ This field may not be empty.
maxLength: 1024
minLength: 1
pattern: ^[A-Za-z]([A-Za-z0-9_,:]*[A-Za-z0-9_])?$
@@ -11584,12 +18094,12 @@ spec:
- Unknown
type: string
type:
- description: type of condition in CamelCase or in foo.example.com/CamelCase.
- --- Many .condition.type values are consistent across
- resources like Available, but because arbitrary conditions
- can be useful (see .node.status.conditions), the ability
- to deconflict is important. The regex it matches is
- (dns1123SubdomainFmt/)?(qualifiedNameFmt)
+ description: |-
+ type of condition in CamelCase or in foo.example.com/CamelCase.
+ ---
+ Many .condition.type values are consistent across resources like Available, but because arbitrary conditions can be
+ useful (see .node.status.conditions), the ability to deconflict is important.
+ The regex it matches is (dns1123SubdomainFmt/)?(qualifiedNameFmt)
maxLength: 316
pattern: ^([a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*/)?(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])$
type: string
@@ -11607,131 +18117,175 @@ spec:
- type
x-kubernetes-list-type: map
controllerName:
- description: "ControllerName is a domain/path string that indicates
- the name of the controller that wrote this status. This corresponds
- with the controllerName field on GatewayClass. \n Example:
- \"example.net/gateway-controller\". \n The format of this
- field is DOMAIN \"/\" PATH, where DOMAIN and PATH are valid
- Kubernetes names (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
- \n Controllers MUST populate this field when writing status.
- Controllers should ensure that entries to status populated
- with their ControllerName are cleaned up when they are no
- longer necessary."
+ description: |-
+ ControllerName is a domain/path string that indicates the name of the
+ controller that wrote this status. This corresponds with the
+ controllerName field on GatewayClass.
+
+
+ Example: "example.net/gateway-controller".
+
+
+ The format of this field is DOMAIN "/" PATH, where DOMAIN and PATH are
+ valid Kubernetes names
+ (https://kubernetes.io/docs/concepts/overview/working-with-objects/names/#names).
+
+
+ Controllers MUST populate this field when writing status. Controllers should ensure that
+ entries to status populated with their ControllerName are cleaned up when they are no
+ longer necessary.
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$
type: string
parentRef:
- description: ParentRef corresponds with a ParentRef in the spec
- that this RouteParentStatus struct describes the status of.
+ description: |-
+ ParentRef corresponds with a ParentRef in the spec that this
+ RouteParentStatus struct describes the status of.
properties:
group:
default: gateway.networking.k8s.io
- description: "Group is the group of the referent. When unspecified,
- \"gateway.networking.k8s.io\" is inferred. To set the
- core API group (such as for a \"Service\" kind referent),
- Group must be explicitly set to \"\" (empty string). \n
- Support: Core"
+ description: |-
+ Group is the group of the referent.
+ When unspecified, "gateway.networking.k8s.io" is inferred.
+ To set the core API group (such as for a "Service" kind referent),
+ Group must be explicitly set to "" (empty string).
+
+
+ Support: Core
maxLength: 253
pattern: ^$|^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
type: string
kind:
default: Gateway
- description: "Kind is kind of the referent. \n There are
- two kinds of parent resources with \"Core\" support: \n
- * Gateway (Gateway conformance profile) * Service (Mesh
- conformance profile, experimental, ClusterIP Services
- only) \n Support for other resources is Implementation-Specific."
+ description: |-
+ Kind is kind of the referent.
+
+
+ There are two kinds of parent resources with "Core" support:
+
+
+ * Gateway (Gateway conformance profile)
+ * Service (Mesh conformance profile, ClusterIP Services only)
+
+
+ Support for other resources is Implementation-Specific.
maxLength: 63
minLength: 1
pattern: ^[a-zA-Z]([-a-zA-Z0-9]*[a-zA-Z0-9])?$
type: string
name:
- description: "Name is the name of the referent. \n Support:
- Core"
+ description: |-
+ Name is the name of the referent.
+
+
+ Support: Core
maxLength: 253
minLength: 1
type: string
namespace:
- description: "Namespace is the namespace of the referent.
- When unspecified, this refers to the local namespace of
- the Route. \n Note that there are specific rules for ParentRefs
- which cross namespace boundaries. Cross-namespace references
- are only valid if they are explicitly allowed by something
- in the namespace they are referring to. For example: Gateway
- has the AllowedRoutes field, and ReferenceGrant provides
- a generic way to enable any other kind of cross-namespace
- reference. \n ParentRefs from a Route to a Service in
- the same namespace are \"producer\" routes, which apply
- default routing rules to inbound connections from any
- namespace to the Service. \n ParentRefs from a Route to
- a Service in a different namespace are \"consumer\" routes,
- and these routing rules are only applied to outbound connections
- originating from the same namespace as the Route, for
- which the intended destination of the connections are
- a Service targeted as a ParentRef of the Route. \n Support:
- Core"
+ description: |-
+ Namespace is the namespace of the referent. When unspecified, this refers
+ to the local namespace of the Route.
+
+
+ Note that there are specific rules for ParentRefs which cross namespace
+ boundaries. Cross-namespace references are only valid if they are explicitly
+ allowed by something in the namespace they are referring to. For example:
+ Gateway has the AllowedRoutes field, and ReferenceGrant provides a
+ generic way to enable any other kind of cross-namespace reference.
+
+
+
+ ParentRefs from a Route to a Service in the same namespace are "producer"
+ routes, which apply default routing rules to inbound connections from
+ any namespace to the Service.
+
+
+ ParentRefs from a Route to a Service in a different namespace are
+ "consumer" routes, and these routing rules are only applied to outbound
+ connections originating from the same namespace as the Route, for which
+ the intended destination of the connections are a Service targeted as a
+ ParentRef of the Route.
+
+
+
+ Support: Core
maxLength: 63
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?$
type: string
port:
- description: "Port is the network port this Route targets.
- It can be interpreted differently based on the type of
- parent resource. \n When the parent resource is a Gateway,
- this targets all listeners listening on the specified
- port that also support this kind of Route(and select this
- Route). It's not recommended to set `Port` unless the
- networking behaviors specified in a Route must apply to
- a specific port as opposed to a listener(s) whose port(s)
- may be changed. When both Port and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. \n When the parent resource is
- a Service, this targets a specific port in the Service
- spec. When both Port (experimental) and SectionName are
- specified, the name and port of the selected port must
- match both specified values. \n Implementations MAY choose
- to support other parent resources. Implementations supporting
- other types of parent resources MUST clearly document
- how/if Port is interpreted. \n For the purpose of status,
- an attachment is considered successful as long as the
- parent resource accepts it partially. For example, Gateway
- listeners can restrict which Routes can attach to them
- by Route kind, namespace, or hostname. If 1 of 2 Gateway
- listeners accept attachment from the referencing Route,
- the Route MUST be considered successfully attached. If
- no Gateway listeners accept attachment from this Route,
+ description: |-
+ Port is the network port this Route targets. It can be interpreted
+ differently based on the type of parent resource.
+
+
+ When the parent resource is a Gateway, this targets all listeners
+ listening on the specified port that also support this kind of Route(and
+ select this Route). It's not recommended to set `Port` unless the
+ networking behaviors specified in a Route must apply to a specific port
+ as opposed to a listener(s) whose port(s) may be changed. When both Port
+ and SectionName are specified, the name and port of the selected listener
+ must match both specified values.
+
+
+
+ When the parent resource is a Service, this targets a specific port in the
+ Service spec. When both Port (experimental) and SectionName are specified,
+ the name and port of the selected port must match both specified values.
+
+
+
+ Implementations MAY choose to support other parent resources.
+ Implementations supporting other types of parent resources MUST clearly
+ document how/if Port is interpreted.
+
+
+ For the purpose of status, an attachment is considered successful as
+ long as the parent resource accepts it partially. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment
+ from the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route,
the Route MUST be considered detached from the Gateway.
- \n Support: Extended \n "
+
+
+ Support: Extended
format: int32
maximum: 65535
minimum: 1
type: integer
sectionName:
- description: "SectionName is the name of a section within
- the target resource. In the following resources, SectionName
- is interpreted as the following: \n * Gateway: Listener
- Name. When both Port (experimental) and SectionName are
- specified, the name and port of the selected listener
- must match both specified values. * Service: Port Name.
- When both Port (experimental) and SectionName are specified,
- the name and port of the selected listener must match
- both specified values. Note that attaching Routes to Services
- as Parents is part of experimental Mesh support and is
- not supported for any other purpose. \n Implementations
- MAY choose to support attaching Routes to other resources.
- If that is the case, they MUST clearly document how SectionName
- is interpreted. \n When unspecified (empty string), this
- will reference the entire resource. For the purpose of
- status, an attachment is considered successful if at least
- one section in the parent resource accepts it. For example,
- Gateway listeners can restrict which Routes can attach
- to them by Route kind, namespace, or hostname. If 1 of
- 2 Gateway listeners accept attachment from the referencing
- Route, the Route MUST be considered successfully attached.
- If no Gateway listeners accept attachment from this Route,
- the Route MUST be considered detached from the Gateway.
- \n Support: Core"
+ description: |-
+ SectionName is the name of a section within the target resource. In the
+ following resources, SectionName is interpreted as the following:
+
+
+ * Gateway: Listener name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+ * Service: Port name. When both Port (experimental) and SectionName
+ are specified, the name and port of the selected listener must match
+ both specified values.
+
+
+ Implementations MAY choose to support attaching Routes to other resources.
+ If that is the case, they MUST clearly document how SectionName is
+ interpreted.
+
+
+ When unspecified (empty string), this will reference the entire resource.
+ For the purpose of status, an attachment is considered successful if at
+ least one section in the parent resource accepts it. For example, Gateway
+ listeners can restrict which Routes can attach to them by Route kind,
+ namespace, or hostname. If 1 of 2 Gateway listeners accept attachment from
+ the referencing Route, the Route MUST be considered successfully
+ attached. If no Gateway listeners accept attachment from this Route, the
+ Route MUST be considered detached from the Gateway.
+
+
+ Support: Core
maxLength: 253
minLength: 1
pattern: ^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*$
diff --git a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
index 5edd5a7ca..9e790390b 100644
--- a/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
+++ b/vendor/github.com/emicklei/go-restful/v3/CHANGES.md
@@ -1,5 +1,17 @@
# Change history of go-restful
+
+## [v3.12.0] - 2024-03-11
+- add Flush method #529 (#538)
+- fix: Improper handling of empty POST requests (#543)
+
+## [v3.11.3] - 2024-01-09
+- better not have 2 tags on one commit
+
+## [v3.11.1, v3.11.2] - 2024-01-09
+
+- fix by restoring custom JSON handler functions (Mike Beaumont #540)
+
## [v3.11.0] - 2023-08-19
- restored behavior as <= v3.9.0 with option to change path strategy using TrimRightSlashEnabled.
diff --git a/vendor/github.com/emicklei/go-restful/v3/README.md b/vendor/github.com/emicklei/go-restful/v3/README.md
index 95a05a089..7234604e4 100644
--- a/vendor/github.com/emicklei/go-restful/v3/README.md
+++ b/vendor/github.com/emicklei/go-restful/v3/README.md
@@ -2,7 +2,6 @@ go-restful
==========
package for building REST-style Web Services using Google Go
-[![Build Status](https://travis-ci.org/emicklei/go-restful.png)](https://travis-ci.org/emicklei/go-restful)
[![Go Report Card](https://goreportcard.com/badge/github.com/emicklei/go-restful)](https://goreportcard.com/report/github.com/emicklei/go-restful)
[![GoDoc](https://godoc.org/github.com/emicklei/go-restful?status.svg)](https://pkg.go.dev/github.com/emicklei/go-restful)
[![codecov](https://codecov.io/gh/emicklei/go-restful/branch/master/graph/badge.svg)](https://codecov.io/gh/emicklei/go-restful)
diff --git a/vendor/github.com/emicklei/go-restful/v3/compress.go b/vendor/github.com/emicklei/go-restful/v3/compress.go
index 1ff239f99..80adf55fd 100644
--- a/vendor/github.com/emicklei/go-restful/v3/compress.go
+++ b/vendor/github.com/emicklei/go-restful/v3/compress.go
@@ -49,6 +49,16 @@ func (c *CompressingResponseWriter) CloseNotify() <-chan bool {
return c.writer.(http.CloseNotifier).CloseNotify()
}
+// Flush is part of http.Flusher interface. Noop if the underlying writer doesn't support it.
+func (c *CompressingResponseWriter) Flush() {
+ flusher, ok := c.writer.(http.Flusher)
+ if !ok {
+ // writer doesn't support http.Flusher interface
+ return
+ }
+ flusher.Flush()
+}
+
// Close the underlying compressor
func (c *CompressingResponseWriter) Close() error {
if c.isCompressorClosed() {
diff --git a/vendor/github.com/emicklei/go-restful/v3/jsr311.go b/vendor/github.com/emicklei/go-restful/v3/jsr311.go
index 07a0c91e9..a9b3faaa8 100644
--- a/vendor/github.com/emicklei/go-restful/v3/jsr311.go
+++ b/vendor/github.com/emicklei/go-restful/v3/jsr311.go
@@ -155,7 +155,7 @@ func (r RouterJSR311) detectRoute(routes []Route, httpRequest *http.Request) (*R
method, length := httpRequest.Method, httpRequest.Header.Get("Content-Length")
if (method == http.MethodPost ||
method == http.MethodPut ||
- method == http.MethodPatch) && length == "" {
+ method == http.MethodPatch) && (length == "" || length == "0") {
return nil, NewError(
http.StatusUnsupportedMediaType,
fmt.Sprintf("415: Unsupported Media Type\n\nAvailable representations: %s", strings.Join(available, ", ")),
diff --git a/vendor/github.com/go-openapi/jsonpointer/pointer.go b/vendor/github.com/go-openapi/jsonpointer/pointer.go
index d975773d4..d970c7cf4 100644
--- a/vendor/github.com/go-openapi/jsonpointer/pointer.go
+++ b/vendor/github.com/go-openapi/jsonpointer/pointer.go
@@ -264,7 +264,7 @@ func (p *Pointer) set(node, data any, nameProvider *swag.NameProvider) error {
knd := reflect.ValueOf(node).Kind()
if knd != reflect.Ptr && knd != reflect.Struct && knd != reflect.Map && knd != reflect.Slice && knd != reflect.Array {
- return fmt.Errorf("only structs, pointers, maps and slices are supported for setting values")
+ return errors.New("only structs, pointers, maps and slices are supported for setting values")
}
if nameProvider == nil {
diff --git a/vendor/github.com/go-openapi/swag/BENCHMARK.md b/vendor/github.com/go-openapi/swag/BENCHMARK.md
new file mode 100644
index 000000000..e7f28ed6b
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/BENCHMARK.md
@@ -0,0 +1,52 @@
+# Benchmarks
+
+## Name mangling utilities
+
+```bash
+go test -bench XXX -run XXX -benchtime 30s
+```
+
+### Benchmarks at b3e7a5386f996177e4808f11acb2aa93a0f660df
+
+```
+goos: linux
+goarch: amd64
+pkg: github.com/go-openapi/swag
+cpu: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
+BenchmarkToXXXName/ToGoName-4 862623 44101 ns/op 10450 B/op 732 allocs/op
+BenchmarkToXXXName/ToVarName-4 853656 40728 ns/op 10468 B/op 734 allocs/op
+BenchmarkToXXXName/ToFileName-4 1268312 27813 ns/op 9785 B/op 617 allocs/op
+BenchmarkToXXXName/ToCommandName-4 1276322 27903 ns/op 9785 B/op 617 allocs/op
+BenchmarkToXXXName/ToHumanNameLower-4 895334 40354 ns/op 10472 B/op 731 allocs/op
+BenchmarkToXXXName/ToHumanNameTitle-4 882441 40678 ns/op 10566 B/op 749 allocs/op
+```
+
+### Benchmarks after PR #79
+
+~ x10 performance improvement and ~ /100 memory allocations.
+
+```
+goos: linux
+goarch: amd64
+pkg: github.com/go-openapi/swag
+cpu: Intel(R) Core(TM) i5-6200U CPU @ 2.30GHz
+BenchmarkToXXXName/ToGoName-4 9595830 3991 ns/op 42 B/op 5 allocs/op
+BenchmarkToXXXName/ToVarName-4 9194276 3984 ns/op 62 B/op 7 allocs/op
+BenchmarkToXXXName/ToFileName-4 17002711 2123 ns/op 147 B/op 7 allocs/op
+BenchmarkToXXXName/ToCommandName-4 16772926 2111 ns/op 147 B/op 7 allocs/op
+BenchmarkToXXXName/ToHumanNameLower-4 9788331 3749 ns/op 92 B/op 6 allocs/op
+BenchmarkToXXXName/ToHumanNameTitle-4 9188260 3941 ns/op 104 B/op 6 allocs/op
+```
+
+```
+goos: linux
+goarch: amd64
+pkg: github.com/go-openapi/swag
+cpu: AMD Ryzen 7 5800X 8-Core Processor
+BenchmarkToXXXName/ToGoName-16 18527378 1972 ns/op 42 B/op 5 allocs/op
+BenchmarkToXXXName/ToVarName-16 15552692 2093 ns/op 62 B/op 7 allocs/op
+BenchmarkToXXXName/ToFileName-16 32161176 1117 ns/op 147 B/op 7 allocs/op
+BenchmarkToXXXName/ToCommandName-16 32256634 1137 ns/op 147 B/op 7 allocs/op
+BenchmarkToXXXName/ToHumanNameLower-16 18599661 1946 ns/op 92 B/op 6 allocs/op
+BenchmarkToXXXName/ToHumanNameTitle-16 17581353 2054 ns/op 105 B/op 6 allocs/op
+```
diff --git a/vendor/github.com/go-openapi/swag/initialism_index.go b/vendor/github.com/go-openapi/swag/initialism_index.go
index 03555184d..20a359bb6 100644
--- a/vendor/github.com/go-openapi/swag/initialism_index.go
+++ b/vendor/github.com/go-openapi/swag/initialism_index.go
@@ -16,9 +16,130 @@ package swag
import (
"sort"
+ "strings"
"sync"
)
+var (
+ // commonInitialisms are common acronyms that are kept as whole uppercased words.
+ commonInitialisms *indexOfInitialisms
+
+ // initialisms is a slice of sorted initialisms
+ initialisms []string
+
+ // a copy of initialisms pre-baked as []rune
+ initialismsRunes [][]rune
+ initialismsUpperCased [][]rune
+
+ isInitialism func(string) bool
+
+ maxAllocMatches int
+)
+
+func init() {
+ // Taken from https://github.com/golang/lint/blob/3390df4df2787994aea98de825b964ac7944b817/lint.go#L732-L769
+ configuredInitialisms := map[string]bool{
+ "ACL": true,
+ "API": true,
+ "ASCII": true,
+ "CPU": true,
+ "CSS": true,
+ "DNS": true,
+ "EOF": true,
+ "GUID": true,
+ "HTML": true,
+ "HTTPS": true,
+ "HTTP": true,
+ "ID": true,
+ "IP": true,
+ "IPv4": true,
+ "IPv6": true,
+ "JSON": true,
+ "LHS": true,
+ "OAI": true,
+ "QPS": true,
+ "RAM": true,
+ "RHS": true,
+ "RPC": true,
+ "SLA": true,
+ "SMTP": true,
+ "SQL": true,
+ "SSH": true,
+ "TCP": true,
+ "TLS": true,
+ "TTL": true,
+ "UDP": true,
+ "UI": true,
+ "UID": true,
+ "UUID": true,
+ "URI": true,
+ "URL": true,
+ "UTF8": true,
+ "VM": true,
+ "XML": true,
+ "XMPP": true,
+ "XSRF": true,
+ "XSS": true,
+ }
+
+ // a thread-safe index of initialisms
+ commonInitialisms = newIndexOfInitialisms().load(configuredInitialisms)
+ initialisms = commonInitialisms.sorted()
+ initialismsRunes = asRunes(initialisms)
+ initialismsUpperCased = asUpperCased(initialisms)
+ maxAllocMatches = maxAllocHeuristic(initialismsRunes)
+
+ // a test function
+ isInitialism = commonInitialisms.isInitialism
+}
+
+func asRunes(in []string) [][]rune {
+ out := make([][]rune, len(in))
+ for i, initialism := range in {
+ out[i] = []rune(initialism)
+ }
+
+ return out
+}
+
+func asUpperCased(in []string) [][]rune {
+ out := make([][]rune, len(in))
+
+ for i, initialism := range in {
+ out[i] = []rune(upper(trim(initialism)))
+ }
+
+ return out
+}
+
+func maxAllocHeuristic(in [][]rune) int {
+ heuristic := make(map[rune]int)
+ for _, initialism := range in {
+ heuristic[initialism[0]]++
+ }
+
+ var maxAlloc int
+ for _, val := range heuristic {
+ if val > maxAlloc {
+ maxAlloc = val
+ }
+ }
+
+ return maxAlloc
+}
+
+// AddInitialisms add additional initialisms
+func AddInitialisms(words ...string) {
+ for _, word := range words {
+ // commonInitialisms[upper(word)] = true
+ commonInitialisms.add(upper(word))
+ }
+ // sort again
+ initialisms = commonInitialisms.sorted()
+ initialismsRunes = asRunes(initialisms)
+ initialismsUpperCased = asUpperCased(initialisms)
+}
+
// indexOfInitialisms is a thread-safe implementation of the sorted index of initialisms.
// Since go1.9, this may be implemented with sync.Map.
type indexOfInitialisms struct {
@@ -55,7 +176,7 @@ func (m *indexOfInitialisms) add(key string) *indexOfInitialisms {
func (m *indexOfInitialisms) sorted() (result []string) {
m.sortMutex.Lock()
defer m.sortMutex.Unlock()
- m.index.Range(func(key, value interface{}) bool {
+ m.index.Range(func(key, _ interface{}) bool {
k := key.(string)
result = append(result, k)
return true
@@ -63,3 +184,19 @@ func (m *indexOfInitialisms) sorted() (result []string) {
sort.Sort(sort.Reverse(byInitialism(result)))
return
}
+
+type byInitialism []string
+
+func (s byInitialism) Len() int {
+ return len(s)
+}
+func (s byInitialism) Swap(i, j int) {
+ s[i], s[j] = s[j], s[i]
+}
+func (s byInitialism) Less(i, j int) bool {
+ if len(s[i]) != len(s[j]) {
+ return len(s[i]) < len(s[j])
+ }
+
+ return strings.Compare(s[i], s[j]) > 0
+}
diff --git a/vendor/github.com/go-openapi/swag/name_lexem.go b/vendor/github.com/go-openapi/swag/name_lexem.go
index aa7f6a9bb..8bb64ac32 100644
--- a/vendor/github.com/go-openapi/swag/name_lexem.go
+++ b/vendor/github.com/go-openapi/swag/name_lexem.go
@@ -14,74 +14,80 @@
package swag
-import "unicode"
+import (
+ "unicode"
+ "unicode/utf8"
+)
type (
- nameLexem interface {
- GetUnsafeGoName() string
- GetOriginal() string
- IsInitialism() bool
- }
+ lexemKind uint8
- initialismNameLexem struct {
+ nameLexem struct {
original string
matchedInitialism string
+ kind lexemKind
}
+)
- casualNameLexem struct {
- original string
- }
+const (
+ lexemKindCasualName lexemKind = iota
+ lexemKindInitialismName
)
-func newInitialismNameLexem(original, matchedInitialism string) *initialismNameLexem {
- return &initialismNameLexem{
+func newInitialismNameLexem(original, matchedInitialism string) nameLexem {
+ return nameLexem{
+ kind: lexemKindInitialismName,
original: original,
matchedInitialism: matchedInitialism,
}
}
-func newCasualNameLexem(original string) *casualNameLexem {
- return &casualNameLexem{
+func newCasualNameLexem(original string) nameLexem {
+ return nameLexem{
+ kind: lexemKindCasualName,
original: original,
}
}
-func (l *initialismNameLexem) GetUnsafeGoName() string {
- return l.matchedInitialism
-}
+func (l nameLexem) GetUnsafeGoName() string {
+ if l.kind == lexemKindInitialismName {
+ return l.matchedInitialism
+ }
+
+ var (
+ first rune
+ rest string
+ )
-func (l *casualNameLexem) GetUnsafeGoName() string {
- var first rune
- var rest string
for i, orig := range l.original {
if i == 0 {
first = orig
continue
}
+
if i > 0 {
rest = l.original[i:]
break
}
}
+
if len(l.original) > 1 {
- return string(unicode.ToUpper(first)) + lower(rest)
+ b := poolOfBuffers.BorrowBuffer(utf8.UTFMax + len(rest))
+ defer func() {
+ poolOfBuffers.RedeemBuffer(b)
+ }()
+ b.WriteRune(unicode.ToUpper(first))
+ b.WriteString(lower(rest))
+ return b.String()
}
return l.original
}
-func (l *initialismNameLexem) GetOriginal() string {
+func (l nameLexem) GetOriginal() string {
return l.original
}
-func (l *casualNameLexem) GetOriginal() string {
- return l.original
-}
-
-func (l *initialismNameLexem) IsInitialism() bool {
- return true
-}
-
-func (l *casualNameLexem) IsInitialism() bool {
- return false
+func (l nameLexem) IsInitialism() bool {
+ return l.kind == lexemKindInitialismName
}
diff --git a/vendor/github.com/go-openapi/swag/split.go b/vendor/github.com/go-openapi/swag/split.go
index a1825fb7d..274727a86 100644
--- a/vendor/github.com/go-openapi/swag/split.go
+++ b/vendor/github.com/go-openapi/swag/split.go
@@ -15,124 +15,269 @@
package swag
import (
+ "bytes"
+ "sync"
"unicode"
+ "unicode/utf8"
)
-var nameReplaceTable = map[rune]string{
- '@': "At ",
- '&': "And ",
- '|': "Pipe ",
- '$': "Dollar ",
- '!': "Bang ",
- '-': "",
- '_': "",
-}
-
type (
splitter struct {
- postSplitInitialismCheck bool
initialisms []string
+ initialismsRunes [][]rune
+ initialismsUpperCased [][]rune // initialisms cached in their trimmed, upper-cased version
+ postSplitInitialismCheck bool
+ }
+
+ splitterOption func(*splitter)
+
+ initialismMatch struct {
+ body []rune
+ start, end int
+ complete bool
+ }
+ initialismMatches []initialismMatch
+)
+
+type (
+ // memory pools of temporary objects.
+ //
+ // These are used to recycle temporarily allocated objects
+ // and relieve the GC from undue pressure.
+
+ matchesPool struct {
+ *sync.Pool
}
- splitterOption func(*splitter) *splitter
+ buffersPool struct {
+ *sync.Pool
+ }
+
+ lexemsPool struct {
+ *sync.Pool
+ }
+
+ splittersPool struct {
+ *sync.Pool
+ }
)
-// split calls the splitter; splitter provides more control and post options
+var (
+ // poolOfMatches holds temporary slices for recycling during the initialism match process
+ poolOfMatches = matchesPool{
+ Pool: &sync.Pool{
+ New: func() any {
+ s := make(initialismMatches, 0, maxAllocMatches)
+
+ return &s
+ },
+ },
+ }
+
+ poolOfBuffers = buffersPool{
+ Pool: &sync.Pool{
+ New: func() any {
+ return new(bytes.Buffer)
+ },
+ },
+ }
+
+ poolOfLexems = lexemsPool{
+ Pool: &sync.Pool{
+ New: func() any {
+ s := make([]nameLexem, 0, maxAllocMatches)
+
+ return &s
+ },
+ },
+ }
+
+ poolOfSplitters = splittersPool{
+ Pool: &sync.Pool{
+ New: func() any {
+ s := newSplitter()
+
+ return &s
+ },
+ },
+ }
+)
+
+// nameReplaceTable finds a word representation for special characters.
+func nameReplaceTable(r rune) (string, bool) {
+ switch r {
+ case '@':
+ return "At ", true
+ case '&':
+ return "And ", true
+ case '|':
+ return "Pipe ", true
+ case '$':
+ return "Dollar ", true
+ case '!':
+ return "Bang ", true
+ case '-':
+ return "", true
+ case '_':
+ return "", true
+ default:
+ return "", false
+ }
+}
+
+// split calls the splitter.
+//
+// Use newSplitter for more control and options
func split(str string) []string {
- lexems := newSplitter().split(str)
- result := make([]string, 0, len(lexems))
+ s := poolOfSplitters.BorrowSplitter()
+ lexems := s.split(str)
+ result := make([]string, 0, len(*lexems))
- for _, lexem := range lexems {
+ for _, lexem := range *lexems {
result = append(result, lexem.GetOriginal())
}
+ poolOfLexems.RedeemLexems(lexems)
+ poolOfSplitters.RedeemSplitter(s)
return result
}
-func (s *splitter) split(str string) []nameLexem {
- return s.toNameLexems(str)
-}
-
-func newSplitter(options ...splitterOption) *splitter {
- splitter := &splitter{
+func newSplitter(options ...splitterOption) splitter {
+ s := splitter{
postSplitInitialismCheck: false,
initialisms: initialisms,
+ initialismsRunes: initialismsRunes,
+ initialismsUpperCased: initialismsUpperCased,
}
for _, option := range options {
- splitter = option(splitter)
+ option(&s)
}
- return splitter
+ return s
}
// withPostSplitInitialismCheck allows to catch initialisms after main split process
-func withPostSplitInitialismCheck(s *splitter) *splitter {
+func withPostSplitInitialismCheck(s *splitter) {
s.postSplitInitialismCheck = true
+}
+
+func (p matchesPool) BorrowMatches() *initialismMatches {
+ s := p.Get().(*initialismMatches)
+ *s = (*s)[:0] // reset slice, keep allocated capacity
+
return s
}
-type (
- initialismMatch struct {
- start, end int
- body []rune
- complete bool
+func (p buffersPool) BorrowBuffer(size int) *bytes.Buffer {
+ s := p.Get().(*bytes.Buffer)
+ s.Reset()
+
+ if s.Cap() < size {
+ s.Grow(size)
}
- initialismMatches []*initialismMatch
-)
-func (s *splitter) toNameLexems(name string) []nameLexem {
+ return s
+}
+
+func (p lexemsPool) BorrowLexems() *[]nameLexem {
+ s := p.Get().(*[]nameLexem)
+ *s = (*s)[:0] // reset slice, keep allocated capacity
+
+ return s
+}
+
+func (p splittersPool) BorrowSplitter(options ...splitterOption) *splitter {
+ s := p.Get().(*splitter)
+ s.postSplitInitialismCheck = false // reset options
+ for _, apply := range options {
+ apply(s)
+ }
+
+ return s
+}
+
+func (p matchesPool) RedeemMatches(s *initialismMatches) {
+ p.Put(s)
+}
+
+func (p buffersPool) RedeemBuffer(s *bytes.Buffer) {
+ p.Put(s)
+}
+
+func (p lexemsPool) RedeemLexems(s *[]nameLexem) {
+ p.Put(s)
+}
+
+func (p splittersPool) RedeemSplitter(s *splitter) {
+ p.Put(s)
+}
+
+func (m initialismMatch) isZero() bool {
+ return m.start == 0 && m.end == 0
+}
+
+func (s splitter) split(name string) *[]nameLexem {
nameRunes := []rune(name)
matches := s.gatherInitialismMatches(nameRunes)
+ if matches == nil {
+ return poolOfLexems.BorrowLexems()
+ }
+
return s.mapMatchesToNameLexems(nameRunes, matches)
}
-func (s *splitter) gatherInitialismMatches(nameRunes []rune) initialismMatches {
- matches := make(initialismMatches, 0)
+func (s splitter) gatherInitialismMatches(nameRunes []rune) *initialismMatches {
+ var matches *initialismMatches
for currentRunePosition, currentRune := range nameRunes {
- newMatches := make(initialismMatches, 0, len(matches))
+ // recycle these allocations as we loop over runes
+ // with such recycling, only 2 slices should be allocated per call
+ // instead of o(n).
+ newMatches := poolOfMatches.BorrowMatches()
// check current initialism matches
- for _, match := range matches {
- if keepCompleteMatch := match.complete; keepCompleteMatch {
- newMatches = append(newMatches, match)
- continue
- }
+ if matches != nil { // skip first iteration
+ for _, match := range *matches {
+ if keepCompleteMatch := match.complete; keepCompleteMatch {
+ *newMatches = append(*newMatches, match)
+ continue
+ }
- // drop failed match
- currentMatchRune := match.body[currentRunePosition-match.start]
- if !s.initialismRuneEqual(currentMatchRune, currentRune) {
- continue
- }
+ // drop failed match
+ currentMatchRune := match.body[currentRunePosition-match.start]
+ if currentMatchRune != currentRune {
+ continue
+ }
- // try to complete ongoing match
- if currentRunePosition-match.start == len(match.body)-1 {
- // we are close; the next step is to check the symbol ahead
- // if it is a small letter, then it is not the end of match
- // but beginning of the next word
-
- if currentRunePosition < len(nameRunes)-1 {
- nextRune := nameRunes[currentRunePosition+1]
- if newWord := unicode.IsLower(nextRune); newWord {
- // oh ok, it was the start of a new word
- continue
+ // try to complete ongoing match
+ if currentRunePosition-match.start == len(match.body)-1 {
+ // we are close; the next step is to check the symbol ahead
+ // if it is a small letter, then it is not the end of match
+ // but beginning of the next word
+
+ if currentRunePosition < len(nameRunes)-1 {
+ nextRune := nameRunes[currentRunePosition+1]
+ if newWord := unicode.IsLower(nextRune); newWord {
+ // oh ok, it was the start of a new word
+ continue
+ }
}
+
+ match.complete = true
+ match.end = currentRunePosition
}
- match.complete = true
- match.end = currentRunePosition
+ *newMatches = append(*newMatches, match)
}
-
- newMatches = append(newMatches, match)
}
// check for new initialism matches
- for _, initialism := range s.initialisms {
- initialismRunes := []rune(initialism)
- if s.initialismRuneEqual(initialismRunes[0], currentRune) {
- newMatches = append(newMatches, &initialismMatch{
+ for i := range s.initialisms {
+ initialismRunes := s.initialismsRunes[i]
+ if initialismRunes[0] == currentRune {
+ *newMatches = append(*newMatches, initialismMatch{
start: currentRunePosition,
body: initialismRunes,
complete: false,
@@ -140,24 +285,28 @@ func (s *splitter) gatherInitialismMatches(nameRunes []rune) initialismMatches {
}
}
+ if matches != nil {
+ poolOfMatches.RedeemMatches(matches)
+ }
matches = newMatches
}
+ // up to the caller to redeem this last slice
return matches
}
-func (s *splitter) mapMatchesToNameLexems(nameRunes []rune, matches initialismMatches) []nameLexem {
- nameLexems := make([]nameLexem, 0)
+func (s splitter) mapMatchesToNameLexems(nameRunes []rune, matches *initialismMatches) *[]nameLexem {
+ nameLexems := poolOfLexems.BorrowLexems()
- var lastAcceptedMatch *initialismMatch
- for _, match := range matches {
+ var lastAcceptedMatch initialismMatch
+ for _, match := range *matches {
if !match.complete {
continue
}
- if firstMatch := lastAcceptedMatch == nil; firstMatch {
- nameLexems = append(nameLexems, s.breakCasualString(nameRunes[:match.start])...)
- nameLexems = append(nameLexems, s.breakInitialism(string(match.body)))
+ if firstMatch := lastAcceptedMatch.isZero(); firstMatch {
+ s.appendBrokenDownCasualString(nameLexems, nameRunes[:match.start])
+ *nameLexems = append(*nameLexems, s.breakInitialism(string(match.body)))
lastAcceptedMatch = match
@@ -169,63 +318,66 @@ func (s *splitter) mapMatchesToNameLexems(nameRunes []rune, matches initialismMa
}
middle := nameRunes[lastAcceptedMatch.end+1 : match.start]
- nameLexems = append(nameLexems, s.breakCasualString(middle)...)
- nameLexems = append(nameLexems, s.breakInitialism(string(match.body)))
+ s.appendBrokenDownCasualString(nameLexems, middle)
+ *nameLexems = append(*nameLexems, s.breakInitialism(string(match.body)))
lastAcceptedMatch = match
}
// we have not found any accepted matches
- if lastAcceptedMatch == nil {
- return s.breakCasualString(nameRunes)
- }
-
- if lastAcceptedMatch.end+1 != len(nameRunes) {
+ if lastAcceptedMatch.isZero() {
+ *nameLexems = (*nameLexems)[:0]
+ s.appendBrokenDownCasualString(nameLexems, nameRunes)
+ } else if lastAcceptedMatch.end+1 != len(nameRunes) {
rest := nameRunes[lastAcceptedMatch.end+1:]
- nameLexems = append(nameLexems, s.breakCasualString(rest)...)
+ s.appendBrokenDownCasualString(nameLexems, rest)
}
- return nameLexems
-}
+ poolOfMatches.RedeemMatches(matches)
-func (s *splitter) initialismRuneEqual(a, b rune) bool {
- return a == b
+ return nameLexems
}
-func (s *splitter) breakInitialism(original string) nameLexem {
+func (s splitter) breakInitialism(original string) nameLexem {
return newInitialismNameLexem(original, original)
}
-func (s *splitter) breakCasualString(str []rune) []nameLexem {
- segments := make([]nameLexem, 0)
- currentSegment := ""
+func (s splitter) appendBrokenDownCasualString(segments *[]nameLexem, str []rune) {
+ currentSegment := poolOfBuffers.BorrowBuffer(len(str)) // unlike strings.Builder, bytes.Buffer initial storage can reused
+ defer func() {
+ poolOfBuffers.RedeemBuffer(currentSegment)
+ }()
addCasualNameLexem := func(original string) {
- segments = append(segments, newCasualNameLexem(original))
+ *segments = append(*segments, newCasualNameLexem(original))
}
addInitialismNameLexem := func(original, match string) {
- segments = append(segments, newInitialismNameLexem(original, match))
+ *segments = append(*segments, newInitialismNameLexem(original, match))
}
- addNameLexem := func(original string) {
- if s.postSplitInitialismCheck {
- for _, initialism := range s.initialisms {
- if upper(initialism) == upper(original) {
- addInitialismNameLexem(original, initialism)
+ var addNameLexem func(string)
+ if s.postSplitInitialismCheck {
+ addNameLexem = func(original string) {
+ for i := range s.initialisms {
+ if isEqualFoldIgnoreSpace(s.initialismsUpperCased[i], original) {
+ addInitialismNameLexem(original, s.initialisms[i])
+
return
}
}
- }
- addCasualNameLexem(original)
+ addCasualNameLexem(original)
+ }
+ } else {
+ addNameLexem = addCasualNameLexem
}
- for _, rn := range string(str) {
- if replace, found := nameReplaceTable[rn]; found {
- if currentSegment != "" {
- addNameLexem(currentSegment)
- currentSegment = ""
+ for _, rn := range str {
+ if replace, found := nameReplaceTable(rn); found {
+ if currentSegment.Len() > 0 {
+ addNameLexem(currentSegment.String())
+ currentSegment.Reset()
}
if replace != "" {
@@ -236,27 +388,121 @@ func (s *splitter) breakCasualString(str []rune) []nameLexem {
}
if !unicode.In(rn, unicode.L, unicode.M, unicode.N, unicode.Pc) {
- if currentSegment != "" {
- addNameLexem(currentSegment)
- currentSegment = ""
+ if currentSegment.Len() > 0 {
+ addNameLexem(currentSegment.String())
+ currentSegment.Reset()
}
continue
}
if unicode.IsUpper(rn) {
- if currentSegment != "" {
- addNameLexem(currentSegment)
+ if currentSegment.Len() > 0 {
+ addNameLexem(currentSegment.String())
}
- currentSegment = ""
+ currentSegment.Reset()
}
- currentSegment += string(rn)
+ currentSegment.WriteRune(rn)
+ }
+
+ if currentSegment.Len() > 0 {
+ addNameLexem(currentSegment.String())
}
+}
+
+// isEqualFoldIgnoreSpace is the same as strings.EqualFold, but
+// it ignores leading and trailing blank spaces in the compared
+// string.
+//
+// base is assumed to be composed of upper-cased runes, and be already
+// trimmed.
+//
+// This code is heavily inspired from strings.EqualFold.
+func isEqualFoldIgnoreSpace(base []rune, str string) bool {
+ var i, baseIndex int
+ // equivalent to b := []byte(str), but without data copy
+ b := hackStringBytes(str)
+
+ for i < len(b) {
+ if c := b[i]; c < utf8.RuneSelf {
+ // fast path for ASCII
+ if c != ' ' && c != '\t' {
+ break
+ }
+ i++
+
+ continue
+ }
+
+ // unicode case
+ r, size := utf8.DecodeRune(b[i:])
+ if !unicode.IsSpace(r) {
+ break
+ }
+ i += size
+ }
+
+ if i >= len(b) {
+ return len(base) == 0
+ }
+
+ for _, baseRune := range base {
+ if i >= len(b) {
+ break
+ }
+
+ if c := b[i]; c < utf8.RuneSelf {
+ // single byte rune case (ASCII)
+ if baseRune >= utf8.RuneSelf {
+ return false
+ }
+
+ baseChar := byte(baseRune)
+ if c != baseChar &&
+ !('a' <= c && c <= 'z' && c-'a'+'A' == baseChar) {
+ return false
+ }
+
+ baseIndex++
+ i++
+
+ continue
+ }
+
+ // unicode case
+ r, size := utf8.DecodeRune(b[i:])
+ if unicode.ToUpper(r) != baseRune {
+ return false
+ }
+ baseIndex++
+ i += size
+ }
+
+ if baseIndex != len(base) {
+ return false
+ }
+
+ // all passed: now we should only have blanks
+ for i < len(b) {
+ if c := b[i]; c < utf8.RuneSelf {
+ // fast path for ASCII
+ if c != ' ' && c != '\t' {
+ return false
+ }
+ i++
+
+ continue
+ }
+
+ // unicode case
+ r, size := utf8.DecodeRune(b[i:])
+ if !unicode.IsSpace(r) {
+ return false
+ }
- if currentSegment != "" {
- addNameLexem(currentSegment)
+ i += size
}
- return segments
+ return true
}
diff --git a/vendor/github.com/go-openapi/swag/string_bytes.go b/vendor/github.com/go-openapi/swag/string_bytes.go
new file mode 100644
index 000000000..90745d5ca
--- /dev/null
+++ b/vendor/github.com/go-openapi/swag/string_bytes.go
@@ -0,0 +1,8 @@
+package swag
+
+import "unsafe"
+
+// hackStringBytes returns the (unsafe) underlying bytes slice of a string.
+func hackStringBytes(str string) []byte {
+ return unsafe.Slice(unsafe.StringData(str), len(str))
+}
diff --git a/vendor/github.com/go-openapi/swag/util.go b/vendor/github.com/go-openapi/swag/util.go
index 0413f7447..5051401c4 100644
--- a/vendor/github.com/go-openapi/swag/util.go
+++ b/vendor/github.com/go-openapi/swag/util.go
@@ -18,76 +18,25 @@ import (
"reflect"
"strings"
"unicode"
+ "unicode/utf8"
)
-// commonInitialisms are common acronyms that are kept as whole uppercased words.
-var commonInitialisms *indexOfInitialisms
-
-// initialisms is a slice of sorted initialisms
-var initialisms []string
-
-var isInitialism func(string) bool
-
// GoNamePrefixFunc sets an optional rule to prefix go names
// which do not start with a letter.
//
+// The prefix function is assumed to return a string that starts with an upper case letter.
+//
// e.g. to help convert "123" into "{prefix}123"
//
// The default is to prefix with "X"
var GoNamePrefixFunc func(string) string
-func init() {
- // Taken from https://github.com/golang/lint/blob/3390df4df2787994aea98de825b964ac7944b817/lint.go#L732-L769
- var configuredInitialisms = map[string]bool{
- "ACL": true,
- "API": true,
- "ASCII": true,
- "CPU": true,
- "CSS": true,
- "DNS": true,
- "EOF": true,
- "GUID": true,
- "HTML": true,
- "HTTPS": true,
- "HTTP": true,
- "ID": true,
- "IP": true,
- "IPv4": true,
- "IPv6": true,
- "JSON": true,
- "LHS": true,
- "OAI": true,
- "QPS": true,
- "RAM": true,
- "RHS": true,
- "RPC": true,
- "SLA": true,
- "SMTP": true,
- "SQL": true,
- "SSH": true,
- "TCP": true,
- "TLS": true,
- "TTL": true,
- "UDP": true,
- "UI": true,
- "UID": true,
- "UUID": true,
- "URI": true,
- "URL": true,
- "UTF8": true,
- "VM": true,
- "XML": true,
- "XMPP": true,
- "XSRF": true,
- "XSS": true,
+func prefixFunc(name, in string) string {
+ if GoNamePrefixFunc == nil {
+ return "X" + in
}
- // a thread-safe index of initialisms
- commonInitialisms = newIndexOfInitialisms().load(configuredInitialisms)
- initialisms = commonInitialisms.sorted()
-
- // a test function
- isInitialism = commonInitialisms.isInitialism
+ return GoNamePrefixFunc(name) + in
}
const (
@@ -156,22 +105,6 @@ func SplitByFormat(data, format string) []string {
return result
}
-type byInitialism []string
-
-func (s byInitialism) Len() int {
- return len(s)
-}
-func (s byInitialism) Swap(i, j int) {
- s[i], s[j] = s[j], s[i]
-}
-func (s byInitialism) Less(i, j int) bool {
- if len(s[i]) != len(s[j]) {
- return len(s[i]) < len(s[j])
- }
-
- return strings.Compare(s[i], s[j]) > 0
-}
-
// Removes leading whitespaces
func trim(str string) string {
return strings.TrimSpace(str)
@@ -188,15 +121,20 @@ func lower(str string) string {
}
// Camelize an uppercased word
-func Camelize(word string) (camelized string) {
+func Camelize(word string) string {
+ camelized := poolOfBuffers.BorrowBuffer(len(word))
+ defer func() {
+ poolOfBuffers.RedeemBuffer(camelized)
+ }()
+
for pos, ru := range []rune(word) {
if pos > 0 {
- camelized += string(unicode.ToLower(ru))
+ camelized.WriteRune(unicode.ToLower(ru))
} else {
- camelized += string(unicode.ToUpper(ru))
+ camelized.WriteRune(unicode.ToUpper(ru))
}
}
- return
+ return camelized.String()
}
// ToFileName lowercases and underscores a go type name
@@ -224,26 +162,31 @@ func ToCommandName(name string) string {
// ToHumanNameLower represents a code name as a human series of words
func ToHumanNameLower(name string) string {
- in := newSplitter(withPostSplitInitialismCheck).split(name)
- out := make([]string, 0, len(in))
+ s := poolOfSplitters.BorrowSplitter(withPostSplitInitialismCheck)
+ in := s.split(name)
+ poolOfSplitters.RedeemSplitter(s)
+ out := make([]string, 0, len(*in))
- for _, w := range in {
+ for _, w := range *in {
if !w.IsInitialism() {
out = append(out, lower(w.GetOriginal()))
} else {
out = append(out, trim(w.GetOriginal()))
}
}
+ poolOfLexems.RedeemLexems(in)
return strings.Join(out, " ")
}
// ToHumanNameTitle represents a code name as a human series of words with the first letters titleized
func ToHumanNameTitle(name string) string {
- in := newSplitter(withPostSplitInitialismCheck).split(name)
+ s := poolOfSplitters.BorrowSplitter(withPostSplitInitialismCheck)
+ in := s.split(name)
+ poolOfSplitters.RedeemSplitter(s)
- out := make([]string, 0, len(in))
- for _, w := range in {
+ out := make([]string, 0, len(*in))
+ for _, w := range *in {
original := trim(w.GetOriginal())
if !w.IsInitialism() {
out = append(out, Camelize(original))
@@ -251,6 +194,8 @@ func ToHumanNameTitle(name string) string {
out = append(out, original)
}
}
+ poolOfLexems.RedeemLexems(in)
+
return strings.Join(out, " ")
}
@@ -283,35 +228,70 @@ func ToVarName(name string) string {
// ToGoName translates a swagger name which can be underscored or camel cased to a name that golint likes
func ToGoName(name string) string {
- lexems := newSplitter(withPostSplitInitialismCheck).split(name)
+ s := poolOfSplitters.BorrowSplitter(withPostSplitInitialismCheck)
+ lexems := s.split(name)
+ poolOfSplitters.RedeemSplitter(s)
+ defer func() {
+ poolOfLexems.RedeemLexems(lexems)
+ }()
+ lexemes := *lexems
+
+ if len(lexemes) == 0 {
+ return ""
+ }
+
+ result := poolOfBuffers.BorrowBuffer(len(name))
+ defer func() {
+ poolOfBuffers.RedeemBuffer(result)
+ }()
+
+ // check if not starting with a letter, upper case
+ firstPart := lexemes[0].GetUnsafeGoName()
+ if lexemes[0].IsInitialism() {
+ firstPart = upper(firstPart)
+ }
+
+ if c := firstPart[0]; c < utf8.RuneSelf {
+ // ASCII
+ switch {
+ case 'A' <= c && c <= 'Z':
+ result.WriteString(firstPart)
+ case 'a' <= c && c <= 'z':
+ result.WriteByte(c - 'a' + 'A')
+ result.WriteString(firstPart[1:])
+ default:
+ result.WriteString(prefixFunc(name, firstPart))
+ // NOTE: no longer check if prefixFunc returns a string that starts with uppercase:
+ // assume this is always the case
+ }
+ } else {
+ // unicode
+ firstRune, _ := utf8.DecodeRuneInString(firstPart)
+ switch {
+ case !unicode.IsLetter(firstRune):
+ result.WriteString(prefixFunc(name, firstPart))
+ case !unicode.IsUpper(firstRune):
+ result.WriteString(prefixFunc(name, firstPart))
+ /*
+ result.WriteRune(unicode.ToUpper(firstRune))
+ result.WriteString(firstPart[offset:])
+ */
+ default:
+ result.WriteString(firstPart)
+ }
+ }
- result := ""
- for _, lexem := range lexems {
+ for _, lexem := range lexemes[1:] {
goName := lexem.GetUnsafeGoName()
// to support old behavior
if lexem.IsInitialism() {
goName = upper(goName)
}
- result += goName
+ result.WriteString(goName)
}
- if len(result) > 0 {
- // Only prefix with X when the first character isn't an ascii letter
- first := []rune(result)[0]
- if !unicode.IsLetter(first) || (first > unicode.MaxASCII && !unicode.IsUpper(first)) {
- if GoNamePrefixFunc == nil {
- return "X" + result
- }
- result = GoNamePrefixFunc(name) + result
- }
- first = []rune(result)[0]
- if unicode.IsLetter(first) && !unicode.IsUpper(first) {
- result = string(append([]rune{unicode.ToUpper(first)}, []rune(result)[1:]...))
- }
- }
-
- return result
+ return result.String()
}
// ContainsStrings searches a slice of strings for a case-sensitive match
@@ -376,16 +356,6 @@ func IsZero(data interface{}) bool {
}
}
-// AddInitialisms add additional initialisms
-func AddInitialisms(words ...string) {
- for _, word := range words {
- // commonInitialisms[upper(word)] = true
- commonInitialisms.add(upper(word))
- }
- // sort again
- initialisms = commonInitialisms.sorted()
-}
-
// CommandLineOptionsGroup represents a group of user-defined command line options
type CommandLineOptionsGroup struct {
ShortDescription string
diff --git a/vendor/github.com/go-openapi/swag/yaml.go b/vendor/github.com/go-openapi/swag/yaml.go
index a8c4e359e..f59e02593 100644
--- a/vendor/github.com/go-openapi/swag/yaml.go
+++ b/vendor/github.com/go-openapi/swag/yaml.go
@@ -16,6 +16,7 @@ package swag
import (
"encoding/json"
+ "errors"
"fmt"
"path/filepath"
"reflect"
@@ -50,7 +51,7 @@ func BytesToYAMLDoc(data []byte) (interface{}, error) {
return nil, err
}
if document.Kind != yaml.DocumentNode || len(document.Content) != 1 || document.Content[0].Kind != yaml.MappingNode {
- return nil, fmt.Errorf("only YAML documents that are objects are supported")
+ return nil, errors.New("only YAML documents that are objects are supported")
}
return &document, nil
}
diff --git a/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go b/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
new file mode 100644
index 000000000..137cc8df1
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/gcexportdata/gcexportdata.go
@@ -0,0 +1,186 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package gcexportdata provides functions for locating, reading, and
+// writing export data files containing type information produced by the
+// gc compiler. This package supports go1.7 export data format and all
+// later versions.
+//
+// Although it might seem convenient for this package to live alongside
+// go/types in the standard library, this would cause version skew
+// problems for developer tools that use it, since they must be able to
+// consume the outputs of the gc compiler both before and after a Go
+// update such as from Go 1.7 to Go 1.8. Because this package lives in
+// golang.org/x/tools, sites can update their version of this repo some
+// time before the Go 1.8 release and rebuild and redeploy their
+// developer tools, which will then be able to consume both Go 1.7 and
+// Go 1.8 export data files, so they will work before and after the
+// Go update. (See discussion at https://golang.org/issue/15651.)
+package gcexportdata // import "golang.org/x/tools/go/gcexportdata"
+
+import (
+ "bufio"
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "go/token"
+ "go/types"
+ "io"
+ "os/exec"
+
+ "golang.org/x/tools/internal/gcimporter"
+)
+
+// Find returns the name of an object (.o) or archive (.a) file
+// containing type information for the specified import path,
+// using the go command.
+// If no file was found, an empty filename is returned.
+//
+// A relative srcDir is interpreted relative to the current working directory.
+//
+// Find also returns the package's resolved (canonical) import path,
+// reflecting the effects of srcDir and vendoring on importPath.
+//
+// Deprecated: Use the higher-level API in golang.org/x/tools/go/packages,
+// which is more efficient.
+func Find(importPath, srcDir string) (filename, path string) {
+ cmd := exec.Command("go", "list", "-json", "-export", "--", importPath)
+ cmd.Dir = srcDir
+ out, err := cmd.Output()
+ if err != nil {
+ return "", ""
+ }
+ var data struct {
+ ImportPath string
+ Export string
+ }
+ json.Unmarshal(out, &data)
+ return data.Export, data.ImportPath
+}
+
+// NewReader returns a reader for the export data section of an object
+// (.o) or archive (.a) file read from r. The new reader may provide
+// additional trailing data beyond the end of the export data.
+func NewReader(r io.Reader) (io.Reader, error) {
+ buf := bufio.NewReader(r)
+ _, size, err := gcimporter.FindExportData(buf)
+ if err != nil {
+ return nil, err
+ }
+
+ if size >= 0 {
+ // We were given an archive and found the __.PKGDEF in it.
+ // This tells us the size of the export data, and we don't
+ // need to return the entire file.
+ return &io.LimitedReader{
+ R: buf,
+ N: size,
+ }, nil
+ } else {
+ // We were given an object file. As such, we don't know how large
+ // the export data is and must return the entire file.
+ return buf, nil
+ }
+}
+
+// readAll works the same way as io.ReadAll, but avoids allocations and copies
+// by preallocating a byte slice of the necessary size if the size is known up
+// front. This is always possible when the input is an archive. In that case,
+// NewReader will return the known size using an io.LimitedReader.
+func readAll(r io.Reader) ([]byte, error) {
+ if lr, ok := r.(*io.LimitedReader); ok {
+ data := make([]byte, lr.N)
+ _, err := io.ReadFull(lr, data)
+ return data, err
+ }
+ return io.ReadAll(r)
+}
+
+// Read reads export data from in, decodes it, and returns type
+// information for the package.
+//
+// The package path (effectively its linker symbol prefix) is
+// specified by path, since unlike the package name, this information
+// may not be recorded in the export data.
+//
+// File position information is added to fset.
+//
+// Read may inspect and add to the imports map to ensure that references
+// within the export data to other packages are consistent. The caller
+// must ensure that imports[path] does not exist, or exists but is
+// incomplete (see types.Package.Complete), and Read inserts the
+// resulting package into this map entry.
+//
+// On return, the state of the reader is undefined.
+func Read(in io.Reader, fset *token.FileSet, imports map[string]*types.Package, path string) (*types.Package, error) {
+ data, err := readAll(in)
+ if err != nil {
+ return nil, fmt.Errorf("reading export data for %q: %v", path, err)
+ }
+
+ if bytes.HasPrefix(data, []byte("!")) {
+ return nil, fmt.Errorf("can't read export data for %q directly from an archive file (call gcexportdata.NewReader first to extract export data)", path)
+ }
+
+ // The indexed export format starts with an 'i'; the older
+ // binary export format starts with a 'c', 'd', or 'v'
+ // (from "version"). Select appropriate importer.
+ if len(data) > 0 {
+ switch data[0] {
+ case 'v', 'c', 'd': // binary, till go1.10
+ return nil, fmt.Errorf("binary (%c) import format is no longer supported", data[0])
+
+ case 'i': // indexed, till go1.19
+ _, pkg, err := gcimporter.IImportData(fset, imports, data[1:], path)
+ return pkg, err
+
+ case 'u': // unified, from go1.20
+ _, pkg, err := gcimporter.UImportData(fset, imports, data[1:], path)
+ return pkg, err
+
+ default:
+ l := len(data)
+ if l > 10 {
+ l = 10
+ }
+ return nil, fmt.Errorf("unexpected export data with prefix %q for path %s", string(data[:l]), path)
+ }
+ }
+ return nil, fmt.Errorf("empty export data for %s", path)
+}
+
+// Write writes encoded type information for the specified package to out.
+// The FileSet provides file position information for named objects.
+func Write(out io.Writer, fset *token.FileSet, pkg *types.Package) error {
+ if _, err := io.WriteString(out, "i"); err != nil {
+ return err
+ }
+ return gcimporter.IExportData(out, fset, pkg)
+}
+
+// ReadBundle reads an export bundle from in, decodes it, and returns type
+// information for the packages.
+// File position information is added to fset.
+//
+// ReadBundle may inspect and add to the imports map to ensure that references
+// within the export bundle to other packages are consistent.
+//
+// On return, the state of the reader is undefined.
+//
+// Experimental: This API is experimental and may change in the future.
+func ReadBundle(in io.Reader, fset *token.FileSet, imports map[string]*types.Package) ([]*types.Package, error) {
+ data, err := readAll(in)
+ if err != nil {
+ return nil, fmt.Errorf("reading export bundle: %v", err)
+ }
+ return gcimporter.IImportBundle(fset, imports, data)
+}
+
+// WriteBundle writes encoded type information for the specified packages to out.
+// The FileSet provides file position information for named objects.
+//
+// Experimental: This API is experimental and may change in the future.
+func WriteBundle(out io.Writer, fset *token.FileSet, pkgs []*types.Package) error {
+ return gcimporter.IExportBundle(out, fset, pkgs)
+}
diff --git a/vendor/golang.org/x/tools/go/gcexportdata/importer.go b/vendor/golang.org/x/tools/go/gcexportdata/importer.go
new file mode 100644
index 000000000..37a7247e2
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/gcexportdata/importer.go
@@ -0,0 +1,75 @@
+// Copyright 2016 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gcexportdata
+
+import (
+ "fmt"
+ "go/token"
+ "go/types"
+ "os"
+)
+
+// NewImporter returns a new instance of the types.Importer interface
+// that reads type information from export data files written by gc.
+// The Importer also satisfies types.ImporterFrom.
+//
+// Export data files are located using "go build" workspace conventions
+// and the build.Default context.
+//
+// Use this importer instead of go/importer.For("gc", ...) to avoid the
+// version-skew problems described in the documentation of this package,
+// or to control the FileSet or access the imports map populated during
+// package loading.
+//
+// Deprecated: Use the higher-level API in golang.org/x/tools/go/packages,
+// which is more efficient.
+func NewImporter(fset *token.FileSet, imports map[string]*types.Package) types.ImporterFrom {
+ return importer{fset, imports}
+}
+
+type importer struct {
+ fset *token.FileSet
+ imports map[string]*types.Package
+}
+
+func (imp importer) Import(importPath string) (*types.Package, error) {
+ return imp.ImportFrom(importPath, "", 0)
+}
+
+func (imp importer) ImportFrom(importPath, srcDir string, mode types.ImportMode) (_ *types.Package, err error) {
+ filename, path := Find(importPath, srcDir)
+ if filename == "" {
+ if importPath == "unsafe" {
+ // Even for unsafe, call Find first in case
+ // the package was vendored.
+ return types.Unsafe, nil
+ }
+ return nil, fmt.Errorf("can't find import: %s", importPath)
+ }
+
+ if pkg, ok := imp.imports[path]; ok && pkg.Complete() {
+ return pkg, nil // cache hit
+ }
+
+ // open file
+ f, err := os.Open(filename)
+ if err != nil {
+ return nil, err
+ }
+ defer func() {
+ f.Close()
+ if err != nil {
+ // add file name to error
+ err = fmt.Errorf("reading export data: %s: %v", filename, err)
+ }
+ }()
+
+ r, err := NewReader(f)
+ if err != nil {
+ return nil, err
+ }
+
+ return Read(r, imp.fset, imp.imports, path)
+}
diff --git a/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
new file mode 100644
index 000000000..333676b7c
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/internal/packagesdriver/sizes.go
@@ -0,0 +1,53 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package packagesdriver fetches type sizes for go/packages and go/analysis.
+package packagesdriver
+
+import (
+ "context"
+ "fmt"
+ "strings"
+
+ "golang.org/x/tools/internal/gocommand"
+)
+
+func GetSizesForArgsGolist(ctx context.Context, inv gocommand.Invocation, gocmdRunner *gocommand.Runner) (string, string, error) {
+ inv.Verb = "list"
+ inv.Args = []string{"-f", "{{context.GOARCH}} {{context.Compiler}}", "--", "unsafe"}
+ stdout, stderr, friendlyErr, rawErr := gocmdRunner.RunRaw(ctx, inv)
+ var goarch, compiler string
+ if rawErr != nil {
+ rawErrMsg := rawErr.Error()
+ if strings.Contains(rawErrMsg, "cannot find main module") ||
+ strings.Contains(rawErrMsg, "go.mod file not found") {
+ // User's running outside of a module.
+ // All bets are off. Get GOARCH and guess compiler is gc.
+ // TODO(matloob): Is this a problem in practice?
+ inv.Verb = "env"
+ inv.Args = []string{"GOARCH"}
+ envout, enverr := gocmdRunner.Run(ctx, inv)
+ if enverr != nil {
+ return "", "", enverr
+ }
+ goarch = strings.TrimSpace(envout.String())
+ compiler = "gc"
+ } else if friendlyErr != nil {
+ return "", "", friendlyErr
+ } else {
+ // This should be unreachable, but be defensive
+ // in case RunRaw's error results are inconsistent.
+ return "", "", rawErr
+ }
+ } else {
+ fields := strings.Fields(stdout.String())
+ if len(fields) < 2 {
+ return "", "", fmt.Errorf("could not parse GOARCH and Go compiler in format \" \":\nstdout: <<%s>>\nstderr: <<%s>>",
+ stdout.String(), stderr.String())
+ }
+ goarch = fields[0]
+ compiler = fields[1]
+ }
+ return compiler, goarch, nil
+}
diff --git a/vendor/golang.org/x/tools/go/packages/doc.go b/vendor/golang.org/x/tools/go/packages/doc.go
new file mode 100644
index 000000000..a8d7b06ac
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/packages/doc.go
@@ -0,0 +1,250 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+/*
+Package packages loads Go packages for inspection and analysis.
+
+The [Load] function takes as input a list of patterns and returns a
+list of [Package] values describing individual packages matched by those
+patterns.
+A [Config] specifies configuration options, the most important of which is
+the [LoadMode], which controls the amount of detail in the loaded packages.
+
+Load passes most patterns directly to the underlying build tool.
+The default build tool is the go command.
+Its supported patterns are described at
+https://pkg.go.dev/cmd/go#hdr-Package_lists_and_patterns.
+Other build systems may be supported by providing a "driver";
+see [The driver protocol].
+
+All patterns with the prefix "query=", where query is a
+non-empty string of letters from [a-z], are reserved and may be
+interpreted as query operators.
+
+Two query operators are currently supported: "file" and "pattern".
+
+The query "file=path/to/file.go" matches the package or packages enclosing
+the Go source file path/to/file.go. For example "file=~/go/src/fmt/print.go"
+might return the packages "fmt" and "fmt [fmt.test]".
+
+The query "pattern=string" causes "string" to be passed directly to
+the underlying build tool. In most cases this is unnecessary,
+but an application can use Load("pattern=" + x) as an escaping mechanism
+to ensure that x is not interpreted as a query operator if it contains '='.
+
+All other query operators are reserved for future use and currently
+cause Load to report an error.
+
+The Package struct provides basic information about the package, including
+
+ - ID, a unique identifier for the package in the returned set;
+ - GoFiles, the names of the package's Go source files;
+ - Imports, a map from source import strings to the Packages they name;
+ - Types, the type information for the package's exported symbols;
+ - Syntax, the parsed syntax trees for the package's source code; and
+ - TypesInfo, the result of a complete type-check of the package syntax trees.
+
+(See the documentation for type Package for the complete list of fields
+and more detailed descriptions.)
+
+For example,
+
+ Load(nil, "bytes", "unicode...")
+
+returns four Package structs describing the standard library packages
+bytes, unicode, unicode/utf16, and unicode/utf8. Note that one pattern
+can match multiple packages and that a package might be matched by
+multiple patterns: in general it is not possible to determine which
+packages correspond to which patterns.
+
+Note that the list returned by Load contains only the packages matched
+by the patterns. Their dependencies can be found by walking the import
+graph using the Imports fields.
+
+The Load function can be configured by passing a pointer to a Config as
+the first argument. A nil Config is equivalent to the zero Config, which
+causes Load to run in LoadFiles mode, collecting minimal information.
+See the documentation for type Config for details.
+
+As noted earlier, the Config.Mode controls the amount of detail
+reported about the loaded packages. See the documentation for type LoadMode
+for details.
+
+Most tools should pass their command-line arguments (after any flags)
+uninterpreted to [Load], so that it can interpret them
+according to the conventions of the underlying build system.
+
+See the Example function for typical usage.
+
+# The driver protocol
+
+[Load] may be used to load Go packages even in Go projects that use
+alternative build systems, by installing an appropriate "driver"
+program for the build system and specifying its location in the
+GOPACKAGESDRIVER environment variable.
+For example,
+https://github.com/bazelbuild/rules_go/wiki/Editor-and-tool-integration
+explains how to use the driver for Bazel.
+
+The driver program is responsible for interpreting patterns in its
+preferred notation and reporting information about the packages that
+those patterns identify. Drivers must also support the special "file="
+and "pattern=" patterns described above.
+
+The patterns are provided as positional command-line arguments. A
+JSON-encoded [DriverRequest] message providing additional information
+is written to the driver's standard input. The driver must write a
+JSON-encoded [DriverResponse] message to its standard output. (This
+message differs from the JSON schema produced by 'go list'.)
+*/
+package packages // import "golang.org/x/tools/go/packages"
+
+/*
+
+Motivation and design considerations
+
+The new package's design solves problems addressed by two existing
+packages: go/build, which locates and describes packages, and
+golang.org/x/tools/go/loader, which loads, parses and type-checks them.
+The go/build.Package structure encodes too much of the 'go build' way
+of organizing projects, leaving us in need of a data type that describes a
+package of Go source code independent of the underlying build system.
+We wanted something that works equally well with go build and vgo, and
+also other build systems such as Bazel and Blaze, making it possible to
+construct analysis tools that work in all these environments.
+Tools such as errcheck and staticcheck were essentially unavailable to
+the Go community at Google, and some of Google's internal tools for Go
+are unavailable externally.
+This new package provides a uniform way to obtain package metadata by
+querying each of these build systems, optionally supporting their
+preferred command-line notations for packages, so that tools integrate
+neatly with users' build environments. The Metadata query function
+executes an external query tool appropriate to the current workspace.
+
+Loading packages always returns the complete import graph "all the way down",
+even if all you want is information about a single package, because the query
+mechanisms of all the build systems we currently support ({go,vgo} list, and
+blaze/bazel aspect-based query) cannot provide detailed information
+about one package without visiting all its dependencies too, so there is
+no additional asymptotic cost to providing transitive information.
+(This property might not be true of a hypothetical 5th build system.)
+
+In calls to TypeCheck, all initial packages, and any package that
+transitively depends on one of them, must be loaded from source.
+Consider A->B->C->D->E: if A,C are initial, A,B,C must be loaded from
+source; D may be loaded from export data, and E may not be loaded at all
+(though it's possible that D's export data mentions it, so a
+types.Package may be created for it and exposed.)
+
+The old loader had a feature to suppress type-checking of function
+bodies on a per-package basis, primarily intended to reduce the work of
+obtaining type information for imported packages. Now that imports are
+satisfied by export data, the optimization no longer seems necessary.
+
+Despite some early attempts, the old loader did not exploit export data,
+instead always using the equivalent of WholeProgram mode. This was due
+to the complexity of mixing source and export data packages (now
+resolved by the upward traversal mentioned above), and because export data
+files were nearly always missing or stale. Now that 'go build' supports
+caching, all the underlying build systems can guarantee to produce
+export data in a reasonable (amortized) time.
+
+Test "main" packages synthesized by the build system are now reported as
+first-class packages, avoiding the need for clients (such as go/ssa) to
+reinvent this generation logic.
+
+One way in which go/packages is simpler than the old loader is in its
+treatment of in-package tests. In-package tests are packages that
+consist of all the files of the library under test, plus the test files.
+The old loader constructed in-package tests by a two-phase process of
+mutation called "augmentation": first it would construct and type check
+all the ordinary library packages and type-check the packages that
+depend on them; then it would add more (test) files to the package and
+type-check again. This two-phase approach had four major problems:
+1) in processing the tests, the loader modified the library package,
+ leaving no way for a client application to see both the test
+ package and the library package; one would mutate into the other.
+2) because test files can declare additional methods on types defined in
+ the library portion of the package, the dispatch of method calls in
+ the library portion was affected by the presence of the test files.
+ This should have been a clue that the packages were logically
+ different.
+3) this model of "augmentation" assumed at most one in-package test
+ per library package, which is true of projects using 'go build',
+ but not other build systems.
+4) because of the two-phase nature of test processing, all packages that
+ import the library package had to be processed before augmentation,
+ forcing a "one-shot" API and preventing the client from calling Load
+ in several times in sequence as is now possible in WholeProgram mode.
+ (TypeCheck mode has a similar one-shot restriction for a different reason.)
+
+Early drafts of this package supported "multi-shot" operation.
+Although it allowed clients to make a sequence of calls (or concurrent
+calls) to Load, building up the graph of Packages incrementally,
+it was of marginal value: it complicated the API
+(since it allowed some options to vary across calls but not others),
+it complicated the implementation,
+it cannot be made to work in Types mode, as explained above,
+and it was less efficient than making one combined call (when this is possible).
+Among the clients we have inspected, none made multiple calls to load
+but could not be easily and satisfactorily modified to make only a single call.
+However, applications changes may be required.
+For example, the ssadump command loads the user-specified packages
+and in addition the runtime package. It is tempting to simply append
+"runtime" to the user-provided list, but that does not work if the user
+specified an ad-hoc package such as [a.go b.go].
+Instead, ssadump no longer requests the runtime package,
+but seeks it among the dependencies of the user-specified packages,
+and emits an error if it is not found.
+
+Overlays: The Overlay field in the Config allows providing alternate contents
+for Go source files, by providing a mapping from file path to contents.
+go/packages will pull in new imports added in overlay files when go/packages
+is run in LoadImports mode or greater.
+Overlay support for the go list driver isn't complete yet: if the file doesn't
+exist on disk, it will only be recognized in an overlay if it is a non-test file
+and the package would be reported even without the overlay.
+
+Questions & Tasks
+
+- Add GOARCH/GOOS?
+ They are not portable concepts, but could be made portable.
+ Our goal has been to allow users to express themselves using the conventions
+ of the underlying build system: if the build system honors GOARCH
+ during a build and during a metadata query, then so should
+ applications built atop that query mechanism.
+ Conversely, if the target architecture of the build is determined by
+ command-line flags, the application can pass the relevant
+ flags through to the build system using a command such as:
+ myapp -query_flag="--cpu=amd64" -query_flag="--os=darwin"
+ However, this approach is low-level, unwieldy, and non-portable.
+ GOOS and GOARCH seem important enough to warrant a dedicated option.
+
+- How should we handle partial failures such as a mixture of good and
+ malformed patterns, existing and non-existent packages, successful and
+ failed builds, import failures, import cycles, and so on, in a call to
+ Load?
+
+- Support bazel, blaze, and go1.10 list, not just go1.11 list.
+
+- Handle (and test) various partial success cases, e.g.
+ a mixture of good packages and:
+ invalid patterns
+ nonexistent packages
+ empty packages
+ packages with malformed package or import declarations
+ unreadable files
+ import cycles
+ other parse errors
+ type errors
+ Make sure we record errors at the correct place in the graph.
+
+- Missing packages among initial arguments are not reported.
+ Return bogus packages for them, like golist does.
+
+- "undeclared name" errors (for example) are reported out of source file
+ order. I suspect this is due to the breadth-first resolution now used
+ by go/types. Is that a bug? Discuss with gri.
+
+*/
diff --git a/vendor/golang.org/x/tools/go/packages/external.go b/vendor/golang.org/x/tools/go/packages/external.go
new file mode 100644
index 000000000..4335c1eb1
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/packages/external.go
@@ -0,0 +1,140 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packages
+
+// This file defines the protocol that enables an external "driver"
+// tool to supply package metadata in place of 'go list'.
+
+import (
+ "bytes"
+ "encoding/json"
+ "fmt"
+ "os"
+ "os/exec"
+ "strings"
+)
+
+// DriverRequest defines the schema of a request for package metadata
+// from an external driver program. The JSON-encoded DriverRequest
+// message is provided to the driver program's standard input. The
+// query patterns are provided as command-line arguments.
+//
+// See the package documentation for an overview.
+type DriverRequest struct {
+ Mode LoadMode `json:"mode"`
+
+ // Env specifies the environment the underlying build system should be run in.
+ Env []string `json:"env"`
+
+ // BuildFlags are flags that should be passed to the underlying build system.
+ BuildFlags []string `json:"build_flags"`
+
+ // Tests specifies whether the patterns should also return test packages.
+ Tests bool `json:"tests"`
+
+ // Overlay maps file paths (relative to the driver's working directory) to the byte contents
+ // of overlay files.
+ Overlay map[string][]byte `json:"overlay"`
+}
+
+// DriverResponse defines the schema of a response from an external
+// driver program, providing the results of a query for package
+// metadata. The driver program must write a JSON-encoded
+// DriverResponse message to its standard output.
+//
+// See the package documentation for an overview.
+type DriverResponse struct {
+ // NotHandled is returned if the request can't be handled by the current
+ // driver. If an external driver returns a response with NotHandled, the
+ // rest of the DriverResponse is ignored, and go/packages will fallback
+ // to the next driver. If go/packages is extended in the future to support
+ // lists of multiple drivers, go/packages will fall back to the next driver.
+ NotHandled bool
+
+ // Compiler and Arch are the arguments pass of types.SizesFor
+ // to get a types.Sizes to use when type checking.
+ Compiler string
+ Arch string
+
+ // Roots is the set of package IDs that make up the root packages.
+ // We have to encode this separately because when we encode a single package
+ // we cannot know if it is one of the roots as that requires knowledge of the
+ // graph it is part of.
+ Roots []string `json:",omitempty"`
+
+ // Packages is the full set of packages in the graph.
+ // The packages are not connected into a graph.
+ // The Imports if populated will be stubs that only have their ID set.
+ // Imports will be connected and then type and syntax information added in a
+ // later pass (see refine).
+ Packages []*Package
+
+ // GoVersion is the minor version number used by the driver
+ // (e.g. the go command on the PATH) when selecting .go files.
+ // Zero means unknown.
+ GoVersion int
+}
+
+// driver is the type for functions that query the build system for the
+// packages named by the patterns.
+type driver func(cfg *Config, patterns ...string) (*DriverResponse, error)
+
+// findExternalDriver returns the file path of a tool that supplies
+// the build system package structure, or "" if not found."
+// If GOPACKAGESDRIVER is set in the environment findExternalTool returns its
+// value, otherwise it searches for a binary named gopackagesdriver on the PATH.
+func findExternalDriver(cfg *Config) driver {
+ const toolPrefix = "GOPACKAGESDRIVER="
+ tool := ""
+ for _, env := range cfg.Env {
+ if val := strings.TrimPrefix(env, toolPrefix); val != env {
+ tool = val
+ }
+ }
+ if tool != "" && tool == "off" {
+ return nil
+ }
+ if tool == "" {
+ var err error
+ tool, err = exec.LookPath("gopackagesdriver")
+ if err != nil {
+ return nil
+ }
+ }
+ return func(cfg *Config, words ...string) (*DriverResponse, error) {
+ req, err := json.Marshal(DriverRequest{
+ Mode: cfg.Mode,
+ Env: cfg.Env,
+ BuildFlags: cfg.BuildFlags,
+ Tests: cfg.Tests,
+ Overlay: cfg.Overlay,
+ })
+ if err != nil {
+ return nil, fmt.Errorf("failed to encode message to driver tool: %v", err)
+ }
+
+ buf := new(bytes.Buffer)
+ stderr := new(bytes.Buffer)
+ cmd := exec.CommandContext(cfg.Context, tool, words...)
+ cmd.Dir = cfg.Dir
+ cmd.Env = cfg.Env
+ cmd.Stdin = bytes.NewReader(req)
+ cmd.Stdout = buf
+ cmd.Stderr = stderr
+
+ if err := cmd.Run(); err != nil {
+ return nil, fmt.Errorf("%v: %v: %s", tool, err, cmd.Stderr)
+ }
+ if len(stderr.Bytes()) != 0 && os.Getenv("GOPACKAGESPRINTDRIVERERRORS") != "" {
+ fmt.Fprintf(os.Stderr, "%s stderr: <<%s>>\n", cmdDebugStr(cmd), stderr)
+ }
+
+ var response DriverResponse
+ if err := json.Unmarshal(buf.Bytes(), &response); err != nil {
+ return nil, err
+ }
+ return &response, nil
+ }
+}
diff --git a/vendor/golang.org/x/tools/go/packages/golist.go b/vendor/golang.org/x/tools/go/packages/golist.go
new file mode 100644
index 000000000..22305d9c9
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/packages/golist.go
@@ -0,0 +1,1106 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packages
+
+import (
+ "bytes"
+ "context"
+ "encoding/json"
+ "fmt"
+ "log"
+ "os"
+ "os/exec"
+ "path"
+ "path/filepath"
+ "reflect"
+ "sort"
+ "strconv"
+ "strings"
+ "sync"
+ "unicode"
+
+ "golang.org/x/tools/go/internal/packagesdriver"
+ "golang.org/x/tools/internal/gocommand"
+ "golang.org/x/tools/internal/packagesinternal"
+)
+
+// debug controls verbose logging.
+var debug, _ = strconv.ParseBool(os.Getenv("GOPACKAGESDEBUG"))
+
+// A goTooOldError reports that the go command
+// found by exec.LookPath is too old to use the new go list behavior.
+type goTooOldError struct {
+ error
+}
+
+// responseDeduper wraps a DriverResponse, deduplicating its contents.
+type responseDeduper struct {
+ seenRoots map[string]bool
+ seenPackages map[string]*Package
+ dr *DriverResponse
+}
+
+func newDeduper() *responseDeduper {
+ return &responseDeduper{
+ dr: &DriverResponse{},
+ seenRoots: map[string]bool{},
+ seenPackages: map[string]*Package{},
+ }
+}
+
+// addAll fills in r with a DriverResponse.
+func (r *responseDeduper) addAll(dr *DriverResponse) {
+ for _, pkg := range dr.Packages {
+ r.addPackage(pkg)
+ }
+ for _, root := range dr.Roots {
+ r.addRoot(root)
+ }
+ r.dr.GoVersion = dr.GoVersion
+}
+
+func (r *responseDeduper) addPackage(p *Package) {
+ if r.seenPackages[p.ID] != nil {
+ return
+ }
+ r.seenPackages[p.ID] = p
+ r.dr.Packages = append(r.dr.Packages, p)
+}
+
+func (r *responseDeduper) addRoot(id string) {
+ if r.seenRoots[id] {
+ return
+ }
+ r.seenRoots[id] = true
+ r.dr.Roots = append(r.dr.Roots, id)
+}
+
+type golistState struct {
+ cfg *Config
+ ctx context.Context
+
+ envOnce sync.Once
+ goEnvError error
+ goEnv map[string]string
+
+ rootsOnce sync.Once
+ rootDirsError error
+ rootDirs map[string]string
+
+ goVersionOnce sync.Once
+ goVersionError error
+ goVersion int // The X in Go 1.X.
+
+ // vendorDirs caches the (non)existence of vendor directories.
+ vendorDirs map[string]bool
+}
+
+// getEnv returns Go environment variables. Only specific variables are
+// populated -- computing all of them is slow.
+func (state *golistState) getEnv() (map[string]string, error) {
+ state.envOnce.Do(func() {
+ var b *bytes.Buffer
+ b, state.goEnvError = state.invokeGo("env", "-json", "GOMOD", "GOPATH")
+ if state.goEnvError != nil {
+ return
+ }
+
+ state.goEnv = make(map[string]string)
+ decoder := json.NewDecoder(b)
+ if state.goEnvError = decoder.Decode(&state.goEnv); state.goEnvError != nil {
+ return
+ }
+ })
+ return state.goEnv, state.goEnvError
+}
+
+// mustGetEnv is a convenience function that can be used if getEnv has already succeeded.
+func (state *golistState) mustGetEnv() map[string]string {
+ env, err := state.getEnv()
+ if err != nil {
+ panic(fmt.Sprintf("mustGetEnv: %v", err))
+ }
+ return env
+}
+
+// goListDriver uses the go list command to interpret the patterns and produce
+// the build system package structure.
+// See driver for more details.
+func goListDriver(cfg *Config, patterns ...string) (_ *DriverResponse, err error) {
+ // Make sure that any asynchronous go commands are killed when we return.
+ parentCtx := cfg.Context
+ if parentCtx == nil {
+ parentCtx = context.Background()
+ }
+ ctx, cancel := context.WithCancel(parentCtx)
+ defer cancel()
+
+ response := newDeduper()
+
+ state := &golistState{
+ cfg: cfg,
+ ctx: ctx,
+ vendorDirs: map[string]bool{},
+ }
+
+ // Fill in response.Sizes asynchronously if necessary.
+ if cfg.Mode&NeedTypesSizes != 0 || cfg.Mode&NeedTypes != 0 {
+ errCh := make(chan error)
+ go func() {
+ compiler, arch, err := packagesdriver.GetSizesForArgsGolist(ctx, state.cfgInvocation(), cfg.gocmdRunner)
+ response.dr.Compiler = compiler
+ response.dr.Arch = arch
+ errCh <- err
+ }()
+ defer func() {
+ if sizesErr := <-errCh; sizesErr != nil {
+ err = sizesErr
+ }
+ }()
+ }
+
+ // Determine files requested in contains patterns
+ var containFiles []string
+ restPatterns := make([]string, 0, len(patterns))
+ // Extract file= and other [querytype]= patterns. Report an error if querytype
+ // doesn't exist.
+extractQueries:
+ for _, pattern := range patterns {
+ eqidx := strings.Index(pattern, "=")
+ if eqidx < 0 {
+ restPatterns = append(restPatterns, pattern)
+ } else {
+ query, value := pattern[:eqidx], pattern[eqidx+len("="):]
+ switch query {
+ case "file":
+ containFiles = append(containFiles, value)
+ case "pattern":
+ restPatterns = append(restPatterns, value)
+ case "": // not a reserved query
+ restPatterns = append(restPatterns, pattern)
+ default:
+ for _, rune := range query {
+ if rune < 'a' || rune > 'z' { // not a reserved query
+ restPatterns = append(restPatterns, pattern)
+ continue extractQueries
+ }
+ }
+ // Reject all other patterns containing "="
+ return nil, fmt.Errorf("invalid query type %q in query pattern %q", query, pattern)
+ }
+ }
+ }
+
+ // See if we have any patterns to pass through to go list. Zero initial
+ // patterns also requires a go list call, since it's the equivalent of
+ // ".".
+ if len(restPatterns) > 0 || len(patterns) == 0 {
+ dr, err := state.createDriverResponse(restPatterns...)
+ if err != nil {
+ return nil, err
+ }
+ response.addAll(dr)
+ }
+
+ if len(containFiles) != 0 {
+ if err := state.runContainsQueries(response, containFiles); err != nil {
+ return nil, err
+ }
+ }
+
+ // (We may yet return an error due to defer.)
+ return response.dr, nil
+}
+
+func (state *golistState) runContainsQueries(response *responseDeduper, queries []string) error {
+ for _, query := range queries {
+ // TODO(matloob): Do only one query per directory.
+ fdir := filepath.Dir(query)
+ // Pass absolute path of directory to go list so that it knows to treat it as a directory,
+ // not a package path.
+ pattern, err := filepath.Abs(fdir)
+ if err != nil {
+ return fmt.Errorf("could not determine absolute path of file= query path %q: %v", query, err)
+ }
+ dirResponse, err := state.createDriverResponse(pattern)
+
+ // If there was an error loading the package, or no packages are returned,
+ // or the package is returned with errors, try to load the file as an
+ // ad-hoc package.
+ // Usually the error will appear in a returned package, but may not if we're
+ // in module mode and the ad-hoc is located outside a module.
+ if err != nil || len(dirResponse.Packages) == 0 || len(dirResponse.Packages) == 1 && len(dirResponse.Packages[0].GoFiles) == 0 &&
+ len(dirResponse.Packages[0].Errors) == 1 {
+ var queryErr error
+ if dirResponse, queryErr = state.adhocPackage(pattern, query); queryErr != nil {
+ return err // return the original error
+ }
+ }
+ isRoot := make(map[string]bool, len(dirResponse.Roots))
+ for _, root := range dirResponse.Roots {
+ isRoot[root] = true
+ }
+ for _, pkg := range dirResponse.Packages {
+ // Add any new packages to the main set
+ // We don't bother to filter packages that will be dropped by the changes of roots,
+ // that will happen anyway during graph construction outside this function.
+ // Over-reporting packages is not a problem.
+ response.addPackage(pkg)
+ // if the package was not a root one, it cannot have the file
+ if !isRoot[pkg.ID] {
+ continue
+ }
+ for _, pkgFile := range pkg.GoFiles {
+ if filepath.Base(query) == filepath.Base(pkgFile) {
+ response.addRoot(pkg.ID)
+ break
+ }
+ }
+ }
+ }
+ return nil
+}
+
+// adhocPackage attempts to load or construct an ad-hoc package for a given
+// query, if the original call to the driver produced inadequate results.
+func (state *golistState) adhocPackage(pattern, query string) (*DriverResponse, error) {
+ response, err := state.createDriverResponse(query)
+ if err != nil {
+ return nil, err
+ }
+ // If we get nothing back from `go list`,
+ // try to make this file into its own ad-hoc package.
+ // TODO(rstambler): Should this check against the original response?
+ if len(response.Packages) == 0 {
+ response.Packages = append(response.Packages, &Package{
+ ID: "command-line-arguments",
+ PkgPath: query,
+ GoFiles: []string{query},
+ CompiledGoFiles: []string{query},
+ Imports: make(map[string]*Package),
+ })
+ response.Roots = append(response.Roots, "command-line-arguments")
+ }
+ // Handle special cases.
+ if len(response.Packages) == 1 {
+ // golang/go#33482: If this is a file= query for ad-hoc packages where
+ // the file only exists on an overlay, and exists outside of a module,
+ // add the file to the package and remove the errors.
+ if response.Packages[0].ID == "command-line-arguments" ||
+ filepath.ToSlash(response.Packages[0].PkgPath) == filepath.ToSlash(query) {
+ if len(response.Packages[0].GoFiles) == 0 {
+ filename := filepath.Join(pattern, filepath.Base(query)) // avoid recomputing abspath
+ // TODO(matloob): check if the file is outside of a root dir?
+ for path := range state.cfg.Overlay {
+ if path == filename {
+ response.Packages[0].Errors = nil
+ response.Packages[0].GoFiles = []string{path}
+ response.Packages[0].CompiledGoFiles = []string{path}
+ }
+ }
+ }
+ }
+ }
+ return response, nil
+}
+
+// Fields must match go list;
+// see $GOROOT/src/cmd/go/internal/load/pkg.go.
+type jsonPackage struct {
+ ImportPath string
+ Dir string
+ Name string
+ Export string
+ GoFiles []string
+ CompiledGoFiles []string
+ IgnoredGoFiles []string
+ IgnoredOtherFiles []string
+ EmbedPatterns []string
+ EmbedFiles []string
+ CFiles []string
+ CgoFiles []string
+ CXXFiles []string
+ MFiles []string
+ HFiles []string
+ FFiles []string
+ SFiles []string
+ SwigFiles []string
+ SwigCXXFiles []string
+ SysoFiles []string
+ Imports []string
+ ImportMap map[string]string
+ Deps []string
+ Module *Module
+ TestGoFiles []string
+ TestImports []string
+ XTestGoFiles []string
+ XTestImports []string
+ ForTest string // q in a "p [q.test]" package, else ""
+ DepOnly bool
+
+ Error *packagesinternal.PackageError
+ DepsErrors []*packagesinternal.PackageError
+}
+
+type jsonPackageError struct {
+ ImportStack []string
+ Pos string
+ Err string
+}
+
+func otherFiles(p *jsonPackage) [][]string {
+ return [][]string{p.CFiles, p.CXXFiles, p.MFiles, p.HFiles, p.FFiles, p.SFiles, p.SwigFiles, p.SwigCXXFiles, p.SysoFiles}
+}
+
+// createDriverResponse uses the "go list" command to expand the pattern
+// words and return a response for the specified packages.
+func (state *golistState) createDriverResponse(words ...string) (*DriverResponse, error) {
+ // go list uses the following identifiers in ImportPath and Imports:
+ //
+ // "p" -- importable package or main (command)
+ // "q.test" -- q's test executable
+ // "p [q.test]" -- variant of p as built for q's test executable
+ // "q_test [q.test]" -- q's external test package
+ //
+ // The packages p that are built differently for a test q.test
+ // are q itself, plus any helpers used by the external test q_test,
+ // typically including "testing" and all its dependencies.
+
+ // Run "go list" for complete
+ // information on the specified packages.
+ goVersion, err := state.getGoVersion()
+ if err != nil {
+ return nil, err
+ }
+ buf, err := state.invokeGo("list", golistargs(state.cfg, words, goVersion)...)
+ if err != nil {
+ return nil, err
+ }
+
+ seen := make(map[string]*jsonPackage)
+ pkgs := make(map[string]*Package)
+ additionalErrors := make(map[string][]Error)
+ // Decode the JSON and convert it to Package form.
+ response := &DriverResponse{
+ GoVersion: goVersion,
+ }
+ for dec := json.NewDecoder(buf); dec.More(); {
+ p := new(jsonPackage)
+ if err := dec.Decode(p); err != nil {
+ return nil, fmt.Errorf("JSON decoding failed: %v", err)
+ }
+
+ if p.ImportPath == "" {
+ // The documentation for go list says that “[e]rroneous packages will have
+ // a non-empty ImportPath”. If for some reason it comes back empty, we
+ // prefer to error out rather than silently discarding data or handing
+ // back a package without any way to refer to it.
+ if p.Error != nil {
+ return nil, Error{
+ Pos: p.Error.Pos,
+ Msg: p.Error.Err,
+ }
+ }
+ return nil, fmt.Errorf("package missing import path: %+v", p)
+ }
+
+ // Work around https://golang.org/issue/33157:
+ // go list -e, when given an absolute path, will find the package contained at
+ // that directory. But when no package exists there, it will return a fake package
+ // with an error and the ImportPath set to the absolute path provided to go list.
+ // Try to convert that absolute path to what its package path would be if it's
+ // contained in a known module or GOPATH entry. This will allow the package to be
+ // properly "reclaimed" when overlays are processed.
+ if filepath.IsAbs(p.ImportPath) && p.Error != nil {
+ pkgPath, ok, err := state.getPkgPath(p.ImportPath)
+ if err != nil {
+ return nil, err
+ }
+ if ok {
+ p.ImportPath = pkgPath
+ }
+ }
+
+ if old, found := seen[p.ImportPath]; found {
+ // If one version of the package has an error, and the other doesn't, assume
+ // that this is a case where go list is reporting a fake dependency variant
+ // of the imported package: When a package tries to invalidly import another
+ // package, go list emits a variant of the imported package (with the same
+ // import path, but with an error on it, and the package will have a
+ // DepError set on it). An example of when this can happen is for imports of
+ // main packages: main packages can not be imported, but they may be
+ // separately matched and listed by another pattern.
+ // See golang.org/issue/36188 for more details.
+
+ // The plan is that eventually, hopefully in Go 1.15, the error will be
+ // reported on the importing package rather than the duplicate "fake"
+ // version of the imported package. Once all supported versions of Go
+ // have the new behavior this logic can be deleted.
+ // TODO(matloob): delete the workaround logic once all supported versions of
+ // Go return the errors on the proper package.
+
+ // There should be exactly one version of a package that doesn't have an
+ // error.
+ if old.Error == nil && p.Error == nil {
+ if !reflect.DeepEqual(p, old) {
+ return nil, fmt.Errorf("internal error: go list gives conflicting information for package %v", p.ImportPath)
+ }
+ continue
+ }
+
+ // Determine if this package's error needs to be bubbled up.
+ // This is a hack, and we expect for go list to eventually set the error
+ // on the package.
+ if old.Error != nil {
+ var errkind string
+ if strings.Contains(old.Error.Err, "not an importable package") {
+ errkind = "not an importable package"
+ } else if strings.Contains(old.Error.Err, "use of internal package") && strings.Contains(old.Error.Err, "not allowed") {
+ errkind = "use of internal package not allowed"
+ }
+ if errkind != "" {
+ if len(old.Error.ImportStack) < 1 {
+ return nil, fmt.Errorf(`internal error: go list gave a %q error with empty import stack`, errkind)
+ }
+ importingPkg := old.Error.ImportStack[len(old.Error.ImportStack)-1]
+ if importingPkg == old.ImportPath {
+ // Using an older version of Go which put this package itself on top of import
+ // stack, instead of the importer. Look for importer in second from top
+ // position.
+ if len(old.Error.ImportStack) < 2 {
+ return nil, fmt.Errorf(`internal error: go list gave a %q error with an import stack without importing package`, errkind)
+ }
+ importingPkg = old.Error.ImportStack[len(old.Error.ImportStack)-2]
+ }
+ additionalErrors[importingPkg] = append(additionalErrors[importingPkg], Error{
+ Pos: old.Error.Pos,
+ Msg: old.Error.Err,
+ Kind: ListError,
+ })
+ }
+ }
+
+ // Make sure that if there's a version of the package without an error,
+ // that's the one reported to the user.
+ if old.Error == nil {
+ continue
+ }
+
+ // This package will replace the old one at the end of the loop.
+ }
+ seen[p.ImportPath] = p
+
+ pkg := &Package{
+ Name: p.Name,
+ ID: p.ImportPath,
+ GoFiles: absJoin(p.Dir, p.GoFiles, p.CgoFiles),
+ CompiledGoFiles: absJoin(p.Dir, p.CompiledGoFiles),
+ OtherFiles: absJoin(p.Dir, otherFiles(p)...),
+ EmbedFiles: absJoin(p.Dir, p.EmbedFiles),
+ EmbedPatterns: absJoin(p.Dir, p.EmbedPatterns),
+ IgnoredFiles: absJoin(p.Dir, p.IgnoredGoFiles, p.IgnoredOtherFiles),
+ forTest: p.ForTest,
+ depsErrors: p.DepsErrors,
+ Module: p.Module,
+ }
+
+ if (state.cfg.Mode&typecheckCgo) != 0 && len(p.CgoFiles) != 0 {
+ if len(p.CompiledGoFiles) > len(p.GoFiles) {
+ // We need the cgo definitions, which are in the first
+ // CompiledGoFile after the non-cgo ones. This is a hack but there
+ // isn't currently a better way to find it. We also need the pure
+ // Go files and unprocessed cgo files, all of which are already
+ // in pkg.GoFiles.
+ cgoTypes := p.CompiledGoFiles[len(p.GoFiles)]
+ pkg.CompiledGoFiles = append([]string{cgoTypes}, pkg.GoFiles...)
+ } else {
+ // golang/go#38990: go list silently fails to do cgo processing
+ pkg.CompiledGoFiles = nil
+ pkg.Errors = append(pkg.Errors, Error{
+ Msg: "go list failed to return CompiledGoFiles. This may indicate failure to perform cgo processing; try building at the command line. See https://golang.org/issue/38990.",
+ Kind: ListError,
+ })
+ }
+ }
+
+ // Work around https://golang.org/issue/28749:
+ // cmd/go puts assembly, C, and C++ files in CompiledGoFiles.
+ // Remove files from CompiledGoFiles that are non-go files
+ // (or are not files that look like they are from the cache).
+ if len(pkg.CompiledGoFiles) > 0 {
+ out := pkg.CompiledGoFiles[:0]
+ for _, f := range pkg.CompiledGoFiles {
+ if ext := filepath.Ext(f); ext != ".go" && ext != "" { // ext == "" means the file is from the cache, so probably cgo-processed file
+ continue
+ }
+ out = append(out, f)
+ }
+ pkg.CompiledGoFiles = out
+ }
+
+ // Extract the PkgPath from the package's ID.
+ if i := strings.IndexByte(pkg.ID, ' '); i >= 0 {
+ pkg.PkgPath = pkg.ID[:i]
+ } else {
+ pkg.PkgPath = pkg.ID
+ }
+
+ if pkg.PkgPath == "unsafe" {
+ pkg.CompiledGoFiles = nil // ignore fake unsafe.go file (#59929)
+ } else if len(pkg.CompiledGoFiles) == 0 {
+ // Work around for pre-go.1.11 versions of go list.
+ // TODO(matloob): they should be handled by the fallback.
+ // Can we delete this?
+ pkg.CompiledGoFiles = pkg.GoFiles
+ }
+
+ // Assume go list emits only absolute paths for Dir.
+ if p.Dir != "" && !filepath.IsAbs(p.Dir) {
+ log.Fatalf("internal error: go list returned non-absolute Package.Dir: %s", p.Dir)
+ }
+
+ if p.Export != "" && !filepath.IsAbs(p.Export) {
+ pkg.ExportFile = filepath.Join(p.Dir, p.Export)
+ } else {
+ pkg.ExportFile = p.Export
+ }
+
+ // imports
+ //
+ // Imports contains the IDs of all imported packages.
+ // ImportsMap records (path, ID) only where they differ.
+ ids := make(map[string]bool)
+ for _, id := range p.Imports {
+ ids[id] = true
+ }
+ pkg.Imports = make(map[string]*Package)
+ for path, id := range p.ImportMap {
+ pkg.Imports[path] = &Package{ID: id} // non-identity import
+ delete(ids, id)
+ }
+ for id := range ids {
+ if id == "C" {
+ continue
+ }
+
+ pkg.Imports[id] = &Package{ID: id} // identity import
+ }
+ if !p.DepOnly {
+ response.Roots = append(response.Roots, pkg.ID)
+ }
+
+ // Temporary work-around for golang/go#39986. Parse filenames out of
+ // error messages. This happens if there are unrecoverable syntax
+ // errors in the source, so we can't match on a specific error message.
+ //
+ // TODO(rfindley): remove this heuristic, in favor of considering
+ // InvalidGoFiles from the list driver.
+ if err := p.Error; err != nil && state.shouldAddFilenameFromError(p) {
+ addFilenameFromPos := func(pos string) bool {
+ split := strings.Split(pos, ":")
+ if len(split) < 1 {
+ return false
+ }
+ filename := strings.TrimSpace(split[0])
+ if filename == "" {
+ return false
+ }
+ if !filepath.IsAbs(filename) {
+ filename = filepath.Join(state.cfg.Dir, filename)
+ }
+ info, _ := os.Stat(filename)
+ if info == nil {
+ return false
+ }
+ pkg.CompiledGoFiles = append(pkg.CompiledGoFiles, filename)
+ pkg.GoFiles = append(pkg.GoFiles, filename)
+ return true
+ }
+ found := addFilenameFromPos(err.Pos)
+ // In some cases, go list only reports the error position in the
+ // error text, not the error position. One such case is when the
+ // file's package name is a keyword (see golang.org/issue/39763).
+ if !found {
+ addFilenameFromPos(err.Err)
+ }
+ }
+
+ if p.Error != nil {
+ msg := strings.TrimSpace(p.Error.Err) // Trim to work around golang.org/issue/32363.
+ // Address golang.org/issue/35964 by appending import stack to error message.
+ if msg == "import cycle not allowed" && len(p.Error.ImportStack) != 0 {
+ msg += fmt.Sprintf(": import stack: %v", p.Error.ImportStack)
+ }
+ pkg.Errors = append(pkg.Errors, Error{
+ Pos: p.Error.Pos,
+ Msg: msg,
+ Kind: ListError,
+ })
+ }
+
+ pkgs[pkg.ID] = pkg
+ }
+
+ for id, errs := range additionalErrors {
+ if p, ok := pkgs[id]; ok {
+ p.Errors = append(p.Errors, errs...)
+ }
+ }
+ for _, pkg := range pkgs {
+ response.Packages = append(response.Packages, pkg)
+ }
+ sort.Slice(response.Packages, func(i, j int) bool { return response.Packages[i].ID < response.Packages[j].ID })
+
+ return response, nil
+}
+
+func (state *golistState) shouldAddFilenameFromError(p *jsonPackage) bool {
+ if len(p.GoFiles) > 0 || len(p.CompiledGoFiles) > 0 {
+ return false
+ }
+
+ goV, err := state.getGoVersion()
+ if err != nil {
+ return false
+ }
+
+ // On Go 1.14 and earlier, only add filenames from errors if the import stack is empty.
+ // The import stack behaves differently for these versions than newer Go versions.
+ if goV < 15 {
+ return len(p.Error.ImportStack) == 0
+ }
+
+ // On Go 1.15 and later, only parse filenames out of error if there's no import stack,
+ // or the current package is at the top of the import stack. This is not guaranteed
+ // to work perfectly, but should avoid some cases where files in errors don't belong to this
+ // package.
+ return len(p.Error.ImportStack) == 0 || p.Error.ImportStack[len(p.Error.ImportStack)-1] == p.ImportPath
+}
+
+// getGoVersion returns the effective minor version of the go command.
+func (state *golistState) getGoVersion() (int, error) {
+ state.goVersionOnce.Do(func() {
+ state.goVersion, state.goVersionError = gocommand.GoVersion(state.ctx, state.cfgInvocation(), state.cfg.gocmdRunner)
+ })
+ return state.goVersion, state.goVersionError
+}
+
+// getPkgPath finds the package path of a directory if it's relative to a root
+// directory.
+func (state *golistState) getPkgPath(dir string) (string, bool, error) {
+ absDir, err := filepath.Abs(dir)
+ if err != nil {
+ return "", false, err
+ }
+ roots, err := state.determineRootDirs()
+ if err != nil {
+ return "", false, err
+ }
+
+ for rdir, rpath := range roots {
+ // Make sure that the directory is in the module,
+ // to avoid creating a path relative to another module.
+ if !strings.HasPrefix(absDir, rdir) {
+ continue
+ }
+ // TODO(matloob): This doesn't properly handle symlinks.
+ r, err := filepath.Rel(rdir, dir)
+ if err != nil {
+ continue
+ }
+ if rpath != "" {
+ // We choose only one root even though the directory even it can belong in multiple modules
+ // or GOPATH entries. This is okay because we only need to work with absolute dirs when a
+ // file is missing from disk, for instance when gopls calls go/packages in an overlay.
+ // Once the file is saved, gopls, or the next invocation of the tool will get the correct
+ // result straight from golist.
+ // TODO(matloob): Implement module tiebreaking?
+ return path.Join(rpath, filepath.ToSlash(r)), true, nil
+ }
+ return filepath.ToSlash(r), true, nil
+ }
+ return "", false, nil
+}
+
+// absJoin absolutizes and flattens the lists of files.
+func absJoin(dir string, fileses ...[]string) (res []string) {
+ for _, files := range fileses {
+ for _, file := range files {
+ if !filepath.IsAbs(file) {
+ file = filepath.Join(dir, file)
+ }
+ res = append(res, file)
+ }
+ }
+ return res
+}
+
+func jsonFlag(cfg *Config, goVersion int) string {
+ if goVersion < 19 {
+ return "-json"
+ }
+ var fields []string
+ added := make(map[string]bool)
+ addFields := func(fs ...string) {
+ for _, f := range fs {
+ if !added[f] {
+ added[f] = true
+ fields = append(fields, f)
+ }
+ }
+ }
+ addFields("Name", "ImportPath", "Error") // These fields are always needed
+ if cfg.Mode&NeedFiles != 0 || cfg.Mode&NeedTypes != 0 {
+ addFields("Dir", "GoFiles", "IgnoredGoFiles", "IgnoredOtherFiles", "CFiles",
+ "CgoFiles", "CXXFiles", "MFiles", "HFiles", "FFiles", "SFiles",
+ "SwigFiles", "SwigCXXFiles", "SysoFiles")
+ if cfg.Tests {
+ addFields("TestGoFiles", "XTestGoFiles")
+ }
+ }
+ if cfg.Mode&NeedTypes != 0 {
+ // CompiledGoFiles seems to be required for the test case TestCgoNoSyntax,
+ // even when -compiled isn't passed in.
+ // TODO(#52435): Should we make the test ask for -compiled, or automatically
+ // request CompiledGoFiles in certain circumstances?
+ addFields("Dir", "CompiledGoFiles")
+ }
+ if cfg.Mode&NeedCompiledGoFiles != 0 {
+ addFields("Dir", "CompiledGoFiles", "Export")
+ }
+ if cfg.Mode&NeedImports != 0 {
+ // When imports are requested, DepOnly is used to distinguish between packages
+ // explicitly requested and transitive imports of those packages.
+ addFields("DepOnly", "Imports", "ImportMap")
+ if cfg.Tests {
+ addFields("TestImports", "XTestImports")
+ }
+ }
+ if cfg.Mode&NeedDeps != 0 {
+ addFields("DepOnly")
+ }
+ if usesExportData(cfg) {
+ // Request Dir in the unlikely case Export is not absolute.
+ addFields("Dir", "Export")
+ }
+ if cfg.Mode&needInternalForTest != 0 {
+ addFields("ForTest")
+ }
+ if cfg.Mode&needInternalDepsErrors != 0 {
+ addFields("DepsErrors")
+ }
+ if cfg.Mode&NeedModule != 0 {
+ addFields("Module")
+ }
+ if cfg.Mode&NeedEmbedFiles != 0 {
+ addFields("EmbedFiles")
+ }
+ if cfg.Mode&NeedEmbedPatterns != 0 {
+ addFields("EmbedPatterns")
+ }
+ return "-json=" + strings.Join(fields, ",")
+}
+
+func golistargs(cfg *Config, words []string, goVersion int) []string {
+ const findFlags = NeedImports | NeedTypes | NeedSyntax | NeedTypesInfo
+ fullargs := []string{
+ "-e", jsonFlag(cfg, goVersion),
+ fmt.Sprintf("-compiled=%t", cfg.Mode&(NeedCompiledGoFiles|NeedSyntax|NeedTypes|NeedTypesInfo|NeedTypesSizes) != 0),
+ fmt.Sprintf("-test=%t", cfg.Tests),
+ fmt.Sprintf("-export=%t", usesExportData(cfg)),
+ fmt.Sprintf("-deps=%t", cfg.Mode&NeedImports != 0),
+ // go list doesn't let you pass -test and -find together,
+ // probably because you'd just get the TestMain.
+ fmt.Sprintf("-find=%t", !cfg.Tests && cfg.Mode&findFlags == 0 && !usesExportData(cfg)),
+ }
+
+ // golang/go#60456: with go1.21 and later, go list serves pgo variants, which
+ // can be costly to compute and may result in redundant processing for the
+ // caller. Disable these variants. If someone wants to add e.g. a NeedPGO
+ // mode flag, that should be a separate proposal.
+ if goVersion >= 21 {
+ fullargs = append(fullargs, "-pgo=off")
+ }
+
+ fullargs = append(fullargs, cfg.BuildFlags...)
+ fullargs = append(fullargs, "--")
+ fullargs = append(fullargs, words...)
+ return fullargs
+}
+
+// cfgInvocation returns an Invocation that reflects cfg's settings.
+func (state *golistState) cfgInvocation() gocommand.Invocation {
+ cfg := state.cfg
+ return gocommand.Invocation{
+ BuildFlags: cfg.BuildFlags,
+ ModFile: cfg.modFile,
+ ModFlag: cfg.modFlag,
+ CleanEnv: cfg.Env != nil,
+ Env: cfg.Env,
+ Logf: cfg.Logf,
+ WorkingDir: cfg.Dir,
+ }
+}
+
+// invokeGo returns the stdout of a go command invocation.
+func (state *golistState) invokeGo(verb string, args ...string) (*bytes.Buffer, error) {
+ cfg := state.cfg
+
+ inv := state.cfgInvocation()
+
+ // For Go versions 1.16 and above, `go list` accepts overlays directly via
+ // the -overlay flag. Set it, if it's available.
+ //
+ // The check for "list" is not necessarily required, but we should avoid
+ // getting the go version if possible.
+ if verb == "list" {
+ goVersion, err := state.getGoVersion()
+ if err != nil {
+ return nil, err
+ }
+ if goVersion >= 16 {
+ filename, cleanup, err := state.writeOverlays()
+ if err != nil {
+ return nil, err
+ }
+ defer cleanup()
+ inv.Overlay = filename
+ }
+ }
+ inv.Verb = verb
+ inv.Args = args
+ gocmdRunner := cfg.gocmdRunner
+ if gocmdRunner == nil {
+ gocmdRunner = &gocommand.Runner{}
+ }
+ stdout, stderr, friendlyErr, err := gocmdRunner.RunRaw(cfg.Context, inv)
+ if err != nil {
+ // Check for 'go' executable not being found.
+ if ee, ok := err.(*exec.Error); ok && ee.Err == exec.ErrNotFound {
+ return nil, fmt.Errorf("'go list' driver requires 'go', but %s", exec.ErrNotFound)
+ }
+
+ exitErr, ok := err.(*exec.ExitError)
+ if !ok {
+ // Catastrophic error:
+ // - context cancellation
+ return nil, fmt.Errorf("couldn't run 'go': %w", err)
+ }
+
+ // Old go version?
+ if strings.Contains(stderr.String(), "flag provided but not defined") {
+ return nil, goTooOldError{fmt.Errorf("unsupported version of go: %s: %s", exitErr, stderr)}
+ }
+
+ // Related to #24854
+ if len(stderr.String()) > 0 && strings.Contains(stderr.String(), "unexpected directory layout") {
+ return nil, friendlyErr
+ }
+
+ // Is there an error running the C compiler in cgo? This will be reported in the "Error" field
+ // and should be suppressed by go list -e.
+ //
+ // This condition is not perfect yet because the error message can include other error messages than runtime/cgo.
+ isPkgPathRune := func(r rune) bool {
+ // From https://golang.org/ref/spec#Import_declarations:
+ // Implementation restriction: A compiler may restrict ImportPaths to non-empty strings
+ // using only characters belonging to Unicode's L, M, N, P, and S general categories
+ // (the Graphic characters without spaces) and may also exclude the
+ // characters !"#$%&'()*,:;<=>?[\]^`{|} and the Unicode replacement character U+FFFD.
+ return unicode.IsOneOf([]*unicode.RangeTable{unicode.L, unicode.M, unicode.N, unicode.P, unicode.S}, r) &&
+ !strings.ContainsRune("!\"#$%&'()*,:;<=>?[\\]^`{|}\uFFFD", r)
+ }
+ // golang/go#36770: Handle case where cmd/go prints module download messages before the error.
+ msg := stderr.String()
+ for strings.HasPrefix(msg, "go: downloading") {
+ msg = msg[strings.IndexRune(msg, '\n')+1:]
+ }
+ if len(stderr.String()) > 0 && strings.HasPrefix(stderr.String(), "# ") {
+ msg := msg[len("# "):]
+ if strings.HasPrefix(strings.TrimLeftFunc(msg, isPkgPathRune), "\n") {
+ return stdout, nil
+ }
+ // Treat pkg-config errors as a special case (golang.org/issue/36770).
+ if strings.HasPrefix(msg, "pkg-config") {
+ return stdout, nil
+ }
+ }
+
+ // This error only appears in stderr. See golang.org/cl/166398 for a fix in go list to show
+ // the error in the Err section of stdout in case -e option is provided.
+ // This fix is provided for backwards compatibility.
+ if len(stderr.String()) > 0 && strings.Contains(stderr.String(), "named files must be .go files") {
+ output := fmt.Sprintf(`{"ImportPath": "command-line-arguments","Incomplete": true,"Error": {"Pos": "","Err": %q}}`,
+ strings.Trim(stderr.String(), "\n"))
+ return bytes.NewBufferString(output), nil
+ }
+
+ // Similar to the previous error, but currently lacks a fix in Go.
+ if len(stderr.String()) > 0 && strings.Contains(stderr.String(), "named files must all be in one directory") {
+ output := fmt.Sprintf(`{"ImportPath": "command-line-arguments","Incomplete": true,"Error": {"Pos": "","Err": %q}}`,
+ strings.Trim(stderr.String(), "\n"))
+ return bytes.NewBufferString(output), nil
+ }
+
+ // Backwards compatibility for Go 1.11 because 1.12 and 1.13 put the directory in the ImportPath.
+ // If the package doesn't exist, put the absolute path of the directory into the error message,
+ // as Go 1.13 list does.
+ const noSuchDirectory = "no such directory"
+ if len(stderr.String()) > 0 && strings.Contains(stderr.String(), noSuchDirectory) {
+ errstr := stderr.String()
+ abspath := strings.TrimSpace(errstr[strings.Index(errstr, noSuchDirectory)+len(noSuchDirectory):])
+ output := fmt.Sprintf(`{"ImportPath": %q,"Incomplete": true,"Error": {"Pos": "","Err": %q}}`,
+ abspath, strings.Trim(stderr.String(), "\n"))
+ return bytes.NewBufferString(output), nil
+ }
+
+ // Workaround for #29280: go list -e has incorrect behavior when an ad-hoc package doesn't exist.
+ // Note that the error message we look for in this case is different that the one looked for above.
+ if len(stderr.String()) > 0 && strings.Contains(stderr.String(), "no such file or directory") {
+ output := fmt.Sprintf(`{"ImportPath": "command-line-arguments","Incomplete": true,"Error": {"Pos": "","Err": %q}}`,
+ strings.Trim(stderr.String(), "\n"))
+ return bytes.NewBufferString(output), nil
+ }
+
+ // Workaround for #34273. go list -e with GO111MODULE=on has incorrect behavior when listing a
+ // directory outside any module.
+ if len(stderr.String()) > 0 && strings.Contains(stderr.String(), "outside available modules") {
+ output := fmt.Sprintf(`{"ImportPath": %q,"Incomplete": true,"Error": {"Pos": "","Err": %q}}`,
+ // TODO(matloob): command-line-arguments isn't correct here.
+ "command-line-arguments", strings.Trim(stderr.String(), "\n"))
+ return bytes.NewBufferString(output), nil
+ }
+
+ // Another variation of the previous error
+ if len(stderr.String()) > 0 && strings.Contains(stderr.String(), "outside module root") {
+ output := fmt.Sprintf(`{"ImportPath": %q,"Incomplete": true,"Error": {"Pos": "","Err": %q}}`,
+ // TODO(matloob): command-line-arguments isn't correct here.
+ "command-line-arguments", strings.Trim(stderr.String(), "\n"))
+ return bytes.NewBufferString(output), nil
+ }
+
+ // Workaround for an instance of golang.org/issue/26755: go list -e will return a non-zero exit
+ // status if there's a dependency on a package that doesn't exist. But it should return
+ // a zero exit status and set an error on that package.
+ if len(stderr.String()) > 0 && strings.Contains(stderr.String(), "no Go files in") {
+ // Don't clobber stdout if `go list` actually returned something.
+ if len(stdout.String()) > 0 {
+ return stdout, nil
+ }
+ // try to extract package name from string
+ stderrStr := stderr.String()
+ var importPath string
+ colon := strings.Index(stderrStr, ":")
+ if colon > 0 && strings.HasPrefix(stderrStr, "go build ") {
+ importPath = stderrStr[len("go build "):colon]
+ }
+ output := fmt.Sprintf(`{"ImportPath": %q,"Incomplete": true,"Error": {"Pos": "","Err": %q}}`,
+ importPath, strings.Trim(stderrStr, "\n"))
+ return bytes.NewBufferString(output), nil
+ }
+
+ // Export mode entails a build.
+ // If that build fails, errors appear on stderr
+ // (despite the -e flag) and the Export field is blank.
+ // Do not fail in that case.
+ // The same is true if an ad-hoc package given to go list doesn't exist.
+ // TODO(matloob): Remove these once we can depend on go list to exit with a zero status with -e even when
+ // packages don't exist or a build fails.
+ if !usesExportData(cfg) && !containsGoFile(args) {
+ return nil, friendlyErr
+ }
+ }
+ return stdout, nil
+}
+
+// OverlayJSON is the format overlay files are expected to be in.
+// The Replace map maps from overlaid paths to replacement paths:
+// the Go command will forward all reads trying to open
+// each overlaid path to its replacement path, or consider the overlaid
+// path not to exist if the replacement path is empty.
+//
+// From golang/go#39958.
+type OverlayJSON struct {
+ Replace map[string]string `json:"replace,omitempty"`
+}
+
+// writeOverlays writes out files for go list's -overlay flag, as described
+// above.
+func (state *golistState) writeOverlays() (filename string, cleanup func(), err error) {
+ // Do nothing if there are no overlays in the config.
+ if len(state.cfg.Overlay) == 0 {
+ return "", func() {}, nil
+ }
+ dir, err := os.MkdirTemp("", "gopackages-*")
+ if err != nil {
+ return "", nil, err
+ }
+ // The caller must clean up this directory, unless this function returns an
+ // error.
+ cleanup = func() {
+ os.RemoveAll(dir)
+ }
+ defer func() {
+ if err != nil {
+ cleanup()
+ }
+ }()
+ overlays := map[string]string{}
+ for k, v := range state.cfg.Overlay {
+ // Create a unique filename for the overlaid files, to avoid
+ // creating nested directories.
+ noSeparator := strings.Join(strings.Split(filepath.ToSlash(k), "/"), "")
+ f, err := os.CreateTemp(dir, fmt.Sprintf("*-%s", noSeparator))
+ if err != nil {
+ return "", func() {}, err
+ }
+ if _, err := f.Write(v); err != nil {
+ return "", func() {}, err
+ }
+ if err := f.Close(); err != nil {
+ return "", func() {}, err
+ }
+ overlays[k] = f.Name()
+ }
+ b, err := json.Marshal(OverlayJSON{Replace: overlays})
+ if err != nil {
+ return "", func() {}, err
+ }
+ // Write out the overlay file that contains the filepath mappings.
+ filename = filepath.Join(dir, "overlay.json")
+ if err := os.WriteFile(filename, b, 0665); err != nil {
+ return "", func() {}, err
+ }
+ return filename, cleanup, nil
+}
+
+func containsGoFile(s []string) bool {
+ for _, f := range s {
+ if strings.HasSuffix(f, ".go") {
+ return true
+ }
+ }
+ return false
+}
+
+func cmdDebugStr(cmd *exec.Cmd) string {
+ env := make(map[string]string)
+ for _, kv := range cmd.Env {
+ split := strings.SplitN(kv, "=", 2)
+ k, v := split[0], split[1]
+ env[k] = v
+ }
+
+ var args []string
+ for _, arg := range cmd.Args {
+ quoted := strconv.Quote(arg)
+ if quoted[1:len(quoted)-1] != arg || strings.Contains(arg, " ") {
+ args = append(args, quoted)
+ } else {
+ args = append(args, arg)
+ }
+ }
+ return fmt.Sprintf("GOROOT=%v GOPATH=%v GO111MODULE=%v GOPROXY=%v PWD=%v %v", env["GOROOT"], env["GOPATH"], env["GO111MODULE"], env["GOPROXY"], env["PWD"], strings.Join(args, " "))
+}
diff --git a/vendor/golang.org/x/tools/go/packages/golist_overlay.go b/vendor/golang.org/x/tools/go/packages/golist_overlay.go
new file mode 100644
index 000000000..d823c474a
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/packages/golist_overlay.go
@@ -0,0 +1,83 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packages
+
+import (
+ "encoding/json"
+ "path/filepath"
+
+ "golang.org/x/tools/internal/gocommand"
+)
+
+// determineRootDirs returns a mapping from absolute directories that could
+// contain code to their corresponding import path prefixes.
+func (state *golistState) determineRootDirs() (map[string]string, error) {
+ env, err := state.getEnv()
+ if err != nil {
+ return nil, err
+ }
+ if env["GOMOD"] != "" {
+ state.rootsOnce.Do(func() {
+ state.rootDirs, state.rootDirsError = state.determineRootDirsModules()
+ })
+ } else {
+ state.rootsOnce.Do(func() {
+ state.rootDirs, state.rootDirsError = state.determineRootDirsGOPATH()
+ })
+ }
+ return state.rootDirs, state.rootDirsError
+}
+
+func (state *golistState) determineRootDirsModules() (map[string]string, error) {
+ // List all of the modules--the first will be the directory for the main
+ // module. Any replaced modules will also need to be treated as roots.
+ // Editing files in the module cache isn't a great idea, so we don't
+ // plan to ever support that.
+ out, err := state.invokeGo("list", "-m", "-json", "all")
+ if err != nil {
+ // 'go list all' will fail if we're outside of a module and
+ // GO111MODULE=on. Try falling back without 'all'.
+ var innerErr error
+ out, innerErr = state.invokeGo("list", "-m", "-json")
+ if innerErr != nil {
+ return nil, err
+ }
+ }
+ roots := map[string]string{}
+ modules := map[string]string{}
+ var i int
+ for dec := json.NewDecoder(out); dec.More(); {
+ mod := new(gocommand.ModuleJSON)
+ if err := dec.Decode(mod); err != nil {
+ return nil, err
+ }
+ if mod.Dir != "" && mod.Path != "" {
+ // This is a valid module; add it to the map.
+ absDir, err := filepath.Abs(mod.Dir)
+ if err != nil {
+ return nil, err
+ }
+ modules[absDir] = mod.Path
+ // The first result is the main module.
+ if i == 0 || mod.Replace != nil && mod.Replace.Path != "" {
+ roots[absDir] = mod.Path
+ }
+ }
+ i++
+ }
+ return roots, nil
+}
+
+func (state *golistState) determineRootDirsGOPATH() (map[string]string, error) {
+ m := map[string]string{}
+ for _, dir := range filepath.SplitList(state.mustGetEnv()["GOPATH"]) {
+ absDir, err := filepath.Abs(dir)
+ if err != nil {
+ return nil, err
+ }
+ m[filepath.Join(absDir, "src")] = ""
+ }
+ return m, nil
+}
diff --git a/vendor/golang.org/x/tools/go/packages/loadmode_string.go b/vendor/golang.org/x/tools/go/packages/loadmode_string.go
new file mode 100644
index 000000000..5c080d21b
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/packages/loadmode_string.go
@@ -0,0 +1,57 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packages
+
+import (
+ "fmt"
+ "strings"
+)
+
+var allModes = []LoadMode{
+ NeedName,
+ NeedFiles,
+ NeedCompiledGoFiles,
+ NeedImports,
+ NeedDeps,
+ NeedExportFile,
+ NeedTypes,
+ NeedSyntax,
+ NeedTypesInfo,
+ NeedTypesSizes,
+}
+
+var modeStrings = []string{
+ "NeedName",
+ "NeedFiles",
+ "NeedCompiledGoFiles",
+ "NeedImports",
+ "NeedDeps",
+ "NeedExportFile",
+ "NeedTypes",
+ "NeedSyntax",
+ "NeedTypesInfo",
+ "NeedTypesSizes",
+}
+
+func (mod LoadMode) String() string {
+ m := mod
+ if m == 0 {
+ return "LoadMode(0)"
+ }
+ var out []string
+ for i, x := range allModes {
+ if x > m {
+ break
+ }
+ if (m & x) != 0 {
+ out = append(out, modeStrings[i])
+ m = m ^ x
+ }
+ }
+ if m != 0 {
+ out = append(out, "Unknown")
+ }
+ return fmt.Sprintf("LoadMode(%s)", strings.Join(out, "|"))
+}
diff --git a/vendor/golang.org/x/tools/go/packages/packages.go b/vendor/golang.org/x/tools/go/packages/packages.go
new file mode 100644
index 000000000..3ea1b3fa4
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/packages/packages.go
@@ -0,0 +1,1445 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packages
+
+// See doc.go for package documentation and implementation notes.
+
+import (
+ "context"
+ "encoding/json"
+ "errors"
+ "fmt"
+ "go/ast"
+ "go/parser"
+ "go/scanner"
+ "go/token"
+ "go/types"
+ "io"
+ "log"
+ "os"
+ "path/filepath"
+ "runtime"
+ "strings"
+ "sync"
+ "time"
+
+ "golang.org/x/sync/errgroup"
+
+ "golang.org/x/tools/go/gcexportdata"
+ "golang.org/x/tools/internal/gocommand"
+ "golang.org/x/tools/internal/packagesinternal"
+ "golang.org/x/tools/internal/typesinternal"
+ "golang.org/x/tools/internal/versions"
+)
+
+// A LoadMode controls the amount of detail to return when loading.
+// The bits below can be combined to specify which fields should be
+// filled in the result packages.
+// The zero value is a special case, equivalent to combining
+// the NeedName, NeedFiles, and NeedCompiledGoFiles bits.
+// ID and Errors (if present) will always be filled.
+// Load may return more information than requested.
+type LoadMode int
+
+const (
+ // NeedName adds Name and PkgPath.
+ NeedName LoadMode = 1 << iota
+
+ // NeedFiles adds GoFiles and OtherFiles.
+ NeedFiles
+
+ // NeedCompiledGoFiles adds CompiledGoFiles.
+ NeedCompiledGoFiles
+
+ // NeedImports adds Imports. If NeedDeps is not set, the Imports field will contain
+ // "placeholder" Packages with only the ID set.
+ NeedImports
+
+ // NeedDeps adds the fields requested by the LoadMode in the packages in Imports.
+ NeedDeps
+
+ // NeedExportFile adds ExportFile.
+ NeedExportFile
+
+ // NeedTypes adds Types, Fset, and IllTyped.
+ NeedTypes
+
+ // NeedSyntax adds Syntax.
+ NeedSyntax
+
+ // NeedTypesInfo adds TypesInfo.
+ NeedTypesInfo
+
+ // NeedTypesSizes adds TypesSizes.
+ NeedTypesSizes
+
+ // needInternalDepsErrors adds the internal deps errors field for use by gopls.
+ needInternalDepsErrors
+
+ // needInternalForTest adds the internal forTest field.
+ // Tests must also be set on the context for this field to be populated.
+ needInternalForTest
+
+ // typecheckCgo enables full support for type checking cgo. Requires Go 1.15+.
+ // Modifies CompiledGoFiles and Types, and has no effect on its own.
+ typecheckCgo
+
+ // NeedModule adds Module.
+ NeedModule
+
+ // NeedEmbedFiles adds EmbedFiles.
+ NeedEmbedFiles
+
+ // NeedEmbedPatterns adds EmbedPatterns.
+ NeedEmbedPatterns
+)
+
+const (
+ // Deprecated: LoadFiles exists for historical compatibility
+ // and should not be used. Please directly specify the needed fields using the Need values.
+ LoadFiles = NeedName | NeedFiles | NeedCompiledGoFiles
+
+ // Deprecated: LoadImports exists for historical compatibility
+ // and should not be used. Please directly specify the needed fields using the Need values.
+ LoadImports = LoadFiles | NeedImports
+
+ // Deprecated: LoadTypes exists for historical compatibility
+ // and should not be used. Please directly specify the needed fields using the Need values.
+ LoadTypes = LoadImports | NeedTypes | NeedTypesSizes
+
+ // Deprecated: LoadSyntax exists for historical compatibility
+ // and should not be used. Please directly specify the needed fields using the Need values.
+ LoadSyntax = LoadTypes | NeedSyntax | NeedTypesInfo
+
+ // Deprecated: LoadAllSyntax exists for historical compatibility
+ // and should not be used. Please directly specify the needed fields using the Need values.
+ LoadAllSyntax = LoadSyntax | NeedDeps
+
+ // Deprecated: NeedExportsFile is a historical misspelling of NeedExportFile.
+ NeedExportsFile = NeedExportFile
+)
+
+// A Config specifies details about how packages should be loaded.
+// The zero value is a valid configuration.
+// Calls to Load do not modify this struct.
+type Config struct {
+ // Mode controls the level of information returned for each package.
+ Mode LoadMode
+
+ // Context specifies the context for the load operation.
+ // Cancelling the context may cause [Load] to abort and
+ // return an error.
+ Context context.Context
+
+ // Logf is the logger for the config.
+ // If the user provides a logger, debug logging is enabled.
+ // If the GOPACKAGESDEBUG environment variable is set to true,
+ // but the logger is nil, default to log.Printf.
+ Logf func(format string, args ...interface{})
+
+ // Dir is the directory in which to run the build system's query tool
+ // that provides information about the packages.
+ // If Dir is empty, the tool is run in the current directory.
+ Dir string
+
+ // Env is the environment to use when invoking the build system's query tool.
+ // If Env is nil, the current environment is used.
+ // As in os/exec's Cmd, only the last value in the slice for
+ // each environment key is used. To specify the setting of only
+ // a few variables, append to the current environment, as in:
+ //
+ // opt.Env = append(os.Environ(), "GOOS=plan9", "GOARCH=386")
+ //
+ Env []string
+
+ // gocmdRunner guards go command calls from concurrency errors.
+ gocmdRunner *gocommand.Runner
+
+ // BuildFlags is a list of command-line flags to be passed through to
+ // the build system's query tool.
+ BuildFlags []string
+
+ // modFile will be used for -modfile in go command invocations.
+ modFile string
+
+ // modFlag will be used for -modfile in go command invocations.
+ modFlag string
+
+ // Fset provides source position information for syntax trees and types.
+ // If Fset is nil, Load will use a new fileset, but preserve Fset's value.
+ Fset *token.FileSet
+
+ // ParseFile is called to read and parse each file
+ // when preparing a package's type-checked syntax tree.
+ // It must be safe to call ParseFile simultaneously from multiple goroutines.
+ // If ParseFile is nil, the loader will uses parser.ParseFile.
+ //
+ // ParseFile should parse the source from src and use filename only for
+ // recording position information.
+ //
+ // An application may supply a custom implementation of ParseFile
+ // to change the effective file contents or the behavior of the parser,
+ // or to modify the syntax tree. For example, selectively eliminating
+ // unwanted function bodies can significantly accelerate type checking.
+ ParseFile func(fset *token.FileSet, filename string, src []byte) (*ast.File, error)
+
+ // If Tests is set, the loader includes not just the packages
+ // matching a particular pattern but also any related test packages,
+ // including test-only variants of the package and the test executable.
+ //
+ // For example, when using the go command, loading "fmt" with Tests=true
+ // returns four packages, with IDs "fmt" (the standard package),
+ // "fmt [fmt.test]" (the package as compiled for the test),
+ // "fmt_test" (the test functions from source files in package fmt_test),
+ // and "fmt.test" (the test binary).
+ //
+ // In build systems with explicit names for tests,
+ // setting Tests may have no effect.
+ Tests bool
+
+ // Overlay provides a mapping of absolute file paths to file contents.
+ // If the file with the given path already exists, the parser will use the
+ // alternative file contents provided by the map.
+ //
+ // Overlays provide incomplete support for when a given file doesn't
+ // already exist on disk. See the package doc above for more details.
+ Overlay map[string][]byte
+}
+
+// Load loads and returns the Go packages named by the given patterns.
+//
+// Config specifies loading options;
+// nil behaves the same as an empty Config.
+//
+// If any of the patterns was invalid as defined by the
+// underlying build system, Load returns an error.
+// It may return an empty list of packages without an error,
+// for instance for an empty expansion of a valid wildcard.
+// Errors associated with a particular package are recorded in the
+// corresponding Package's Errors list, and do not cause Load to
+// return an error. Clients may need to handle such errors before
+// proceeding with further analysis. The PrintErrors function is
+// provided for convenient display of all errors.
+func Load(cfg *Config, patterns ...string) ([]*Package, error) {
+ ld := newLoader(cfg)
+ response, external, err := defaultDriver(&ld.Config, patterns...)
+ if err != nil {
+ return nil, err
+ }
+
+ ld.sizes = types.SizesFor(response.Compiler, response.Arch)
+ if ld.sizes == nil && ld.Config.Mode&(NeedTypes|NeedTypesSizes|NeedTypesInfo) != 0 {
+ // Type size information is needed but unavailable.
+ if external {
+ // An external driver may fail to populate the Compiler/GOARCH fields,
+ // especially since they are relatively new (see #63700).
+ // Provide a sensible fallback in this case.
+ ld.sizes = types.SizesFor("gc", runtime.GOARCH)
+ if ld.sizes == nil { // gccgo-only arch
+ ld.sizes = types.SizesFor("gc", "amd64")
+ }
+ } else {
+ // Go list should never fail to deliver accurate size information.
+ // Reject the whole Load since the error is the same for every package.
+ return nil, fmt.Errorf("can't determine type sizes for compiler %q on GOARCH %q",
+ response.Compiler, response.Arch)
+ }
+ }
+
+ return ld.refine(response)
+}
+
+// defaultDriver is a driver that implements go/packages' fallback behavior.
+// It will try to request to an external driver, if one exists. If there's
+// no external driver, or the driver returns a response with NotHandled set,
+// defaultDriver will fall back to the go list driver.
+// The boolean result indicates that an external driver handled the request.
+func defaultDriver(cfg *Config, patterns ...string) (*DriverResponse, bool, error) {
+ const (
+ // windowsArgMax specifies the maximum command line length for
+ // the Windows' CreateProcess function.
+ windowsArgMax = 32767
+ // maxEnvSize is a very rough estimation of the maximum environment
+ // size of a user.
+ maxEnvSize = 16384
+ // safeArgMax specifies the maximum safe command line length to use
+ // by the underlying driver excl. the environment. We choose the Windows'
+ // ARG_MAX as the starting point because it's one of the lowest ARG_MAX
+ // constants out of the different supported platforms,
+ // e.g., https://www.in-ulm.de/~mascheck/various/argmax/#results.
+ safeArgMax = windowsArgMax - maxEnvSize
+ )
+ chunks, err := splitIntoChunks(patterns, safeArgMax)
+ if err != nil {
+ return nil, false, err
+ }
+
+ if driver := findExternalDriver(cfg); driver != nil {
+ response, err := callDriverOnChunks(driver, cfg, chunks)
+ if err != nil {
+ return nil, false, err
+ } else if !response.NotHandled {
+ return response, true, nil
+ }
+ // (fall through)
+ }
+
+ response, err := callDriverOnChunks(goListDriver, cfg, chunks)
+ if err != nil {
+ return nil, false, err
+ }
+ return response, false, err
+}
+
+// splitIntoChunks chunks the slice so that the total number of characters
+// in a chunk is no longer than argMax.
+func splitIntoChunks(patterns []string, argMax int) ([][]string, error) {
+ if argMax <= 0 {
+ return nil, errors.New("failed to split patterns into chunks, negative safe argMax value")
+ }
+ var chunks [][]string
+ charsInChunk := 0
+ nextChunkStart := 0
+ for i, v := range patterns {
+ vChars := len(v)
+ if vChars > argMax {
+ // a single pattern is longer than the maximum safe ARG_MAX, hardly should happen
+ return nil, errors.New("failed to split patterns into chunks, a pattern is too long")
+ }
+ charsInChunk += vChars + 1 // +1 is for a whitespace between patterns that has to be counted too
+ if charsInChunk > argMax {
+ chunks = append(chunks, patterns[nextChunkStart:i])
+ nextChunkStart = i
+ charsInChunk = vChars
+ }
+ }
+ // add the last chunk
+ if nextChunkStart < len(patterns) {
+ chunks = append(chunks, patterns[nextChunkStart:])
+ }
+ return chunks, nil
+}
+
+func callDriverOnChunks(driver driver, cfg *Config, chunks [][]string) (*DriverResponse, error) {
+ if len(chunks) == 0 {
+ return driver(cfg)
+ }
+ responses := make([]*DriverResponse, len(chunks))
+ errNotHandled := errors.New("driver returned NotHandled")
+ var g errgroup.Group
+ for i, chunk := range chunks {
+ i := i
+ chunk := chunk
+ g.Go(func() (err error) {
+ responses[i], err = driver(cfg, chunk...)
+ if responses[i] != nil && responses[i].NotHandled {
+ err = errNotHandled
+ }
+ return err
+ })
+ }
+ if err := g.Wait(); err != nil {
+ if errors.Is(err, errNotHandled) {
+ return &DriverResponse{NotHandled: true}, nil
+ }
+ return nil, err
+ }
+ return mergeResponses(responses...), nil
+}
+
+func mergeResponses(responses ...*DriverResponse) *DriverResponse {
+ if len(responses) == 0 {
+ return nil
+ }
+ response := newDeduper()
+ response.dr.NotHandled = false
+ response.dr.Compiler = responses[0].Compiler
+ response.dr.Arch = responses[0].Arch
+ response.dr.GoVersion = responses[0].GoVersion
+ for _, v := range responses {
+ response.addAll(v)
+ }
+ return response.dr
+}
+
+// A Package describes a loaded Go package.
+type Package struct {
+ // ID is a unique identifier for a package,
+ // in a syntax provided by the underlying build system.
+ //
+ // Because the syntax varies based on the build system,
+ // clients should treat IDs as opaque and not attempt to
+ // interpret them.
+ ID string
+
+ // Name is the package name as it appears in the package source code.
+ Name string
+
+ // PkgPath is the package path as used by the go/types package.
+ PkgPath string
+
+ // Errors contains any errors encountered querying the metadata
+ // of the package, or while parsing or type-checking its files.
+ Errors []Error
+
+ // TypeErrors contains the subset of errors produced during type checking.
+ TypeErrors []types.Error
+
+ // GoFiles lists the absolute file paths of the package's Go source files.
+ // It may include files that should not be compiled, for example because
+ // they contain non-matching build tags, are documentary pseudo-files such as
+ // unsafe/unsafe.go or builtin/builtin.go, or are subject to cgo preprocessing.
+ GoFiles []string
+
+ // CompiledGoFiles lists the absolute file paths of the package's source
+ // files that are suitable for type checking.
+ // This may differ from GoFiles if files are processed before compilation.
+ CompiledGoFiles []string
+
+ // OtherFiles lists the absolute file paths of the package's non-Go source files,
+ // including assembly, C, C++, Fortran, Objective-C, SWIG, and so on.
+ OtherFiles []string
+
+ // EmbedFiles lists the absolute file paths of the package's files
+ // embedded with go:embed.
+ EmbedFiles []string
+
+ // EmbedPatterns lists the absolute file patterns of the package's
+ // files embedded with go:embed.
+ EmbedPatterns []string
+
+ // IgnoredFiles lists source files that are not part of the package
+ // using the current build configuration but that might be part of
+ // the package using other build configurations.
+ IgnoredFiles []string
+
+ // ExportFile is the absolute path to a file containing type
+ // information for the package as provided by the build system.
+ ExportFile string
+
+ // Imports maps import paths appearing in the package's Go source files
+ // to corresponding loaded Packages.
+ Imports map[string]*Package
+
+ // Types provides type information for the package.
+ // The NeedTypes LoadMode bit sets this field for packages matching the
+ // patterns; type information for dependencies may be missing or incomplete,
+ // unless NeedDeps and NeedImports are also set.
+ //
+ // Each call to [Load] returns a consistent set of type
+ // symbols, as defined by the comment at [types.Identical].
+ // Avoid mixing type information from two or more calls to [Load].
+ Types *types.Package
+
+ // Fset provides position information for Types, TypesInfo, and Syntax.
+ // It is set only when Types is set.
+ Fset *token.FileSet
+
+ // IllTyped indicates whether the package or any dependency contains errors.
+ // It is set only when Types is set.
+ IllTyped bool
+
+ // Syntax is the package's syntax trees, for the files listed in CompiledGoFiles.
+ //
+ // The NeedSyntax LoadMode bit populates this field for packages matching the patterns.
+ // If NeedDeps and NeedImports are also set, this field will also be populated
+ // for dependencies.
+ //
+ // Syntax is kept in the same order as CompiledGoFiles, with the caveat that nils are
+ // removed. If parsing returned nil, Syntax may be shorter than CompiledGoFiles.
+ Syntax []*ast.File
+
+ // TypesInfo provides type information about the package's syntax trees.
+ // It is set only when Syntax is set.
+ TypesInfo *types.Info
+
+ // TypesSizes provides the effective size function for types in TypesInfo.
+ TypesSizes types.Sizes
+
+ // forTest is the package under test, if any.
+ forTest string
+
+ // depsErrors is the DepsErrors field from the go list response, if any.
+ depsErrors []*packagesinternal.PackageError
+
+ // module is the module information for the package if it exists.
+ Module *Module
+}
+
+// Module provides module information for a package.
+type Module struct {
+ Path string // module path
+ Version string // module version
+ Replace *Module // replaced by this module
+ Time *time.Time // time version was created
+ Main bool // is this the main module?
+ Indirect bool // is this module only an indirect dependency of main module?
+ Dir string // directory holding files for this module, if any
+ GoMod string // path to go.mod file used when loading this module, if any
+ GoVersion string // go version used in module
+ Error *ModuleError // error loading module
+}
+
+// ModuleError holds errors loading a module.
+type ModuleError struct {
+ Err string // the error itself
+}
+
+func init() {
+ packagesinternal.GetForTest = func(p interface{}) string {
+ return p.(*Package).forTest
+ }
+ packagesinternal.GetDepsErrors = func(p interface{}) []*packagesinternal.PackageError {
+ return p.(*Package).depsErrors
+ }
+ packagesinternal.SetModFile = func(config interface{}, value string) {
+ config.(*Config).modFile = value
+ }
+ packagesinternal.SetModFlag = func(config interface{}, value string) {
+ config.(*Config).modFlag = value
+ }
+ packagesinternal.TypecheckCgo = int(typecheckCgo)
+ packagesinternal.DepsErrors = int(needInternalDepsErrors)
+ packagesinternal.ForTest = int(needInternalForTest)
+}
+
+// An Error describes a problem with a package's metadata, syntax, or types.
+type Error struct {
+ Pos string // "file:line:col" or "file:line" or "" or "-"
+ Msg string
+ Kind ErrorKind
+}
+
+// ErrorKind describes the source of the error, allowing the user to
+// differentiate between errors generated by the driver, the parser, or the
+// type-checker.
+type ErrorKind int
+
+const (
+ UnknownError ErrorKind = iota
+ ListError
+ ParseError
+ TypeError
+)
+
+func (err Error) Error() string {
+ pos := err.Pos
+ if pos == "" {
+ pos = "-" // like token.Position{}.String()
+ }
+ return pos + ": " + err.Msg
+}
+
+// flatPackage is the JSON form of Package
+// It drops all the type and syntax fields, and transforms the Imports
+//
+// TODO(adonovan): identify this struct with Package, effectively
+// publishing the JSON protocol.
+type flatPackage struct {
+ ID string
+ Name string `json:",omitempty"`
+ PkgPath string `json:",omitempty"`
+ Errors []Error `json:",omitempty"`
+ GoFiles []string `json:",omitempty"`
+ CompiledGoFiles []string `json:",omitempty"`
+ OtherFiles []string `json:",omitempty"`
+ EmbedFiles []string `json:",omitempty"`
+ EmbedPatterns []string `json:",omitempty"`
+ IgnoredFiles []string `json:",omitempty"`
+ ExportFile string `json:",omitempty"`
+ Imports map[string]string `json:",omitempty"`
+}
+
+// MarshalJSON returns the Package in its JSON form.
+// For the most part, the structure fields are written out unmodified, and
+// the type and syntax fields are skipped.
+// The imports are written out as just a map of path to package id.
+// The errors are written using a custom type that tries to preserve the
+// structure of error types we know about.
+//
+// This method exists to enable support for additional build systems. It is
+// not intended for use by clients of the API and we may change the format.
+func (p *Package) MarshalJSON() ([]byte, error) {
+ flat := &flatPackage{
+ ID: p.ID,
+ Name: p.Name,
+ PkgPath: p.PkgPath,
+ Errors: p.Errors,
+ GoFiles: p.GoFiles,
+ CompiledGoFiles: p.CompiledGoFiles,
+ OtherFiles: p.OtherFiles,
+ EmbedFiles: p.EmbedFiles,
+ EmbedPatterns: p.EmbedPatterns,
+ IgnoredFiles: p.IgnoredFiles,
+ ExportFile: p.ExportFile,
+ }
+ if len(p.Imports) > 0 {
+ flat.Imports = make(map[string]string, len(p.Imports))
+ for path, ipkg := range p.Imports {
+ flat.Imports[path] = ipkg.ID
+ }
+ }
+ return json.Marshal(flat)
+}
+
+// UnmarshalJSON reads in a Package from its JSON format.
+// See MarshalJSON for details about the format accepted.
+func (p *Package) UnmarshalJSON(b []byte) error {
+ flat := &flatPackage{}
+ if err := json.Unmarshal(b, &flat); err != nil {
+ return err
+ }
+ *p = Package{
+ ID: flat.ID,
+ Name: flat.Name,
+ PkgPath: flat.PkgPath,
+ Errors: flat.Errors,
+ GoFiles: flat.GoFiles,
+ CompiledGoFiles: flat.CompiledGoFiles,
+ OtherFiles: flat.OtherFiles,
+ EmbedFiles: flat.EmbedFiles,
+ EmbedPatterns: flat.EmbedPatterns,
+ ExportFile: flat.ExportFile,
+ }
+ if len(flat.Imports) > 0 {
+ p.Imports = make(map[string]*Package, len(flat.Imports))
+ for path, id := range flat.Imports {
+ p.Imports[path] = &Package{ID: id}
+ }
+ }
+ return nil
+}
+
+func (p *Package) String() string { return p.ID }
+
+// loaderPackage augments Package with state used during the loading phase
+type loaderPackage struct {
+ *Package
+ importErrors map[string]error // maps each bad import to its error
+ loadOnce sync.Once
+ color uint8 // for cycle detection
+ needsrc bool // load from source (Mode >= LoadTypes)
+ needtypes bool // type information is either requested or depended on
+ initial bool // package was matched by a pattern
+ goVersion int // minor version number of go command on PATH
+}
+
+// loader holds the working state of a single call to load.
+type loader struct {
+ pkgs map[string]*loaderPackage
+ Config
+ sizes types.Sizes // non-nil if needed by mode
+ parseCache map[string]*parseValue
+ parseCacheMu sync.Mutex
+ exportMu sync.Mutex // enforces mutual exclusion of exportdata operations
+
+ // Config.Mode contains the implied mode (see impliedLoadMode).
+ // Implied mode contains all the fields we need the data for.
+ // In requestedMode there are the actually requested fields.
+ // We'll zero them out before returning packages to the user.
+ // This makes it easier for us to get the conditions where
+ // we need certain modes right.
+ requestedMode LoadMode
+}
+
+type parseValue struct {
+ f *ast.File
+ err error
+ ready chan struct{}
+}
+
+func newLoader(cfg *Config) *loader {
+ ld := &loader{
+ parseCache: map[string]*parseValue{},
+ }
+ if cfg != nil {
+ ld.Config = *cfg
+ // If the user has provided a logger, use it.
+ ld.Config.Logf = cfg.Logf
+ }
+ if ld.Config.Logf == nil {
+ // If the GOPACKAGESDEBUG environment variable is set to true,
+ // but the user has not provided a logger, default to log.Printf.
+ if debug {
+ ld.Config.Logf = log.Printf
+ } else {
+ ld.Config.Logf = func(format string, args ...interface{}) {}
+ }
+ }
+ if ld.Config.Mode == 0 {
+ ld.Config.Mode = NeedName | NeedFiles | NeedCompiledGoFiles // Preserve zero behavior of Mode for backwards compatibility.
+ }
+ if ld.Config.Env == nil {
+ ld.Config.Env = os.Environ()
+ }
+ if ld.Config.gocmdRunner == nil {
+ ld.Config.gocmdRunner = &gocommand.Runner{}
+ }
+ if ld.Context == nil {
+ ld.Context = context.Background()
+ }
+ if ld.Dir == "" {
+ if dir, err := os.Getwd(); err == nil {
+ ld.Dir = dir
+ }
+ }
+
+ // Save the actually requested fields. We'll zero them out before returning packages to the user.
+ ld.requestedMode = ld.Mode
+ ld.Mode = impliedLoadMode(ld.Mode)
+
+ if ld.Mode&NeedTypes != 0 || ld.Mode&NeedSyntax != 0 {
+ if ld.Fset == nil {
+ ld.Fset = token.NewFileSet()
+ }
+
+ // ParseFile is required even in LoadTypes mode
+ // because we load source if export data is missing.
+ if ld.ParseFile == nil {
+ ld.ParseFile = func(fset *token.FileSet, filename string, src []byte) (*ast.File, error) {
+ const mode = parser.AllErrors | parser.ParseComments
+ return parser.ParseFile(fset, filename, src, mode)
+ }
+ }
+ }
+
+ return ld
+}
+
+// refine connects the supplied packages into a graph and then adds type
+// and syntax information as requested by the LoadMode.
+func (ld *loader) refine(response *DriverResponse) ([]*Package, error) {
+ roots := response.Roots
+ rootMap := make(map[string]int, len(roots))
+ for i, root := range roots {
+ rootMap[root] = i
+ }
+ ld.pkgs = make(map[string]*loaderPackage)
+ // first pass, fixup and build the map and roots
+ var initial = make([]*loaderPackage, len(roots))
+ for _, pkg := range response.Packages {
+ rootIndex := -1
+ if i, found := rootMap[pkg.ID]; found {
+ rootIndex = i
+ }
+
+ // Overlays can invalidate export data.
+ // TODO(matloob): make this check fine-grained based on dependencies on overlaid files
+ exportDataInvalid := len(ld.Overlay) > 0 || pkg.ExportFile == "" && pkg.PkgPath != "unsafe"
+ // This package needs type information if the caller requested types and the package is
+ // either a root, or it's a non-root and the user requested dependencies ...
+ needtypes := (ld.Mode&NeedTypes|NeedTypesInfo != 0 && (rootIndex >= 0 || ld.Mode&NeedDeps != 0))
+ // This package needs source if the call requested source (or types info, which implies source)
+ // and the package is either a root, or itas a non- root and the user requested dependencies...
+ needsrc := ((ld.Mode&(NeedSyntax|NeedTypesInfo) != 0 && (rootIndex >= 0 || ld.Mode&NeedDeps != 0)) ||
+ // ... or if we need types and the exportData is invalid. We fall back to (incompletely)
+ // typechecking packages from source if they fail to compile.
+ (ld.Mode&(NeedTypes|NeedTypesInfo) != 0 && exportDataInvalid)) && pkg.PkgPath != "unsafe"
+ lpkg := &loaderPackage{
+ Package: pkg,
+ needtypes: needtypes,
+ needsrc: needsrc,
+ goVersion: response.GoVersion,
+ }
+ ld.pkgs[lpkg.ID] = lpkg
+ if rootIndex >= 0 {
+ initial[rootIndex] = lpkg
+ lpkg.initial = true
+ }
+ }
+ for i, root := range roots {
+ if initial[i] == nil {
+ return nil, fmt.Errorf("root package %v is missing", root)
+ }
+ }
+
+ if ld.Mode&NeedImports != 0 {
+ // Materialize the import graph.
+
+ const (
+ white = 0 // new
+ grey = 1 // in progress
+ black = 2 // complete
+ )
+
+ // visit traverses the import graph, depth-first,
+ // and materializes the graph as Packages.Imports.
+ //
+ // Valid imports are saved in the Packages.Import map.
+ // Invalid imports (cycles and missing nodes) are saved in the importErrors map.
+ // Thus, even in the presence of both kinds of errors,
+ // the Import graph remains a DAG.
+ //
+ // visit returns whether the package needs src or has a transitive
+ // dependency on a package that does. These are the only packages
+ // for which we load source code.
+ var stack []*loaderPackage
+ var visit func(lpkg *loaderPackage) bool
+ visit = func(lpkg *loaderPackage) bool {
+ switch lpkg.color {
+ case black:
+ return lpkg.needsrc
+ case grey:
+ panic("internal error: grey node")
+ }
+ lpkg.color = grey
+ stack = append(stack, lpkg) // push
+ stubs := lpkg.Imports // the structure form has only stubs with the ID in the Imports
+ lpkg.Imports = make(map[string]*Package, len(stubs))
+ for importPath, ipkg := range stubs {
+ var importErr error
+ imp := ld.pkgs[ipkg.ID]
+ if imp == nil {
+ // (includes package "C" when DisableCgo)
+ importErr = fmt.Errorf("missing package: %q", ipkg.ID)
+ } else if imp.color == grey {
+ importErr = fmt.Errorf("import cycle: %s", stack)
+ }
+ if importErr != nil {
+ if lpkg.importErrors == nil {
+ lpkg.importErrors = make(map[string]error)
+ }
+ lpkg.importErrors[importPath] = importErr
+ continue
+ }
+
+ if visit(imp) {
+ lpkg.needsrc = true
+ }
+ lpkg.Imports[importPath] = imp.Package
+ }
+
+ // Complete type information is required for the
+ // immediate dependencies of each source package.
+ if lpkg.needsrc && ld.Mode&NeedTypes != 0 {
+ for _, ipkg := range lpkg.Imports {
+ ld.pkgs[ipkg.ID].needtypes = true
+ }
+ }
+
+ // NeedTypeSizes causes TypeSizes to be set even
+ // on packages for which types aren't needed.
+ if ld.Mode&NeedTypesSizes != 0 {
+ lpkg.TypesSizes = ld.sizes
+ }
+ stack = stack[:len(stack)-1] // pop
+ lpkg.color = black
+
+ return lpkg.needsrc
+ }
+
+ // For each initial package, create its import DAG.
+ for _, lpkg := range initial {
+ visit(lpkg)
+ }
+
+ } else {
+ // !NeedImports: drop the stub (ID-only) import packages
+ // that we are not even going to try to resolve.
+ for _, lpkg := range initial {
+ lpkg.Imports = nil
+ }
+ }
+
+ // Load type data and syntax if needed, starting at
+ // the initial packages (roots of the import DAG).
+ if ld.Mode&NeedTypes != 0 || ld.Mode&NeedSyntax != 0 {
+ var wg sync.WaitGroup
+ for _, lpkg := range initial {
+ wg.Add(1)
+ go func(lpkg *loaderPackage) {
+ ld.loadRecursive(lpkg)
+ wg.Done()
+ }(lpkg)
+ }
+ wg.Wait()
+ }
+
+ // If the context is done, return its error and
+ // throw out [likely] incomplete packages.
+ if err := ld.Context.Err(); err != nil {
+ return nil, err
+ }
+
+ result := make([]*Package, len(initial))
+ for i, lpkg := range initial {
+ result[i] = lpkg.Package
+ }
+ for i := range ld.pkgs {
+ // Clear all unrequested fields,
+ // to catch programs that use more than they request.
+ if ld.requestedMode&NeedName == 0 {
+ ld.pkgs[i].Name = ""
+ ld.pkgs[i].PkgPath = ""
+ }
+ if ld.requestedMode&NeedFiles == 0 {
+ ld.pkgs[i].GoFiles = nil
+ ld.pkgs[i].OtherFiles = nil
+ ld.pkgs[i].IgnoredFiles = nil
+ }
+ if ld.requestedMode&NeedEmbedFiles == 0 {
+ ld.pkgs[i].EmbedFiles = nil
+ }
+ if ld.requestedMode&NeedEmbedPatterns == 0 {
+ ld.pkgs[i].EmbedPatterns = nil
+ }
+ if ld.requestedMode&NeedCompiledGoFiles == 0 {
+ ld.pkgs[i].CompiledGoFiles = nil
+ }
+ if ld.requestedMode&NeedImports == 0 {
+ ld.pkgs[i].Imports = nil
+ }
+ if ld.requestedMode&NeedExportFile == 0 {
+ ld.pkgs[i].ExportFile = ""
+ }
+ if ld.requestedMode&NeedTypes == 0 {
+ ld.pkgs[i].Types = nil
+ ld.pkgs[i].Fset = nil
+ ld.pkgs[i].IllTyped = false
+ }
+ if ld.requestedMode&NeedSyntax == 0 {
+ ld.pkgs[i].Syntax = nil
+ }
+ if ld.requestedMode&NeedTypesInfo == 0 {
+ ld.pkgs[i].TypesInfo = nil
+ }
+ if ld.requestedMode&NeedTypesSizes == 0 {
+ ld.pkgs[i].TypesSizes = nil
+ }
+ if ld.requestedMode&NeedModule == 0 {
+ ld.pkgs[i].Module = nil
+ }
+ }
+
+ return result, nil
+}
+
+// loadRecursive loads the specified package and its dependencies,
+// recursively, in parallel, in topological order.
+// It is atomic and idempotent.
+// Precondition: ld.Mode&NeedTypes.
+func (ld *loader) loadRecursive(lpkg *loaderPackage) {
+ lpkg.loadOnce.Do(func() {
+ // Load the direct dependencies, in parallel.
+ var wg sync.WaitGroup
+ for _, ipkg := range lpkg.Imports {
+ imp := ld.pkgs[ipkg.ID]
+ wg.Add(1)
+ go func(imp *loaderPackage) {
+ ld.loadRecursive(imp)
+ wg.Done()
+ }(imp)
+ }
+ wg.Wait()
+ ld.loadPackage(lpkg)
+ })
+}
+
+// loadPackage loads the specified package.
+// It must be called only once per Package,
+// after immediate dependencies are loaded.
+// Precondition: ld.Mode & NeedTypes.
+func (ld *loader) loadPackage(lpkg *loaderPackage) {
+ if lpkg.PkgPath == "unsafe" {
+ // Fill in the blanks to avoid surprises.
+ lpkg.Types = types.Unsafe
+ lpkg.Fset = ld.Fset
+ lpkg.Syntax = []*ast.File{}
+ lpkg.TypesInfo = new(types.Info)
+ lpkg.TypesSizes = ld.sizes
+ return
+ }
+
+ // Call NewPackage directly with explicit name.
+ // This avoids skew between golist and go/types when the files'
+ // package declarations are inconsistent.
+ lpkg.Types = types.NewPackage(lpkg.PkgPath, lpkg.Name)
+ lpkg.Fset = ld.Fset
+
+ // Start shutting down if the context is done and do not load
+ // source or export data files.
+ // Packages that import this one will have ld.Context.Err() != nil.
+ // ld.Context.Err() will be returned later by refine.
+ if ld.Context.Err() != nil {
+ return
+ }
+
+ // Subtle: we populate all Types fields with an empty Package
+ // before loading export data so that export data processing
+ // never has to create a types.Package for an indirect dependency,
+ // which would then require that such created packages be explicitly
+ // inserted back into the Import graph as a final step after export data loading.
+ // (Hence this return is after the Types assignment.)
+ // The Diamond test exercises this case.
+ if !lpkg.needtypes && !lpkg.needsrc {
+ return
+ }
+ if !lpkg.needsrc {
+ if err := ld.loadFromExportData(lpkg); err != nil {
+ lpkg.Errors = append(lpkg.Errors, Error{
+ Pos: "-",
+ Msg: err.Error(),
+ Kind: UnknownError, // e.g. can't find/open/parse export data
+ })
+ }
+ return // not a source package, don't get syntax trees
+ }
+
+ appendError := func(err error) {
+ // Convert various error types into the one true Error.
+ var errs []Error
+ switch err := err.(type) {
+ case Error:
+ // from driver
+ errs = append(errs, err)
+
+ case *os.PathError:
+ // from parser
+ errs = append(errs, Error{
+ Pos: err.Path + ":1",
+ Msg: err.Err.Error(),
+ Kind: ParseError,
+ })
+
+ case scanner.ErrorList:
+ // from parser
+ for _, err := range err {
+ errs = append(errs, Error{
+ Pos: err.Pos.String(),
+ Msg: err.Msg,
+ Kind: ParseError,
+ })
+ }
+
+ case types.Error:
+ // from type checker
+ lpkg.TypeErrors = append(lpkg.TypeErrors, err)
+ errs = append(errs, Error{
+ Pos: err.Fset.Position(err.Pos).String(),
+ Msg: err.Msg,
+ Kind: TypeError,
+ })
+
+ default:
+ // unexpected impoverished error from parser?
+ errs = append(errs, Error{
+ Pos: "-",
+ Msg: err.Error(),
+ Kind: UnknownError,
+ })
+
+ // If you see this error message, please file a bug.
+ log.Printf("internal error: error %q (%T) without position", err, err)
+ }
+
+ lpkg.Errors = append(lpkg.Errors, errs...)
+ }
+
+ // If the go command on the PATH is newer than the runtime,
+ // then the go/{scanner,ast,parser,types} packages from the
+ // standard library may be unable to process the files
+ // selected by go list.
+ //
+ // There is currently no way to downgrade the effective
+ // version of the go command (see issue 52078), so we proceed
+ // with the newer go command but, in case of parse or type
+ // errors, we emit an additional diagnostic.
+ //
+ // See:
+ // - golang.org/issue/52078 (flag to set release tags)
+ // - golang.org/issue/50825 (gopls legacy version support)
+ // - golang.org/issue/55883 (go/packages confusing error)
+ //
+ // Should we assert a hard minimum of (currently) go1.16 here?
+ var runtimeVersion int
+ if _, err := fmt.Sscanf(runtime.Version(), "go1.%d", &runtimeVersion); err == nil && runtimeVersion < lpkg.goVersion {
+ defer func() {
+ if len(lpkg.Errors) > 0 {
+ appendError(Error{
+ Pos: "-",
+ Msg: fmt.Sprintf("This application uses version go1.%d of the source-processing packages but runs version go1.%d of 'go list'. It may fail to process source files that rely on newer language features. If so, rebuild the application using a newer version of Go.", runtimeVersion, lpkg.goVersion),
+ Kind: UnknownError,
+ })
+ }
+ }()
+ }
+
+ if ld.Config.Mode&NeedTypes != 0 && len(lpkg.CompiledGoFiles) == 0 && lpkg.ExportFile != "" {
+ // The config requested loading sources and types, but sources are missing.
+ // Add an error to the package and fall back to loading from export data.
+ appendError(Error{"-", fmt.Sprintf("sources missing for package %s", lpkg.ID), ParseError})
+ _ = ld.loadFromExportData(lpkg) // ignore any secondary errors
+
+ return // can't get syntax trees for this package
+ }
+
+ files, errs := ld.parseFiles(lpkg.CompiledGoFiles)
+ for _, err := range errs {
+ appendError(err)
+ }
+
+ lpkg.Syntax = files
+ if ld.Config.Mode&NeedTypes == 0 {
+ return
+ }
+
+ // Start shutting down if the context is done and do not type check.
+ // Packages that import this one will have ld.Context.Err() != nil.
+ // ld.Context.Err() will be returned later by refine.
+ if ld.Context.Err() != nil {
+ return
+ }
+
+ lpkg.TypesInfo = &types.Info{
+ Types: make(map[ast.Expr]types.TypeAndValue),
+ Defs: make(map[*ast.Ident]types.Object),
+ Uses: make(map[*ast.Ident]types.Object),
+ Implicits: make(map[ast.Node]types.Object),
+ Instances: make(map[*ast.Ident]types.Instance),
+ Scopes: make(map[ast.Node]*types.Scope),
+ Selections: make(map[*ast.SelectorExpr]*types.Selection),
+ }
+ versions.InitFileVersions(lpkg.TypesInfo)
+ lpkg.TypesSizes = ld.sizes
+
+ importer := importerFunc(func(path string) (*types.Package, error) {
+ if path == "unsafe" {
+ return types.Unsafe, nil
+ }
+
+ // The imports map is keyed by import path.
+ ipkg := lpkg.Imports[path]
+ if ipkg == nil {
+ if err := lpkg.importErrors[path]; err != nil {
+ return nil, err
+ }
+ // There was skew between the metadata and the
+ // import declarations, likely due to an edit
+ // race, or because the ParseFile feature was
+ // used to supply alternative file contents.
+ return nil, fmt.Errorf("no metadata for %s", path)
+ }
+
+ if ipkg.Types != nil && ipkg.Types.Complete() {
+ return ipkg.Types, nil
+ }
+ log.Fatalf("internal error: package %q without types was imported from %q", path, lpkg)
+ panic("unreachable")
+ })
+
+ // type-check
+ tc := &types.Config{
+ Importer: importer,
+
+ // Type-check bodies of functions only in initial packages.
+ // Example: for import graph A->B->C and initial packages {A,C},
+ // we can ignore function bodies in B.
+ IgnoreFuncBodies: ld.Mode&NeedDeps == 0 && !lpkg.initial,
+
+ Error: appendError,
+ Sizes: ld.sizes, // may be nil
+ }
+ if lpkg.Module != nil && lpkg.Module.GoVersion != "" {
+ tc.GoVersion = "go" + lpkg.Module.GoVersion
+ }
+ if (ld.Mode & typecheckCgo) != 0 {
+ if !typesinternal.SetUsesCgo(tc) {
+ appendError(Error{
+ Msg: "typecheckCgo requires Go 1.15+",
+ Kind: ListError,
+ })
+ return
+ }
+ }
+
+ typErr := types.NewChecker(tc, ld.Fset, lpkg.Types, lpkg.TypesInfo).Files(lpkg.Syntax)
+ lpkg.importErrors = nil // no longer needed
+
+ // In go/types go1.21 and go1.22, Checker.Files failed fast with a
+ // a "too new" error, without calling tc.Error and without
+ // proceeding to type-check the package (#66525).
+ // We rely on the runtimeVersion error to give the suggested remedy.
+ if typErr != nil && len(lpkg.Errors) == 0 && len(lpkg.Syntax) > 0 {
+ if msg := typErr.Error(); strings.HasPrefix(msg, "package requires newer Go version") {
+ appendError(types.Error{
+ Fset: ld.Fset,
+ Pos: lpkg.Syntax[0].Package,
+ Msg: msg,
+ })
+ }
+ }
+
+ // If !Cgo, the type-checker uses FakeImportC mode, so
+ // it doesn't invoke the importer for import "C",
+ // nor report an error for the import,
+ // or for any undefined C.f reference.
+ // We must detect this explicitly and correctly
+ // mark the package as IllTyped (by reporting an error).
+ // TODO(adonovan): if these errors are annoying,
+ // we could just set IllTyped quietly.
+ if tc.FakeImportC {
+ outer:
+ for _, f := range lpkg.Syntax {
+ for _, imp := range f.Imports {
+ if imp.Path.Value == `"C"` {
+ err := types.Error{Fset: ld.Fset, Pos: imp.Pos(), Msg: `import "C" ignored`}
+ appendError(err)
+ break outer
+ }
+ }
+ }
+ }
+
+ // If types.Checker.Files had an error that was unreported,
+ // make sure to report the unknown error so the package is illTyped.
+ if typErr != nil && len(lpkg.Errors) == 0 {
+ appendError(typErr)
+ }
+
+ // Record accumulated errors.
+ illTyped := len(lpkg.Errors) > 0
+ if !illTyped {
+ for _, imp := range lpkg.Imports {
+ if imp.IllTyped {
+ illTyped = true
+ break
+ }
+ }
+ }
+ lpkg.IllTyped = illTyped
+}
+
+// An importFunc is an implementation of the single-method
+// types.Importer interface based on a function value.
+type importerFunc func(path string) (*types.Package, error)
+
+func (f importerFunc) Import(path string) (*types.Package, error) { return f(path) }
+
+// We use a counting semaphore to limit
+// the number of parallel I/O calls per process.
+var ioLimit = make(chan bool, 20)
+
+func (ld *loader) parseFile(filename string) (*ast.File, error) {
+ ld.parseCacheMu.Lock()
+ v, ok := ld.parseCache[filename]
+ if ok {
+ // cache hit
+ ld.parseCacheMu.Unlock()
+ <-v.ready
+ } else {
+ // cache miss
+ v = &parseValue{ready: make(chan struct{})}
+ ld.parseCache[filename] = v
+ ld.parseCacheMu.Unlock()
+
+ var src []byte
+ for f, contents := range ld.Config.Overlay {
+ if sameFile(f, filename) {
+ src = contents
+ }
+ }
+ var err error
+ if src == nil {
+ ioLimit <- true // wait
+ src, err = os.ReadFile(filename)
+ <-ioLimit // signal
+ }
+ if err != nil {
+ v.err = err
+ } else {
+ v.f, v.err = ld.ParseFile(ld.Fset, filename, src)
+ }
+
+ close(v.ready)
+ }
+ return v.f, v.err
+}
+
+// parseFiles reads and parses the Go source files and returns the ASTs
+// of the ones that could be at least partially parsed, along with a
+// list of I/O and parse errors encountered.
+//
+// Because files are scanned in parallel, the token.Pos
+// positions of the resulting ast.Files are not ordered.
+func (ld *loader) parseFiles(filenames []string) ([]*ast.File, []error) {
+ var wg sync.WaitGroup
+ n := len(filenames)
+ parsed := make([]*ast.File, n)
+ errors := make([]error, n)
+ for i, file := range filenames {
+ wg.Add(1)
+ go func(i int, filename string) {
+ parsed[i], errors[i] = ld.parseFile(filename)
+ wg.Done()
+ }(i, file)
+ }
+ wg.Wait()
+
+ // Eliminate nils, preserving order.
+ var o int
+ for _, f := range parsed {
+ if f != nil {
+ parsed[o] = f
+ o++
+ }
+ }
+ parsed = parsed[:o]
+
+ o = 0
+ for _, err := range errors {
+ if err != nil {
+ errors[o] = err
+ o++
+ }
+ }
+ errors = errors[:o]
+
+ return parsed, errors
+}
+
+// sameFile returns true if x and y have the same basename and denote
+// the same file.
+func sameFile(x, y string) bool {
+ if x == y {
+ // It could be the case that y doesn't exist.
+ // For instance, it may be an overlay file that
+ // hasn't been written to disk. To handle that case
+ // let x == y through. (We added the exact absolute path
+ // string to the CompiledGoFiles list, so the unwritten
+ // overlay case implies x==y.)
+ return true
+ }
+ if strings.EqualFold(filepath.Base(x), filepath.Base(y)) { // (optimisation)
+ if xi, err := os.Stat(x); err == nil {
+ if yi, err := os.Stat(y); err == nil {
+ return os.SameFile(xi, yi)
+ }
+ }
+ }
+ return false
+}
+
+// loadFromExportData ensures that type information is present for the specified
+// package, loading it from an export data file on the first request.
+// On success it sets lpkg.Types to a new Package.
+func (ld *loader) loadFromExportData(lpkg *loaderPackage) error {
+ if lpkg.PkgPath == "" {
+ log.Fatalf("internal error: Package %s has no PkgPath", lpkg)
+ }
+
+ // Because gcexportdata.Read has the potential to create or
+ // modify the types.Package for each node in the transitive
+ // closure of dependencies of lpkg, all exportdata operations
+ // must be sequential. (Finer-grained locking would require
+ // changes to the gcexportdata API.)
+ //
+ // The exportMu lock guards the lpkg.Types field and the
+ // types.Package it points to, for each loaderPackage in the graph.
+ //
+ // Not all accesses to Package.Pkg need to be protected by exportMu:
+ // graph ordering ensures that direct dependencies of source
+ // packages are fully loaded before the importer reads their Pkg field.
+ ld.exportMu.Lock()
+ defer ld.exportMu.Unlock()
+
+ if tpkg := lpkg.Types; tpkg != nil && tpkg.Complete() {
+ return nil // cache hit
+ }
+
+ lpkg.IllTyped = true // fail safe
+
+ if lpkg.ExportFile == "" {
+ // Errors while building export data will have been printed to stderr.
+ return fmt.Errorf("no export data file")
+ }
+ f, err := os.Open(lpkg.ExportFile)
+ if err != nil {
+ return err
+ }
+ defer f.Close()
+
+ // Read gc export data.
+ //
+ // We don't currently support gccgo export data because all
+ // underlying workspaces use the gc toolchain. (Even build
+ // systems that support gccgo don't use it for workspace
+ // queries.)
+ r, err := gcexportdata.NewReader(f)
+ if err != nil {
+ return fmt.Errorf("reading %s: %v", lpkg.ExportFile, err)
+ }
+
+ // Build the view.
+ //
+ // The gcexportdata machinery has no concept of package ID.
+ // It identifies packages by their PkgPath, which although not
+ // globally unique is unique within the scope of one invocation
+ // of the linker, type-checker, or gcexportdata.
+ //
+ // So, we must build a PkgPath-keyed view of the global
+ // (conceptually ID-keyed) cache of packages and pass it to
+ // gcexportdata. The view must contain every existing
+ // package that might possibly be mentioned by the
+ // current package---its transitive closure.
+ //
+ // In loadPackage, we unconditionally create a types.Package for
+ // each dependency so that export data loading does not
+ // create new ones.
+ //
+ // TODO(adonovan): it would be simpler and more efficient
+ // if the export data machinery invoked a callback to
+ // get-or-create a package instead of a map.
+ //
+ view := make(map[string]*types.Package) // view seen by gcexportdata
+ seen := make(map[*loaderPackage]bool) // all visited packages
+ var visit func(pkgs map[string]*Package)
+ visit = func(pkgs map[string]*Package) {
+ for _, p := range pkgs {
+ lpkg := ld.pkgs[p.ID]
+ if !seen[lpkg] {
+ seen[lpkg] = true
+ view[lpkg.PkgPath] = lpkg.Types
+ visit(lpkg.Imports)
+ }
+ }
+ }
+ visit(lpkg.Imports)
+
+ viewLen := len(view) + 1 // adding the self package
+ // Parse the export data.
+ // (May modify incomplete packages in view but not create new ones.)
+ tpkg, err := gcexportdata.Read(r, ld.Fset, view, lpkg.PkgPath)
+ if err != nil {
+ return fmt.Errorf("reading %s: %v", lpkg.ExportFile, err)
+ }
+ if _, ok := view["go.shape"]; ok {
+ // Account for the pseudopackage "go.shape" that gets
+ // created by generic code.
+ viewLen++
+ }
+ if viewLen != len(view) {
+ log.Panicf("golang.org/x/tools/go/packages: unexpected new packages during load of %s", lpkg.PkgPath)
+ }
+
+ lpkg.Types = tpkg
+ lpkg.IllTyped = false
+ return nil
+}
+
+// impliedLoadMode returns loadMode with its dependencies.
+func impliedLoadMode(loadMode LoadMode) LoadMode {
+ if loadMode&(NeedDeps|NeedTypes|NeedTypesInfo) != 0 {
+ // All these things require knowing the import graph.
+ loadMode |= NeedImports
+ }
+
+ return loadMode
+}
+
+func usesExportData(cfg *Config) bool {
+ return cfg.Mode&NeedExportFile != 0 || cfg.Mode&NeedTypes != 0 && cfg.Mode&NeedDeps == 0
+}
+
+var _ interface{} = io.Discard // assert build toolchain is go1.16 or later
diff --git a/vendor/golang.org/x/tools/go/packages/visit.go b/vendor/golang.org/x/tools/go/packages/visit.go
new file mode 100644
index 000000000..a1dcc40b7
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/packages/visit.go
@@ -0,0 +1,59 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package packages
+
+import (
+ "fmt"
+ "os"
+ "sort"
+)
+
+// Visit visits all the packages in the import graph whose roots are
+// pkgs, calling the optional pre function the first time each package
+// is encountered (preorder), and the optional post function after a
+// package's dependencies have been visited (postorder).
+// The boolean result of pre(pkg) determines whether
+// the imports of package pkg are visited.
+func Visit(pkgs []*Package, pre func(*Package) bool, post func(*Package)) {
+ seen := make(map[*Package]bool)
+ var visit func(*Package)
+ visit = func(pkg *Package) {
+ if !seen[pkg] {
+ seen[pkg] = true
+
+ if pre == nil || pre(pkg) {
+ paths := make([]string, 0, len(pkg.Imports))
+ for path := range pkg.Imports {
+ paths = append(paths, path)
+ }
+ sort.Strings(paths) // Imports is a map, this makes visit stable
+ for _, path := range paths {
+ visit(pkg.Imports[path])
+ }
+ }
+
+ if post != nil {
+ post(pkg)
+ }
+ }
+ }
+ for _, pkg := range pkgs {
+ visit(pkg)
+ }
+}
+
+// PrintErrors prints to os.Stderr the accumulated errors of all
+// packages in the import graph rooted at pkgs, dependencies first.
+// PrintErrors returns the number of errors printed.
+func PrintErrors(pkgs []*Package) int {
+ var n int
+ Visit(pkgs, nil, func(pkg *Package) {
+ for _, err := range pkg.Errors {
+ fmt.Fprintln(os.Stderr, err)
+ n++
+ }
+ })
+ return n
+}
diff --git a/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
new file mode 100644
index 000000000..a2386c347
--- /dev/null
+++ b/vendor/golang.org/x/tools/go/types/objectpath/objectpath.go
@@ -0,0 +1,753 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package objectpath defines a naming scheme for types.Objects
+// (that is, named entities in Go programs) relative to their enclosing
+// package.
+//
+// Type-checker objects are canonical, so they are usually identified by
+// their address in memory (a pointer), but a pointer has meaning only
+// within one address space. By contrast, objectpath names allow the
+// identity of an object to be sent from one program to another,
+// establishing a correspondence between types.Object variables that are
+// distinct but logically equivalent.
+//
+// A single object may have multiple paths. In this example,
+//
+// type A struct{ X int }
+// type B A
+//
+// the field X has two paths due to its membership of both A and B.
+// The For(obj) function always returns one of these paths, arbitrarily
+// but consistently.
+package objectpath
+
+import (
+ "fmt"
+ "go/types"
+ "strconv"
+ "strings"
+
+ "golang.org/x/tools/internal/aliases"
+ "golang.org/x/tools/internal/typesinternal"
+)
+
+// TODO(adonovan): think about generic aliases.
+
+// A Path is an opaque name that identifies a types.Object
+// relative to its package. Conceptually, the name consists of a
+// sequence of destructuring operations applied to the package scope
+// to obtain the original object.
+// The name does not include the package itself.
+type Path string
+
+// Encoding
+//
+// An object path is a textual and (with training) human-readable encoding
+// of a sequence of destructuring operators, starting from a types.Package.
+// The sequences represent a path through the package/object/type graph.
+// We classify these operators by their type:
+//
+// PO package->object Package.Scope.Lookup
+// OT object->type Object.Type
+// TT type->type Type.{Elem,Key,Params,Results,Underlying} [EKPRU]
+// TO type->object Type.{At,Field,Method,Obj} [AFMO]
+//
+// All valid paths start with a package and end at an object
+// and thus may be defined by the regular language:
+//
+// objectpath = PO (OT TT* TO)*
+//
+// The concrete encoding follows directly:
+// - The only PO operator is Package.Scope.Lookup, which requires an identifier.
+// - The only OT operator is Object.Type,
+// which we encode as '.' because dot cannot appear in an identifier.
+// - The TT operators are encoded as [EKPRUTC];
+// one of these (TypeParam) requires an integer operand,
+// which is encoded as a string of decimal digits.
+// - The TO operators are encoded as [AFMO];
+// three of these (At,Field,Method) require an integer operand,
+// which is encoded as a string of decimal digits.
+// These indices are stable across different representations
+// of the same package, even source and export data.
+// The indices used are implementation specific and may not correspond to
+// the argument to the go/types function.
+//
+// In the example below,
+//
+// package p
+//
+// type T interface {
+// f() (a string, b struct{ X int })
+// }
+//
+// field X has the path "T.UM0.RA1.F0",
+// representing the following sequence of operations:
+//
+// p.Lookup("T") T
+// .Type().Underlying().Method(0). f
+// .Type().Results().At(1) b
+// .Type().Field(0) X
+//
+// The encoding is not maximally compact---every R or P is
+// followed by an A, for example---but this simplifies the
+// encoder and decoder.
+const (
+ // object->type operators
+ opType = '.' // .Type() (Object)
+
+ // type->type operators
+ opElem = 'E' // .Elem() (Pointer, Slice, Array, Chan, Map)
+ opKey = 'K' // .Key() (Map)
+ opParams = 'P' // .Params() (Signature)
+ opResults = 'R' // .Results() (Signature)
+ opUnderlying = 'U' // .Underlying() (Named)
+ opTypeParam = 'T' // .TypeParams.At(i) (Named, Signature)
+ opConstraint = 'C' // .Constraint() (TypeParam)
+
+ // type->object operators
+ opAt = 'A' // .At(i) (Tuple)
+ opField = 'F' // .Field(i) (Struct)
+ opMethod = 'M' // .Method(i) (Named or Interface; not Struct: "promoted" names are ignored)
+ opObj = 'O' // .Obj() (Named, TypeParam)
+)
+
+// For is equivalent to new(Encoder).For(obj).
+//
+// It may be more efficient to reuse a single Encoder across several calls.
+func For(obj types.Object) (Path, error) {
+ return new(Encoder).For(obj)
+}
+
+// An Encoder amortizes the cost of encoding the paths of multiple objects.
+// The zero value of an Encoder is ready to use.
+type Encoder struct {
+ scopeMemo map[*types.Scope][]types.Object // memoization of scopeObjects
+}
+
+// For returns the path to an object relative to its package,
+// or an error if the object is not accessible from the package's Scope.
+//
+// The For function guarantees to return a path only for the following objects:
+// - package-level types
+// - exported package-level non-types
+// - methods
+// - parameter and result variables
+// - struct fields
+// These objects are sufficient to define the API of their package.
+// The objects described by a package's export data are drawn from this set.
+//
+// The set of objects accessible from a package's Scope depends on
+// whether the package was produced by type-checking syntax, or
+// reading export data; the latter may have a smaller Scope since
+// export data trims objects that are not reachable from an exported
+// declaration. For example, the For function will return a path for
+// an exported method of an unexported type that is not reachable
+// from any public declaration; this path will cause the Object
+// function to fail if called on a package loaded from export data.
+// TODO(adonovan): is this a bug or feature? Should this package
+// compute accessibility in the same way?
+//
+// For does not return a path for predeclared names, imported package
+// names, local names, and unexported package-level names (except
+// types).
+//
+// Example: given this definition,
+//
+// package p
+//
+// type T interface {
+// f() (a string, b struct{ X int })
+// }
+//
+// For(X) would return a path that denotes the following sequence of operations:
+//
+// p.Scope().Lookup("T") (TypeName T)
+// .Type().Underlying().Method(0). (method Func f)
+// .Type().Results().At(1) (field Var b)
+// .Type().Field(0) (field Var X)
+//
+// where p is the package (*types.Package) to which X belongs.
+func (enc *Encoder) For(obj types.Object) (Path, error) {
+ pkg := obj.Pkg()
+
+ // This table lists the cases of interest.
+ //
+ // Object Action
+ // ------ ------
+ // nil reject
+ // builtin reject
+ // pkgname reject
+ // label reject
+ // var
+ // package-level accept
+ // func param/result accept
+ // local reject
+ // struct field accept
+ // const
+ // package-level accept
+ // local reject
+ // func
+ // package-level accept
+ // init functions reject
+ // concrete method accept
+ // interface method accept
+ // type
+ // package-level accept
+ // local reject
+ //
+ // The only accessible package-level objects are members of pkg itself.
+ //
+ // The cases are handled in four steps:
+ //
+ // 1. reject nil and builtin
+ // 2. accept package-level objects
+ // 3. reject obviously invalid objects
+ // 4. search the API for the path to the param/result/field/method.
+
+ // 1. reference to nil or builtin?
+ if pkg == nil {
+ return "", fmt.Errorf("predeclared %s has no path", obj)
+ }
+ scope := pkg.Scope()
+
+ // 2. package-level object?
+ if scope.Lookup(obj.Name()) == obj {
+ // Only exported objects (and non-exported types) have a path.
+ // Non-exported types may be referenced by other objects.
+ if _, ok := obj.(*types.TypeName); !ok && !obj.Exported() {
+ return "", fmt.Errorf("no path for non-exported %v", obj)
+ }
+ return Path(obj.Name()), nil
+ }
+
+ // 3. Not a package-level object.
+ // Reject obviously non-viable cases.
+ switch obj := obj.(type) {
+ case *types.TypeName:
+ if _, ok := aliases.Unalias(obj.Type()).(*types.TypeParam); !ok {
+ // With the exception of type parameters, only package-level type names
+ // have a path.
+ return "", fmt.Errorf("no path for %v", obj)
+ }
+ case *types.Const, // Only package-level constants have a path.
+ *types.Label, // Labels are function-local.
+ *types.PkgName: // PkgNames are file-local.
+ return "", fmt.Errorf("no path for %v", obj)
+
+ case *types.Var:
+ // Could be:
+ // - a field (obj.IsField())
+ // - a func parameter or result
+ // - a local var.
+ // Sadly there is no way to distinguish
+ // a param/result from a local
+ // so we must proceed to the find.
+
+ case *types.Func:
+ // A func, if not package-level, must be a method.
+ if recv := obj.Type().(*types.Signature).Recv(); recv == nil {
+ return "", fmt.Errorf("func is not a method: %v", obj)
+ }
+
+ if path, ok := enc.concreteMethod(obj); ok {
+ // Fast path for concrete methods that avoids looping over scope.
+ return path, nil
+ }
+
+ default:
+ panic(obj)
+ }
+
+ // 4. Search the API for the path to the var (field/param/result) or method.
+
+ // First inspect package-level named types.
+ // In the presence of path aliases, these give
+ // the best paths because non-types may
+ // refer to types, but not the reverse.
+ empty := make([]byte, 0, 48) // initial space
+ objs := enc.scopeObjects(scope)
+ for _, o := range objs {
+ tname, ok := o.(*types.TypeName)
+ if !ok {
+ continue // handle non-types in second pass
+ }
+
+ path := append(empty, o.Name()...)
+ path = append(path, opType)
+
+ T := o.Type()
+
+ if tname.IsAlias() {
+ // type alias
+ if r := find(obj, T, path, nil); r != nil {
+ return Path(r), nil
+ }
+ } else {
+ if named, _ := T.(*types.Named); named != nil {
+ if r := findTypeParam(obj, named.TypeParams(), path, nil); r != nil {
+ // generic named type
+ return Path(r), nil
+ }
+ }
+ // defined (named) type
+ if r := find(obj, T.Underlying(), append(path, opUnderlying), nil); r != nil {
+ return Path(r), nil
+ }
+ }
+ }
+
+ // Then inspect everything else:
+ // non-types, and declared methods of defined types.
+ for _, o := range objs {
+ path := append(empty, o.Name()...)
+ if _, ok := o.(*types.TypeName); !ok {
+ if o.Exported() {
+ // exported non-type (const, var, func)
+ if r := find(obj, o.Type(), append(path, opType), nil); r != nil {
+ return Path(r), nil
+ }
+ }
+ continue
+ }
+
+ // Inspect declared methods of defined types.
+ if T, ok := aliases.Unalias(o.Type()).(*types.Named); ok {
+ path = append(path, opType)
+ // The method index here is always with respect
+ // to the underlying go/types data structures,
+ // which ultimately derives from source order
+ // and must be preserved by export data.
+ for i := 0; i < T.NumMethods(); i++ {
+ m := T.Method(i)
+ path2 := appendOpArg(path, opMethod, i)
+ if m == obj {
+ return Path(path2), nil // found declared method
+ }
+ if r := find(obj, m.Type(), append(path2, opType), nil); r != nil {
+ return Path(r), nil
+ }
+ }
+ }
+ }
+
+ return "", fmt.Errorf("can't find path for %v in %s", obj, pkg.Path())
+}
+
+func appendOpArg(path []byte, op byte, arg int) []byte {
+ path = append(path, op)
+ path = strconv.AppendInt(path, int64(arg), 10)
+ return path
+}
+
+// concreteMethod returns the path for meth, which must have a non-nil receiver.
+// The second return value indicates success and may be false if the method is
+// an interface method or if it is an instantiated method.
+//
+// This function is just an optimization that avoids the general scope walking
+// approach. You are expected to fall back to the general approach if this
+// function fails.
+func (enc *Encoder) concreteMethod(meth *types.Func) (Path, bool) {
+ // Concrete methods can only be declared on package-scoped named types. For
+ // that reason we can skip the expensive walk over the package scope: the
+ // path will always be package -> named type -> method. We can trivially get
+ // the type name from the receiver, and only have to look over the type's
+ // methods to find the method index.
+ //
+ // Methods on generic types require special consideration, however. Consider
+ // the following package:
+ //
+ // L1: type S[T any] struct{}
+ // L2: func (recv S[A]) Foo() { recv.Bar() }
+ // L3: func (recv S[B]) Bar() { }
+ // L4: type Alias = S[int]
+ // L5: func _[T any]() { var s S[int]; s.Foo() }
+ //
+ // The receivers of methods on generic types are instantiations. L2 and L3
+ // instantiate S with the type-parameters A and B, which are scoped to the
+ // respective methods. L4 and L5 each instantiate S with int. Each of these
+ // instantiations has its own method set, full of methods (and thus objects)
+ // with receivers whose types are the respective instantiations. In other
+ // words, we have
+ //
+ // S[A].Foo, S[A].Bar
+ // S[B].Foo, S[B].Bar
+ // S[int].Foo, S[int].Bar
+ //
+ // We may thus be trying to produce object paths for any of these objects.
+ //
+ // S[A].Foo and S[B].Bar are the origin methods, and their paths are S.Foo
+ // and S.Bar, which are the paths that this function naturally produces.
+ //
+ // S[A].Bar, S[B].Foo, and both methods on S[int] are instantiations that
+ // don't correspond to the origin methods. For S[int], this is significant.
+ // The most precise object path for S[int].Foo, for example, is Alias.Foo,
+ // not S.Foo. Our function, however, would produce S.Foo, which would
+ // resolve to a different object.
+ //
+ // For S[A].Bar and S[B].Foo it could be argued that S.Bar and S.Foo are
+ // still the correct paths, since only the origin methods have meaningful
+ // paths. But this is likely only true for trivial cases and has edge cases.
+ // Since this function is only an optimization, we err on the side of giving
+ // up, deferring to the slower but definitely correct algorithm. Most users
+ // of objectpath will only be giving us origin methods, anyway, as referring
+ // to instantiated methods is usually not useful.
+
+ if meth.Origin() != meth {
+ return "", false
+ }
+
+ _, named := typesinternal.ReceiverNamed(meth.Type().(*types.Signature).Recv())
+ if named == nil {
+ return "", false
+ }
+
+ if types.IsInterface(named) {
+ // Named interfaces don't have to be package-scoped
+ //
+ // TODO(dominikh): opt: if scope.Lookup(name) == named, then we can apply this optimization to interface
+ // methods, too, I think.
+ return "", false
+ }
+
+ // Preallocate space for the name, opType, opMethod, and some digits.
+ name := named.Obj().Name()
+ path := make([]byte, 0, len(name)+8)
+ path = append(path, name...)
+ path = append(path, opType)
+
+ // Method indices are w.r.t. the go/types data structures,
+ // ultimately deriving from source order,
+ // which is preserved by export data.
+ for i := 0; i < named.NumMethods(); i++ {
+ if named.Method(i) == meth {
+ path = appendOpArg(path, opMethod, i)
+ return Path(path), true
+ }
+ }
+
+ // Due to golang/go#59944, go/types fails to associate the receiver with
+ // certain methods on cgo types.
+ //
+ // TODO(rfindley): replace this panic once golang/go#59944 is fixed in all Go
+ // versions gopls supports.
+ return "", false
+ // panic(fmt.Sprintf("couldn't find method %s on type %s; methods: %#v", meth, named, enc.namedMethods(named)))
+}
+
+// find finds obj within type T, returning the path to it, or nil if not found.
+//
+// The seen map is used to short circuit cycles through type parameters. If
+// nil, it will be allocated as necessary.
+func find(obj types.Object, T types.Type, path []byte, seen map[*types.TypeName]bool) []byte {
+ switch T := T.(type) {
+ case *aliases.Alias:
+ return find(obj, aliases.Unalias(T), path, seen)
+ case *types.Basic, *types.Named:
+ // Named types belonging to pkg were handled already,
+ // so T must belong to another package. No path.
+ return nil
+ case *types.Pointer:
+ return find(obj, T.Elem(), append(path, opElem), seen)
+ case *types.Slice:
+ return find(obj, T.Elem(), append(path, opElem), seen)
+ case *types.Array:
+ return find(obj, T.Elem(), append(path, opElem), seen)
+ case *types.Chan:
+ return find(obj, T.Elem(), append(path, opElem), seen)
+ case *types.Map:
+ if r := find(obj, T.Key(), append(path, opKey), seen); r != nil {
+ return r
+ }
+ return find(obj, T.Elem(), append(path, opElem), seen)
+ case *types.Signature:
+ if r := findTypeParam(obj, T.TypeParams(), path, seen); r != nil {
+ return r
+ }
+ if r := find(obj, T.Params(), append(path, opParams), seen); r != nil {
+ return r
+ }
+ return find(obj, T.Results(), append(path, opResults), seen)
+ case *types.Struct:
+ for i := 0; i < T.NumFields(); i++ {
+ fld := T.Field(i)
+ path2 := appendOpArg(path, opField, i)
+ if fld == obj {
+ return path2 // found field var
+ }
+ if r := find(obj, fld.Type(), append(path2, opType), seen); r != nil {
+ return r
+ }
+ }
+ return nil
+ case *types.Tuple:
+ for i := 0; i < T.Len(); i++ {
+ v := T.At(i)
+ path2 := appendOpArg(path, opAt, i)
+ if v == obj {
+ return path2 // found param/result var
+ }
+ if r := find(obj, v.Type(), append(path2, opType), seen); r != nil {
+ return r
+ }
+ }
+ return nil
+ case *types.Interface:
+ for i := 0; i < T.NumMethods(); i++ {
+ m := T.Method(i)
+ path2 := appendOpArg(path, opMethod, i)
+ if m == obj {
+ return path2 // found interface method
+ }
+ if r := find(obj, m.Type(), append(path2, opType), seen); r != nil {
+ return r
+ }
+ }
+ return nil
+ case *types.TypeParam:
+ name := T.Obj()
+ if name == obj {
+ return append(path, opObj)
+ }
+ if seen[name] {
+ return nil
+ }
+ if seen == nil {
+ seen = make(map[*types.TypeName]bool)
+ }
+ seen[name] = true
+ if r := find(obj, T.Constraint(), append(path, opConstraint), seen); r != nil {
+ return r
+ }
+ return nil
+ }
+ panic(T)
+}
+
+func findTypeParam(obj types.Object, list *types.TypeParamList, path []byte, seen map[*types.TypeName]bool) []byte {
+ for i := 0; i < list.Len(); i++ {
+ tparam := list.At(i)
+ path2 := appendOpArg(path, opTypeParam, i)
+ if r := find(obj, tparam, path2, seen); r != nil {
+ return r
+ }
+ }
+ return nil
+}
+
+// Object returns the object denoted by path p within the package pkg.
+func Object(pkg *types.Package, p Path) (types.Object, error) {
+ pathstr := string(p)
+ if pathstr == "" {
+ return nil, fmt.Errorf("empty path")
+ }
+
+ var pkgobj, suffix string
+ if dot := strings.IndexByte(pathstr, opType); dot < 0 {
+ pkgobj = pathstr
+ } else {
+ pkgobj = pathstr[:dot]
+ suffix = pathstr[dot:] // suffix starts with "."
+ }
+
+ obj := pkg.Scope().Lookup(pkgobj)
+ if obj == nil {
+ return nil, fmt.Errorf("package %s does not contain %q", pkg.Path(), pkgobj)
+ }
+
+ // abstraction of *types.{Pointer,Slice,Array,Chan,Map}
+ type hasElem interface {
+ Elem() types.Type
+ }
+ // abstraction of *types.{Named,Signature}
+ type hasTypeParams interface {
+ TypeParams() *types.TypeParamList
+ }
+ // abstraction of *types.{Named,TypeParam}
+ type hasObj interface {
+ Obj() *types.TypeName
+ }
+
+ // The loop state is the pair (t, obj),
+ // exactly one of which is non-nil, initially obj.
+ // All suffixes start with '.' (the only object->type operation),
+ // followed by optional type->type operations,
+ // then a type->object operation.
+ // The cycle then repeats.
+ var t types.Type
+ for suffix != "" {
+ code := suffix[0]
+ suffix = suffix[1:]
+
+ // Codes [AFM] have an integer operand.
+ var index int
+ switch code {
+ case opAt, opField, opMethod, opTypeParam:
+ rest := strings.TrimLeft(suffix, "0123456789")
+ numerals := suffix[:len(suffix)-len(rest)]
+ suffix = rest
+ i, err := strconv.Atoi(numerals)
+ if err != nil {
+ return nil, fmt.Errorf("invalid path: bad numeric operand %q for code %q", numerals, code)
+ }
+ index = int(i)
+ case opObj:
+ // no operand
+ default:
+ // The suffix must end with a type->object operation.
+ if suffix == "" {
+ return nil, fmt.Errorf("invalid path: ends with %q, want [AFMO]", code)
+ }
+ }
+
+ if code == opType {
+ if t != nil {
+ return nil, fmt.Errorf("invalid path: unexpected %q in type context", opType)
+ }
+ t = obj.Type()
+ obj = nil
+ continue
+ }
+
+ if t == nil {
+ return nil, fmt.Errorf("invalid path: code %q in object context", code)
+ }
+
+ // Inv: t != nil, obj == nil
+
+ t = aliases.Unalias(t)
+ switch code {
+ case opElem:
+ hasElem, ok := t.(hasElem) // Pointer, Slice, Array, Chan, Map
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want pointer, slice, array, chan or map)", code, t, t)
+ }
+ t = hasElem.Elem()
+
+ case opKey:
+ mapType, ok := t.(*types.Map)
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want map)", code, t, t)
+ }
+ t = mapType.Key()
+
+ case opParams:
+ sig, ok := t.(*types.Signature)
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want signature)", code, t, t)
+ }
+ t = sig.Params()
+
+ case opResults:
+ sig, ok := t.(*types.Signature)
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want signature)", code, t, t)
+ }
+ t = sig.Results()
+
+ case opUnderlying:
+ named, ok := t.(*types.Named)
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want named)", code, t, t)
+ }
+ t = named.Underlying()
+
+ case opTypeParam:
+ hasTypeParams, ok := t.(hasTypeParams) // Named, Signature
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want named or signature)", code, t, t)
+ }
+ tparams := hasTypeParams.TypeParams()
+ if n := tparams.Len(); index >= n {
+ return nil, fmt.Errorf("tuple index %d out of range [0-%d)", index, n)
+ }
+ t = tparams.At(index)
+
+ case opConstraint:
+ tparam, ok := t.(*types.TypeParam)
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want type parameter)", code, t, t)
+ }
+ t = tparam.Constraint()
+
+ case opAt:
+ tuple, ok := t.(*types.Tuple)
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want tuple)", code, t, t)
+ }
+ if n := tuple.Len(); index >= n {
+ return nil, fmt.Errorf("tuple index %d out of range [0-%d)", index, n)
+ }
+ obj = tuple.At(index)
+ t = nil
+
+ case opField:
+ structType, ok := t.(*types.Struct)
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want struct)", code, t, t)
+ }
+ if n := structType.NumFields(); index >= n {
+ return nil, fmt.Errorf("field index %d out of range [0-%d)", index, n)
+ }
+ obj = structType.Field(index)
+ t = nil
+
+ case opMethod:
+ switch t := t.(type) {
+ case *types.Interface:
+ if index >= t.NumMethods() {
+ return nil, fmt.Errorf("method index %d out of range [0-%d)", index, t.NumMethods())
+ }
+ obj = t.Method(index) // Id-ordered
+
+ case *types.Named:
+ if index >= t.NumMethods() {
+ return nil, fmt.Errorf("method index %d out of range [0-%d)", index, t.NumMethods())
+ }
+ obj = t.Method(index)
+
+ default:
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want interface or named)", code, t, t)
+ }
+ t = nil
+
+ case opObj:
+ hasObj, ok := t.(hasObj)
+ if !ok {
+ return nil, fmt.Errorf("cannot apply %q to %s (got %T, want named or type param)", code, t, t)
+ }
+ obj = hasObj.Obj()
+ t = nil
+
+ default:
+ return nil, fmt.Errorf("invalid path: unknown code %q", code)
+ }
+ }
+
+ if obj.Pkg() != pkg {
+ return nil, fmt.Errorf("path denotes %s, which belongs to a different package", obj)
+ }
+
+ return obj, nil // success
+}
+
+// scopeObjects is a memoization of scope objects.
+// Callers must not modify the result.
+func (enc *Encoder) scopeObjects(scope *types.Scope) []types.Object {
+ m := enc.scopeMemo
+ if m == nil {
+ m = make(map[*types.Scope][]types.Object)
+ enc.scopeMemo = m
+ }
+ objs, ok := m[scope]
+ if !ok {
+ names := scope.Names() // allocates and sorts
+ objs = make([]types.Object, len(names))
+ for i, name := range names {
+ objs[i] = scope.Lookup(name)
+ }
+ m[scope] = objs
+ }
+ return objs
+}
diff --git a/vendor/golang.org/x/tools/internal/aliases/aliases.go b/vendor/golang.org/x/tools/internal/aliases/aliases.go
new file mode 100644
index 000000000..c24c2eee4
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/aliases/aliases.go
@@ -0,0 +1,32 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package aliases
+
+import (
+ "go/token"
+ "go/types"
+)
+
+// Package aliases defines backward compatible shims
+// for the types.Alias type representation added in 1.22.
+// This defines placeholders for x/tools until 1.26.
+
+// NewAlias creates a new TypeName in Package pkg that
+// is an alias for the type rhs.
+//
+// The enabled parameter determines whether the resulting [TypeName]'s
+// type is an [types.Alias]. Its value must be the result of a call to
+// [Enabled], which computes the effective value of
+// GODEBUG=gotypesalias=... by invoking the type checker. The Enabled
+// function is expensive and should be called once per task (e.g.
+// package import), not once per call to NewAlias.
+func NewAlias(enabled bool, pos token.Pos, pkg *types.Package, name string, rhs types.Type) *types.TypeName {
+ if enabled {
+ tname := types.NewTypeName(pos, pkg, name, nil)
+ newAlias(tname, rhs)
+ return tname
+ }
+ return types.NewTypeName(pos, pkg, name, rhs)
+}
diff --git a/vendor/golang.org/x/tools/internal/aliases/aliases_go121.go b/vendor/golang.org/x/tools/internal/aliases/aliases_go121.go
new file mode 100644
index 000000000..c027b9f31
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/aliases/aliases_go121.go
@@ -0,0 +1,31 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.22
+// +build !go1.22
+
+package aliases
+
+import (
+ "go/types"
+)
+
+// Alias is a placeholder for a go/types.Alias for <=1.21.
+// It will never be created by go/types.
+type Alias struct{}
+
+func (*Alias) String() string { panic("unreachable") }
+func (*Alias) Underlying() types.Type { panic("unreachable") }
+func (*Alias) Obj() *types.TypeName { panic("unreachable") }
+func Rhs(alias *Alias) types.Type { panic("unreachable") }
+
+// Unalias returns the type t for go <=1.21.
+func Unalias(t types.Type) types.Type { return t }
+
+func newAlias(name *types.TypeName, rhs types.Type) *Alias { panic("unreachable") }
+
+// Enabled reports whether [NewAlias] should create [types.Alias] types.
+//
+// Before go1.22, this function always returns false.
+func Enabled() bool { return false }
diff --git a/vendor/golang.org/x/tools/internal/aliases/aliases_go122.go b/vendor/golang.org/x/tools/internal/aliases/aliases_go122.go
new file mode 100644
index 000000000..b32995484
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/aliases/aliases_go122.go
@@ -0,0 +1,63 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.22
+// +build go1.22
+
+package aliases
+
+import (
+ "go/ast"
+ "go/parser"
+ "go/token"
+ "go/types"
+)
+
+// Alias is an alias of types.Alias.
+type Alias = types.Alias
+
+// Rhs returns the type on the right-hand side of the alias declaration.
+func Rhs(alias *Alias) types.Type {
+ if alias, ok := any(alias).(interface{ Rhs() types.Type }); ok {
+ return alias.Rhs() // go1.23+
+ }
+
+ // go1.22's Alias didn't have the Rhs method,
+ // so Unalias is the best we can do.
+ return Unalias(alias)
+}
+
+// Unalias is a wrapper of types.Unalias.
+func Unalias(t types.Type) types.Type { return types.Unalias(t) }
+
+// newAlias is an internal alias around types.NewAlias.
+// Direct usage is discouraged as the moment.
+// Try to use NewAlias instead.
+func newAlias(tname *types.TypeName, rhs types.Type) *Alias {
+ a := types.NewAlias(tname, rhs)
+ // TODO(go.dev/issue/65455): Remove kludgy workaround to set a.actual as a side-effect.
+ Unalias(a)
+ return a
+}
+
+// Enabled reports whether [NewAlias] should create [types.Alias] types.
+//
+// This function is expensive! Call it sparingly.
+func Enabled() bool {
+ // The only reliable way to compute the answer is to invoke go/types.
+ // We don't parse the GODEBUG environment variable, because
+ // (a) it's tricky to do so in a manner that is consistent
+ // with the godebug package; in particular, a simple
+ // substring check is not good enough. The value is a
+ // rightmost-wins list of options. But more importantly:
+ // (b) it is impossible to detect changes to the effective
+ // setting caused by os.Setenv("GODEBUG"), as happens in
+ // many tests. Therefore any attempt to cache the result
+ // is just incorrect.
+ fset := token.NewFileSet()
+ f, _ := parser.ParseFile(fset, "a.go", "package p; type A = int", 0)
+ pkg, _ := new(types.Config).Check("p", fset, []*ast.File{f}, nil)
+ _, enabled := pkg.Scope().Lookup("A").Type().(*types.Alias)
+ return enabled
+}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/bimport.go b/vendor/golang.org/x/tools/internal/gcimporter/bimport.go
new file mode 100644
index 000000000..d98b0db2a
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/bimport.go
@@ -0,0 +1,150 @@
+// Copyright 2015 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file contains the remaining vestiges of
+// $GOROOT/src/go/internal/gcimporter/bimport.go.
+
+package gcimporter
+
+import (
+ "fmt"
+ "go/token"
+ "go/types"
+ "sync"
+)
+
+func errorf(format string, args ...interface{}) {
+ panic(fmt.Sprintf(format, args...))
+}
+
+const deltaNewFile = -64 // see cmd/compile/internal/gc/bexport.go
+
+// Synthesize a token.Pos
+type fakeFileSet struct {
+ fset *token.FileSet
+ files map[string]*fileInfo
+}
+
+type fileInfo struct {
+ file *token.File
+ lastline int
+}
+
+const maxlines = 64 * 1024
+
+func (s *fakeFileSet) pos(file string, line, column int) token.Pos {
+ // TODO(mdempsky): Make use of column.
+
+ // Since we don't know the set of needed file positions, we reserve maxlines
+ // positions per file. We delay calling token.File.SetLines until all
+ // positions have been calculated (by way of fakeFileSet.setLines), so that
+ // we can avoid setting unnecessary lines. See also golang/go#46586.
+ f := s.files[file]
+ if f == nil {
+ f = &fileInfo{file: s.fset.AddFile(file, -1, maxlines)}
+ s.files[file] = f
+ }
+ if line > maxlines {
+ line = 1
+ }
+ if line > f.lastline {
+ f.lastline = line
+ }
+
+ // Return a fake position assuming that f.file consists only of newlines.
+ return token.Pos(f.file.Base() + line - 1)
+}
+
+func (s *fakeFileSet) setLines() {
+ fakeLinesOnce.Do(func() {
+ fakeLines = make([]int, maxlines)
+ for i := range fakeLines {
+ fakeLines[i] = i
+ }
+ })
+ for _, f := range s.files {
+ f.file.SetLines(fakeLines[:f.lastline])
+ }
+}
+
+var (
+ fakeLines []int
+ fakeLinesOnce sync.Once
+)
+
+func chanDir(d int) types.ChanDir {
+ // tag values must match the constants in cmd/compile/internal/gc/go.go
+ switch d {
+ case 1 /* Crecv */ :
+ return types.RecvOnly
+ case 2 /* Csend */ :
+ return types.SendOnly
+ case 3 /* Cboth */ :
+ return types.SendRecv
+ default:
+ errorf("unexpected channel dir %d", d)
+ return 0
+ }
+}
+
+var predeclOnce sync.Once
+var predecl []types.Type // initialized lazily
+
+func predeclared() []types.Type {
+ predeclOnce.Do(func() {
+ // initialize lazily to be sure that all
+ // elements have been initialized before
+ predecl = []types.Type{ // basic types
+ types.Typ[types.Bool],
+ types.Typ[types.Int],
+ types.Typ[types.Int8],
+ types.Typ[types.Int16],
+ types.Typ[types.Int32],
+ types.Typ[types.Int64],
+ types.Typ[types.Uint],
+ types.Typ[types.Uint8],
+ types.Typ[types.Uint16],
+ types.Typ[types.Uint32],
+ types.Typ[types.Uint64],
+ types.Typ[types.Uintptr],
+ types.Typ[types.Float32],
+ types.Typ[types.Float64],
+ types.Typ[types.Complex64],
+ types.Typ[types.Complex128],
+ types.Typ[types.String],
+
+ // basic type aliases
+ types.Universe.Lookup("byte").Type(),
+ types.Universe.Lookup("rune").Type(),
+
+ // error
+ types.Universe.Lookup("error").Type(),
+
+ // untyped types
+ types.Typ[types.UntypedBool],
+ types.Typ[types.UntypedInt],
+ types.Typ[types.UntypedRune],
+ types.Typ[types.UntypedFloat],
+ types.Typ[types.UntypedComplex],
+ types.Typ[types.UntypedString],
+ types.Typ[types.UntypedNil],
+
+ // package unsafe
+ types.Typ[types.UnsafePointer],
+
+ // invalid type
+ types.Typ[types.Invalid], // only appears in packages with errors
+
+ // used internally by gc; never used by this package or in .a files
+ anyType{},
+ }
+ predecl = append(predecl, additionalPredeclared()...)
+ })
+ return predecl
+}
+
+type anyType struct{}
+
+func (t anyType) Underlying() types.Type { return t }
+func (t anyType) String() string { return "any" }
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go b/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go
new file mode 100644
index 000000000..f6437feb1
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/exportdata.go
@@ -0,0 +1,99 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file is a copy of $GOROOT/src/go/internal/gcimporter/exportdata.go.
+
+// This file implements FindExportData.
+
+package gcimporter
+
+import (
+ "bufio"
+ "fmt"
+ "io"
+ "strconv"
+ "strings"
+)
+
+func readGopackHeader(r *bufio.Reader) (name string, size int64, err error) {
+ // See $GOROOT/include/ar.h.
+ hdr := make([]byte, 16+12+6+6+8+10+2)
+ _, err = io.ReadFull(r, hdr)
+ if err != nil {
+ return
+ }
+ // leave for debugging
+ if false {
+ fmt.Printf("header: %s", hdr)
+ }
+ s := strings.TrimSpace(string(hdr[16+12+6+6+8:][:10]))
+ length, err := strconv.Atoi(s)
+ size = int64(length)
+ if err != nil || hdr[len(hdr)-2] != '`' || hdr[len(hdr)-1] != '\n' {
+ err = fmt.Errorf("invalid archive header")
+ return
+ }
+ name = strings.TrimSpace(string(hdr[:16]))
+ return
+}
+
+// FindExportData positions the reader r at the beginning of the
+// export data section of an underlying GC-created object/archive
+// file by reading from it. The reader must be positioned at the
+// start of the file before calling this function. The hdr result
+// is the string before the export data, either "$$" or "$$B".
+// The size result is the length of the export data in bytes, or -1 if not known.
+func FindExportData(r *bufio.Reader) (hdr string, size int64, err error) {
+ // Read first line to make sure this is an object file.
+ line, err := r.ReadSlice('\n')
+ if err != nil {
+ err = fmt.Errorf("can't find export data (%v)", err)
+ return
+ }
+
+ if string(line) == "!\n" {
+ // Archive file. Scan to __.PKGDEF.
+ var name string
+ if name, size, err = readGopackHeader(r); err != nil {
+ return
+ }
+
+ // First entry should be __.PKGDEF.
+ if name != "__.PKGDEF" {
+ err = fmt.Errorf("go archive is missing __.PKGDEF")
+ return
+ }
+
+ // Read first line of __.PKGDEF data, so that line
+ // is once again the first line of the input.
+ if line, err = r.ReadSlice('\n'); err != nil {
+ err = fmt.Errorf("can't find export data (%v)", err)
+ return
+ }
+ size -= int64(len(line))
+ }
+
+ // Now at __.PKGDEF in archive or still at beginning of file.
+ // Either way, line should begin with "go object ".
+ if !strings.HasPrefix(string(line), "go object ") {
+ err = fmt.Errorf("not a Go object file")
+ return
+ }
+
+ // Skip over object header to export data.
+ // Begins after first line starting with $$.
+ for line[0] != '$' {
+ if line, err = r.ReadSlice('\n'); err != nil {
+ err = fmt.Errorf("can't find export data (%v)", err)
+ return
+ }
+ size -= int64(len(line))
+ }
+ hdr = string(line)
+ if size < 0 {
+ size = -1
+ }
+
+ return
+}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go
new file mode 100644
index 000000000..39df91124
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/gcimporter.go
@@ -0,0 +1,266 @@
+// Copyright 2011 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This file is a reduced copy of $GOROOT/src/go/internal/gcimporter/gcimporter.go.
+
+// Package gcimporter provides various functions for reading
+// gc-generated object files that can be used to implement the
+// Importer interface defined by the Go 1.5 standard library package.
+//
+// The encoding is deterministic: if the encoder is applied twice to
+// the same types.Package data structure, both encodings are equal.
+// This property may be important to avoid spurious changes in
+// applications such as build systems.
+//
+// However, the encoder is not necessarily idempotent. Importing an
+// exported package may yield a types.Package that, while it
+// represents the same set of Go types as the original, may differ in
+// the details of its internal representation. Because of these
+// differences, re-encoding the imported package may yield a
+// different, but equally valid, encoding of the package.
+package gcimporter // import "golang.org/x/tools/internal/gcimporter"
+
+import (
+ "bufio"
+ "bytes"
+ "fmt"
+ "go/build"
+ "go/token"
+ "go/types"
+ "io"
+ "os"
+ "os/exec"
+ "path/filepath"
+ "strings"
+ "sync"
+)
+
+const (
+ // Enable debug during development: it adds some additional checks, and
+ // prevents errors from being recovered.
+ debug = false
+
+ // If trace is set, debugging output is printed to std out.
+ trace = false
+)
+
+var exportMap sync.Map // package dir → func() (string, bool)
+
+// lookupGorootExport returns the location of the export data
+// (normally found in the build cache, but located in GOROOT/pkg
+// in prior Go releases) for the package located in pkgDir.
+//
+// (We use the package's directory instead of its import path
+// mainly to simplify handling of the packages in src/vendor
+// and cmd/vendor.)
+func lookupGorootExport(pkgDir string) (string, bool) {
+ f, ok := exportMap.Load(pkgDir)
+ if !ok {
+ var (
+ listOnce sync.Once
+ exportPath string
+ )
+ f, _ = exportMap.LoadOrStore(pkgDir, func() (string, bool) {
+ listOnce.Do(func() {
+ cmd := exec.Command("go", "list", "-export", "-f", "{{.Export}}", pkgDir)
+ cmd.Dir = build.Default.GOROOT
+ var output []byte
+ output, err := cmd.Output()
+ if err != nil {
+ return
+ }
+
+ exports := strings.Split(string(bytes.TrimSpace(output)), "\n")
+ if len(exports) != 1 {
+ return
+ }
+
+ exportPath = exports[0]
+ })
+
+ return exportPath, exportPath != ""
+ })
+ }
+
+ return f.(func() (string, bool))()
+}
+
+var pkgExts = [...]string{".a", ".o"}
+
+// FindPkg returns the filename and unique package id for an import
+// path based on package information provided by build.Import (using
+// the build.Default build.Context). A relative srcDir is interpreted
+// relative to the current working directory.
+// If no file was found, an empty filename is returned.
+func FindPkg(path, srcDir string) (filename, id string) {
+ if path == "" {
+ return
+ }
+
+ var noext string
+ switch {
+ default:
+ // "x" -> "$GOPATH/pkg/$GOOS_$GOARCH/x.ext", "x"
+ // Don't require the source files to be present.
+ if abs, err := filepath.Abs(srcDir); err == nil { // see issue 14282
+ srcDir = abs
+ }
+ bp, _ := build.Import(path, srcDir, build.FindOnly|build.AllowBinary)
+ if bp.PkgObj == "" {
+ var ok bool
+ if bp.Goroot && bp.Dir != "" {
+ filename, ok = lookupGorootExport(bp.Dir)
+ }
+ if !ok {
+ id = path // make sure we have an id to print in error message
+ return
+ }
+ } else {
+ noext = strings.TrimSuffix(bp.PkgObj, ".a")
+ id = bp.ImportPath
+ }
+
+ case build.IsLocalImport(path):
+ // "./x" -> "/this/directory/x.ext", "/this/directory/x"
+ noext = filepath.Join(srcDir, path)
+ id = noext
+
+ case filepath.IsAbs(path):
+ // for completeness only - go/build.Import
+ // does not support absolute imports
+ // "/x" -> "/x.ext", "/x"
+ noext = path
+ id = path
+ }
+
+ if false { // for debugging
+ if path != id {
+ fmt.Printf("%s -> %s\n", path, id)
+ }
+ }
+
+ if filename != "" {
+ if f, err := os.Stat(filename); err == nil && !f.IsDir() {
+ return
+ }
+ }
+
+ // try extensions
+ for _, ext := range pkgExts {
+ filename = noext + ext
+ if f, err := os.Stat(filename); err == nil && !f.IsDir() {
+ return
+ }
+ }
+
+ filename = "" // not found
+ return
+}
+
+// Import imports a gc-generated package given its import path and srcDir, adds
+// the corresponding package object to the packages map, and returns the object.
+// The packages map must contain all packages already imported.
+func Import(packages map[string]*types.Package, path, srcDir string, lookup func(path string) (io.ReadCloser, error)) (pkg *types.Package, err error) {
+ var rc io.ReadCloser
+ var filename, id string
+ if lookup != nil {
+ // With custom lookup specified, assume that caller has
+ // converted path to a canonical import path for use in the map.
+ if path == "unsafe" {
+ return types.Unsafe, nil
+ }
+ id = path
+
+ // No need to re-import if the package was imported completely before.
+ if pkg = packages[id]; pkg != nil && pkg.Complete() {
+ return
+ }
+ f, err := lookup(path)
+ if err != nil {
+ return nil, err
+ }
+ rc = f
+ } else {
+ filename, id = FindPkg(path, srcDir)
+ if filename == "" {
+ if path == "unsafe" {
+ return types.Unsafe, nil
+ }
+ return nil, fmt.Errorf("can't find import: %q", id)
+ }
+
+ // no need to re-import if the package was imported completely before
+ if pkg = packages[id]; pkg != nil && pkg.Complete() {
+ return
+ }
+
+ // open file
+ f, err := os.Open(filename)
+ if err != nil {
+ return nil, err
+ }
+ defer func() {
+ if err != nil {
+ // add file name to error
+ err = fmt.Errorf("%s: %v", filename, err)
+ }
+ }()
+ rc = f
+ }
+ defer rc.Close()
+
+ var hdr string
+ var size int64
+ buf := bufio.NewReader(rc)
+ if hdr, size, err = FindExportData(buf); err != nil {
+ return
+ }
+
+ switch hdr {
+ case "$$B\n":
+ var data []byte
+ data, err = io.ReadAll(buf)
+ if err != nil {
+ break
+ }
+
+ // TODO(gri): allow clients of go/importer to provide a FileSet.
+ // Or, define a new standard go/types/gcexportdata package.
+ fset := token.NewFileSet()
+
+ // Select appropriate importer.
+ if len(data) > 0 {
+ switch data[0] {
+ case 'v', 'c', 'd': // binary, till go1.10
+ return nil, fmt.Errorf("binary (%c) import format is no longer supported", data[0])
+
+ case 'i': // indexed, till go1.19
+ _, pkg, err := IImportData(fset, packages, data[1:], id)
+ return pkg, err
+
+ case 'u': // unified, from go1.20
+ _, pkg, err := UImportData(fset, packages, data[1:size], id)
+ return pkg, err
+
+ default:
+ l := len(data)
+ if l > 10 {
+ l = 10
+ }
+ return nil, fmt.Errorf("unexpected export data with prefix %q for path %s", string(data[:l]), id)
+ }
+ }
+
+ default:
+ err = fmt.Errorf("unknown export data header: %q", hdr)
+ }
+
+ return
+}
+
+type byPath []*types.Package
+
+func (a byPath) Len() int { return len(a) }
+func (a byPath) Swap(i, j int) { a[i], a[j] = a[j], a[i] }
+func (a byPath) Less(i, j int) bool { return a[i].Path() < a[j].Path() }
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iexport.go b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
new file mode 100644
index 000000000..deeb67f31
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iexport.go
@@ -0,0 +1,1332 @@
+// Copyright 2019 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Indexed binary package export.
+// This file was derived from $GOROOT/src/cmd/compile/internal/gc/iexport.go;
+// see that file for specification of the format.
+
+package gcimporter
+
+import (
+ "bytes"
+ "encoding/binary"
+ "fmt"
+ "go/constant"
+ "go/token"
+ "go/types"
+ "io"
+ "math/big"
+ "reflect"
+ "sort"
+ "strconv"
+ "strings"
+
+ "golang.org/x/tools/go/types/objectpath"
+ "golang.org/x/tools/internal/aliases"
+ "golang.org/x/tools/internal/tokeninternal"
+)
+
+// IExportShallow encodes "shallow" export data for the specified package.
+//
+// No promises are made about the encoding other than that it can be decoded by
+// the same version of IIExportShallow. If you plan to save export data in the
+// file system, be sure to include a cryptographic digest of the executable in
+// the key to avoid version skew.
+//
+// If the provided reportf func is non-nil, it will be used for reporting bugs
+// encountered during export.
+// TODO(rfindley): remove reportf when we are confident enough in the new
+// objectpath encoding.
+func IExportShallow(fset *token.FileSet, pkg *types.Package, reportf ReportFunc) ([]byte, error) {
+ // In principle this operation can only fail if out.Write fails,
+ // but that's impossible for bytes.Buffer---and as a matter of
+ // fact iexportCommon doesn't even check for I/O errors.
+ // TODO(adonovan): handle I/O errors properly.
+ // TODO(adonovan): use byte slices throughout, avoiding copying.
+ const bundle, shallow = false, true
+ var out bytes.Buffer
+ err := iexportCommon(&out, fset, bundle, shallow, iexportVersion, []*types.Package{pkg})
+ return out.Bytes(), err
+}
+
+// IImportShallow decodes "shallow" types.Package data encoded by
+// IExportShallow in the same executable. This function cannot import data from
+// cmd/compile or gcexportdata.Write.
+//
+// The importer calls getPackages to obtain package symbols for all
+// packages mentioned in the export data, including the one being
+// decoded.
+//
+// If the provided reportf func is non-nil, it will be used for reporting bugs
+// encountered during import.
+// TODO(rfindley): remove reportf when we are confident enough in the new
+// objectpath encoding.
+func IImportShallow(fset *token.FileSet, getPackages GetPackagesFunc, data []byte, path string, reportf ReportFunc) (*types.Package, error) {
+ const bundle = false
+ const shallow = true
+ pkgs, err := iimportCommon(fset, getPackages, data, bundle, path, shallow, reportf)
+ if err != nil {
+ return nil, err
+ }
+ return pkgs[0], nil
+}
+
+// ReportFunc is the type of a function used to report formatted bugs.
+type ReportFunc = func(string, ...interface{})
+
+// Current bundled export format version. Increase with each format change.
+// 0: initial implementation
+const bundleVersion = 0
+
+// IExportData writes indexed export data for pkg to out.
+//
+// If no file set is provided, position info will be missing.
+// The package path of the top-level package will not be recorded,
+// so that calls to IImportData can override with a provided package path.
+func IExportData(out io.Writer, fset *token.FileSet, pkg *types.Package) error {
+ const bundle, shallow = false, false
+ return iexportCommon(out, fset, bundle, shallow, iexportVersion, []*types.Package{pkg})
+}
+
+// IExportBundle writes an indexed export bundle for pkgs to out.
+func IExportBundle(out io.Writer, fset *token.FileSet, pkgs []*types.Package) error {
+ const bundle, shallow = true, false
+ return iexportCommon(out, fset, bundle, shallow, iexportVersion, pkgs)
+}
+
+func iexportCommon(out io.Writer, fset *token.FileSet, bundle, shallow bool, version int, pkgs []*types.Package) (err error) {
+ if !debug {
+ defer func() {
+ if e := recover(); e != nil {
+ if ierr, ok := e.(internalError); ok {
+ err = ierr
+ return
+ }
+ // Not an internal error; panic again.
+ panic(e)
+ }
+ }()
+ }
+
+ p := iexporter{
+ fset: fset,
+ version: version,
+ shallow: shallow,
+ allPkgs: map[*types.Package]bool{},
+ stringIndex: map[string]uint64{},
+ declIndex: map[types.Object]uint64{},
+ tparamNames: map[types.Object]string{},
+ typIndex: map[types.Type]uint64{},
+ }
+ if !bundle {
+ p.localpkg = pkgs[0]
+ }
+
+ for i, pt := range predeclared() {
+ p.typIndex[pt] = uint64(i)
+ }
+ if len(p.typIndex) > predeclReserved {
+ panic(internalErrorf("too many predeclared types: %d > %d", len(p.typIndex), predeclReserved))
+ }
+
+ // Initialize work queue with exported declarations.
+ for _, pkg := range pkgs {
+ scope := pkg.Scope()
+ for _, name := range scope.Names() {
+ if token.IsExported(name) {
+ p.pushDecl(scope.Lookup(name))
+ }
+ }
+
+ if bundle {
+ // Ensure pkg and its imports are included in the index.
+ p.allPkgs[pkg] = true
+ for _, imp := range pkg.Imports() {
+ p.allPkgs[imp] = true
+ }
+ }
+ }
+
+ // Loop until no more work.
+ for !p.declTodo.empty() {
+ p.doDecl(p.declTodo.popHead())
+ }
+
+ // Produce index of offset of each file record in files.
+ var files intWriter
+ var fileOffset []uint64 // fileOffset[i] is offset in files of file encoded as i
+ if p.shallow {
+ fileOffset = make([]uint64, len(p.fileInfos))
+ for i, info := range p.fileInfos {
+ fileOffset[i] = uint64(files.Len())
+ p.encodeFile(&files, info.file, info.needed)
+ }
+ }
+
+ // Append indices to data0 section.
+ dataLen := uint64(p.data0.Len())
+ w := p.newWriter()
+ w.writeIndex(p.declIndex)
+
+ if bundle {
+ w.uint64(uint64(len(pkgs)))
+ for _, pkg := range pkgs {
+ w.pkg(pkg)
+ imps := pkg.Imports()
+ w.uint64(uint64(len(imps)))
+ for _, imp := range imps {
+ w.pkg(imp)
+ }
+ }
+ }
+ w.flush()
+
+ // Assemble header.
+ var hdr intWriter
+ if bundle {
+ hdr.uint64(bundleVersion)
+ }
+ hdr.uint64(uint64(p.version))
+ hdr.uint64(uint64(p.strings.Len()))
+ if p.shallow {
+ hdr.uint64(uint64(files.Len()))
+ hdr.uint64(uint64(len(fileOffset)))
+ for _, offset := range fileOffset {
+ hdr.uint64(offset)
+ }
+ }
+ hdr.uint64(dataLen)
+
+ // Flush output.
+ io.Copy(out, &hdr)
+ io.Copy(out, &p.strings)
+ if p.shallow {
+ io.Copy(out, &files)
+ }
+ io.Copy(out, &p.data0)
+
+ return nil
+}
+
+// encodeFile writes to w a representation of the file sufficient to
+// faithfully restore position information about all needed offsets.
+// Mutates the needed array.
+func (p *iexporter) encodeFile(w *intWriter, file *token.File, needed []uint64) {
+ _ = needed[0] // precondition: needed is non-empty
+
+ w.uint64(p.stringOff(file.Name()))
+
+ size := uint64(file.Size())
+ w.uint64(size)
+
+ // Sort the set of needed offsets. Duplicates are harmless.
+ sort.Slice(needed, func(i, j int) bool { return needed[i] < needed[j] })
+
+ lines := tokeninternal.GetLines(file) // byte offset of each line start
+ w.uint64(uint64(len(lines)))
+
+ // Rather than record the entire array of line start offsets,
+ // we save only a sparse list of (index, offset) pairs for
+ // the start of each line that contains a needed position.
+ var sparse [][2]int // (index, offset) pairs
+outer:
+ for i, lineStart := range lines {
+ lineEnd := size
+ if i < len(lines)-1 {
+ lineEnd = uint64(lines[i+1])
+ }
+ // Does this line contains a needed offset?
+ if needed[0] < lineEnd {
+ sparse = append(sparse, [2]int{i, lineStart})
+ for needed[0] < lineEnd {
+ needed = needed[1:]
+ if len(needed) == 0 {
+ break outer
+ }
+ }
+ }
+ }
+
+ // Delta-encode the columns.
+ w.uint64(uint64(len(sparse)))
+ var prev [2]int
+ for _, pair := range sparse {
+ w.uint64(uint64(pair[0] - prev[0]))
+ w.uint64(uint64(pair[1] - prev[1]))
+ prev = pair
+ }
+}
+
+// writeIndex writes out an object index. mainIndex indicates whether
+// we're writing out the main index, which is also read by
+// non-compiler tools and includes a complete package description
+// (i.e., name and height).
+func (w *exportWriter) writeIndex(index map[types.Object]uint64) {
+ type pkgObj struct {
+ obj types.Object
+ name string // qualified name; differs from obj.Name for type params
+ }
+ // Build a map from packages to objects from that package.
+ pkgObjs := map[*types.Package][]pkgObj{}
+
+ // For the main index, make sure to include every package that
+ // we reference, even if we're not exporting (or reexporting)
+ // any symbols from it.
+ if w.p.localpkg != nil {
+ pkgObjs[w.p.localpkg] = nil
+ }
+ for pkg := range w.p.allPkgs {
+ pkgObjs[pkg] = nil
+ }
+
+ for obj := range index {
+ name := w.p.exportName(obj)
+ pkgObjs[obj.Pkg()] = append(pkgObjs[obj.Pkg()], pkgObj{obj, name})
+ }
+
+ var pkgs []*types.Package
+ for pkg, objs := range pkgObjs {
+ pkgs = append(pkgs, pkg)
+
+ sort.Slice(objs, func(i, j int) bool {
+ return objs[i].name < objs[j].name
+ })
+ }
+
+ sort.Slice(pkgs, func(i, j int) bool {
+ return w.exportPath(pkgs[i]) < w.exportPath(pkgs[j])
+ })
+
+ w.uint64(uint64(len(pkgs)))
+ for _, pkg := range pkgs {
+ w.string(w.exportPath(pkg))
+ w.string(pkg.Name())
+ w.uint64(uint64(0)) // package height is not needed for go/types
+
+ objs := pkgObjs[pkg]
+ w.uint64(uint64(len(objs)))
+ for _, obj := range objs {
+ w.string(obj.name)
+ w.uint64(index[obj.obj])
+ }
+ }
+}
+
+// exportName returns the 'exported' name of an object. It differs from
+// obj.Name() only for type parameters (see tparamExportName for details).
+func (p *iexporter) exportName(obj types.Object) (res string) {
+ if name := p.tparamNames[obj]; name != "" {
+ return name
+ }
+ return obj.Name()
+}
+
+type iexporter struct {
+ fset *token.FileSet
+ out *bytes.Buffer
+ version int
+
+ shallow bool // don't put types from other packages in the index
+ objEncoder *objectpath.Encoder // encodes objects from other packages in shallow mode; lazily allocated
+ localpkg *types.Package // (nil in bundle mode)
+
+ // allPkgs tracks all packages that have been referenced by
+ // the export data, so we can ensure to include them in the
+ // main index.
+ allPkgs map[*types.Package]bool
+
+ declTodo objQueue
+
+ strings intWriter
+ stringIndex map[string]uint64
+
+ // In shallow mode, object positions are encoded as (file, offset).
+ // Each file is recorded as a line-number table.
+ // Only the lines of needed positions are saved faithfully.
+ fileInfo map[*token.File]uint64 // value is index in fileInfos
+ fileInfos []*filePositions
+
+ data0 intWriter
+ declIndex map[types.Object]uint64
+ tparamNames map[types.Object]string // typeparam->exported name
+ typIndex map[types.Type]uint64
+
+ indent int // for tracing support
+}
+
+type filePositions struct {
+ file *token.File
+ needed []uint64 // unordered list of needed file offsets
+}
+
+func (p *iexporter) trace(format string, args ...interface{}) {
+ if !trace {
+ // Call sites should also be guarded, but having this check here allows
+ // easily enabling/disabling debug trace statements.
+ return
+ }
+ fmt.Printf(strings.Repeat("..", p.indent)+format+"\n", args...)
+}
+
+// objectpathEncoder returns the lazily allocated objectpath.Encoder to use
+// when encoding objects in other packages during shallow export.
+//
+// Using a shared Encoder amortizes some of cost of objectpath search.
+func (p *iexporter) objectpathEncoder() *objectpath.Encoder {
+ if p.objEncoder == nil {
+ p.objEncoder = new(objectpath.Encoder)
+ }
+ return p.objEncoder
+}
+
+// stringOff returns the offset of s within the string section.
+// If not already present, it's added to the end.
+func (p *iexporter) stringOff(s string) uint64 {
+ off, ok := p.stringIndex[s]
+ if !ok {
+ off = uint64(p.strings.Len())
+ p.stringIndex[s] = off
+
+ p.strings.uint64(uint64(len(s)))
+ p.strings.WriteString(s)
+ }
+ return off
+}
+
+// fileIndexAndOffset returns the index of the token.File and the byte offset of pos within it.
+func (p *iexporter) fileIndexAndOffset(file *token.File, pos token.Pos) (uint64, uint64) {
+ index, ok := p.fileInfo[file]
+ if !ok {
+ index = uint64(len(p.fileInfo))
+ p.fileInfos = append(p.fileInfos, &filePositions{file: file})
+ if p.fileInfo == nil {
+ p.fileInfo = make(map[*token.File]uint64)
+ }
+ p.fileInfo[file] = index
+ }
+ // Record each needed offset.
+ info := p.fileInfos[index]
+ offset := uint64(file.Offset(pos))
+ info.needed = append(info.needed, offset)
+
+ return index, offset
+}
+
+// pushDecl adds n to the declaration work queue, if not already present.
+func (p *iexporter) pushDecl(obj types.Object) {
+ // Package unsafe is known to the compiler and predeclared.
+ // Caller should not ask us to do export it.
+ if obj.Pkg() == types.Unsafe {
+ panic("cannot export package unsafe")
+ }
+
+ // Shallow export data: don't index decls from other packages.
+ if p.shallow && obj.Pkg() != p.localpkg {
+ return
+ }
+
+ if _, ok := p.declIndex[obj]; ok {
+ return
+ }
+
+ p.declIndex[obj] = ^uint64(0) // mark obj present in work queue
+ p.declTodo.pushTail(obj)
+}
+
+// exportWriter handles writing out individual data section chunks.
+type exportWriter struct {
+ p *iexporter
+
+ data intWriter
+ prevFile string
+ prevLine int64
+ prevColumn int64
+}
+
+func (w *exportWriter) exportPath(pkg *types.Package) string {
+ if pkg == w.p.localpkg {
+ return ""
+ }
+ return pkg.Path()
+}
+
+func (p *iexporter) doDecl(obj types.Object) {
+ if trace {
+ p.trace("exporting decl %v (%T)", obj, obj)
+ p.indent++
+ defer func() {
+ p.indent--
+ p.trace("=> %s", obj)
+ }()
+ }
+ w := p.newWriter()
+
+ switch obj := obj.(type) {
+ case *types.Var:
+ w.tag(varTag)
+ w.pos(obj.Pos())
+ w.typ(obj.Type(), obj.Pkg())
+
+ case *types.Func:
+ sig, _ := obj.Type().(*types.Signature)
+ if sig.Recv() != nil {
+ // We shouldn't see methods in the package scope,
+ // but the type checker may repair "func () F() {}"
+ // to "func (Invalid) F()" and then treat it like "func F()",
+ // so allow that. See golang/go#57729.
+ if sig.Recv().Type() != types.Typ[types.Invalid] {
+ panic(internalErrorf("unexpected method: %v", sig))
+ }
+ }
+
+ // Function.
+ if sig.TypeParams().Len() == 0 {
+ w.tag(funcTag)
+ } else {
+ w.tag(genericFuncTag)
+ }
+ w.pos(obj.Pos())
+ // The tparam list of the function type is the declaration of the type
+ // params. So, write out the type params right now. Then those type params
+ // will be referenced via their type offset (via typOff) in all other
+ // places in the signature and function where they are used.
+ //
+ // While importing the type parameters, tparamList computes and records
+ // their export name, so that it can be later used when writing the index.
+ if tparams := sig.TypeParams(); tparams.Len() > 0 {
+ w.tparamList(obj.Name(), tparams, obj.Pkg())
+ }
+ w.signature(sig)
+
+ case *types.Const:
+ w.tag(constTag)
+ w.pos(obj.Pos())
+ w.value(obj.Type(), obj.Val())
+
+ case *types.TypeName:
+ t := obj.Type()
+
+ if tparam, ok := aliases.Unalias(t).(*types.TypeParam); ok {
+ w.tag(typeParamTag)
+ w.pos(obj.Pos())
+ constraint := tparam.Constraint()
+ if p.version >= iexportVersionGo1_18 {
+ implicit := false
+ if iface, _ := aliases.Unalias(constraint).(*types.Interface); iface != nil {
+ implicit = iface.IsImplicit()
+ }
+ w.bool(implicit)
+ }
+ w.typ(constraint, obj.Pkg())
+ break
+ }
+
+ if obj.IsAlias() {
+ w.tag(aliasTag)
+ w.pos(obj.Pos())
+ if alias, ok := t.(*aliases.Alias); ok {
+ // Preserve materialized aliases,
+ // even of non-exported types.
+ t = aliases.Rhs(alias)
+ }
+ w.typ(t, obj.Pkg())
+ break
+ }
+
+ // Defined type.
+ named, ok := t.(*types.Named)
+ if !ok {
+ panic(internalErrorf("%s is not a defined type", t))
+ }
+
+ if named.TypeParams().Len() == 0 {
+ w.tag(typeTag)
+ } else {
+ w.tag(genericTypeTag)
+ }
+ w.pos(obj.Pos())
+
+ if named.TypeParams().Len() > 0 {
+ // While importing the type parameters, tparamList computes and records
+ // their export name, so that it can be later used when writing the index.
+ w.tparamList(obj.Name(), named.TypeParams(), obj.Pkg())
+ }
+
+ underlying := named.Underlying()
+ w.typ(underlying, obj.Pkg())
+
+ if types.IsInterface(t) {
+ break
+ }
+
+ n := named.NumMethods()
+ w.uint64(uint64(n))
+ for i := 0; i < n; i++ {
+ m := named.Method(i)
+ w.pos(m.Pos())
+ w.string(m.Name())
+ sig, _ := m.Type().(*types.Signature)
+
+ // Receiver type parameters are type arguments of the receiver type, so
+ // their name must be qualified before exporting recv.
+ if rparams := sig.RecvTypeParams(); rparams.Len() > 0 {
+ prefix := obj.Name() + "." + m.Name()
+ for i := 0; i < rparams.Len(); i++ {
+ rparam := rparams.At(i)
+ name := tparamExportName(prefix, rparam)
+ w.p.tparamNames[rparam.Obj()] = name
+ }
+ }
+ w.param(sig.Recv())
+ w.signature(sig)
+ }
+
+ default:
+ panic(internalErrorf("unexpected object: %v", obj))
+ }
+
+ p.declIndex[obj] = w.flush()
+}
+
+func (w *exportWriter) tag(tag byte) {
+ w.data.WriteByte(tag)
+}
+
+func (w *exportWriter) pos(pos token.Pos) {
+ if w.p.shallow {
+ w.posV2(pos)
+ } else if w.p.version >= iexportVersionPosCol {
+ w.posV1(pos)
+ } else {
+ w.posV0(pos)
+ }
+}
+
+// posV2 encoding (used only in shallow mode) records positions as
+// (file, offset), where file is the index in the token.File table
+// (which records the file name and newline offsets) and offset is a
+// byte offset. It effectively ignores //line directives.
+func (w *exportWriter) posV2(pos token.Pos) {
+ if pos == token.NoPos {
+ w.uint64(0)
+ return
+ }
+ file := w.p.fset.File(pos) // fset must be non-nil
+ index, offset := w.p.fileIndexAndOffset(file, pos)
+ w.uint64(1 + index)
+ w.uint64(offset)
+}
+
+func (w *exportWriter) posV1(pos token.Pos) {
+ if w.p.fset == nil {
+ w.int64(0)
+ return
+ }
+
+ p := w.p.fset.Position(pos)
+ file := p.Filename
+ line := int64(p.Line)
+ column := int64(p.Column)
+
+ deltaColumn := (column - w.prevColumn) << 1
+ deltaLine := (line - w.prevLine) << 1
+
+ if file != w.prevFile {
+ deltaLine |= 1
+ }
+ if deltaLine != 0 {
+ deltaColumn |= 1
+ }
+
+ w.int64(deltaColumn)
+ if deltaColumn&1 != 0 {
+ w.int64(deltaLine)
+ if deltaLine&1 != 0 {
+ w.string(file)
+ }
+ }
+
+ w.prevFile = file
+ w.prevLine = line
+ w.prevColumn = column
+}
+
+func (w *exportWriter) posV0(pos token.Pos) {
+ if w.p.fset == nil {
+ w.int64(0)
+ return
+ }
+
+ p := w.p.fset.Position(pos)
+ file := p.Filename
+ line := int64(p.Line)
+
+ // When file is the same as the last position (common case),
+ // we can save a few bytes by delta encoding just the line
+ // number.
+ //
+ // Note: Because data objects may be read out of order (or not
+ // at all), we can only apply delta encoding within a single
+ // object. This is handled implicitly by tracking prevFile and
+ // prevLine as fields of exportWriter.
+
+ if file == w.prevFile {
+ delta := line - w.prevLine
+ w.int64(delta)
+ if delta == deltaNewFile {
+ w.int64(-1)
+ }
+ } else {
+ w.int64(deltaNewFile)
+ w.int64(line) // line >= 0
+ w.string(file)
+ w.prevFile = file
+ }
+ w.prevLine = line
+}
+
+func (w *exportWriter) pkg(pkg *types.Package) {
+ // Ensure any referenced packages are declared in the main index.
+ w.p.allPkgs[pkg] = true
+
+ w.string(w.exportPath(pkg))
+}
+
+func (w *exportWriter) qualifiedType(obj *types.TypeName) {
+ name := w.p.exportName(obj)
+
+ // Ensure any referenced declarations are written out too.
+ w.p.pushDecl(obj)
+ w.string(name)
+ w.pkg(obj.Pkg())
+}
+
+// TODO(rfindley): what does 'pkg' even mean here? It would be better to pass
+// it in explicitly into signatures and structs that may use it for
+// constructing fields.
+func (w *exportWriter) typ(t types.Type, pkg *types.Package) {
+ w.data.uint64(w.p.typOff(t, pkg))
+}
+
+func (p *iexporter) newWriter() *exportWriter {
+ return &exportWriter{p: p}
+}
+
+func (w *exportWriter) flush() uint64 {
+ off := uint64(w.p.data0.Len())
+ io.Copy(&w.p.data0, &w.data)
+ return off
+}
+
+func (p *iexporter) typOff(t types.Type, pkg *types.Package) uint64 {
+ off, ok := p.typIndex[t]
+ if !ok {
+ w := p.newWriter()
+ w.doTyp(t, pkg)
+ off = predeclReserved + w.flush()
+ p.typIndex[t] = off
+ }
+ return off
+}
+
+func (w *exportWriter) startType(k itag) {
+ w.data.uint64(uint64(k))
+}
+
+func (w *exportWriter) doTyp(t types.Type, pkg *types.Package) {
+ if trace {
+ w.p.trace("exporting type %s (%T)", t, t)
+ w.p.indent++
+ defer func() {
+ w.p.indent--
+ w.p.trace("=> %s", t)
+ }()
+ }
+ switch t := t.(type) {
+ case *aliases.Alias:
+ // TODO(adonovan): support parameterized aliases, following *types.Named.
+ w.startType(aliasType)
+ w.qualifiedType(t.Obj())
+
+ case *types.Named:
+ if targs := t.TypeArgs(); targs.Len() > 0 {
+ w.startType(instanceType)
+ // TODO(rfindley): investigate if this position is correct, and if it
+ // matters.
+ w.pos(t.Obj().Pos())
+ w.typeList(targs, pkg)
+ w.typ(t.Origin(), pkg)
+ return
+ }
+ w.startType(definedType)
+ w.qualifiedType(t.Obj())
+
+ case *types.TypeParam:
+ w.startType(typeParamType)
+ w.qualifiedType(t.Obj())
+
+ case *types.Pointer:
+ w.startType(pointerType)
+ w.typ(t.Elem(), pkg)
+
+ case *types.Slice:
+ w.startType(sliceType)
+ w.typ(t.Elem(), pkg)
+
+ case *types.Array:
+ w.startType(arrayType)
+ w.uint64(uint64(t.Len()))
+ w.typ(t.Elem(), pkg)
+
+ case *types.Chan:
+ w.startType(chanType)
+ // 1 RecvOnly; 2 SendOnly; 3 SendRecv
+ var dir uint64
+ switch t.Dir() {
+ case types.RecvOnly:
+ dir = 1
+ case types.SendOnly:
+ dir = 2
+ case types.SendRecv:
+ dir = 3
+ }
+ w.uint64(dir)
+ w.typ(t.Elem(), pkg)
+
+ case *types.Map:
+ w.startType(mapType)
+ w.typ(t.Key(), pkg)
+ w.typ(t.Elem(), pkg)
+
+ case *types.Signature:
+ w.startType(signatureType)
+ w.pkg(pkg)
+ w.signature(t)
+
+ case *types.Struct:
+ w.startType(structType)
+ n := t.NumFields()
+ // Even for struct{} we must emit some qualifying package, because that's
+ // what the compiler does, and thus that's what the importer expects.
+ fieldPkg := pkg
+ if n > 0 {
+ fieldPkg = t.Field(0).Pkg()
+ }
+ if fieldPkg == nil {
+ // TODO(rfindley): improve this very hacky logic.
+ //
+ // The importer expects a package to be set for all struct types, even
+ // those with no fields. A better encoding might be to set NumFields
+ // before pkg. setPkg panics with a nil package, which may be possible
+ // to reach with invalid packages (and perhaps valid packages, too?), so
+ // (arbitrarily) set the localpkg if available.
+ //
+ // Alternatively, we may be able to simply guarantee that pkg != nil, by
+ // reconsidering the encoding of constant values.
+ if w.p.shallow {
+ fieldPkg = w.p.localpkg
+ } else {
+ panic(internalErrorf("no package to set for empty struct"))
+ }
+ }
+ w.pkg(fieldPkg)
+ w.uint64(uint64(n))
+
+ for i := 0; i < n; i++ {
+ f := t.Field(i)
+ if w.p.shallow {
+ w.objectPath(f)
+ }
+ w.pos(f.Pos())
+ w.string(f.Name()) // unexported fields implicitly qualified by prior setPkg
+ w.typ(f.Type(), fieldPkg)
+ w.bool(f.Anonymous())
+ w.string(t.Tag(i)) // note (or tag)
+ }
+
+ case *types.Interface:
+ w.startType(interfaceType)
+ w.pkg(pkg)
+
+ n := t.NumEmbeddeds()
+ w.uint64(uint64(n))
+ for i := 0; i < n; i++ {
+ ft := t.EmbeddedType(i)
+ tPkg := pkg
+ if named, _ := aliases.Unalias(ft).(*types.Named); named != nil {
+ w.pos(named.Obj().Pos())
+ } else {
+ w.pos(token.NoPos)
+ }
+ w.typ(ft, tPkg)
+ }
+
+ // See comment for struct fields. In shallow mode we change the encoding
+ // for interface methods that are promoted from other packages.
+
+ n = t.NumExplicitMethods()
+ w.uint64(uint64(n))
+ for i := 0; i < n; i++ {
+ m := t.ExplicitMethod(i)
+ if w.p.shallow {
+ w.objectPath(m)
+ }
+ w.pos(m.Pos())
+ w.string(m.Name())
+ sig, _ := m.Type().(*types.Signature)
+ w.signature(sig)
+ }
+
+ case *types.Union:
+ w.startType(unionType)
+ nt := t.Len()
+ w.uint64(uint64(nt))
+ for i := 0; i < nt; i++ {
+ term := t.Term(i)
+ w.bool(term.Tilde())
+ w.typ(term.Type(), pkg)
+ }
+
+ default:
+ panic(internalErrorf("unexpected type: %v, %v", t, reflect.TypeOf(t)))
+ }
+}
+
+// objectPath writes the package and objectPath to use to look up obj in a
+// different package, when encoding in "shallow" mode.
+//
+// When doing a shallow import, the importer creates only the local package,
+// and requests package symbols for dependencies from the client.
+// However, certain types defined in the local package may hold objects defined
+// (perhaps deeply) within another package.
+//
+// For example, consider the following:
+//
+// package a
+// func F() chan * map[string] struct { X int }
+//
+// package b
+// import "a"
+// var B = a.F()
+//
+// In this example, the type of b.B holds fields defined in package a.
+// In order to have the correct canonical objects for the field defined in the
+// type of B, they are encoded as objectPaths and later looked up in the
+// importer. The same problem applies to interface methods.
+func (w *exportWriter) objectPath(obj types.Object) {
+ if obj.Pkg() == nil || obj.Pkg() == w.p.localpkg {
+ // obj.Pkg() may be nil for the builtin error.Error.
+ // In this case, or if obj is declared in the local package, no need to
+ // encode.
+ w.string("")
+ return
+ }
+ objectPath, err := w.p.objectpathEncoder().For(obj)
+ if err != nil {
+ // Fall back to the empty string, which will cause the importer to create a
+ // new object, which matches earlier behavior. Creating a new object is
+ // sufficient for many purposes (such as type checking), but causes certain
+ // references algorithms to fail (golang/go#60819). However, we didn't
+ // notice this problem during months of gopls@v0.12.0 testing.
+ //
+ // TODO(golang/go#61674): this workaround is insufficient, as in the case
+ // where the field forwarded from an instantiated type that may not appear
+ // in the export data of the original package:
+ //
+ // // package a
+ // type A[P any] struct{ F P }
+ //
+ // // package b
+ // type B a.A[int]
+ //
+ // We need to update references algorithms not to depend on this
+ // de-duplication, at which point we may want to simply remove the
+ // workaround here.
+ w.string("")
+ return
+ }
+ w.string(string(objectPath))
+ w.pkg(obj.Pkg())
+}
+
+func (w *exportWriter) signature(sig *types.Signature) {
+ w.paramList(sig.Params())
+ w.paramList(sig.Results())
+ if sig.Params().Len() > 0 {
+ w.bool(sig.Variadic())
+ }
+}
+
+func (w *exportWriter) typeList(ts *types.TypeList, pkg *types.Package) {
+ w.uint64(uint64(ts.Len()))
+ for i := 0; i < ts.Len(); i++ {
+ w.typ(ts.At(i), pkg)
+ }
+}
+
+func (w *exportWriter) tparamList(prefix string, list *types.TypeParamList, pkg *types.Package) {
+ ll := uint64(list.Len())
+ w.uint64(ll)
+ for i := 0; i < list.Len(); i++ {
+ tparam := list.At(i)
+ // Set the type parameter exportName before exporting its type.
+ exportName := tparamExportName(prefix, tparam)
+ w.p.tparamNames[tparam.Obj()] = exportName
+ w.typ(list.At(i), pkg)
+ }
+}
+
+const blankMarker = "$"
+
+// tparamExportName returns the 'exported' name of a type parameter, which
+// differs from its actual object name: it is prefixed with a qualifier, and
+// blank type parameter names are disambiguated by their index in the type
+// parameter list.
+func tparamExportName(prefix string, tparam *types.TypeParam) string {
+ assert(prefix != "")
+ name := tparam.Obj().Name()
+ if name == "_" {
+ name = blankMarker + strconv.Itoa(tparam.Index())
+ }
+ return prefix + "." + name
+}
+
+// tparamName returns the real name of a type parameter, after stripping its
+// qualifying prefix and reverting blank-name encoding. See tparamExportName
+// for details.
+func tparamName(exportName string) string {
+ // Remove the "path" from the type param name that makes it unique.
+ ix := strings.LastIndex(exportName, ".")
+ if ix < 0 {
+ errorf("malformed type parameter export name %s: missing prefix", exportName)
+ }
+ name := exportName[ix+1:]
+ if strings.HasPrefix(name, blankMarker) {
+ return "_"
+ }
+ return name
+}
+
+func (w *exportWriter) paramList(tup *types.Tuple) {
+ n := tup.Len()
+ w.uint64(uint64(n))
+ for i := 0; i < n; i++ {
+ w.param(tup.At(i))
+ }
+}
+
+func (w *exportWriter) param(obj types.Object) {
+ w.pos(obj.Pos())
+ w.localIdent(obj)
+ w.typ(obj.Type(), obj.Pkg())
+}
+
+func (w *exportWriter) value(typ types.Type, v constant.Value) {
+ w.typ(typ, nil)
+ if w.p.version >= iexportVersionGo1_18 {
+ w.int64(int64(v.Kind()))
+ }
+
+ if v.Kind() == constant.Unknown {
+ // golang/go#60605: treat unknown constant values as if they have invalid type
+ //
+ // This loses some fidelity over the package type-checked from source, but that
+ // is acceptable.
+ //
+ // TODO(rfindley): we should switch on the recorded constant kind rather
+ // than the constant type
+ return
+ }
+
+ switch b := typ.Underlying().(*types.Basic); b.Info() & types.IsConstType {
+ case types.IsBoolean:
+ w.bool(constant.BoolVal(v))
+ case types.IsInteger:
+ var i big.Int
+ if i64, exact := constant.Int64Val(v); exact {
+ i.SetInt64(i64)
+ } else if ui64, exact := constant.Uint64Val(v); exact {
+ i.SetUint64(ui64)
+ } else {
+ i.SetString(v.ExactString(), 10)
+ }
+ w.mpint(&i, typ)
+ case types.IsFloat:
+ f := constantToFloat(v)
+ w.mpfloat(f, typ)
+ case types.IsComplex:
+ w.mpfloat(constantToFloat(constant.Real(v)), typ)
+ w.mpfloat(constantToFloat(constant.Imag(v)), typ)
+ case types.IsString:
+ w.string(constant.StringVal(v))
+ default:
+ if b.Kind() == types.Invalid {
+ // package contains type errors
+ break
+ }
+ panic(internalErrorf("unexpected type %v (%v)", typ, typ.Underlying()))
+ }
+}
+
+// constantToFloat converts a constant.Value with kind constant.Float to a
+// big.Float.
+func constantToFloat(x constant.Value) *big.Float {
+ x = constant.ToFloat(x)
+ // Use the same floating-point precision (512) as cmd/compile
+ // (see Mpprec in cmd/compile/internal/gc/mpfloat.go).
+ const mpprec = 512
+ var f big.Float
+ f.SetPrec(mpprec)
+ if v, exact := constant.Float64Val(x); exact {
+ // float64
+ f.SetFloat64(v)
+ } else if num, denom := constant.Num(x), constant.Denom(x); num.Kind() == constant.Int {
+ // TODO(gri): add big.Rat accessor to constant.Value.
+ n := valueToRat(num)
+ d := valueToRat(denom)
+ f.SetRat(n.Quo(n, d))
+ } else {
+ // Value too large to represent as a fraction => inaccessible.
+ // TODO(gri): add big.Float accessor to constant.Value.
+ _, ok := f.SetString(x.ExactString())
+ assert(ok)
+ }
+ return &f
+}
+
+func valueToRat(x constant.Value) *big.Rat {
+ // Convert little-endian to big-endian.
+ // I can't believe this is necessary.
+ bytes := constant.Bytes(x)
+ for i := 0; i < len(bytes)/2; i++ {
+ bytes[i], bytes[len(bytes)-1-i] = bytes[len(bytes)-1-i], bytes[i]
+ }
+ return new(big.Rat).SetInt(new(big.Int).SetBytes(bytes))
+}
+
+// mpint exports a multi-precision integer.
+//
+// For unsigned types, small values are written out as a single
+// byte. Larger values are written out as a length-prefixed big-endian
+// byte string, where the length prefix is encoded as its complement.
+// For example, bytes 0, 1, and 2 directly represent the integer
+// values 0, 1, and 2; while bytes 255, 254, and 253 indicate a 1-,
+// 2-, and 3-byte big-endian string follow.
+//
+// Encoding for signed types use the same general approach as for
+// unsigned types, except small values use zig-zag encoding and the
+// bottom bit of length prefix byte for large values is reserved as a
+// sign bit.
+//
+// The exact boundary between small and large encodings varies
+// according to the maximum number of bytes needed to encode a value
+// of type typ. As a special case, 8-bit types are always encoded as a
+// single byte.
+//
+// TODO(mdempsky): Is this level of complexity really worthwhile?
+func (w *exportWriter) mpint(x *big.Int, typ types.Type) {
+ basic, ok := typ.Underlying().(*types.Basic)
+ if !ok {
+ panic(internalErrorf("unexpected type %v (%T)", typ.Underlying(), typ.Underlying()))
+ }
+
+ signed, maxBytes := intSize(basic)
+
+ negative := x.Sign() < 0
+ if !signed && negative {
+ panic(internalErrorf("negative unsigned integer; type %v, value %v", typ, x))
+ }
+
+ b := x.Bytes()
+ if len(b) > 0 && b[0] == 0 {
+ panic(internalErrorf("leading zeros"))
+ }
+ if uint(len(b)) > maxBytes {
+ panic(internalErrorf("bad mpint length: %d > %d (type %v, value %v)", len(b), maxBytes, typ, x))
+ }
+
+ maxSmall := 256 - maxBytes
+ if signed {
+ maxSmall = 256 - 2*maxBytes
+ }
+ if maxBytes == 1 {
+ maxSmall = 256
+ }
+
+ // Check if x can use small value encoding.
+ if len(b) <= 1 {
+ var ux uint
+ if len(b) == 1 {
+ ux = uint(b[0])
+ }
+ if signed {
+ ux <<= 1
+ if negative {
+ ux--
+ }
+ }
+ if ux < maxSmall {
+ w.data.WriteByte(byte(ux))
+ return
+ }
+ }
+
+ n := 256 - uint(len(b))
+ if signed {
+ n = 256 - 2*uint(len(b))
+ if negative {
+ n |= 1
+ }
+ }
+ if n < maxSmall || n >= 256 {
+ panic(internalErrorf("encoding mistake: %d, %v, %v => %d", len(b), signed, negative, n))
+ }
+
+ w.data.WriteByte(byte(n))
+ w.data.Write(b)
+}
+
+// mpfloat exports a multi-precision floating point number.
+//
+// The number's value is decomposed into mantissa × 2**exponent, where
+// mantissa is an integer. The value is written out as mantissa (as a
+// multi-precision integer) and then the exponent, except exponent is
+// omitted if mantissa is zero.
+func (w *exportWriter) mpfloat(f *big.Float, typ types.Type) {
+ if f.IsInf() {
+ panic("infinite constant")
+ }
+
+ // Break into f = mant × 2**exp, with 0.5 <= mant < 1.
+ var mant big.Float
+ exp := int64(f.MantExp(&mant))
+
+ // Scale so that mant is an integer.
+ prec := mant.MinPrec()
+ mant.SetMantExp(&mant, int(prec))
+ exp -= int64(prec)
+
+ manti, acc := mant.Int(nil)
+ if acc != big.Exact {
+ panic(internalErrorf("mantissa scaling failed for %f (%s)", f, acc))
+ }
+ w.mpint(manti, typ)
+ if manti.Sign() != 0 {
+ w.int64(exp)
+ }
+}
+
+func (w *exportWriter) bool(b bool) bool {
+ var x uint64
+ if b {
+ x = 1
+ }
+ w.uint64(x)
+ return b
+}
+
+func (w *exportWriter) int64(x int64) { w.data.int64(x) }
+func (w *exportWriter) uint64(x uint64) { w.data.uint64(x) }
+func (w *exportWriter) string(s string) { w.uint64(w.p.stringOff(s)) }
+
+func (w *exportWriter) localIdent(obj types.Object) {
+ // Anonymous parameters.
+ if obj == nil {
+ w.string("")
+ return
+ }
+
+ name := obj.Name()
+ if name == "_" {
+ w.string("_")
+ return
+ }
+
+ w.string(name)
+}
+
+type intWriter struct {
+ bytes.Buffer
+}
+
+func (w *intWriter) int64(x int64) {
+ var buf [binary.MaxVarintLen64]byte
+ n := binary.PutVarint(buf[:], x)
+ w.Write(buf[:n])
+}
+
+func (w *intWriter) uint64(x uint64) {
+ var buf [binary.MaxVarintLen64]byte
+ n := binary.PutUvarint(buf[:], x)
+ w.Write(buf[:n])
+}
+
+func assert(cond bool) {
+ if !cond {
+ panic("internal error: assertion failed")
+ }
+}
+
+// The below is copied from go/src/cmd/compile/internal/gc/syntax.go.
+
+// objQueue is a FIFO queue of types.Object. The zero value of objQueue is
+// a ready-to-use empty queue.
+type objQueue struct {
+ ring []types.Object
+ head, tail int
+}
+
+// empty returns true if q contains no Nodes.
+func (q *objQueue) empty() bool {
+ return q.head == q.tail
+}
+
+// pushTail appends n to the tail of the queue.
+func (q *objQueue) pushTail(obj types.Object) {
+ if len(q.ring) == 0 {
+ q.ring = make([]types.Object, 16)
+ } else if q.head+len(q.ring) == q.tail {
+ // Grow the ring.
+ nring := make([]types.Object, len(q.ring)*2)
+ // Copy the old elements.
+ part := q.ring[q.head%len(q.ring):]
+ if q.tail-q.head <= len(part) {
+ part = part[:q.tail-q.head]
+ copy(nring, part)
+ } else {
+ pos := copy(nring, part)
+ copy(nring[pos:], q.ring[:q.tail%len(q.ring)])
+ }
+ q.ring, q.head, q.tail = nring, 0, q.tail-q.head
+ }
+
+ q.ring[q.tail%len(q.ring)] = obj
+ q.tail++
+}
+
+// popHead pops a node from the head of the queue. It panics if q is empty.
+func (q *objQueue) popHead() types.Object {
+ if q.empty() {
+ panic("dequeue empty")
+ }
+ obj := q.ring[q.head%len(q.ring)]
+ q.head++
+ return obj
+}
+
+// internalError represents an error generated inside this package.
+type internalError string
+
+func (e internalError) Error() string { return "gcimporter: " + string(e) }
+
+// TODO(adonovan): make this call panic, so that it's symmetric with errorf.
+// Otherwise it's easy to forget to do anything with the error.
+//
+// TODO(adonovan): also, consider switching the names "errorf" and
+// "internalErrorf" as the former is used for bugs, whose cause is
+// internal inconsistency, whereas the latter is used for ordinary
+// situations like bad input, whose cause is external.
+func internalErrorf(format string, args ...interface{}) error {
+ return internalError(fmt.Sprintf(format, args...))
+}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/iimport.go b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
new file mode 100644
index 000000000..136aa0365
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/iimport.go
@@ -0,0 +1,1100 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Indexed package import.
+// See cmd/compile/internal/gc/iexport.go for the export data format.
+
+// This file is a copy of $GOROOT/src/go/internal/gcimporter/iimport.go.
+
+package gcimporter
+
+import (
+ "bytes"
+ "encoding/binary"
+ "fmt"
+ "go/constant"
+ "go/token"
+ "go/types"
+ "io"
+ "math/big"
+ "sort"
+ "strings"
+
+ "golang.org/x/tools/go/types/objectpath"
+ "golang.org/x/tools/internal/aliases"
+ "golang.org/x/tools/internal/typesinternal"
+)
+
+type intReader struct {
+ *bytes.Reader
+ path string
+}
+
+func (r *intReader) int64() int64 {
+ i, err := binary.ReadVarint(r.Reader)
+ if err != nil {
+ errorf("import %q: read varint error: %v", r.path, err)
+ }
+ return i
+}
+
+func (r *intReader) uint64() uint64 {
+ i, err := binary.ReadUvarint(r.Reader)
+ if err != nil {
+ errorf("import %q: read varint error: %v", r.path, err)
+ }
+ return i
+}
+
+// Keep this in sync with constants in iexport.go.
+const (
+ iexportVersionGo1_11 = 0
+ iexportVersionPosCol = 1
+ iexportVersionGo1_18 = 2
+ iexportVersionGenerics = 2
+
+ iexportVersionCurrent = 2
+)
+
+type ident struct {
+ pkg *types.Package
+ name string
+}
+
+const predeclReserved = 32
+
+type itag uint64
+
+const (
+ // Types
+ definedType itag = iota
+ pointerType
+ sliceType
+ arrayType
+ chanType
+ mapType
+ signatureType
+ structType
+ interfaceType
+ typeParamType
+ instanceType
+ unionType
+ aliasType
+)
+
+// Object tags
+const (
+ varTag = 'V'
+ funcTag = 'F'
+ genericFuncTag = 'G'
+ constTag = 'C'
+ aliasTag = 'A'
+ genericAliasTag = 'B'
+ typeParamTag = 'P'
+ typeTag = 'T'
+ genericTypeTag = 'U'
+)
+
+// IImportData imports a package from the serialized package data
+// and returns 0 and a reference to the package.
+// If the export data version is not recognized or the format is otherwise
+// compromised, an error is returned.
+func IImportData(fset *token.FileSet, imports map[string]*types.Package, data []byte, path string) (int, *types.Package, error) {
+ pkgs, err := iimportCommon(fset, GetPackagesFromMap(imports), data, false, path, false, nil)
+ if err != nil {
+ return 0, nil, err
+ }
+ return 0, pkgs[0], nil
+}
+
+// IImportBundle imports a set of packages from the serialized package bundle.
+func IImportBundle(fset *token.FileSet, imports map[string]*types.Package, data []byte) ([]*types.Package, error) {
+ return iimportCommon(fset, GetPackagesFromMap(imports), data, true, "", false, nil)
+}
+
+// A GetPackagesFunc function obtains the non-nil symbols for a set of
+// packages, creating and recursively importing them as needed. An
+// implementation should store each package symbol is in the Pkg
+// field of the items array.
+//
+// Any error causes importing to fail. This can be used to quickly read
+// the import manifest of an export data file without fully decoding it.
+type GetPackagesFunc = func(items []GetPackagesItem) error
+
+// A GetPackagesItem is a request from the importer for the package
+// symbol of the specified name and path.
+type GetPackagesItem struct {
+ Name, Path string
+ Pkg *types.Package // to be filled in by GetPackagesFunc call
+
+ // private importer state
+ pathOffset uint64
+ nameIndex map[string]uint64
+}
+
+// GetPackagesFromMap returns a GetPackagesFunc that retrieves
+// packages from the given map of package path to package.
+//
+// The returned function may mutate m: each requested package that is not
+// found is created with types.NewPackage and inserted into m.
+func GetPackagesFromMap(m map[string]*types.Package) GetPackagesFunc {
+ return func(items []GetPackagesItem) error {
+ for i, item := range items {
+ pkg, ok := m[item.Path]
+ if !ok {
+ pkg = types.NewPackage(item.Path, item.Name)
+ m[item.Path] = pkg
+ }
+ items[i].Pkg = pkg
+ }
+ return nil
+ }
+}
+
+func iimportCommon(fset *token.FileSet, getPackages GetPackagesFunc, data []byte, bundle bool, path string, shallow bool, reportf ReportFunc) (pkgs []*types.Package, err error) {
+ const currentVersion = iexportVersionCurrent
+ version := int64(-1)
+ if !debug {
+ defer func() {
+ if e := recover(); e != nil {
+ if bundle {
+ err = fmt.Errorf("%v", e)
+ } else if version > currentVersion {
+ err = fmt.Errorf("cannot import %q (%v), export data is newer version - update tool", path, e)
+ } else {
+ err = fmt.Errorf("internal error while importing %q (%v); please report an issue", path, e)
+ }
+ }
+ }()
+ }
+
+ r := &intReader{bytes.NewReader(data), path}
+
+ if bundle {
+ if v := r.uint64(); v != bundleVersion {
+ errorf("unknown bundle format version %d", v)
+ }
+ }
+
+ version = int64(r.uint64())
+ switch version {
+ case iexportVersionGo1_18, iexportVersionPosCol, iexportVersionGo1_11:
+ default:
+ if version > iexportVersionGo1_18 {
+ errorf("unstable iexport format version %d, just rebuild compiler and std library", version)
+ } else {
+ errorf("unknown iexport format version %d", version)
+ }
+ }
+
+ sLen := int64(r.uint64())
+ var fLen int64
+ var fileOffset []uint64
+ if shallow {
+ // Shallow mode uses a different position encoding.
+ fLen = int64(r.uint64())
+ fileOffset = make([]uint64, r.uint64())
+ for i := range fileOffset {
+ fileOffset[i] = r.uint64()
+ }
+ }
+ dLen := int64(r.uint64())
+
+ whence, _ := r.Seek(0, io.SeekCurrent)
+ stringData := data[whence : whence+sLen]
+ fileData := data[whence+sLen : whence+sLen+fLen]
+ declData := data[whence+sLen+fLen : whence+sLen+fLen+dLen]
+ r.Seek(sLen+fLen+dLen, io.SeekCurrent)
+
+ p := iimporter{
+ version: int(version),
+ ipath: path,
+ aliases: aliases.Enabled(),
+ shallow: shallow,
+ reportf: reportf,
+
+ stringData: stringData,
+ stringCache: make(map[uint64]string),
+ fileOffset: fileOffset,
+ fileData: fileData,
+ fileCache: make([]*token.File, len(fileOffset)),
+ pkgCache: make(map[uint64]*types.Package),
+
+ declData: declData,
+ pkgIndex: make(map[*types.Package]map[string]uint64),
+ typCache: make(map[uint64]types.Type),
+ // Separate map for typeparams, keyed by their package and unique
+ // name.
+ tparamIndex: make(map[ident]types.Type),
+
+ fake: fakeFileSet{
+ fset: fset,
+ files: make(map[string]*fileInfo),
+ },
+ }
+ defer p.fake.setLines() // set lines for files in fset
+
+ for i, pt := range predeclared() {
+ p.typCache[uint64(i)] = pt
+ }
+
+ // Gather the relevant packages from the manifest.
+ items := make([]GetPackagesItem, r.uint64())
+ uniquePkgPaths := make(map[string]bool)
+ for i := range items {
+ pkgPathOff := r.uint64()
+ pkgPath := p.stringAt(pkgPathOff)
+ pkgName := p.stringAt(r.uint64())
+ _ = r.uint64() // package height; unused by go/types
+
+ if pkgPath == "" {
+ pkgPath = path
+ }
+ items[i].Name = pkgName
+ items[i].Path = pkgPath
+ items[i].pathOffset = pkgPathOff
+
+ // Read index for package.
+ nameIndex := make(map[string]uint64)
+ nSyms := r.uint64()
+ // In shallow mode, only the current package (i=0) has an index.
+ assert(!(shallow && i > 0 && nSyms != 0))
+ for ; nSyms > 0; nSyms-- {
+ name := p.stringAt(r.uint64())
+ nameIndex[name] = r.uint64()
+ }
+
+ items[i].nameIndex = nameIndex
+
+ uniquePkgPaths[pkgPath] = true
+ }
+ // Debugging #63822; hypothesis: there are duplicate PkgPaths.
+ if len(uniquePkgPaths) != len(items) {
+ reportf("found duplicate PkgPaths while reading export data manifest: %v", items)
+ }
+
+ // Request packages all at once from the client,
+ // enabling a parallel implementation.
+ if err := getPackages(items); err != nil {
+ return nil, err // don't wrap this error
+ }
+
+ // Check the results and complete the index.
+ pkgList := make([]*types.Package, len(items))
+ for i, item := range items {
+ pkg := item.Pkg
+ if pkg == nil {
+ errorf("internal error: getPackages returned nil package for %q", item.Path)
+ } else if pkg.Path() != item.Path {
+ errorf("internal error: getPackages returned wrong path %q, want %q", pkg.Path(), item.Path)
+ } else if pkg.Name() != item.Name {
+ errorf("internal error: getPackages returned wrong name %s for package %q, want %s", pkg.Name(), item.Path, item.Name)
+ }
+ p.pkgCache[item.pathOffset] = pkg
+ p.pkgIndex[pkg] = item.nameIndex
+ pkgList[i] = pkg
+ }
+
+ if bundle {
+ pkgs = make([]*types.Package, r.uint64())
+ for i := range pkgs {
+ pkg := p.pkgAt(r.uint64())
+ imps := make([]*types.Package, r.uint64())
+ for j := range imps {
+ imps[j] = p.pkgAt(r.uint64())
+ }
+ pkg.SetImports(imps)
+ pkgs[i] = pkg
+ }
+ } else {
+ if len(pkgList) == 0 {
+ errorf("no packages found for %s", path)
+ panic("unreachable")
+ }
+ pkgs = pkgList[:1]
+
+ // record all referenced packages as imports
+ list := append(([]*types.Package)(nil), pkgList[1:]...)
+ sort.Sort(byPath(list))
+ pkgs[0].SetImports(list)
+ }
+
+ for _, pkg := range pkgs {
+ if pkg.Complete() {
+ continue
+ }
+
+ names := make([]string, 0, len(p.pkgIndex[pkg]))
+ for name := range p.pkgIndex[pkg] {
+ names = append(names, name)
+ }
+ sort.Strings(names)
+ for _, name := range names {
+ p.doDecl(pkg, name)
+ }
+
+ // package was imported completely and without errors
+ pkg.MarkComplete()
+ }
+
+ // SetConstraint can't be called if the constraint type is not yet complete.
+ // When type params are created in the typeParamTag case of (*importReader).obj(),
+ // the associated constraint type may not be complete due to recursion.
+ // Therefore, we defer calling SetConstraint there, and call it here instead
+ // after all types are complete.
+ for _, d := range p.later {
+ d.t.SetConstraint(d.constraint)
+ }
+
+ for _, typ := range p.interfaceList {
+ typ.Complete()
+ }
+
+ // Workaround for golang/go#61561. See the doc for instanceList for details.
+ for _, typ := range p.instanceList {
+ if iface, _ := typ.Underlying().(*types.Interface); iface != nil {
+ iface.Complete()
+ }
+ }
+
+ return pkgs, nil
+}
+
+type setConstraintArgs struct {
+ t *types.TypeParam
+ constraint types.Type
+}
+
+type iimporter struct {
+ version int
+ ipath string
+
+ aliases bool
+ shallow bool
+ reportf ReportFunc // if non-nil, used to report bugs
+
+ stringData []byte
+ stringCache map[uint64]string
+ fileOffset []uint64 // fileOffset[i] is offset in fileData for info about file encoded as i
+ fileData []byte
+ fileCache []*token.File // memoized decoding of file encoded as i
+ pkgCache map[uint64]*types.Package
+
+ declData []byte
+ pkgIndex map[*types.Package]map[string]uint64
+ typCache map[uint64]types.Type
+ tparamIndex map[ident]types.Type
+
+ fake fakeFileSet
+ interfaceList []*types.Interface
+
+ // Workaround for the go/types bug golang/go#61561: instances produced during
+ // instantiation may contain incomplete interfaces. Here we only complete the
+ // underlying type of the instance, which is the most common case but doesn't
+ // handle parameterized interface literals defined deeper in the type.
+ instanceList []types.Type // instances for later completion (see golang/go#61561)
+
+ // Arguments for calls to SetConstraint that are deferred due to recursive types
+ later []setConstraintArgs
+
+ indent int // for tracing support
+}
+
+func (p *iimporter) trace(format string, args ...interface{}) {
+ if !trace {
+ // Call sites should also be guarded, but having this check here allows
+ // easily enabling/disabling debug trace statements.
+ return
+ }
+ fmt.Printf(strings.Repeat("..", p.indent)+format+"\n", args...)
+}
+
+func (p *iimporter) doDecl(pkg *types.Package, name string) {
+ if debug {
+ p.trace("import decl %s", name)
+ p.indent++
+ defer func() {
+ p.indent--
+ p.trace("=> %s", name)
+ }()
+ }
+ // See if we've already imported this declaration.
+ if obj := pkg.Scope().Lookup(name); obj != nil {
+ return
+ }
+
+ off, ok := p.pkgIndex[pkg][name]
+ if !ok {
+ // In deep mode, the index should be complete. In shallow
+ // mode, we should have already recursively loaded necessary
+ // dependencies so the above Lookup succeeds.
+ errorf("%v.%v not in index", pkg, name)
+ }
+
+ r := &importReader{p: p, currPkg: pkg}
+ r.declReader.Reset(p.declData[off:])
+
+ r.obj(name)
+}
+
+func (p *iimporter) stringAt(off uint64) string {
+ if s, ok := p.stringCache[off]; ok {
+ return s
+ }
+
+ slen, n := binary.Uvarint(p.stringData[off:])
+ if n <= 0 {
+ errorf("varint failed")
+ }
+ spos := off + uint64(n)
+ s := string(p.stringData[spos : spos+slen])
+ p.stringCache[off] = s
+ return s
+}
+
+func (p *iimporter) fileAt(index uint64) *token.File {
+ file := p.fileCache[index]
+ if file == nil {
+ off := p.fileOffset[index]
+ file = p.decodeFile(intReader{bytes.NewReader(p.fileData[off:]), p.ipath})
+ p.fileCache[index] = file
+ }
+ return file
+}
+
+func (p *iimporter) decodeFile(rd intReader) *token.File {
+ filename := p.stringAt(rd.uint64())
+ size := int(rd.uint64())
+ file := p.fake.fset.AddFile(filename, -1, size)
+
+ // SetLines requires a nondecreasing sequence.
+ // Because it is common for clients to derive the interval
+ // [start, start+len(name)] from a start position, and we
+ // want to ensure that the end offset is on the same line,
+ // we fill in the gaps of the sparse encoding with values
+ // that strictly increase by the largest possible amount.
+ // This allows us to avoid having to record the actual end
+ // offset of each needed line.
+
+ lines := make([]int, int(rd.uint64()))
+ var index, offset int
+ for i, n := 0, int(rd.uint64()); i < n; i++ {
+ index += int(rd.uint64())
+ offset += int(rd.uint64())
+ lines[index] = offset
+
+ // Ensure monotonicity between points.
+ for j := index - 1; j > 0 && lines[j] == 0; j-- {
+ lines[j] = lines[j+1] - 1
+ }
+ }
+
+ // Ensure monotonicity after last point.
+ for j := len(lines) - 1; j > 0 && lines[j] == 0; j-- {
+ size--
+ lines[j] = size
+ }
+
+ if !file.SetLines(lines) {
+ errorf("SetLines failed: %d", lines) // can't happen
+ }
+ return file
+}
+
+func (p *iimporter) pkgAt(off uint64) *types.Package {
+ if pkg, ok := p.pkgCache[off]; ok {
+ return pkg
+ }
+ path := p.stringAt(off)
+ errorf("missing package %q in %q", path, p.ipath)
+ return nil
+}
+
+func (p *iimporter) typAt(off uint64, base *types.Named) types.Type {
+ if t, ok := p.typCache[off]; ok && canReuse(base, t) {
+ return t
+ }
+
+ if off < predeclReserved {
+ errorf("predeclared type missing from cache: %v", off)
+ }
+
+ r := &importReader{p: p}
+ r.declReader.Reset(p.declData[off-predeclReserved:])
+ t := r.doType(base)
+
+ if canReuse(base, t) {
+ p.typCache[off] = t
+ }
+ return t
+}
+
+// canReuse reports whether the type rhs on the RHS of the declaration for def
+// may be re-used.
+//
+// Specifically, if def is non-nil and rhs is an interface type with methods, it
+// may not be re-used because we have a convention of setting the receiver type
+// for interface methods to def.
+func canReuse(def *types.Named, rhs types.Type) bool {
+ if def == nil {
+ return true
+ }
+ iface, _ := aliases.Unalias(rhs).(*types.Interface)
+ if iface == nil {
+ return true
+ }
+ // Don't use iface.Empty() here as iface may not be complete.
+ return iface.NumEmbeddeds() == 0 && iface.NumExplicitMethods() == 0
+}
+
+type importReader struct {
+ p *iimporter
+ declReader bytes.Reader
+ currPkg *types.Package
+ prevFile string
+ prevLine int64
+ prevColumn int64
+}
+
+func (r *importReader) obj(name string) {
+ tag := r.byte()
+ pos := r.pos()
+
+ switch tag {
+ case aliasTag:
+ typ := r.typ()
+ // TODO(adonovan): support generic aliases:
+ // if tag == genericAliasTag {
+ // tparams := r.tparamList()
+ // alias.SetTypeParams(tparams)
+ // }
+ r.declare(aliases.NewAlias(r.p.aliases, pos, r.currPkg, name, typ))
+
+ case constTag:
+ typ, val := r.value()
+
+ r.declare(types.NewConst(pos, r.currPkg, name, typ, val))
+
+ case funcTag, genericFuncTag:
+ var tparams []*types.TypeParam
+ if tag == genericFuncTag {
+ tparams = r.tparamList()
+ }
+ sig := r.signature(nil, nil, tparams)
+ r.declare(types.NewFunc(pos, r.currPkg, name, sig))
+
+ case typeTag, genericTypeTag:
+ // Types can be recursive. We need to setup a stub
+ // declaration before recursing.
+ obj := types.NewTypeName(pos, r.currPkg, name, nil)
+ named := types.NewNamed(obj, nil, nil)
+ // Declare obj before calling r.tparamList, so the new type name is recognized
+ // if used in the constraint of one of its own typeparams (see #48280).
+ r.declare(obj)
+ if tag == genericTypeTag {
+ tparams := r.tparamList()
+ named.SetTypeParams(tparams)
+ }
+
+ underlying := r.p.typAt(r.uint64(), named).Underlying()
+ named.SetUnderlying(underlying)
+
+ if !isInterface(underlying) {
+ for n := r.uint64(); n > 0; n-- {
+ mpos := r.pos()
+ mname := r.ident()
+ recv := r.param()
+
+ // If the receiver has any targs, set those as the
+ // rparams of the method (since those are the
+ // typeparams being used in the method sig/body).
+ _, recvNamed := typesinternal.ReceiverNamed(recv)
+ targs := recvNamed.TypeArgs()
+ var rparams []*types.TypeParam
+ if targs.Len() > 0 {
+ rparams = make([]*types.TypeParam, targs.Len())
+ for i := range rparams {
+ rparams[i] = aliases.Unalias(targs.At(i)).(*types.TypeParam)
+ }
+ }
+ msig := r.signature(recv, rparams, nil)
+
+ named.AddMethod(types.NewFunc(mpos, r.currPkg, mname, msig))
+ }
+ }
+
+ case typeParamTag:
+ // We need to "declare" a typeparam in order to have a name that
+ // can be referenced recursively (if needed) in the type param's
+ // bound.
+ if r.p.version < iexportVersionGenerics {
+ errorf("unexpected type param type")
+ }
+ name0 := tparamName(name)
+ tn := types.NewTypeName(pos, r.currPkg, name0, nil)
+ t := types.NewTypeParam(tn, nil)
+
+ // To handle recursive references to the typeparam within its
+ // bound, save the partial type in tparamIndex before reading the bounds.
+ id := ident{r.currPkg, name}
+ r.p.tparamIndex[id] = t
+ var implicit bool
+ if r.p.version >= iexportVersionGo1_18 {
+ implicit = r.bool()
+ }
+ constraint := r.typ()
+ if implicit {
+ iface, _ := aliases.Unalias(constraint).(*types.Interface)
+ if iface == nil {
+ errorf("non-interface constraint marked implicit")
+ }
+ iface.MarkImplicit()
+ }
+ // The constraint type may not be complete, if we
+ // are in the middle of a type recursion involving type
+ // constraints. So, we defer SetConstraint until we have
+ // completely set up all types in ImportData.
+ r.p.later = append(r.p.later, setConstraintArgs{t: t, constraint: constraint})
+
+ case varTag:
+ typ := r.typ()
+
+ r.declare(types.NewVar(pos, r.currPkg, name, typ))
+
+ default:
+ errorf("unexpected tag: %v", tag)
+ }
+}
+
+func (r *importReader) declare(obj types.Object) {
+ obj.Pkg().Scope().Insert(obj)
+}
+
+func (r *importReader) value() (typ types.Type, val constant.Value) {
+ typ = r.typ()
+ if r.p.version >= iexportVersionGo1_18 {
+ // TODO: add support for using the kind.
+ _ = constant.Kind(r.int64())
+ }
+
+ switch b := typ.Underlying().(*types.Basic); b.Info() & types.IsConstType {
+ case types.IsBoolean:
+ val = constant.MakeBool(r.bool())
+
+ case types.IsString:
+ val = constant.MakeString(r.string())
+
+ case types.IsInteger:
+ var x big.Int
+ r.mpint(&x, b)
+ val = constant.Make(&x)
+
+ case types.IsFloat:
+ val = r.mpfloat(b)
+
+ case types.IsComplex:
+ re := r.mpfloat(b)
+ im := r.mpfloat(b)
+ val = constant.BinaryOp(re, token.ADD, constant.MakeImag(im))
+
+ default:
+ if b.Kind() == types.Invalid {
+ val = constant.MakeUnknown()
+ return
+ }
+ errorf("unexpected type %v", typ) // panics
+ panic("unreachable")
+ }
+
+ return
+}
+
+func intSize(b *types.Basic) (signed bool, maxBytes uint) {
+ if (b.Info() & types.IsUntyped) != 0 {
+ return true, 64
+ }
+
+ switch b.Kind() {
+ case types.Float32, types.Complex64:
+ return true, 3
+ case types.Float64, types.Complex128:
+ return true, 7
+ }
+
+ signed = (b.Info() & types.IsUnsigned) == 0
+ switch b.Kind() {
+ case types.Int8, types.Uint8:
+ maxBytes = 1
+ case types.Int16, types.Uint16:
+ maxBytes = 2
+ case types.Int32, types.Uint32:
+ maxBytes = 4
+ default:
+ maxBytes = 8
+ }
+
+ return
+}
+
+func (r *importReader) mpint(x *big.Int, typ *types.Basic) {
+ signed, maxBytes := intSize(typ)
+
+ maxSmall := 256 - maxBytes
+ if signed {
+ maxSmall = 256 - 2*maxBytes
+ }
+ if maxBytes == 1 {
+ maxSmall = 256
+ }
+
+ n, _ := r.declReader.ReadByte()
+ if uint(n) < maxSmall {
+ v := int64(n)
+ if signed {
+ v >>= 1
+ if n&1 != 0 {
+ v = ^v
+ }
+ }
+ x.SetInt64(v)
+ return
+ }
+
+ v := -n
+ if signed {
+ v = -(n &^ 1) >> 1
+ }
+ if v < 1 || uint(v) > maxBytes {
+ errorf("weird decoding: %v, %v => %v", n, signed, v)
+ }
+ b := make([]byte, v)
+ io.ReadFull(&r.declReader, b)
+ x.SetBytes(b)
+ if signed && n&1 != 0 {
+ x.Neg(x)
+ }
+}
+
+func (r *importReader) mpfloat(typ *types.Basic) constant.Value {
+ var mant big.Int
+ r.mpint(&mant, typ)
+ var f big.Float
+ f.SetInt(&mant)
+ if f.Sign() != 0 {
+ f.SetMantExp(&f, int(r.int64()))
+ }
+ return constant.Make(&f)
+}
+
+func (r *importReader) ident() string {
+ return r.string()
+}
+
+func (r *importReader) qualifiedIdent() (*types.Package, string) {
+ name := r.string()
+ pkg := r.pkg()
+ return pkg, name
+}
+
+func (r *importReader) pos() token.Pos {
+ if r.p.shallow {
+ // precise offsets are encoded only in shallow mode
+ return r.posv2()
+ }
+ if r.p.version >= iexportVersionPosCol {
+ r.posv1()
+ } else {
+ r.posv0()
+ }
+
+ if r.prevFile == "" && r.prevLine == 0 && r.prevColumn == 0 {
+ return token.NoPos
+ }
+ return r.p.fake.pos(r.prevFile, int(r.prevLine), int(r.prevColumn))
+}
+
+func (r *importReader) posv0() {
+ delta := r.int64()
+ if delta != deltaNewFile {
+ r.prevLine += delta
+ } else if l := r.int64(); l == -1 {
+ r.prevLine += deltaNewFile
+ } else {
+ r.prevFile = r.string()
+ r.prevLine = l
+ }
+}
+
+func (r *importReader) posv1() {
+ delta := r.int64()
+ r.prevColumn += delta >> 1
+ if delta&1 != 0 {
+ delta = r.int64()
+ r.prevLine += delta >> 1
+ if delta&1 != 0 {
+ r.prevFile = r.string()
+ }
+ }
+}
+
+func (r *importReader) posv2() token.Pos {
+ file := r.uint64()
+ if file == 0 {
+ return token.NoPos
+ }
+ tf := r.p.fileAt(file - 1)
+ return tf.Pos(int(r.uint64()))
+}
+
+func (r *importReader) typ() types.Type {
+ return r.p.typAt(r.uint64(), nil)
+}
+
+func isInterface(t types.Type) bool {
+ _, ok := aliases.Unalias(t).(*types.Interface)
+ return ok
+}
+
+func (r *importReader) pkg() *types.Package { return r.p.pkgAt(r.uint64()) }
+func (r *importReader) string() string { return r.p.stringAt(r.uint64()) }
+
+func (r *importReader) doType(base *types.Named) (res types.Type) {
+ k := r.kind()
+ if debug {
+ r.p.trace("importing type %d (base: %s)", k, base)
+ r.p.indent++
+ defer func() {
+ r.p.indent--
+ r.p.trace("=> %s", res)
+ }()
+ }
+ switch k {
+ default:
+ errorf("unexpected kind tag in %q: %v", r.p.ipath, k)
+ return nil
+
+ case aliasType, definedType:
+ pkg, name := r.qualifiedIdent()
+ r.p.doDecl(pkg, name)
+ return pkg.Scope().Lookup(name).(*types.TypeName).Type()
+ case pointerType:
+ return types.NewPointer(r.typ())
+ case sliceType:
+ return types.NewSlice(r.typ())
+ case arrayType:
+ n := r.uint64()
+ return types.NewArray(r.typ(), int64(n))
+ case chanType:
+ dir := chanDir(int(r.uint64()))
+ return types.NewChan(dir, r.typ())
+ case mapType:
+ return types.NewMap(r.typ(), r.typ())
+ case signatureType:
+ r.currPkg = r.pkg()
+ return r.signature(nil, nil, nil)
+
+ case structType:
+ r.currPkg = r.pkg()
+
+ fields := make([]*types.Var, r.uint64())
+ tags := make([]string, len(fields))
+ for i := range fields {
+ var field *types.Var
+ if r.p.shallow {
+ field, _ = r.objectPathObject().(*types.Var)
+ }
+
+ fpos := r.pos()
+ fname := r.ident()
+ ftyp := r.typ()
+ emb := r.bool()
+ tag := r.string()
+
+ // Either this is not a shallow import, the field is local, or the
+ // encoded objectPath failed to produce an object (a bug).
+ //
+ // Even in this last, buggy case, fall back on creating a new field. As
+ // discussed in iexport.go, this is not correct, but mostly works and is
+ // preferable to failing (for now at least).
+ if field == nil {
+ field = types.NewField(fpos, r.currPkg, fname, ftyp, emb)
+ }
+
+ fields[i] = field
+ tags[i] = tag
+ }
+ return types.NewStruct(fields, tags)
+
+ case interfaceType:
+ r.currPkg = r.pkg()
+
+ embeddeds := make([]types.Type, r.uint64())
+ for i := range embeddeds {
+ _ = r.pos()
+ embeddeds[i] = r.typ()
+ }
+
+ methods := make([]*types.Func, r.uint64())
+ for i := range methods {
+ var method *types.Func
+ if r.p.shallow {
+ method, _ = r.objectPathObject().(*types.Func)
+ }
+
+ mpos := r.pos()
+ mname := r.ident()
+
+ // TODO(mdempsky): Matches bimport.go, but I
+ // don't agree with this.
+ var recv *types.Var
+ if base != nil {
+ recv = types.NewVar(token.NoPos, r.currPkg, "", base)
+ }
+ msig := r.signature(recv, nil, nil)
+
+ if method == nil {
+ method = types.NewFunc(mpos, r.currPkg, mname, msig)
+ }
+ methods[i] = method
+ }
+
+ typ := newInterface(methods, embeddeds)
+ r.p.interfaceList = append(r.p.interfaceList, typ)
+ return typ
+
+ case typeParamType:
+ if r.p.version < iexportVersionGenerics {
+ errorf("unexpected type param type")
+ }
+ pkg, name := r.qualifiedIdent()
+ id := ident{pkg, name}
+ if t, ok := r.p.tparamIndex[id]; ok {
+ // We're already in the process of importing this typeparam.
+ return t
+ }
+ // Otherwise, import the definition of the typeparam now.
+ r.p.doDecl(pkg, name)
+ return r.p.tparamIndex[id]
+
+ case instanceType:
+ if r.p.version < iexportVersionGenerics {
+ errorf("unexpected instantiation type")
+ }
+ // pos does not matter for instances: they are positioned on the original
+ // type.
+ _ = r.pos()
+ len := r.uint64()
+ targs := make([]types.Type, len)
+ for i := range targs {
+ targs[i] = r.typ()
+ }
+ baseType := r.typ()
+ // The imported instantiated type doesn't include any methods, so
+ // we must always use the methods of the base (orig) type.
+ // TODO provide a non-nil *Environment
+ t, _ := types.Instantiate(nil, baseType, targs, false)
+
+ // Workaround for golang/go#61561. See the doc for instanceList for details.
+ r.p.instanceList = append(r.p.instanceList, t)
+ return t
+
+ case unionType:
+ if r.p.version < iexportVersionGenerics {
+ errorf("unexpected instantiation type")
+ }
+ terms := make([]*types.Term, r.uint64())
+ for i := range terms {
+ terms[i] = types.NewTerm(r.bool(), r.typ())
+ }
+ return types.NewUnion(terms)
+ }
+}
+
+func (r *importReader) kind() itag {
+ return itag(r.uint64())
+}
+
+// objectPathObject is the inverse of exportWriter.objectPath.
+//
+// In shallow mode, certain fields and methods may need to be looked up in an
+// imported package. See the doc for exportWriter.objectPath for a full
+// explanation.
+func (r *importReader) objectPathObject() types.Object {
+ objPath := objectpath.Path(r.string())
+ if objPath == "" {
+ return nil
+ }
+ pkg := r.pkg()
+ obj, err := objectpath.Object(pkg, objPath)
+ if err != nil {
+ if r.p.reportf != nil {
+ r.p.reportf("failed to find object for objectPath %q: %v", objPath, err)
+ }
+ }
+ return obj
+}
+
+func (r *importReader) signature(recv *types.Var, rparams []*types.TypeParam, tparams []*types.TypeParam) *types.Signature {
+ params := r.paramList()
+ results := r.paramList()
+ variadic := params.Len() > 0 && r.bool()
+ return types.NewSignatureType(recv, rparams, tparams, params, results, variadic)
+}
+
+func (r *importReader) tparamList() []*types.TypeParam {
+ n := r.uint64()
+ if n == 0 {
+ return nil
+ }
+ xs := make([]*types.TypeParam, n)
+ for i := range xs {
+ // Note: the standard library importer is tolerant of nil types here,
+ // though would panic in SetTypeParams.
+ xs[i] = aliases.Unalias(r.typ()).(*types.TypeParam)
+ }
+ return xs
+}
+
+func (r *importReader) paramList() *types.Tuple {
+ xs := make([]*types.Var, r.uint64())
+ for i := range xs {
+ xs[i] = r.param()
+ }
+ return types.NewTuple(xs...)
+}
+
+func (r *importReader) param() *types.Var {
+ pos := r.pos()
+ name := r.ident()
+ typ := r.typ()
+ return types.NewParam(pos, r.currPkg, name, typ)
+}
+
+func (r *importReader) bool() bool {
+ return r.uint64() != 0
+}
+
+func (r *importReader) int64() int64 {
+ n, err := binary.ReadVarint(&r.declReader)
+ if err != nil {
+ errorf("readVarint: %v", err)
+ }
+ return n
+}
+
+func (r *importReader) uint64() uint64 {
+ n, err := binary.ReadUvarint(&r.declReader)
+ if err != nil {
+ errorf("readUvarint: %v", err)
+ }
+ return n
+}
+
+func (r *importReader) byte() byte {
+ x, err := r.declReader.ReadByte()
+ if err != nil {
+ errorf("declReader.ReadByte: %v", err)
+ }
+ return x
+}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go b/vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go
new file mode 100644
index 000000000..8b163e3d0
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/newInterface10.go
@@ -0,0 +1,22 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.11
+// +build !go1.11
+
+package gcimporter
+
+import "go/types"
+
+func newInterface(methods []*types.Func, embeddeds []types.Type) *types.Interface {
+ named := make([]*types.Named, len(embeddeds))
+ for i, e := range embeddeds {
+ var ok bool
+ named[i], ok = e.(*types.Named)
+ if !ok {
+ panic("embedding of non-defined interfaces in interfaces is not supported before Go 1.11")
+ }
+ }
+ return types.NewInterface(methods, named)
+}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go b/vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go
new file mode 100644
index 000000000..49984f40f
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/newInterface11.go
@@ -0,0 +1,14 @@
+// Copyright 2018 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.11
+// +build go1.11
+
+package gcimporter
+
+import "go/types"
+
+func newInterface(methods []*types.Func, embeddeds []types.Type) *types.Interface {
+ return types.NewInterfaceType(methods, embeddeds)
+}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go b/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go
new file mode 100644
index 000000000..0cd3b91b6
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/support_go118.go
@@ -0,0 +1,34 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package gcimporter
+
+import "go/types"
+
+const iexportVersion = iexportVersionGenerics
+
+// additionalPredeclared returns additional predeclared types in go.1.18.
+func additionalPredeclared() []types.Type {
+ return []types.Type{
+ // comparable
+ types.Universe.Lookup("comparable").Type(),
+
+ // any
+ types.Universe.Lookup("any").Type(),
+ }
+}
+
+// See cmd/compile/internal/types.SplitVargenSuffix.
+func splitVargenSuffix(name string) (base, suffix string) {
+ i := len(name)
+ for i > 0 && name[i-1] >= '0' && name[i-1] <= '9' {
+ i--
+ }
+ const dot = "·"
+ if i >= len(dot) && name[i-len(dot):i] == dot {
+ i -= len(dot)
+ return name[:i], name[i:]
+ }
+ return name, ""
+}
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/unified_no.go b/vendor/golang.org/x/tools/internal/gcimporter/unified_no.go
new file mode 100644
index 000000000..38b624cad
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/unified_no.go
@@ -0,0 +1,10 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !goexperiment.unified
+// +build !goexperiment.unified
+
+package gcimporter
+
+const unifiedIR = false
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go b/vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go
new file mode 100644
index 000000000..b5118d0b3
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/unified_yes.go
@@ -0,0 +1,10 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build goexperiment.unified
+// +build goexperiment.unified
+
+package gcimporter
+
+const unifiedIR = true
diff --git a/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go b/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go
new file mode 100644
index 000000000..2c0770688
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/gcimporter/ureader_yes.go
@@ -0,0 +1,728 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Derived from go/internal/gcimporter/ureader.go
+
+package gcimporter
+
+import (
+ "fmt"
+ "go/token"
+ "go/types"
+ "sort"
+ "strings"
+
+ "golang.org/x/tools/internal/aliases"
+ "golang.org/x/tools/internal/pkgbits"
+)
+
+// A pkgReader holds the shared state for reading a unified IR package
+// description.
+type pkgReader struct {
+ pkgbits.PkgDecoder
+
+ fake fakeFileSet
+
+ ctxt *types.Context
+ imports map[string]*types.Package // previously imported packages, indexed by path
+ aliases bool // create types.Alias nodes
+
+ // lazily initialized arrays corresponding to the unified IR
+ // PosBase, Pkg, and Type sections, respectively.
+ posBases []string // position bases (i.e., file names)
+ pkgs []*types.Package
+ typs []types.Type
+
+ // laterFns holds functions that need to be invoked at the end of
+ // import reading.
+ laterFns []func()
+ // laterFors is used in case of 'type A B' to ensure that B is processed before A.
+ laterFors map[types.Type]int
+
+ // ifaces holds a list of constructed Interfaces, which need to have
+ // Complete called after importing is done.
+ ifaces []*types.Interface
+}
+
+// later adds a function to be invoked at the end of import reading.
+func (pr *pkgReader) later(fn func()) {
+ pr.laterFns = append(pr.laterFns, fn)
+}
+
+// See cmd/compile/internal/noder.derivedInfo.
+type derivedInfo struct {
+ idx pkgbits.Index
+ needed bool
+}
+
+// See cmd/compile/internal/noder.typeInfo.
+type typeInfo struct {
+ idx pkgbits.Index
+ derived bool
+}
+
+func UImportData(fset *token.FileSet, imports map[string]*types.Package, data []byte, path string) (_ int, pkg *types.Package, err error) {
+ if !debug {
+ defer func() {
+ if x := recover(); x != nil {
+ err = fmt.Errorf("internal error in importing %q (%v); please report an issue", path, x)
+ }
+ }()
+ }
+
+ s := string(data)
+ s = s[:strings.LastIndex(s, "\n$$\n")]
+ input := pkgbits.NewPkgDecoder(path, s)
+ pkg = readUnifiedPackage(fset, nil, imports, input)
+ return
+}
+
+// laterFor adds a function to be invoked at the end of import reading, and records the type that function is finishing.
+func (pr *pkgReader) laterFor(t types.Type, fn func()) {
+ if pr.laterFors == nil {
+ pr.laterFors = make(map[types.Type]int)
+ }
+ pr.laterFors[t] = len(pr.laterFns)
+ pr.laterFns = append(pr.laterFns, fn)
+}
+
+// readUnifiedPackage reads a package description from the given
+// unified IR export data decoder.
+func readUnifiedPackage(fset *token.FileSet, ctxt *types.Context, imports map[string]*types.Package, input pkgbits.PkgDecoder) *types.Package {
+ pr := pkgReader{
+ PkgDecoder: input,
+
+ fake: fakeFileSet{
+ fset: fset,
+ files: make(map[string]*fileInfo),
+ },
+
+ ctxt: ctxt,
+ imports: imports,
+ aliases: aliases.Enabled(),
+
+ posBases: make([]string, input.NumElems(pkgbits.RelocPosBase)),
+ pkgs: make([]*types.Package, input.NumElems(pkgbits.RelocPkg)),
+ typs: make([]types.Type, input.NumElems(pkgbits.RelocType)),
+ }
+ defer pr.fake.setLines()
+
+ r := pr.newReader(pkgbits.RelocMeta, pkgbits.PublicRootIdx, pkgbits.SyncPublic)
+ pkg := r.pkg()
+ r.Bool() // has init
+
+ for i, n := 0, r.Len(); i < n; i++ {
+ // As if r.obj(), but avoiding the Scope.Lookup call,
+ // to avoid eager loading of imports.
+ r.Sync(pkgbits.SyncObject)
+ assert(!r.Bool())
+ r.p.objIdx(r.Reloc(pkgbits.RelocObj))
+ assert(r.Len() == 0)
+ }
+
+ r.Sync(pkgbits.SyncEOF)
+
+ for _, fn := range pr.laterFns {
+ fn()
+ }
+
+ for _, iface := range pr.ifaces {
+ iface.Complete()
+ }
+
+ // Imports() of pkg are all of the transitive packages that were loaded.
+ var imps []*types.Package
+ for _, imp := range pr.pkgs {
+ if imp != nil && imp != pkg {
+ imps = append(imps, imp)
+ }
+ }
+ sort.Sort(byPath(imps))
+ pkg.SetImports(imps)
+
+ pkg.MarkComplete()
+ return pkg
+}
+
+// A reader holds the state for reading a single unified IR element
+// within a package.
+type reader struct {
+ pkgbits.Decoder
+
+ p *pkgReader
+
+ dict *readerDict
+}
+
+// A readerDict holds the state for type parameters that parameterize
+// the current unified IR element.
+type readerDict struct {
+ // bounds is a slice of typeInfos corresponding to the underlying
+ // bounds of the element's type parameters.
+ bounds []typeInfo
+
+ // tparams is a slice of the constructed TypeParams for the element.
+ tparams []*types.TypeParam
+
+ // devived is a slice of types derived from tparams, which may be
+ // instantiated while reading the current element.
+ derived []derivedInfo
+ derivedTypes []types.Type // lazily instantiated from derived
+}
+
+func (pr *pkgReader) newReader(k pkgbits.RelocKind, idx pkgbits.Index, marker pkgbits.SyncMarker) *reader {
+ return &reader{
+ Decoder: pr.NewDecoder(k, idx, marker),
+ p: pr,
+ }
+}
+
+func (pr *pkgReader) tempReader(k pkgbits.RelocKind, idx pkgbits.Index, marker pkgbits.SyncMarker) *reader {
+ return &reader{
+ Decoder: pr.TempDecoder(k, idx, marker),
+ p: pr,
+ }
+}
+
+func (pr *pkgReader) retireReader(r *reader) {
+ pr.RetireDecoder(&r.Decoder)
+}
+
+// @@@ Positions
+
+func (r *reader) pos() token.Pos {
+ r.Sync(pkgbits.SyncPos)
+ if !r.Bool() {
+ return token.NoPos
+ }
+
+ // TODO(mdempsky): Delta encoding.
+ posBase := r.posBase()
+ line := r.Uint()
+ col := r.Uint()
+ return r.p.fake.pos(posBase, int(line), int(col))
+}
+
+func (r *reader) posBase() string {
+ return r.p.posBaseIdx(r.Reloc(pkgbits.RelocPosBase))
+}
+
+func (pr *pkgReader) posBaseIdx(idx pkgbits.Index) string {
+ if b := pr.posBases[idx]; b != "" {
+ return b
+ }
+
+ var filename string
+ {
+ r := pr.tempReader(pkgbits.RelocPosBase, idx, pkgbits.SyncPosBase)
+
+ // Within types2, position bases have a lot more details (e.g.,
+ // keeping track of where //line directives appeared exactly).
+ //
+ // For go/types, we just track the file name.
+
+ filename = r.String()
+
+ if r.Bool() { // file base
+ // Was: "b = token.NewTrimmedFileBase(filename, true)"
+ } else { // line base
+ pos := r.pos()
+ line := r.Uint()
+ col := r.Uint()
+
+ // Was: "b = token.NewLineBase(pos, filename, true, line, col)"
+ _, _, _ = pos, line, col
+ }
+ pr.retireReader(r)
+ }
+ b := filename
+ pr.posBases[idx] = b
+ return b
+}
+
+// @@@ Packages
+
+func (r *reader) pkg() *types.Package {
+ r.Sync(pkgbits.SyncPkg)
+ return r.p.pkgIdx(r.Reloc(pkgbits.RelocPkg))
+}
+
+func (pr *pkgReader) pkgIdx(idx pkgbits.Index) *types.Package {
+ // TODO(mdempsky): Consider using some non-nil pointer to indicate
+ // the universe scope, so we don't need to keep re-reading it.
+ if pkg := pr.pkgs[idx]; pkg != nil {
+ return pkg
+ }
+
+ pkg := pr.newReader(pkgbits.RelocPkg, idx, pkgbits.SyncPkgDef).doPkg()
+ pr.pkgs[idx] = pkg
+ return pkg
+}
+
+func (r *reader) doPkg() *types.Package {
+ path := r.String()
+ switch path {
+ case "":
+ path = r.p.PkgPath()
+ case "builtin":
+ return nil // universe
+ case "unsafe":
+ return types.Unsafe
+ }
+
+ if pkg := r.p.imports[path]; pkg != nil {
+ return pkg
+ }
+
+ name := r.String()
+
+ pkg := types.NewPackage(path, name)
+ r.p.imports[path] = pkg
+
+ return pkg
+}
+
+// @@@ Types
+
+func (r *reader) typ() types.Type {
+ return r.p.typIdx(r.typInfo(), r.dict)
+}
+
+func (r *reader) typInfo() typeInfo {
+ r.Sync(pkgbits.SyncType)
+ if r.Bool() {
+ return typeInfo{idx: pkgbits.Index(r.Len()), derived: true}
+ }
+ return typeInfo{idx: r.Reloc(pkgbits.RelocType), derived: false}
+}
+
+func (pr *pkgReader) typIdx(info typeInfo, dict *readerDict) types.Type {
+ idx := info.idx
+ var where *types.Type
+ if info.derived {
+ where = &dict.derivedTypes[idx]
+ idx = dict.derived[idx].idx
+ } else {
+ where = &pr.typs[idx]
+ }
+
+ if typ := *where; typ != nil {
+ return typ
+ }
+
+ var typ types.Type
+ {
+ r := pr.tempReader(pkgbits.RelocType, idx, pkgbits.SyncTypeIdx)
+ r.dict = dict
+
+ typ = r.doTyp()
+ assert(typ != nil)
+ pr.retireReader(r)
+ }
+ // See comment in pkgReader.typIdx explaining how this happens.
+ if prev := *where; prev != nil {
+ return prev
+ }
+
+ *where = typ
+ return typ
+}
+
+func (r *reader) doTyp() (res types.Type) {
+ switch tag := pkgbits.CodeType(r.Code(pkgbits.SyncType)); tag {
+ default:
+ errorf("unhandled type tag: %v", tag)
+ panic("unreachable")
+
+ case pkgbits.TypeBasic:
+ return types.Typ[r.Len()]
+
+ case pkgbits.TypeNamed:
+ obj, targs := r.obj()
+ name := obj.(*types.TypeName)
+ if len(targs) != 0 {
+ t, _ := types.Instantiate(r.p.ctxt, name.Type(), targs, false)
+ return t
+ }
+ return name.Type()
+
+ case pkgbits.TypeTypeParam:
+ return r.dict.tparams[r.Len()]
+
+ case pkgbits.TypeArray:
+ len := int64(r.Uint64())
+ return types.NewArray(r.typ(), len)
+ case pkgbits.TypeChan:
+ dir := types.ChanDir(r.Len())
+ return types.NewChan(dir, r.typ())
+ case pkgbits.TypeMap:
+ return types.NewMap(r.typ(), r.typ())
+ case pkgbits.TypePointer:
+ return types.NewPointer(r.typ())
+ case pkgbits.TypeSignature:
+ return r.signature(nil, nil, nil)
+ case pkgbits.TypeSlice:
+ return types.NewSlice(r.typ())
+ case pkgbits.TypeStruct:
+ return r.structType()
+ case pkgbits.TypeInterface:
+ return r.interfaceType()
+ case pkgbits.TypeUnion:
+ return r.unionType()
+ }
+}
+
+func (r *reader) structType() *types.Struct {
+ fields := make([]*types.Var, r.Len())
+ var tags []string
+ for i := range fields {
+ pos := r.pos()
+ pkg, name := r.selector()
+ ftyp := r.typ()
+ tag := r.String()
+ embedded := r.Bool()
+
+ fields[i] = types.NewField(pos, pkg, name, ftyp, embedded)
+ if tag != "" {
+ for len(tags) < i {
+ tags = append(tags, "")
+ }
+ tags = append(tags, tag)
+ }
+ }
+ return types.NewStruct(fields, tags)
+}
+
+func (r *reader) unionType() *types.Union {
+ terms := make([]*types.Term, r.Len())
+ for i := range terms {
+ terms[i] = types.NewTerm(r.Bool(), r.typ())
+ }
+ return types.NewUnion(terms)
+}
+
+func (r *reader) interfaceType() *types.Interface {
+ methods := make([]*types.Func, r.Len())
+ embeddeds := make([]types.Type, r.Len())
+ implicit := len(methods) == 0 && len(embeddeds) == 1 && r.Bool()
+
+ for i := range methods {
+ pos := r.pos()
+ pkg, name := r.selector()
+ mtyp := r.signature(nil, nil, nil)
+ methods[i] = types.NewFunc(pos, pkg, name, mtyp)
+ }
+
+ for i := range embeddeds {
+ embeddeds[i] = r.typ()
+ }
+
+ iface := types.NewInterfaceType(methods, embeddeds)
+ if implicit {
+ iface.MarkImplicit()
+ }
+
+ // We need to call iface.Complete(), but if there are any embedded
+ // defined types, then we may not have set their underlying
+ // interface type yet. So we need to defer calling Complete until
+ // after we've called SetUnderlying everywhere.
+ //
+ // TODO(mdempsky): After CL 424876 lands, it should be safe to call
+ // iface.Complete() immediately.
+ r.p.ifaces = append(r.p.ifaces, iface)
+
+ return iface
+}
+
+func (r *reader) signature(recv *types.Var, rtparams, tparams []*types.TypeParam) *types.Signature {
+ r.Sync(pkgbits.SyncSignature)
+
+ params := r.params()
+ results := r.params()
+ variadic := r.Bool()
+
+ return types.NewSignatureType(recv, rtparams, tparams, params, results, variadic)
+}
+
+func (r *reader) params() *types.Tuple {
+ r.Sync(pkgbits.SyncParams)
+
+ params := make([]*types.Var, r.Len())
+ for i := range params {
+ params[i] = r.param()
+ }
+
+ return types.NewTuple(params...)
+}
+
+func (r *reader) param() *types.Var {
+ r.Sync(pkgbits.SyncParam)
+
+ pos := r.pos()
+ pkg, name := r.localIdent()
+ typ := r.typ()
+
+ return types.NewParam(pos, pkg, name, typ)
+}
+
+// @@@ Objects
+
+func (r *reader) obj() (types.Object, []types.Type) {
+ r.Sync(pkgbits.SyncObject)
+
+ assert(!r.Bool())
+
+ pkg, name := r.p.objIdx(r.Reloc(pkgbits.RelocObj))
+ obj := pkgScope(pkg).Lookup(name)
+
+ targs := make([]types.Type, r.Len())
+ for i := range targs {
+ targs[i] = r.typ()
+ }
+
+ return obj, targs
+}
+
+func (pr *pkgReader) objIdx(idx pkgbits.Index) (*types.Package, string) {
+
+ var objPkg *types.Package
+ var objName string
+ var tag pkgbits.CodeObj
+ {
+ rname := pr.tempReader(pkgbits.RelocName, idx, pkgbits.SyncObject1)
+
+ objPkg, objName = rname.qualifiedIdent()
+ assert(objName != "")
+
+ tag = pkgbits.CodeObj(rname.Code(pkgbits.SyncCodeObj))
+ pr.retireReader(rname)
+ }
+
+ if tag == pkgbits.ObjStub {
+ assert(objPkg == nil || objPkg == types.Unsafe)
+ return objPkg, objName
+ }
+
+ // Ignore local types promoted to global scope (#55110).
+ if _, suffix := splitVargenSuffix(objName); suffix != "" {
+ return objPkg, objName
+ }
+
+ if objPkg.Scope().Lookup(objName) == nil {
+ dict := pr.objDictIdx(idx)
+
+ r := pr.newReader(pkgbits.RelocObj, idx, pkgbits.SyncObject1)
+ r.dict = dict
+
+ declare := func(obj types.Object) {
+ objPkg.Scope().Insert(obj)
+ }
+
+ switch tag {
+ default:
+ panic("weird")
+
+ case pkgbits.ObjAlias:
+ pos := r.pos()
+ typ := r.typ()
+ declare(aliases.NewAlias(r.p.aliases, pos, objPkg, objName, typ))
+
+ case pkgbits.ObjConst:
+ pos := r.pos()
+ typ := r.typ()
+ val := r.Value()
+ declare(types.NewConst(pos, objPkg, objName, typ, val))
+
+ case pkgbits.ObjFunc:
+ pos := r.pos()
+ tparams := r.typeParamNames()
+ sig := r.signature(nil, nil, tparams)
+ declare(types.NewFunc(pos, objPkg, objName, sig))
+
+ case pkgbits.ObjType:
+ pos := r.pos()
+
+ obj := types.NewTypeName(pos, objPkg, objName, nil)
+ named := types.NewNamed(obj, nil, nil)
+ declare(obj)
+
+ named.SetTypeParams(r.typeParamNames())
+
+ setUnderlying := func(underlying types.Type) {
+ // If the underlying type is an interface, we need to
+ // duplicate its methods so we can replace the receiver
+ // parameter's type (#49906).
+ if iface, ok := aliases.Unalias(underlying).(*types.Interface); ok && iface.NumExplicitMethods() != 0 {
+ methods := make([]*types.Func, iface.NumExplicitMethods())
+ for i := range methods {
+ fn := iface.ExplicitMethod(i)
+ sig := fn.Type().(*types.Signature)
+
+ recv := types.NewVar(fn.Pos(), fn.Pkg(), "", named)
+ methods[i] = types.NewFunc(fn.Pos(), fn.Pkg(), fn.Name(), types.NewSignature(recv, sig.Params(), sig.Results(), sig.Variadic()))
+ }
+
+ embeds := make([]types.Type, iface.NumEmbeddeds())
+ for i := range embeds {
+ embeds[i] = iface.EmbeddedType(i)
+ }
+
+ newIface := types.NewInterfaceType(methods, embeds)
+ r.p.ifaces = append(r.p.ifaces, newIface)
+ underlying = newIface
+ }
+
+ named.SetUnderlying(underlying)
+ }
+
+ // Since go.dev/cl/455279, we can assume rhs.Underlying() will
+ // always be non-nil. However, to temporarily support users of
+ // older snapshot releases, we continue to fallback to the old
+ // behavior for now.
+ //
+ // TODO(mdempsky): Remove fallback code and simplify after
+ // allowing time for snapshot users to upgrade.
+ rhs := r.typ()
+ if underlying := rhs.Underlying(); underlying != nil {
+ setUnderlying(underlying)
+ } else {
+ pk := r.p
+ pk.laterFor(named, func() {
+ // First be sure that the rhs is initialized, if it needs to be initialized.
+ delete(pk.laterFors, named) // prevent cycles
+ if i, ok := pk.laterFors[rhs]; ok {
+ f := pk.laterFns[i]
+ pk.laterFns[i] = func() {} // function is running now, so replace it with a no-op
+ f() // initialize RHS
+ }
+ setUnderlying(rhs.Underlying())
+ })
+ }
+
+ for i, n := 0, r.Len(); i < n; i++ {
+ named.AddMethod(r.method())
+ }
+
+ case pkgbits.ObjVar:
+ pos := r.pos()
+ typ := r.typ()
+ declare(types.NewVar(pos, objPkg, objName, typ))
+ }
+ }
+
+ return objPkg, objName
+}
+
+func (pr *pkgReader) objDictIdx(idx pkgbits.Index) *readerDict {
+
+ var dict readerDict
+
+ {
+ r := pr.tempReader(pkgbits.RelocObjDict, idx, pkgbits.SyncObject1)
+ if implicits := r.Len(); implicits != 0 {
+ errorf("unexpected object with %v implicit type parameter(s)", implicits)
+ }
+
+ dict.bounds = make([]typeInfo, r.Len())
+ for i := range dict.bounds {
+ dict.bounds[i] = r.typInfo()
+ }
+
+ dict.derived = make([]derivedInfo, r.Len())
+ dict.derivedTypes = make([]types.Type, len(dict.derived))
+ for i := range dict.derived {
+ dict.derived[i] = derivedInfo{r.Reloc(pkgbits.RelocType), r.Bool()}
+ }
+
+ pr.retireReader(r)
+ }
+ // function references follow, but reader doesn't need those
+
+ return &dict
+}
+
+func (r *reader) typeParamNames() []*types.TypeParam {
+ r.Sync(pkgbits.SyncTypeParamNames)
+
+ // Note: This code assumes it only processes objects without
+ // implement type parameters. This is currently fine, because
+ // reader is only used to read in exported declarations, which are
+ // always package scoped.
+
+ if len(r.dict.bounds) == 0 {
+ return nil
+ }
+
+ // Careful: Type parameter lists may have cycles. To allow for this,
+ // we construct the type parameter list in two passes: first we
+ // create all the TypeNames and TypeParams, then we construct and
+ // set the bound type.
+
+ r.dict.tparams = make([]*types.TypeParam, len(r.dict.bounds))
+ for i := range r.dict.bounds {
+ pos := r.pos()
+ pkg, name := r.localIdent()
+
+ tname := types.NewTypeName(pos, pkg, name, nil)
+ r.dict.tparams[i] = types.NewTypeParam(tname, nil)
+ }
+
+ typs := make([]types.Type, len(r.dict.bounds))
+ for i, bound := range r.dict.bounds {
+ typs[i] = r.p.typIdx(bound, r.dict)
+ }
+
+ // TODO(mdempsky): This is subtle, elaborate further.
+ //
+ // We have to save tparams outside of the closure, because
+ // typeParamNames() can be called multiple times with the same
+ // dictionary instance.
+ //
+ // Also, this needs to happen later to make sure SetUnderlying has
+ // been called.
+ //
+ // TODO(mdempsky): Is it safe to have a single "later" slice or do
+ // we need to have multiple passes? See comments on CL 386002 and
+ // go.dev/issue/52104.
+ tparams := r.dict.tparams
+ r.p.later(func() {
+ for i, typ := range typs {
+ tparams[i].SetConstraint(typ)
+ }
+ })
+
+ return r.dict.tparams
+}
+
+func (r *reader) method() *types.Func {
+ r.Sync(pkgbits.SyncMethod)
+ pos := r.pos()
+ pkg, name := r.selector()
+
+ rparams := r.typeParamNames()
+ sig := r.signature(r.param(), rparams, nil)
+
+ _ = r.pos() // TODO(mdempsky): Remove; this is a hacker for linker.go.
+ return types.NewFunc(pos, pkg, name, sig)
+}
+
+func (r *reader) qualifiedIdent() (*types.Package, string) { return r.ident(pkgbits.SyncSym) }
+func (r *reader) localIdent() (*types.Package, string) { return r.ident(pkgbits.SyncLocalIdent) }
+func (r *reader) selector() (*types.Package, string) { return r.ident(pkgbits.SyncSelector) }
+
+func (r *reader) ident(marker pkgbits.SyncMarker) (*types.Package, string) {
+ r.Sync(marker)
+ return r.pkg(), r.String()
+}
+
+// pkgScope returns pkg.Scope().
+// If pkg is nil, it returns types.Universe instead.
+//
+// TODO(mdempsky): Remove after x/tools can depend on Go 1.19.
+func pkgScope(pkg *types.Package) *types.Scope {
+ if pkg != nil {
+ return pkg.Scope()
+ }
+ return types.Universe
+}
diff --git a/vendor/golang.org/x/tools/internal/packagesinternal/packages.go b/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
new file mode 100644
index 000000000..44719de17
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/packagesinternal/packages.go
@@ -0,0 +1,22 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package packagesinternal exposes internal-only fields from go/packages.
+package packagesinternal
+
+var GetForTest = func(p interface{}) string { return "" }
+var GetDepsErrors = func(p interface{}) []*PackageError { return nil }
+
+type PackageError struct {
+ ImportStack []string // shortest path from package named on command line to this one
+ Pos string // position of error (if present, file:line:col)
+ Err string // the error itself
+}
+
+var TypecheckCgo int
+var DepsErrors int // must be set as a LoadMode to call GetDepsErrors
+var ForTest int // must be set as a LoadMode to call GetForTest
+
+var SetModFlag = func(config interface{}, value string) {}
+var SetModFile = func(config interface{}, value string) {}
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/codes.go b/vendor/golang.org/x/tools/internal/pkgbits/codes.go
new file mode 100644
index 000000000..f0cabde96
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/codes.go
@@ -0,0 +1,77 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package pkgbits
+
+// A Code is an enum value that can be encoded into bitstreams.
+//
+// Code types are preferable for enum types, because they allow
+// Decoder to detect desyncs.
+type Code interface {
+ // Marker returns the SyncMarker for the Code's dynamic type.
+ Marker() SyncMarker
+
+ // Value returns the Code's ordinal value.
+ Value() int
+}
+
+// A CodeVal distinguishes among go/constant.Value encodings.
+type CodeVal int
+
+func (c CodeVal) Marker() SyncMarker { return SyncVal }
+func (c CodeVal) Value() int { return int(c) }
+
+// Note: These values are public and cannot be changed without
+// updating the go/types importers.
+
+const (
+ ValBool CodeVal = iota
+ ValString
+ ValInt64
+ ValBigInt
+ ValBigRat
+ ValBigFloat
+)
+
+// A CodeType distinguishes among go/types.Type encodings.
+type CodeType int
+
+func (c CodeType) Marker() SyncMarker { return SyncType }
+func (c CodeType) Value() int { return int(c) }
+
+// Note: These values are public and cannot be changed without
+// updating the go/types importers.
+
+const (
+ TypeBasic CodeType = iota
+ TypeNamed
+ TypePointer
+ TypeSlice
+ TypeArray
+ TypeChan
+ TypeMap
+ TypeSignature
+ TypeStruct
+ TypeInterface
+ TypeUnion
+ TypeTypeParam
+)
+
+// A CodeObj distinguishes among go/types.Object encodings.
+type CodeObj int
+
+func (c CodeObj) Marker() SyncMarker { return SyncCodeObj }
+func (c CodeObj) Value() int { return int(c) }
+
+// Note: These values are public and cannot be changed without
+// updating the go/types importers.
+
+const (
+ ObjAlias CodeObj = iota
+ ObjConst
+ ObjType
+ ObjFunc
+ ObjVar
+ ObjStub
+)
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/decoder.go b/vendor/golang.org/x/tools/internal/pkgbits/decoder.go
new file mode 100644
index 000000000..2acd85851
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/decoder.go
@@ -0,0 +1,521 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package pkgbits
+
+import (
+ "encoding/binary"
+ "errors"
+ "fmt"
+ "go/constant"
+ "go/token"
+ "io"
+ "math/big"
+ "os"
+ "runtime"
+ "strings"
+)
+
+// A PkgDecoder provides methods for decoding a package's Unified IR
+// export data.
+type PkgDecoder struct {
+ // version is the file format version.
+ version uint32
+
+ // aliases determines whether types.Aliases should be created
+ aliases bool
+
+ // sync indicates whether the file uses sync markers.
+ sync bool
+
+ // pkgPath is the package path for the package to be decoded.
+ //
+ // TODO(mdempsky): Remove; unneeded since CL 391014.
+ pkgPath string
+
+ // elemData is the full data payload of the encoded package.
+ // Elements are densely and contiguously packed together.
+ //
+ // The last 8 bytes of elemData are the package fingerprint.
+ elemData string
+
+ // elemEnds stores the byte-offset end positions of element
+ // bitstreams within elemData.
+ //
+ // For example, element I's bitstream data starts at elemEnds[I-1]
+ // (or 0, if I==0) and ends at elemEnds[I].
+ //
+ // Note: elemEnds is indexed by absolute indices, not
+ // section-relative indices.
+ elemEnds []uint32
+
+ // elemEndsEnds stores the index-offset end positions of relocation
+ // sections within elemEnds.
+ //
+ // For example, section K's end positions start at elemEndsEnds[K-1]
+ // (or 0, if K==0) and end at elemEndsEnds[K].
+ elemEndsEnds [numRelocs]uint32
+
+ scratchRelocEnt []RelocEnt
+}
+
+// PkgPath returns the package path for the package
+//
+// TODO(mdempsky): Remove; unneeded since CL 391014.
+func (pr *PkgDecoder) PkgPath() string { return pr.pkgPath }
+
+// SyncMarkers reports whether pr uses sync markers.
+func (pr *PkgDecoder) SyncMarkers() bool { return pr.sync }
+
+// NewPkgDecoder returns a PkgDecoder initialized to read the Unified
+// IR export data from input. pkgPath is the package path for the
+// compilation unit that produced the export data.
+//
+// TODO(mdempsky): Remove pkgPath parameter; unneeded since CL 391014.
+func NewPkgDecoder(pkgPath, input string) PkgDecoder {
+ pr := PkgDecoder{
+ pkgPath: pkgPath,
+ //aliases: aliases.Enabled(),
+ }
+
+ // TODO(mdempsky): Implement direct indexing of input string to
+ // avoid copying the position information.
+
+ r := strings.NewReader(input)
+
+ assert(binary.Read(r, binary.LittleEndian, &pr.version) == nil)
+
+ switch pr.version {
+ default:
+ panic(fmt.Errorf("unsupported version: %v", pr.version))
+ case 0:
+ // no flags
+ case 1:
+ var flags uint32
+ assert(binary.Read(r, binary.LittleEndian, &flags) == nil)
+ pr.sync = flags&flagSyncMarkers != 0
+ }
+
+ assert(binary.Read(r, binary.LittleEndian, pr.elemEndsEnds[:]) == nil)
+
+ pr.elemEnds = make([]uint32, pr.elemEndsEnds[len(pr.elemEndsEnds)-1])
+ assert(binary.Read(r, binary.LittleEndian, pr.elemEnds[:]) == nil)
+
+ pos, err := r.Seek(0, io.SeekCurrent)
+ assert(err == nil)
+
+ pr.elemData = input[pos:]
+ assert(len(pr.elemData)-8 == int(pr.elemEnds[len(pr.elemEnds)-1]))
+
+ return pr
+}
+
+// NumElems returns the number of elements in section k.
+func (pr *PkgDecoder) NumElems(k RelocKind) int {
+ count := int(pr.elemEndsEnds[k])
+ if k > 0 {
+ count -= int(pr.elemEndsEnds[k-1])
+ }
+ return count
+}
+
+// TotalElems returns the total number of elements across all sections.
+func (pr *PkgDecoder) TotalElems() int {
+ return len(pr.elemEnds)
+}
+
+// Fingerprint returns the package fingerprint.
+func (pr *PkgDecoder) Fingerprint() [8]byte {
+ var fp [8]byte
+ copy(fp[:], pr.elemData[len(pr.elemData)-8:])
+ return fp
+}
+
+// AbsIdx returns the absolute index for the given (section, index)
+// pair.
+func (pr *PkgDecoder) AbsIdx(k RelocKind, idx Index) int {
+ absIdx := int(idx)
+ if k > 0 {
+ absIdx += int(pr.elemEndsEnds[k-1])
+ }
+ if absIdx >= int(pr.elemEndsEnds[k]) {
+ errorf("%v:%v is out of bounds; %v", k, idx, pr.elemEndsEnds)
+ }
+ return absIdx
+}
+
+// DataIdx returns the raw element bitstream for the given (section,
+// index) pair.
+func (pr *PkgDecoder) DataIdx(k RelocKind, idx Index) string {
+ absIdx := pr.AbsIdx(k, idx)
+
+ var start uint32
+ if absIdx > 0 {
+ start = pr.elemEnds[absIdx-1]
+ }
+ end := pr.elemEnds[absIdx]
+
+ return pr.elemData[start:end]
+}
+
+// StringIdx returns the string value for the given string index.
+func (pr *PkgDecoder) StringIdx(idx Index) string {
+ return pr.DataIdx(RelocString, idx)
+}
+
+// NewDecoder returns a Decoder for the given (section, index) pair,
+// and decodes the given SyncMarker from the element bitstream.
+func (pr *PkgDecoder) NewDecoder(k RelocKind, idx Index, marker SyncMarker) Decoder {
+ r := pr.NewDecoderRaw(k, idx)
+ r.Sync(marker)
+ return r
+}
+
+// TempDecoder returns a Decoder for the given (section, index) pair,
+// and decodes the given SyncMarker from the element bitstream.
+// If possible the Decoder should be RetireDecoder'd when it is no longer
+// needed, this will avoid heap allocations.
+func (pr *PkgDecoder) TempDecoder(k RelocKind, idx Index, marker SyncMarker) Decoder {
+ r := pr.TempDecoderRaw(k, idx)
+ r.Sync(marker)
+ return r
+}
+
+func (pr *PkgDecoder) RetireDecoder(d *Decoder) {
+ pr.scratchRelocEnt = d.Relocs
+ d.Relocs = nil
+}
+
+// NewDecoderRaw returns a Decoder for the given (section, index) pair.
+//
+// Most callers should use NewDecoder instead.
+func (pr *PkgDecoder) NewDecoderRaw(k RelocKind, idx Index) Decoder {
+ r := Decoder{
+ common: pr,
+ k: k,
+ Idx: idx,
+ }
+
+ // TODO(mdempsky) r.data.Reset(...) after #44505 is resolved.
+ r.Data = *strings.NewReader(pr.DataIdx(k, idx))
+
+ r.Sync(SyncRelocs)
+ r.Relocs = make([]RelocEnt, r.Len())
+ for i := range r.Relocs {
+ r.Sync(SyncReloc)
+ r.Relocs[i] = RelocEnt{RelocKind(r.Len()), Index(r.Len())}
+ }
+
+ return r
+}
+
+func (pr *PkgDecoder) TempDecoderRaw(k RelocKind, idx Index) Decoder {
+ r := Decoder{
+ common: pr,
+ k: k,
+ Idx: idx,
+ }
+
+ r.Data.Reset(pr.DataIdx(k, idx))
+ r.Sync(SyncRelocs)
+ l := r.Len()
+ if cap(pr.scratchRelocEnt) >= l {
+ r.Relocs = pr.scratchRelocEnt[:l]
+ pr.scratchRelocEnt = nil
+ } else {
+ r.Relocs = make([]RelocEnt, l)
+ }
+ for i := range r.Relocs {
+ r.Sync(SyncReloc)
+ r.Relocs[i] = RelocEnt{RelocKind(r.Len()), Index(r.Len())}
+ }
+
+ return r
+}
+
+// A Decoder provides methods for decoding an individual element's
+// bitstream data.
+type Decoder struct {
+ common *PkgDecoder
+
+ Relocs []RelocEnt
+ Data strings.Reader
+
+ k RelocKind
+ Idx Index
+}
+
+func (r *Decoder) checkErr(err error) {
+ if err != nil {
+ errorf("unexpected decoding error: %w", err)
+ }
+}
+
+func (r *Decoder) rawUvarint() uint64 {
+ x, err := readUvarint(&r.Data)
+ r.checkErr(err)
+ return x
+}
+
+// readUvarint is a type-specialized copy of encoding/binary.ReadUvarint.
+// This avoids the interface conversion and thus has better escape properties,
+// which flows up the stack.
+func readUvarint(r *strings.Reader) (uint64, error) {
+ var x uint64
+ var s uint
+ for i := 0; i < binary.MaxVarintLen64; i++ {
+ b, err := r.ReadByte()
+ if err != nil {
+ if i > 0 && err == io.EOF {
+ err = io.ErrUnexpectedEOF
+ }
+ return x, err
+ }
+ if b < 0x80 {
+ if i == binary.MaxVarintLen64-1 && b > 1 {
+ return x, overflow
+ }
+ return x | uint64(b)<> 1)
+ if ux&1 != 0 {
+ x = ^x
+ }
+ return x
+}
+
+func (r *Decoder) rawReloc(k RelocKind, idx int) Index {
+ e := r.Relocs[idx]
+ assert(e.Kind == k)
+ return e.Idx
+}
+
+// Sync decodes a sync marker from the element bitstream and asserts
+// that it matches the expected marker.
+//
+// If r.common.sync is false, then Sync is a no-op.
+func (r *Decoder) Sync(mWant SyncMarker) {
+ if !r.common.sync {
+ return
+ }
+
+ pos, _ := r.Data.Seek(0, io.SeekCurrent)
+ mHave := SyncMarker(r.rawUvarint())
+ writerPCs := make([]int, r.rawUvarint())
+ for i := range writerPCs {
+ writerPCs[i] = int(r.rawUvarint())
+ }
+
+ if mHave == mWant {
+ return
+ }
+
+ // There's some tension here between printing:
+ //
+ // (1) full file paths that tools can recognize (e.g., so emacs
+ // hyperlinks the "file:line" text for easy navigation), or
+ //
+ // (2) short file paths that are easier for humans to read (e.g., by
+ // omitting redundant or irrelevant details, so it's easier to
+ // focus on the useful bits that remain).
+ //
+ // The current formatting favors the former, as it seems more
+ // helpful in practice. But perhaps the formatting could be improved
+ // to better address both concerns. For example, use relative file
+ // paths if they would be shorter, or rewrite file paths to contain
+ // "$GOROOT" (like objabi.AbsFile does) if tools can be taught how
+ // to reliably expand that again.
+
+ fmt.Printf("export data desync: package %q, section %v, index %v, offset %v\n", r.common.pkgPath, r.k, r.Idx, pos)
+
+ fmt.Printf("\nfound %v, written at:\n", mHave)
+ if len(writerPCs) == 0 {
+ fmt.Printf("\t[stack trace unavailable; recompile package %q with -d=syncframes]\n", r.common.pkgPath)
+ }
+ for _, pc := range writerPCs {
+ fmt.Printf("\t%s\n", r.common.StringIdx(r.rawReloc(RelocString, pc)))
+ }
+
+ fmt.Printf("\nexpected %v, reading at:\n", mWant)
+ var readerPCs [32]uintptr // TODO(mdempsky): Dynamically size?
+ n := runtime.Callers(2, readerPCs[:])
+ for _, pc := range fmtFrames(readerPCs[:n]...) {
+ fmt.Printf("\t%s\n", pc)
+ }
+
+ // We already printed a stack trace for the reader, so now we can
+ // simply exit. Printing a second one with panic or base.Fatalf
+ // would just be noise.
+ os.Exit(1)
+}
+
+// Bool decodes and returns a bool value from the element bitstream.
+func (r *Decoder) Bool() bool {
+ r.Sync(SyncBool)
+ x, err := r.Data.ReadByte()
+ r.checkErr(err)
+ assert(x < 2)
+ return x != 0
+}
+
+// Int64 decodes and returns an int64 value from the element bitstream.
+func (r *Decoder) Int64() int64 {
+ r.Sync(SyncInt64)
+ return r.rawVarint()
+}
+
+// Uint64 decodes and returns a uint64 value from the element bitstream.
+func (r *Decoder) Uint64() uint64 {
+ r.Sync(SyncUint64)
+ return r.rawUvarint()
+}
+
+// Len decodes and returns a non-negative int value from the element bitstream.
+func (r *Decoder) Len() int { x := r.Uint64(); v := int(x); assert(uint64(v) == x); return v }
+
+// Int decodes and returns an int value from the element bitstream.
+func (r *Decoder) Int() int { x := r.Int64(); v := int(x); assert(int64(v) == x); return v }
+
+// Uint decodes and returns a uint value from the element bitstream.
+func (r *Decoder) Uint() uint { x := r.Uint64(); v := uint(x); assert(uint64(v) == x); return v }
+
+// Code decodes a Code value from the element bitstream and returns
+// its ordinal value. It's the caller's responsibility to convert the
+// result to an appropriate Code type.
+//
+// TODO(mdempsky): Ideally this method would have signature "Code[T
+// Code] T" instead, but we don't allow generic methods and the
+// compiler can't depend on generics yet anyway.
+func (r *Decoder) Code(mark SyncMarker) int {
+ r.Sync(mark)
+ return r.Len()
+}
+
+// Reloc decodes a relocation of expected section k from the element
+// bitstream and returns an index to the referenced element.
+func (r *Decoder) Reloc(k RelocKind) Index {
+ r.Sync(SyncUseReloc)
+ return r.rawReloc(k, r.Len())
+}
+
+// String decodes and returns a string value from the element
+// bitstream.
+func (r *Decoder) String() string {
+ r.Sync(SyncString)
+ return r.common.StringIdx(r.Reloc(RelocString))
+}
+
+// Strings decodes and returns a variable-length slice of strings from
+// the element bitstream.
+func (r *Decoder) Strings() []string {
+ res := make([]string, r.Len())
+ for i := range res {
+ res[i] = r.String()
+ }
+ return res
+}
+
+// Value decodes and returns a constant.Value from the element
+// bitstream.
+func (r *Decoder) Value() constant.Value {
+ r.Sync(SyncValue)
+ isComplex := r.Bool()
+ val := r.scalar()
+ if isComplex {
+ val = constant.BinaryOp(val, token.ADD, constant.MakeImag(r.scalar()))
+ }
+ return val
+}
+
+func (r *Decoder) scalar() constant.Value {
+ switch tag := CodeVal(r.Code(SyncVal)); tag {
+ default:
+ panic(fmt.Errorf("unexpected scalar tag: %v", tag))
+
+ case ValBool:
+ return constant.MakeBool(r.Bool())
+ case ValString:
+ return constant.MakeString(r.String())
+ case ValInt64:
+ return constant.MakeInt64(r.Int64())
+ case ValBigInt:
+ return constant.Make(r.bigInt())
+ case ValBigRat:
+ num := r.bigInt()
+ denom := r.bigInt()
+ return constant.Make(new(big.Rat).SetFrac(num, denom))
+ case ValBigFloat:
+ return constant.Make(r.bigFloat())
+ }
+}
+
+func (r *Decoder) bigInt() *big.Int {
+ v := new(big.Int).SetBytes([]byte(r.String()))
+ if r.Bool() {
+ v.Neg(v)
+ }
+ return v
+}
+
+func (r *Decoder) bigFloat() *big.Float {
+ v := new(big.Float).SetPrec(512)
+ assert(v.UnmarshalText([]byte(r.String())) == nil)
+ return v
+}
+
+// @@@ Helpers
+
+// TODO(mdempsky): These should probably be removed. I think they're a
+// smell that the export data format is not yet quite right.
+
+// PeekPkgPath returns the package path for the specified package
+// index.
+func (pr *PkgDecoder) PeekPkgPath(idx Index) string {
+ var path string
+ {
+ r := pr.TempDecoder(RelocPkg, idx, SyncPkgDef)
+ path = r.String()
+ pr.RetireDecoder(&r)
+ }
+ if path == "" {
+ path = pr.pkgPath
+ }
+ return path
+}
+
+// PeekObj returns the package path, object name, and CodeObj for the
+// specified object index.
+func (pr *PkgDecoder) PeekObj(idx Index) (string, string, CodeObj) {
+ var ridx Index
+ var name string
+ var rcode int
+ {
+ r := pr.TempDecoder(RelocName, idx, SyncObject1)
+ r.Sync(SyncSym)
+ r.Sync(SyncPkg)
+ ridx = r.Reloc(RelocPkg)
+ name = r.String()
+ rcode = r.Code(SyncCodeObj)
+ pr.RetireDecoder(&r)
+ }
+
+ path := pr.PeekPkgPath(ridx)
+ assert(name != "")
+
+ tag := CodeObj(rcode)
+
+ return path, name, tag
+}
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/doc.go b/vendor/golang.org/x/tools/internal/pkgbits/doc.go
new file mode 100644
index 000000000..c8a2796b5
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/doc.go
@@ -0,0 +1,32 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package pkgbits implements low-level coding abstractions for
+// Unified IR's export data format.
+//
+// At a low-level, a package is a collection of bitstream elements.
+// Each element has a "kind" and a dense, non-negative index.
+// Elements can be randomly accessed given their kind and index.
+//
+// Individual elements are sequences of variable-length values (e.g.,
+// integers, booleans, strings, go/constant values, cross-references
+// to other elements). Package pkgbits provides APIs for encoding and
+// decoding these low-level values, but the details of mapping
+// higher-level Go constructs into elements is left to higher-level
+// abstractions.
+//
+// Elements may cross-reference each other with "relocations." For
+// example, an element representing a pointer type has a relocation
+// referring to the element type.
+//
+// Go constructs may be composed as a constellation of multiple
+// elements. For example, a declared function may have one element to
+// describe the object (e.g., its name, type, position), and a
+// separate element to describe its function body. This allows readers
+// some flexibility in efficiently seeking or re-reading data (e.g.,
+// inlining requires re-reading the function body for each inlined
+// call, without needing to re-read the object-level details).
+//
+// This is a copy of internal/pkgbits in the Go implementation.
+package pkgbits
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/encoder.go b/vendor/golang.org/x/tools/internal/pkgbits/encoder.go
new file mode 100644
index 000000000..6482617a4
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/encoder.go
@@ -0,0 +1,383 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package pkgbits
+
+import (
+ "bytes"
+ "crypto/md5"
+ "encoding/binary"
+ "go/constant"
+ "io"
+ "math/big"
+ "runtime"
+)
+
+// currentVersion is the current version number.
+//
+// - v0: initial prototype
+//
+// - v1: adds the flags uint32 word
+const currentVersion uint32 = 1
+
+// A PkgEncoder provides methods for encoding a package's Unified IR
+// export data.
+type PkgEncoder struct {
+ // elems holds the bitstream for previously encoded elements.
+ elems [numRelocs][]string
+
+ // stringsIdx maps previously encoded strings to their index within
+ // the RelocString section, to allow deduplication. That is,
+ // elems[RelocString][stringsIdx[s]] == s (if present).
+ stringsIdx map[string]Index
+
+ // syncFrames is the number of frames to write at each sync
+ // marker. A negative value means sync markers are omitted.
+ syncFrames int
+}
+
+// SyncMarkers reports whether pw uses sync markers.
+func (pw *PkgEncoder) SyncMarkers() bool { return pw.syncFrames >= 0 }
+
+// NewPkgEncoder returns an initialized PkgEncoder.
+//
+// syncFrames is the number of caller frames that should be serialized
+// at Sync points. Serializing additional frames results in larger
+// export data files, but can help diagnosing desync errors in
+// higher-level Unified IR reader/writer code. If syncFrames is
+// negative, then sync markers are omitted entirely.
+func NewPkgEncoder(syncFrames int) PkgEncoder {
+ return PkgEncoder{
+ stringsIdx: make(map[string]Index),
+ syncFrames: syncFrames,
+ }
+}
+
+// DumpTo writes the package's encoded data to out0 and returns the
+// package fingerprint.
+func (pw *PkgEncoder) DumpTo(out0 io.Writer) (fingerprint [8]byte) {
+ h := md5.New()
+ out := io.MultiWriter(out0, h)
+
+ writeUint32 := func(x uint32) {
+ assert(binary.Write(out, binary.LittleEndian, x) == nil)
+ }
+
+ writeUint32(currentVersion)
+
+ var flags uint32
+ if pw.SyncMarkers() {
+ flags |= flagSyncMarkers
+ }
+ writeUint32(flags)
+
+ // Write elemEndsEnds.
+ var sum uint32
+ for _, elems := range &pw.elems {
+ sum += uint32(len(elems))
+ writeUint32(sum)
+ }
+
+ // Write elemEnds.
+ sum = 0
+ for _, elems := range &pw.elems {
+ for _, elem := range elems {
+ sum += uint32(len(elem))
+ writeUint32(sum)
+ }
+ }
+
+ // Write elemData.
+ for _, elems := range &pw.elems {
+ for _, elem := range elems {
+ _, err := io.WriteString(out, elem)
+ assert(err == nil)
+ }
+ }
+
+ // Write fingerprint.
+ copy(fingerprint[:], h.Sum(nil))
+ _, err := out0.Write(fingerprint[:])
+ assert(err == nil)
+
+ return
+}
+
+// StringIdx adds a string value to the strings section, if not
+// already present, and returns its index.
+func (pw *PkgEncoder) StringIdx(s string) Index {
+ if idx, ok := pw.stringsIdx[s]; ok {
+ assert(pw.elems[RelocString][idx] == s)
+ return idx
+ }
+
+ idx := Index(len(pw.elems[RelocString]))
+ pw.elems[RelocString] = append(pw.elems[RelocString], s)
+ pw.stringsIdx[s] = idx
+ return idx
+}
+
+// NewEncoder returns an Encoder for a new element within the given
+// section, and encodes the given SyncMarker as the start of the
+// element bitstream.
+func (pw *PkgEncoder) NewEncoder(k RelocKind, marker SyncMarker) Encoder {
+ e := pw.NewEncoderRaw(k)
+ e.Sync(marker)
+ return e
+}
+
+// NewEncoderRaw returns an Encoder for a new element within the given
+// section.
+//
+// Most callers should use NewEncoder instead.
+func (pw *PkgEncoder) NewEncoderRaw(k RelocKind) Encoder {
+ idx := Index(len(pw.elems[k]))
+ pw.elems[k] = append(pw.elems[k], "") // placeholder
+
+ return Encoder{
+ p: pw,
+ k: k,
+ Idx: idx,
+ }
+}
+
+// An Encoder provides methods for encoding an individual element's
+// bitstream data.
+type Encoder struct {
+ p *PkgEncoder
+
+ Relocs []RelocEnt
+ RelocMap map[RelocEnt]uint32
+ Data bytes.Buffer // accumulated element bitstream data
+
+ encodingRelocHeader bool
+
+ k RelocKind
+ Idx Index // index within relocation section
+}
+
+// Flush finalizes the element's bitstream and returns its Index.
+func (w *Encoder) Flush() Index {
+ var sb bytes.Buffer // TODO(mdempsky): strings.Builder after #44505 is resolved
+
+ // Backup the data so we write the relocations at the front.
+ var tmp bytes.Buffer
+ io.Copy(&tmp, &w.Data)
+
+ // TODO(mdempsky): Consider writing these out separately so they're
+ // easier to strip, along with function bodies, so that we can prune
+ // down to just the data that's relevant to go/types.
+ if w.encodingRelocHeader {
+ panic("encodingRelocHeader already true; recursive flush?")
+ }
+ w.encodingRelocHeader = true
+ w.Sync(SyncRelocs)
+ w.Len(len(w.Relocs))
+ for _, rEnt := range w.Relocs {
+ w.Sync(SyncReloc)
+ w.Len(int(rEnt.Kind))
+ w.Len(int(rEnt.Idx))
+ }
+
+ io.Copy(&sb, &w.Data)
+ io.Copy(&sb, &tmp)
+ w.p.elems[w.k][w.Idx] = sb.String()
+
+ return w.Idx
+}
+
+func (w *Encoder) checkErr(err error) {
+ if err != nil {
+ errorf("unexpected encoding error: %v", err)
+ }
+}
+
+func (w *Encoder) rawUvarint(x uint64) {
+ var buf [binary.MaxVarintLen64]byte
+ n := binary.PutUvarint(buf[:], x)
+ _, err := w.Data.Write(buf[:n])
+ w.checkErr(err)
+}
+
+func (w *Encoder) rawVarint(x int64) {
+ // Zig-zag encode.
+ ux := uint64(x) << 1
+ if x < 0 {
+ ux = ^ux
+ }
+
+ w.rawUvarint(ux)
+}
+
+func (w *Encoder) rawReloc(r RelocKind, idx Index) int {
+ e := RelocEnt{r, idx}
+ if w.RelocMap != nil {
+ if i, ok := w.RelocMap[e]; ok {
+ return int(i)
+ }
+ } else {
+ w.RelocMap = make(map[RelocEnt]uint32)
+ }
+
+ i := len(w.Relocs)
+ w.RelocMap[e] = uint32(i)
+ w.Relocs = append(w.Relocs, e)
+ return i
+}
+
+func (w *Encoder) Sync(m SyncMarker) {
+ if !w.p.SyncMarkers() {
+ return
+ }
+
+ // Writing out stack frame string references requires working
+ // relocations, but writing out the relocations themselves involves
+ // sync markers. To prevent infinite recursion, we simply trim the
+ // stack frame for sync markers within the relocation header.
+ var frames []string
+ if !w.encodingRelocHeader && w.p.syncFrames > 0 {
+ pcs := make([]uintptr, w.p.syncFrames)
+ n := runtime.Callers(2, pcs)
+ frames = fmtFrames(pcs[:n]...)
+ }
+
+ // TODO(mdempsky): Save space by writing out stack frames as a
+ // linked list so we can share common stack frames.
+ w.rawUvarint(uint64(m))
+ w.rawUvarint(uint64(len(frames)))
+ for _, frame := range frames {
+ w.rawUvarint(uint64(w.rawReloc(RelocString, w.p.StringIdx(frame))))
+ }
+}
+
+// Bool encodes and writes a bool value into the element bitstream,
+// and then returns the bool value.
+//
+// For simple, 2-alternative encodings, the idiomatic way to call Bool
+// is something like:
+//
+// if w.Bool(x != 0) {
+// // alternative #1
+// } else {
+// // alternative #2
+// }
+//
+// For multi-alternative encodings, use Code instead.
+func (w *Encoder) Bool(b bool) bool {
+ w.Sync(SyncBool)
+ var x byte
+ if b {
+ x = 1
+ }
+ err := w.Data.WriteByte(x)
+ w.checkErr(err)
+ return b
+}
+
+// Int64 encodes and writes an int64 value into the element bitstream.
+func (w *Encoder) Int64(x int64) {
+ w.Sync(SyncInt64)
+ w.rawVarint(x)
+}
+
+// Uint64 encodes and writes a uint64 value into the element bitstream.
+func (w *Encoder) Uint64(x uint64) {
+ w.Sync(SyncUint64)
+ w.rawUvarint(x)
+}
+
+// Len encodes and writes a non-negative int value into the element bitstream.
+func (w *Encoder) Len(x int) { assert(x >= 0); w.Uint64(uint64(x)) }
+
+// Int encodes and writes an int value into the element bitstream.
+func (w *Encoder) Int(x int) { w.Int64(int64(x)) }
+
+// Uint encodes and writes a uint value into the element bitstream.
+func (w *Encoder) Uint(x uint) { w.Uint64(uint64(x)) }
+
+// Reloc encodes and writes a relocation for the given (section,
+// index) pair into the element bitstream.
+//
+// Note: Only the index is formally written into the element
+// bitstream, so bitstream decoders must know from context which
+// section an encoded relocation refers to.
+func (w *Encoder) Reloc(r RelocKind, idx Index) {
+ w.Sync(SyncUseReloc)
+ w.Len(w.rawReloc(r, idx))
+}
+
+// Code encodes and writes a Code value into the element bitstream.
+func (w *Encoder) Code(c Code) {
+ w.Sync(c.Marker())
+ w.Len(c.Value())
+}
+
+// String encodes and writes a string value into the element
+// bitstream.
+//
+// Internally, strings are deduplicated by adding them to the strings
+// section (if not already present), and then writing a relocation
+// into the element bitstream.
+func (w *Encoder) String(s string) {
+ w.Sync(SyncString)
+ w.Reloc(RelocString, w.p.StringIdx(s))
+}
+
+// Strings encodes and writes a variable-length slice of strings into
+// the element bitstream.
+func (w *Encoder) Strings(ss []string) {
+ w.Len(len(ss))
+ for _, s := range ss {
+ w.String(s)
+ }
+}
+
+// Value encodes and writes a constant.Value into the element
+// bitstream.
+func (w *Encoder) Value(val constant.Value) {
+ w.Sync(SyncValue)
+ if w.Bool(val.Kind() == constant.Complex) {
+ w.scalar(constant.Real(val))
+ w.scalar(constant.Imag(val))
+ } else {
+ w.scalar(val)
+ }
+}
+
+func (w *Encoder) scalar(val constant.Value) {
+ switch v := constant.Val(val).(type) {
+ default:
+ errorf("unhandled %v (%v)", val, val.Kind())
+ case bool:
+ w.Code(ValBool)
+ w.Bool(v)
+ case string:
+ w.Code(ValString)
+ w.String(v)
+ case int64:
+ w.Code(ValInt64)
+ w.Int64(v)
+ case *big.Int:
+ w.Code(ValBigInt)
+ w.bigInt(v)
+ case *big.Rat:
+ w.Code(ValBigRat)
+ w.bigInt(v.Num())
+ w.bigInt(v.Denom())
+ case *big.Float:
+ w.Code(ValBigFloat)
+ w.bigFloat(v)
+ }
+}
+
+func (w *Encoder) bigInt(v *big.Int) {
+ b := v.Bytes()
+ w.String(string(b)) // TODO: More efficient encoding.
+ w.Bool(v.Sign() < 0)
+}
+
+func (w *Encoder) bigFloat(v *big.Float) {
+ b := v.Append(nil, 'p', -1)
+ w.String(string(b)) // TODO: More efficient encoding.
+}
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/flags.go b/vendor/golang.org/x/tools/internal/pkgbits/flags.go
new file mode 100644
index 000000000..654222745
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/flags.go
@@ -0,0 +1,9 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package pkgbits
+
+const (
+ flagSyncMarkers = 1 << iota // file format contains sync markers
+)
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go b/vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go
new file mode 100644
index 000000000..5294f6a63
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/frames_go1.go
@@ -0,0 +1,21 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.7
+// +build !go1.7
+
+// TODO(mdempsky): Remove after #44505 is resolved
+
+package pkgbits
+
+import "runtime"
+
+func walkFrames(pcs []uintptr, visit frameVisitor) {
+ for _, pc := range pcs {
+ fn := runtime.FuncForPC(pc)
+ file, line := fn.FileLine(pc)
+
+ visit(file, line, fn.Name(), pc-fn.Entry())
+ }
+}
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go b/vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go
new file mode 100644
index 000000000..2324ae7ad
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/frames_go17.go
@@ -0,0 +1,28 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.7
+// +build go1.7
+
+package pkgbits
+
+import "runtime"
+
+// walkFrames calls visit for each call frame represented by pcs.
+//
+// pcs should be a slice of PCs, as returned by runtime.Callers.
+func walkFrames(pcs []uintptr, visit frameVisitor) {
+ if len(pcs) == 0 {
+ return
+ }
+
+ frames := runtime.CallersFrames(pcs)
+ for {
+ frame, more := frames.Next()
+ visit(frame.File, frame.Line, frame.Function, frame.PC-frame.Entry)
+ if !more {
+ return
+ }
+ }
+}
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/reloc.go b/vendor/golang.org/x/tools/internal/pkgbits/reloc.go
new file mode 100644
index 000000000..fcdfb97ca
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/reloc.go
@@ -0,0 +1,42 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package pkgbits
+
+// A RelocKind indicates a particular section within a unified IR export.
+type RelocKind int32
+
+// An Index represents a bitstream element index within a particular
+// section.
+type Index int32
+
+// A relocEnt (relocation entry) is an entry in an element's local
+// reference table.
+//
+// TODO(mdempsky): Rename this too.
+type RelocEnt struct {
+ Kind RelocKind
+ Idx Index
+}
+
+// Reserved indices within the meta relocation section.
+const (
+ PublicRootIdx Index = 0
+ PrivateRootIdx Index = 1
+)
+
+const (
+ RelocString RelocKind = iota
+ RelocMeta
+ RelocPosBase
+ RelocPkg
+ RelocName
+ RelocType
+ RelocObj
+ RelocObjExt
+ RelocObjDict
+ RelocBody
+
+ numRelocs = iota
+)
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/support.go b/vendor/golang.org/x/tools/internal/pkgbits/support.go
new file mode 100644
index 000000000..ad26d3b28
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/support.go
@@ -0,0 +1,17 @@
+// Copyright 2022 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package pkgbits
+
+import "fmt"
+
+func assert(b bool) {
+ if !b {
+ panic("assertion failed")
+ }
+}
+
+func errorf(format string, args ...interface{}) {
+ panic(fmt.Errorf(format, args...))
+}
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/sync.go b/vendor/golang.org/x/tools/internal/pkgbits/sync.go
new file mode 100644
index 000000000..5bd51ef71
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/sync.go
@@ -0,0 +1,113 @@
+// Copyright 2021 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package pkgbits
+
+import (
+ "fmt"
+ "strings"
+)
+
+// fmtFrames formats a backtrace for reporting reader/writer desyncs.
+func fmtFrames(pcs ...uintptr) []string {
+ res := make([]string, 0, len(pcs))
+ walkFrames(pcs, func(file string, line int, name string, offset uintptr) {
+ // Trim package from function name. It's just redundant noise.
+ name = strings.TrimPrefix(name, "cmd/compile/internal/noder.")
+
+ res = append(res, fmt.Sprintf("%s:%v: %s +0x%v", file, line, name, offset))
+ })
+ return res
+}
+
+type frameVisitor func(file string, line int, name string, offset uintptr)
+
+// SyncMarker is an enum type that represents markers that may be
+// written to export data to ensure the reader and writer stay
+// synchronized.
+type SyncMarker int
+
+//go:generate stringer -type=SyncMarker -trimprefix=Sync
+
+const (
+ _ SyncMarker = iota
+
+ // Public markers (known to go/types importers).
+
+ // Low-level coding markers.
+ SyncEOF
+ SyncBool
+ SyncInt64
+ SyncUint64
+ SyncString
+ SyncValue
+ SyncVal
+ SyncRelocs
+ SyncReloc
+ SyncUseReloc
+
+ // Higher-level object and type markers.
+ SyncPublic
+ SyncPos
+ SyncPosBase
+ SyncObject
+ SyncObject1
+ SyncPkg
+ SyncPkgDef
+ SyncMethod
+ SyncType
+ SyncTypeIdx
+ SyncTypeParamNames
+ SyncSignature
+ SyncParams
+ SyncParam
+ SyncCodeObj
+ SyncSym
+ SyncLocalIdent
+ SyncSelector
+
+ // Private markers (only known to cmd/compile).
+ SyncPrivate
+
+ SyncFuncExt
+ SyncVarExt
+ SyncTypeExt
+ SyncPragma
+
+ SyncExprList
+ SyncExprs
+ SyncExpr
+ SyncExprType
+ SyncAssign
+ SyncOp
+ SyncFuncLit
+ SyncCompLit
+
+ SyncDecl
+ SyncFuncBody
+ SyncOpenScope
+ SyncCloseScope
+ SyncCloseAnotherScope
+ SyncDeclNames
+ SyncDeclName
+
+ SyncStmts
+ SyncBlockStmt
+ SyncIfStmt
+ SyncForStmt
+ SyncSwitchStmt
+ SyncRangeStmt
+ SyncCaseClause
+ SyncCommClause
+ SyncSelectStmt
+ SyncDecls
+ SyncLabeledStmt
+ SyncUseObjLocal
+ SyncAddLocal
+ SyncLinkname
+ SyncStmt1
+ SyncStmtsEnd
+ SyncLabel
+ SyncOptLabel
+)
diff --git a/vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go b/vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go
new file mode 100644
index 000000000..4a5b0ca5f
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/pkgbits/syncmarker_string.go
@@ -0,0 +1,89 @@
+// Code generated by "stringer -type=SyncMarker -trimprefix=Sync"; DO NOT EDIT.
+
+package pkgbits
+
+import "strconv"
+
+func _() {
+ // An "invalid array index" compiler error signifies that the constant values have changed.
+ // Re-run the stringer command to generate them again.
+ var x [1]struct{}
+ _ = x[SyncEOF-1]
+ _ = x[SyncBool-2]
+ _ = x[SyncInt64-3]
+ _ = x[SyncUint64-4]
+ _ = x[SyncString-5]
+ _ = x[SyncValue-6]
+ _ = x[SyncVal-7]
+ _ = x[SyncRelocs-8]
+ _ = x[SyncReloc-9]
+ _ = x[SyncUseReloc-10]
+ _ = x[SyncPublic-11]
+ _ = x[SyncPos-12]
+ _ = x[SyncPosBase-13]
+ _ = x[SyncObject-14]
+ _ = x[SyncObject1-15]
+ _ = x[SyncPkg-16]
+ _ = x[SyncPkgDef-17]
+ _ = x[SyncMethod-18]
+ _ = x[SyncType-19]
+ _ = x[SyncTypeIdx-20]
+ _ = x[SyncTypeParamNames-21]
+ _ = x[SyncSignature-22]
+ _ = x[SyncParams-23]
+ _ = x[SyncParam-24]
+ _ = x[SyncCodeObj-25]
+ _ = x[SyncSym-26]
+ _ = x[SyncLocalIdent-27]
+ _ = x[SyncSelector-28]
+ _ = x[SyncPrivate-29]
+ _ = x[SyncFuncExt-30]
+ _ = x[SyncVarExt-31]
+ _ = x[SyncTypeExt-32]
+ _ = x[SyncPragma-33]
+ _ = x[SyncExprList-34]
+ _ = x[SyncExprs-35]
+ _ = x[SyncExpr-36]
+ _ = x[SyncExprType-37]
+ _ = x[SyncAssign-38]
+ _ = x[SyncOp-39]
+ _ = x[SyncFuncLit-40]
+ _ = x[SyncCompLit-41]
+ _ = x[SyncDecl-42]
+ _ = x[SyncFuncBody-43]
+ _ = x[SyncOpenScope-44]
+ _ = x[SyncCloseScope-45]
+ _ = x[SyncCloseAnotherScope-46]
+ _ = x[SyncDeclNames-47]
+ _ = x[SyncDeclName-48]
+ _ = x[SyncStmts-49]
+ _ = x[SyncBlockStmt-50]
+ _ = x[SyncIfStmt-51]
+ _ = x[SyncForStmt-52]
+ _ = x[SyncSwitchStmt-53]
+ _ = x[SyncRangeStmt-54]
+ _ = x[SyncCaseClause-55]
+ _ = x[SyncCommClause-56]
+ _ = x[SyncSelectStmt-57]
+ _ = x[SyncDecls-58]
+ _ = x[SyncLabeledStmt-59]
+ _ = x[SyncUseObjLocal-60]
+ _ = x[SyncAddLocal-61]
+ _ = x[SyncLinkname-62]
+ _ = x[SyncStmt1-63]
+ _ = x[SyncStmtsEnd-64]
+ _ = x[SyncLabel-65]
+ _ = x[SyncOptLabel-66]
+}
+
+const _SyncMarker_name = "EOFBoolInt64Uint64StringValueValRelocsRelocUseRelocPublicPosPosBaseObjectObject1PkgPkgDefMethodTypeTypeIdxTypeParamNamesSignatureParamsParamCodeObjSymLocalIdentSelectorPrivateFuncExtVarExtTypeExtPragmaExprListExprsExprExprTypeAssignOpFuncLitCompLitDeclFuncBodyOpenScopeCloseScopeCloseAnotherScopeDeclNamesDeclNameStmtsBlockStmtIfStmtForStmtSwitchStmtRangeStmtCaseClauseCommClauseSelectStmtDeclsLabeledStmtUseObjLocalAddLocalLinknameStmt1StmtsEndLabelOptLabel"
+
+var _SyncMarker_index = [...]uint16{0, 3, 7, 12, 18, 24, 29, 32, 38, 43, 51, 57, 60, 67, 73, 80, 83, 89, 95, 99, 106, 120, 129, 135, 140, 147, 150, 160, 168, 175, 182, 188, 195, 201, 209, 214, 218, 226, 232, 234, 241, 248, 252, 260, 269, 279, 296, 305, 313, 318, 327, 333, 340, 350, 359, 369, 379, 389, 394, 405, 416, 424, 432, 437, 445, 450, 458}
+
+func (i SyncMarker) String() string {
+ i -= 1
+ if i < 0 || i >= SyncMarker(len(_SyncMarker_index)-1) {
+ return "SyncMarker(" + strconv.FormatInt(int64(i+1), 10) + ")"
+ }
+ return _SyncMarker_name[_SyncMarker_index[i]:_SyncMarker_index[i+1]]
+}
diff --git a/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go b/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go
new file mode 100644
index 000000000..ff9437a36
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/tokeninternal/tokeninternal.go
@@ -0,0 +1,137 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// package tokeninternal provides access to some internal features of the token
+// package.
+package tokeninternal
+
+import (
+ "fmt"
+ "go/token"
+ "sort"
+ "sync"
+ "unsafe"
+)
+
+// GetLines returns the table of line-start offsets from a token.File.
+func GetLines(file *token.File) []int {
+ // token.File has a Lines method on Go 1.21 and later.
+ if file, ok := (interface{})(file).(interface{ Lines() []int }); ok {
+ return file.Lines()
+ }
+
+ // This declaration must match that of token.File.
+ // This creates a risk of dependency skew.
+ // For now we check that the size of the two
+ // declarations is the same, on the (fragile) assumption
+ // that future changes would add fields.
+ type tokenFile119 struct {
+ _ string
+ _ int
+ _ int
+ mu sync.Mutex // we're not complete monsters
+ lines []int
+ _ []struct{}
+ }
+
+ if unsafe.Sizeof(*file) != unsafe.Sizeof(tokenFile119{}) {
+ panic("unexpected token.File size")
+ }
+ var ptr *tokenFile119
+ type uP = unsafe.Pointer
+ *(*uP)(uP(&ptr)) = uP(file)
+ ptr.mu.Lock()
+ defer ptr.mu.Unlock()
+ return ptr.lines
+}
+
+// AddExistingFiles adds the specified files to the FileSet if they
+// are not already present. It panics if any pair of files in the
+// resulting FileSet would overlap.
+func AddExistingFiles(fset *token.FileSet, files []*token.File) {
+ // Punch through the FileSet encapsulation.
+ type tokenFileSet struct {
+ // This type remained essentially consistent from go1.16 to go1.21.
+ mutex sync.RWMutex
+ base int
+ files []*token.File
+ _ *token.File // changed to atomic.Pointer[token.File] in go1.19
+ }
+
+ // If the size of token.FileSet changes, this will fail to compile.
+ const delta = int64(unsafe.Sizeof(tokenFileSet{})) - int64(unsafe.Sizeof(token.FileSet{}))
+ var _ [-delta * delta]int
+
+ type uP = unsafe.Pointer
+ var ptr *tokenFileSet
+ *(*uP)(uP(&ptr)) = uP(fset)
+ ptr.mutex.Lock()
+ defer ptr.mutex.Unlock()
+
+ // Merge and sort.
+ newFiles := append(ptr.files, files...)
+ sort.Slice(newFiles, func(i, j int) bool {
+ return newFiles[i].Base() < newFiles[j].Base()
+ })
+
+ // Reject overlapping files.
+ // Discard adjacent identical files.
+ out := newFiles[:0]
+ for i, file := range newFiles {
+ if i > 0 {
+ prev := newFiles[i-1]
+ if file == prev {
+ continue
+ }
+ if prev.Base()+prev.Size()+1 > file.Base() {
+ panic(fmt.Sprintf("file %s (%d-%d) overlaps with file %s (%d-%d)",
+ prev.Name(), prev.Base(), prev.Base()+prev.Size(),
+ file.Name(), file.Base(), file.Base()+file.Size()))
+ }
+ }
+ out = append(out, file)
+ }
+ newFiles = out
+
+ ptr.files = newFiles
+
+ // Advance FileSet.Base().
+ if len(newFiles) > 0 {
+ last := newFiles[len(newFiles)-1]
+ newBase := last.Base() + last.Size() + 1
+ if ptr.base < newBase {
+ ptr.base = newBase
+ }
+ }
+}
+
+// FileSetFor returns a new FileSet containing a sequence of new Files with
+// the same base, size, and line as the input files, for use in APIs that
+// require a FileSet.
+//
+// Precondition: the input files must be non-overlapping, and sorted in order
+// of their Base.
+func FileSetFor(files ...*token.File) *token.FileSet {
+ fset := token.NewFileSet()
+ for _, f := range files {
+ f2 := fset.AddFile(f.Name(), f.Base(), f.Size())
+ lines := GetLines(f)
+ f2.SetLines(lines)
+ }
+ return fset
+}
+
+// CloneFileSet creates a new FileSet holding all files in fset. It does not
+// create copies of the token.Files in fset: they are added to the resulting
+// FileSet unmodified.
+func CloneFileSet(fset *token.FileSet) *token.FileSet {
+ var files []*token.File
+ fset.Iterate(func(f *token.File) bool {
+ files = append(files, f)
+ return true
+ })
+ newFileSet := token.NewFileSet()
+ AddExistingFiles(newFileSet, files)
+ return newFileSet
+}
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go b/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go
new file mode 100644
index 000000000..834e05381
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typesinternal/errorcode.go
@@ -0,0 +1,1560 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package typesinternal
+
+//go:generate stringer -type=ErrorCode
+
+type ErrorCode int
+
+// This file defines the error codes that can be produced during type-checking.
+// Collectively, these codes provide an identifier that may be used to
+// implement special handling for certain types of errors.
+//
+// Error codes should be fine-grained enough that the exact nature of the error
+// can be easily determined, but coarse enough that they are not an
+// implementation detail of the type checking algorithm. As a rule-of-thumb,
+// errors should be considered equivalent if there is a theoretical refactoring
+// of the type checker in which they are emitted in exactly one place. For
+// example, the type checker emits different error messages for "too many
+// arguments" and "too few arguments", but one can imagine an alternative type
+// checker where this check instead just emits a single "wrong number of
+// arguments", so these errors should have the same code.
+//
+// Error code names should be as brief as possible while retaining accuracy and
+// distinctiveness. In most cases names should start with an adjective
+// describing the nature of the error (e.g. "invalid", "unused", "misplaced"),
+// and end with a noun identifying the relevant language object. For example,
+// "DuplicateDecl" or "InvalidSliceExpr". For brevity, naming follows the
+// convention that "bad" implies a problem with syntax, and "invalid" implies a
+// problem with types.
+
+const (
+ // InvalidSyntaxTree occurs if an invalid syntax tree is provided
+ // to the type checker. It should never happen.
+ InvalidSyntaxTree ErrorCode = -1
+)
+
+const (
+ _ ErrorCode = iota
+
+ // Test is reserved for errors that only apply while in self-test mode.
+ Test
+
+ /* package names */
+
+ // BlankPkgName occurs when a package name is the blank identifier "_".
+ //
+ // Per the spec:
+ // "The PackageName must not be the blank identifier."
+ BlankPkgName
+
+ // MismatchedPkgName occurs when a file's package name doesn't match the
+ // package name already established by other files.
+ MismatchedPkgName
+
+ // InvalidPkgUse occurs when a package identifier is used outside of a
+ // selector expression.
+ //
+ // Example:
+ // import "fmt"
+ //
+ // var _ = fmt
+ InvalidPkgUse
+
+ /* imports */
+
+ // BadImportPath occurs when an import path is not valid.
+ BadImportPath
+
+ // BrokenImport occurs when importing a package fails.
+ //
+ // Example:
+ // import "amissingpackage"
+ BrokenImport
+
+ // ImportCRenamed occurs when the special import "C" is renamed. "C" is a
+ // pseudo-package, and must not be renamed.
+ //
+ // Example:
+ // import _ "C"
+ ImportCRenamed
+
+ // UnusedImport occurs when an import is unused.
+ //
+ // Example:
+ // import "fmt"
+ //
+ // func main() {}
+ UnusedImport
+
+ /* initialization */
+
+ // InvalidInitCycle occurs when an invalid cycle is detected within the
+ // initialization graph.
+ //
+ // Example:
+ // var x int = f()
+ //
+ // func f() int { return x }
+ InvalidInitCycle
+
+ /* decls */
+
+ // DuplicateDecl occurs when an identifier is declared multiple times.
+ //
+ // Example:
+ // var x = 1
+ // var x = 2
+ DuplicateDecl
+
+ // InvalidDeclCycle occurs when a declaration cycle is not valid.
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // type T struct {
+ // a [n]int
+ // }
+ //
+ // var n = unsafe.Sizeof(T{})
+ InvalidDeclCycle
+
+ // InvalidTypeCycle occurs when a cycle in type definitions results in a
+ // type that is not well-defined.
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // type T [unsafe.Sizeof(T{})]int
+ InvalidTypeCycle
+
+ /* decls > const */
+
+ // InvalidConstInit occurs when a const declaration has a non-constant
+ // initializer.
+ //
+ // Example:
+ // var x int
+ // const _ = x
+ InvalidConstInit
+
+ // InvalidConstVal occurs when a const value cannot be converted to its
+ // target type.
+ //
+ // TODO(findleyr): this error code and example are not very clear. Consider
+ // removing it.
+ //
+ // Example:
+ // const _ = 1 << "hello"
+ InvalidConstVal
+
+ // InvalidConstType occurs when the underlying type in a const declaration
+ // is not a valid constant type.
+ //
+ // Example:
+ // const c *int = 4
+ InvalidConstType
+
+ /* decls > var (+ other variable assignment codes) */
+
+ // UntypedNilUse occurs when the predeclared (untyped) value nil is used to
+ // initialize a variable declared without an explicit type.
+ //
+ // Example:
+ // var x = nil
+ UntypedNilUse
+
+ // WrongAssignCount occurs when the number of values on the right-hand side
+ // of an assignment or initialization expression does not match the number
+ // of variables on the left-hand side.
+ //
+ // Example:
+ // var x = 1, 2
+ WrongAssignCount
+
+ // UnassignableOperand occurs when the left-hand side of an assignment is
+ // not assignable.
+ //
+ // Example:
+ // func f() {
+ // const c = 1
+ // c = 2
+ // }
+ UnassignableOperand
+
+ // NoNewVar occurs when a short variable declaration (':=') does not declare
+ // new variables.
+ //
+ // Example:
+ // func f() {
+ // x := 1
+ // x := 2
+ // }
+ NoNewVar
+
+ // MultiValAssignOp occurs when an assignment operation (+=, *=, etc) does
+ // not have single-valued left-hand or right-hand side.
+ //
+ // Per the spec:
+ // "In assignment operations, both the left- and right-hand expression lists
+ // must contain exactly one single-valued expression"
+ //
+ // Example:
+ // func f() int {
+ // x, y := 1, 2
+ // x, y += 1
+ // return x + y
+ // }
+ MultiValAssignOp
+
+ // InvalidIfaceAssign occurs when a value of type T is used as an
+ // interface, but T does not implement a method of the expected interface.
+ //
+ // Example:
+ // type I interface {
+ // f()
+ // }
+ //
+ // type T int
+ //
+ // var x I = T(1)
+ InvalidIfaceAssign
+
+ // InvalidChanAssign occurs when a chan assignment is invalid.
+ //
+ // Per the spec, a value x is assignable to a channel type T if:
+ // "x is a bidirectional channel value, T is a channel type, x's type V and
+ // T have identical element types, and at least one of V or T is not a
+ // defined type."
+ //
+ // Example:
+ // type T1 chan int
+ // type T2 chan int
+ //
+ // var x T1
+ // // Invalid assignment because both types are named
+ // var _ T2 = x
+ InvalidChanAssign
+
+ // IncompatibleAssign occurs when the type of the right-hand side expression
+ // in an assignment cannot be assigned to the type of the variable being
+ // assigned.
+ //
+ // Example:
+ // var x []int
+ // var _ int = x
+ IncompatibleAssign
+
+ // UnaddressableFieldAssign occurs when trying to assign to a struct field
+ // in a map value.
+ //
+ // Example:
+ // func f() {
+ // m := make(map[string]struct{i int})
+ // m["foo"].i = 42
+ // }
+ UnaddressableFieldAssign
+
+ /* decls > type (+ other type expression codes) */
+
+ // NotAType occurs when the identifier used as the underlying type in a type
+ // declaration or the right-hand side of a type alias does not denote a type.
+ //
+ // Example:
+ // var S = 2
+ //
+ // type T S
+ NotAType
+
+ // InvalidArrayLen occurs when an array length is not a constant value.
+ //
+ // Example:
+ // var n = 3
+ // var _ = [n]int{}
+ InvalidArrayLen
+
+ // BlankIfaceMethod occurs when a method name is '_'.
+ //
+ // Per the spec:
+ // "The name of each explicitly specified method must be unique and not
+ // blank."
+ //
+ // Example:
+ // type T interface {
+ // _(int)
+ // }
+ BlankIfaceMethod
+
+ // IncomparableMapKey occurs when a map key type does not support the == and
+ // != operators.
+ //
+ // Per the spec:
+ // "The comparison operators == and != must be fully defined for operands of
+ // the key type; thus the key type must not be a function, map, or slice."
+ //
+ // Example:
+ // var x map[T]int
+ //
+ // type T []int
+ IncomparableMapKey
+
+ // InvalidIfaceEmbed occurs when a non-interface type is embedded in an
+ // interface.
+ //
+ // Example:
+ // type T struct {}
+ //
+ // func (T) m()
+ //
+ // type I interface {
+ // T
+ // }
+ InvalidIfaceEmbed
+
+ // InvalidPtrEmbed occurs when an embedded field is of the pointer form *T,
+ // and T itself is itself a pointer, an unsafe.Pointer, or an interface.
+ //
+ // Per the spec:
+ // "An embedded field must be specified as a type name T or as a pointer to
+ // a non-interface type name *T, and T itself may not be a pointer type."
+ //
+ // Example:
+ // type T *int
+ //
+ // type S struct {
+ // *T
+ // }
+ InvalidPtrEmbed
+
+ /* decls > func and method */
+
+ // BadRecv occurs when a method declaration does not have exactly one
+ // receiver parameter.
+ //
+ // Example:
+ // func () _() {}
+ BadRecv
+
+ // InvalidRecv occurs when a receiver type expression is not of the form T
+ // or *T, or T is a pointer type.
+ //
+ // Example:
+ // type T struct {}
+ //
+ // func (**T) m() {}
+ InvalidRecv
+
+ // DuplicateFieldAndMethod occurs when an identifier appears as both a field
+ // and method name.
+ //
+ // Example:
+ // type T struct {
+ // m int
+ // }
+ //
+ // func (T) m() {}
+ DuplicateFieldAndMethod
+
+ // DuplicateMethod occurs when two methods on the same receiver type have
+ // the same name.
+ //
+ // Example:
+ // type T struct {}
+ // func (T) m() {}
+ // func (T) m(i int) int { return i }
+ DuplicateMethod
+
+ /* decls > special */
+
+ // InvalidBlank occurs when a blank identifier is used as a value or type.
+ //
+ // Per the spec:
+ // "The blank identifier may appear as an operand only on the left-hand side
+ // of an assignment."
+ //
+ // Example:
+ // var x = _
+ InvalidBlank
+
+ // InvalidIota occurs when the predeclared identifier iota is used outside
+ // of a constant declaration.
+ //
+ // Example:
+ // var x = iota
+ InvalidIota
+
+ // MissingInitBody occurs when an init function is missing its body.
+ //
+ // Example:
+ // func init()
+ MissingInitBody
+
+ // InvalidInitSig occurs when an init function declares parameters or
+ // results.
+ //
+ // Example:
+ // func init() int { return 1 }
+ InvalidInitSig
+
+ // InvalidInitDecl occurs when init is declared as anything other than a
+ // function.
+ //
+ // Example:
+ // var init = 1
+ InvalidInitDecl
+
+ // InvalidMainDecl occurs when main is declared as anything other than a
+ // function, in a main package.
+ InvalidMainDecl
+
+ /* exprs */
+
+ // TooManyValues occurs when a function returns too many values for the
+ // expression context in which it is used.
+ //
+ // Example:
+ // func ReturnTwo() (int, int) {
+ // return 1, 2
+ // }
+ //
+ // var x = ReturnTwo()
+ TooManyValues
+
+ // NotAnExpr occurs when a type expression is used where a value expression
+ // is expected.
+ //
+ // Example:
+ // type T struct {}
+ //
+ // func f() {
+ // T
+ // }
+ NotAnExpr
+
+ /* exprs > const */
+
+ // TruncatedFloat occurs when a float constant is truncated to an integer
+ // value.
+ //
+ // Example:
+ // var _ int = 98.6
+ TruncatedFloat
+
+ // NumericOverflow occurs when a numeric constant overflows its target type.
+ //
+ // Example:
+ // var x int8 = 1000
+ NumericOverflow
+
+ /* exprs > operation */
+
+ // UndefinedOp occurs when an operator is not defined for the type(s) used
+ // in an operation.
+ //
+ // Example:
+ // var c = "a" - "b"
+ UndefinedOp
+
+ // MismatchedTypes occurs when operand types are incompatible in a binary
+ // operation.
+ //
+ // Example:
+ // var a = "hello"
+ // var b = 1
+ // var c = a - b
+ MismatchedTypes
+
+ // DivByZero occurs when a division operation is provable at compile
+ // time to be a division by zero.
+ //
+ // Example:
+ // const divisor = 0
+ // var x int = 1/divisor
+ DivByZero
+
+ // NonNumericIncDec occurs when an increment or decrement operator is
+ // applied to a non-numeric value.
+ //
+ // Example:
+ // func f() {
+ // var c = "c"
+ // c++
+ // }
+ NonNumericIncDec
+
+ /* exprs > ptr */
+
+ // UnaddressableOperand occurs when the & operator is applied to an
+ // unaddressable expression.
+ //
+ // Example:
+ // var x = &1
+ UnaddressableOperand
+
+ // InvalidIndirection occurs when a non-pointer value is indirected via the
+ // '*' operator.
+ //
+ // Example:
+ // var x int
+ // var y = *x
+ InvalidIndirection
+
+ /* exprs > [] */
+
+ // NonIndexableOperand occurs when an index operation is applied to a value
+ // that cannot be indexed.
+ //
+ // Example:
+ // var x = 1
+ // var y = x[1]
+ NonIndexableOperand
+
+ // InvalidIndex occurs when an index argument is not of integer type,
+ // negative, or out-of-bounds.
+ //
+ // Example:
+ // var s = [...]int{1,2,3}
+ // var x = s[5]
+ //
+ // Example:
+ // var s = []int{1,2,3}
+ // var _ = s[-1]
+ //
+ // Example:
+ // var s = []int{1,2,3}
+ // var i string
+ // var _ = s[i]
+ InvalidIndex
+
+ // SwappedSliceIndices occurs when constant indices in a slice expression
+ // are decreasing in value.
+ //
+ // Example:
+ // var _ = []int{1,2,3}[2:1]
+ SwappedSliceIndices
+
+ /* operators > slice */
+
+ // NonSliceableOperand occurs when a slice operation is applied to a value
+ // whose type is not sliceable, or is unaddressable.
+ //
+ // Example:
+ // var x = [...]int{1, 2, 3}[:1]
+ //
+ // Example:
+ // var x = 1
+ // var y = 1[:1]
+ NonSliceableOperand
+
+ // InvalidSliceExpr occurs when a three-index slice expression (a[x:y:z]) is
+ // applied to a string.
+ //
+ // Example:
+ // var s = "hello"
+ // var x = s[1:2:3]
+ InvalidSliceExpr
+
+ /* exprs > shift */
+
+ // InvalidShiftCount occurs when the right-hand side of a shift operation is
+ // either non-integer, negative, or too large.
+ //
+ // Example:
+ // var (
+ // x string
+ // y int = 1 << x
+ // )
+ InvalidShiftCount
+
+ // InvalidShiftOperand occurs when the shifted operand is not an integer.
+ //
+ // Example:
+ // var s = "hello"
+ // var x = s << 2
+ InvalidShiftOperand
+
+ /* exprs > chan */
+
+ // InvalidReceive occurs when there is a channel receive from a value that
+ // is either not a channel, or is a send-only channel.
+ //
+ // Example:
+ // func f() {
+ // var x = 1
+ // <-x
+ // }
+ InvalidReceive
+
+ // InvalidSend occurs when there is a channel send to a value that is not a
+ // channel, or is a receive-only channel.
+ //
+ // Example:
+ // func f() {
+ // var x = 1
+ // x <- "hello!"
+ // }
+ InvalidSend
+
+ /* exprs > literal */
+
+ // DuplicateLitKey occurs when an index is duplicated in a slice, array, or
+ // map literal.
+ //
+ // Example:
+ // var _ = []int{0:1, 0:2}
+ //
+ // Example:
+ // var _ = map[string]int{"a": 1, "a": 2}
+ DuplicateLitKey
+
+ // MissingLitKey occurs when a map literal is missing a key expression.
+ //
+ // Example:
+ // var _ = map[string]int{1}
+ MissingLitKey
+
+ // InvalidLitIndex occurs when the key in a key-value element of a slice or
+ // array literal is not an integer constant.
+ //
+ // Example:
+ // var i = 0
+ // var x = []string{i: "world"}
+ InvalidLitIndex
+
+ // OversizeArrayLit occurs when an array literal exceeds its length.
+ //
+ // Example:
+ // var _ = [2]int{1,2,3}
+ OversizeArrayLit
+
+ // MixedStructLit occurs when a struct literal contains a mix of positional
+ // and named elements.
+ //
+ // Example:
+ // var _ = struct{i, j int}{i: 1, 2}
+ MixedStructLit
+
+ // InvalidStructLit occurs when a positional struct literal has an incorrect
+ // number of values.
+ //
+ // Example:
+ // var _ = struct{i, j int}{1,2,3}
+ InvalidStructLit
+
+ // MissingLitField occurs when a struct literal refers to a field that does
+ // not exist on the struct type.
+ //
+ // Example:
+ // var _ = struct{i int}{j: 2}
+ MissingLitField
+
+ // DuplicateLitField occurs when a struct literal contains duplicated
+ // fields.
+ //
+ // Example:
+ // var _ = struct{i int}{i: 1, i: 2}
+ DuplicateLitField
+
+ // UnexportedLitField occurs when a positional struct literal implicitly
+ // assigns an unexported field of an imported type.
+ UnexportedLitField
+
+ // InvalidLitField occurs when a field name is not a valid identifier.
+ //
+ // Example:
+ // var _ = struct{i int}{1: 1}
+ InvalidLitField
+
+ // UntypedLit occurs when a composite literal omits a required type
+ // identifier.
+ //
+ // Example:
+ // type outer struct{
+ // inner struct { i int }
+ // }
+ //
+ // var _ = outer{inner: {1}}
+ UntypedLit
+
+ // InvalidLit occurs when a composite literal expression does not match its
+ // type.
+ //
+ // Example:
+ // type P *struct{
+ // x int
+ // }
+ // var _ = P {}
+ InvalidLit
+
+ /* exprs > selector */
+
+ // AmbiguousSelector occurs when a selector is ambiguous.
+ //
+ // Example:
+ // type E1 struct { i int }
+ // type E2 struct { i int }
+ // type T struct { E1; E2 }
+ //
+ // var x T
+ // var _ = x.i
+ AmbiguousSelector
+
+ // UndeclaredImportedName occurs when a package-qualified identifier is
+ // undeclared by the imported package.
+ //
+ // Example:
+ // import "go/types"
+ //
+ // var _ = types.NotAnActualIdentifier
+ UndeclaredImportedName
+
+ // UnexportedName occurs when a selector refers to an unexported identifier
+ // of an imported package.
+ //
+ // Example:
+ // import "reflect"
+ //
+ // type _ reflect.flag
+ UnexportedName
+
+ // UndeclaredName occurs when an identifier is not declared in the current
+ // scope.
+ //
+ // Example:
+ // var x T
+ UndeclaredName
+
+ // MissingFieldOrMethod occurs when a selector references a field or method
+ // that does not exist.
+ //
+ // Example:
+ // type T struct {}
+ //
+ // var x = T{}.f
+ MissingFieldOrMethod
+
+ /* exprs > ... */
+
+ // BadDotDotDotSyntax occurs when a "..." occurs in a context where it is
+ // not valid.
+ //
+ // Example:
+ // var _ = map[int][...]int{0: {}}
+ BadDotDotDotSyntax
+
+ // NonVariadicDotDotDot occurs when a "..." is used on the final argument to
+ // a non-variadic function.
+ //
+ // Example:
+ // func printArgs(s []string) {
+ // for _, a := range s {
+ // println(a)
+ // }
+ // }
+ //
+ // func f() {
+ // s := []string{"a", "b", "c"}
+ // printArgs(s...)
+ // }
+ NonVariadicDotDotDot
+
+ // MisplacedDotDotDot occurs when a "..." is used somewhere other than the
+ // final argument to a function call.
+ //
+ // Example:
+ // func printArgs(args ...int) {
+ // for _, a := range args {
+ // println(a)
+ // }
+ // }
+ //
+ // func f() {
+ // a := []int{1,2,3}
+ // printArgs(0, a...)
+ // }
+ MisplacedDotDotDot
+
+ // InvalidDotDotDotOperand occurs when a "..." operator is applied to a
+ // single-valued operand.
+ //
+ // Example:
+ // func printArgs(args ...int) {
+ // for _, a := range args {
+ // println(a)
+ // }
+ // }
+ //
+ // func f() {
+ // a := 1
+ // printArgs(a...)
+ // }
+ //
+ // Example:
+ // func args() (int, int) {
+ // return 1, 2
+ // }
+ //
+ // func printArgs(args ...int) {
+ // for _, a := range args {
+ // println(a)
+ // }
+ // }
+ //
+ // func g() {
+ // printArgs(args()...)
+ // }
+ InvalidDotDotDotOperand
+
+ // InvalidDotDotDot occurs when a "..." is used in a non-variadic built-in
+ // function.
+ //
+ // Example:
+ // var s = []int{1, 2, 3}
+ // var l = len(s...)
+ InvalidDotDotDot
+
+ /* exprs > built-in */
+
+ // UncalledBuiltin occurs when a built-in function is used as a
+ // function-valued expression, instead of being called.
+ //
+ // Per the spec:
+ // "The built-in functions do not have standard Go types, so they can only
+ // appear in call expressions; they cannot be used as function values."
+ //
+ // Example:
+ // var _ = copy
+ UncalledBuiltin
+
+ // InvalidAppend occurs when append is called with a first argument that is
+ // not a slice.
+ //
+ // Example:
+ // var _ = append(1, 2)
+ InvalidAppend
+
+ // InvalidCap occurs when an argument to the cap built-in function is not of
+ // supported type.
+ //
+ // See https://golang.org/ref/spec#Lengthand_capacity for information on
+ // which underlying types are supported as arguments to cap and len.
+ //
+ // Example:
+ // var s = 2
+ // var x = cap(s)
+ InvalidCap
+
+ // InvalidClose occurs when close(...) is called with an argument that is
+ // not of channel type, or that is a receive-only channel.
+ //
+ // Example:
+ // func f() {
+ // var x int
+ // close(x)
+ // }
+ InvalidClose
+
+ // InvalidCopy occurs when the arguments are not of slice type or do not
+ // have compatible type.
+ //
+ // See https://golang.org/ref/spec#Appendingand_copying_slices for more
+ // information on the type requirements for the copy built-in.
+ //
+ // Example:
+ // func f() {
+ // var x []int
+ // y := []int64{1,2,3}
+ // copy(x, y)
+ // }
+ InvalidCopy
+
+ // InvalidComplex occurs when the complex built-in function is called with
+ // arguments with incompatible types.
+ //
+ // Example:
+ // var _ = complex(float32(1), float64(2))
+ InvalidComplex
+
+ // InvalidDelete occurs when the delete built-in function is called with a
+ // first argument that is not a map.
+ //
+ // Example:
+ // func f() {
+ // m := "hello"
+ // delete(m, "e")
+ // }
+ InvalidDelete
+
+ // InvalidImag occurs when the imag built-in function is called with an
+ // argument that does not have complex type.
+ //
+ // Example:
+ // var _ = imag(int(1))
+ InvalidImag
+
+ // InvalidLen occurs when an argument to the len built-in function is not of
+ // supported type.
+ //
+ // See https://golang.org/ref/spec#Lengthand_capacity for information on
+ // which underlying types are supported as arguments to cap and len.
+ //
+ // Example:
+ // var s = 2
+ // var x = len(s)
+ InvalidLen
+
+ // SwappedMakeArgs occurs when make is called with three arguments, and its
+ // length argument is larger than its capacity argument.
+ //
+ // Example:
+ // var x = make([]int, 3, 2)
+ SwappedMakeArgs
+
+ // InvalidMake occurs when make is called with an unsupported type argument.
+ //
+ // See https://golang.org/ref/spec#Makingslices_maps_and_channels for
+ // information on the types that may be created using make.
+ //
+ // Example:
+ // var x = make(int)
+ InvalidMake
+
+ // InvalidReal occurs when the real built-in function is called with an
+ // argument that does not have complex type.
+ //
+ // Example:
+ // var _ = real(int(1))
+ InvalidReal
+
+ /* exprs > assertion */
+
+ // InvalidAssert occurs when a type assertion is applied to a
+ // value that is not of interface type.
+ //
+ // Example:
+ // var x = 1
+ // var _ = x.(float64)
+ InvalidAssert
+
+ // ImpossibleAssert occurs for a type assertion x.(T) when the value x of
+ // interface cannot have dynamic type T, due to a missing or mismatching
+ // method on T.
+ //
+ // Example:
+ // type T int
+ //
+ // func (t *T) m() int { return int(*t) }
+ //
+ // type I interface { m() int }
+ //
+ // var x I
+ // var _ = x.(T)
+ ImpossibleAssert
+
+ /* exprs > conversion */
+
+ // InvalidConversion occurs when the argument type cannot be converted to the
+ // target.
+ //
+ // See https://golang.org/ref/spec#Conversions for the rules of
+ // convertibility.
+ //
+ // Example:
+ // var x float64
+ // var _ = string(x)
+ InvalidConversion
+
+ // InvalidUntypedConversion occurs when an there is no valid implicit
+ // conversion from an untyped value satisfying the type constraints of the
+ // context in which it is used.
+ //
+ // Example:
+ // var _ = 1 + ""
+ InvalidUntypedConversion
+
+ /* offsetof */
+
+ // BadOffsetofSyntax occurs when unsafe.Offsetof is called with an argument
+ // that is not a selector expression.
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // var x int
+ // var _ = unsafe.Offsetof(x)
+ BadOffsetofSyntax
+
+ // InvalidOffsetof occurs when unsafe.Offsetof is called with a method
+ // selector, rather than a field selector, or when the field is embedded via
+ // a pointer.
+ //
+ // Per the spec:
+ //
+ // "If f is an embedded field, it must be reachable without pointer
+ // indirections through fields of the struct. "
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // type T struct { f int }
+ // type S struct { *T }
+ // var s S
+ // var _ = unsafe.Offsetof(s.f)
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // type S struct{}
+ //
+ // func (S) m() {}
+ //
+ // var s S
+ // var _ = unsafe.Offsetof(s.m)
+ InvalidOffsetof
+
+ /* control flow > scope */
+
+ // UnusedExpr occurs when a side-effect free expression is used as a
+ // statement. Such a statement has no effect.
+ //
+ // Example:
+ // func f(i int) {
+ // i*i
+ // }
+ UnusedExpr
+
+ // UnusedVar occurs when a variable is declared but unused.
+ //
+ // Example:
+ // func f() {
+ // x := 1
+ // }
+ UnusedVar
+
+ // MissingReturn occurs when a function with results is missing a return
+ // statement.
+ //
+ // Example:
+ // func f() int {}
+ MissingReturn
+
+ // WrongResultCount occurs when a return statement returns an incorrect
+ // number of values.
+ //
+ // Example:
+ // func ReturnOne() int {
+ // return 1, 2
+ // }
+ WrongResultCount
+
+ // OutOfScopeResult occurs when the name of a value implicitly returned by
+ // an empty return statement is shadowed in a nested scope.
+ //
+ // Example:
+ // func factor(n int) (i int) {
+ // for i := 2; i < n; i++ {
+ // if n%i == 0 {
+ // return
+ // }
+ // }
+ // return 0
+ // }
+ OutOfScopeResult
+
+ /* control flow > if */
+
+ // InvalidCond occurs when an if condition is not a boolean expression.
+ //
+ // Example:
+ // func checkReturn(i int) {
+ // if i {
+ // panic("non-zero return")
+ // }
+ // }
+ InvalidCond
+
+ /* control flow > for */
+
+ // InvalidPostDecl occurs when there is a declaration in a for-loop post
+ // statement.
+ //
+ // Example:
+ // func f() {
+ // for i := 0; i < 10; j := 0 {}
+ // }
+ InvalidPostDecl
+
+ // InvalidChanRange occurs when a send-only channel used in a range
+ // expression.
+ //
+ // Example:
+ // func sum(c chan<- int) {
+ // s := 0
+ // for i := range c {
+ // s += i
+ // }
+ // }
+ InvalidChanRange
+
+ // InvalidIterVar occurs when two iteration variables are used while ranging
+ // over a channel.
+ //
+ // Example:
+ // func f(c chan int) {
+ // for k, v := range c {
+ // println(k, v)
+ // }
+ // }
+ InvalidIterVar
+
+ // InvalidRangeExpr occurs when the type of a range expression is not array,
+ // slice, string, map, or channel.
+ //
+ // Example:
+ // func f(i int) {
+ // for j := range i {
+ // println(j)
+ // }
+ // }
+ InvalidRangeExpr
+
+ /* control flow > switch */
+
+ // MisplacedBreak occurs when a break statement is not within a for, switch,
+ // or select statement of the innermost function definition.
+ //
+ // Example:
+ // func f() {
+ // break
+ // }
+ MisplacedBreak
+
+ // MisplacedContinue occurs when a continue statement is not within a for
+ // loop of the innermost function definition.
+ //
+ // Example:
+ // func sumeven(n int) int {
+ // proceed := func() {
+ // continue
+ // }
+ // sum := 0
+ // for i := 1; i <= n; i++ {
+ // if i % 2 != 0 {
+ // proceed()
+ // }
+ // sum += i
+ // }
+ // return sum
+ // }
+ MisplacedContinue
+
+ // MisplacedFallthrough occurs when a fallthrough statement is not within an
+ // expression switch.
+ //
+ // Example:
+ // func typename(i interface{}) string {
+ // switch i.(type) {
+ // case int64:
+ // fallthrough
+ // case int:
+ // return "int"
+ // }
+ // return "unsupported"
+ // }
+ MisplacedFallthrough
+
+ // DuplicateCase occurs when a type or expression switch has duplicate
+ // cases.
+ //
+ // Example:
+ // func printInt(i int) {
+ // switch i {
+ // case 1:
+ // println("one")
+ // case 1:
+ // println("One")
+ // }
+ // }
+ DuplicateCase
+
+ // DuplicateDefault occurs when a type or expression switch has multiple
+ // default clauses.
+ //
+ // Example:
+ // func printInt(i int) {
+ // switch i {
+ // case 1:
+ // println("one")
+ // default:
+ // println("One")
+ // default:
+ // println("1")
+ // }
+ // }
+ DuplicateDefault
+
+ // BadTypeKeyword occurs when a .(type) expression is used anywhere other
+ // than a type switch.
+ //
+ // Example:
+ // type I interface {
+ // m()
+ // }
+ // var t I
+ // var _ = t.(type)
+ BadTypeKeyword
+
+ // InvalidTypeSwitch occurs when .(type) is used on an expression that is
+ // not of interface type.
+ //
+ // Example:
+ // func f(i int) {
+ // switch x := i.(type) {}
+ // }
+ InvalidTypeSwitch
+
+ // InvalidExprSwitch occurs when a switch expression is not comparable.
+ //
+ // Example:
+ // func _() {
+ // var a struct{ _ func() }
+ // switch a /* ERROR cannot switch on a */ {
+ // }
+ // }
+ InvalidExprSwitch
+
+ /* control flow > select */
+
+ // InvalidSelectCase occurs when a select case is not a channel send or
+ // receive.
+ //
+ // Example:
+ // func checkChan(c <-chan int) bool {
+ // select {
+ // case c:
+ // return true
+ // default:
+ // return false
+ // }
+ // }
+ InvalidSelectCase
+
+ /* control flow > labels and jumps */
+
+ // UndeclaredLabel occurs when an undeclared label is jumped to.
+ //
+ // Example:
+ // func f() {
+ // goto L
+ // }
+ UndeclaredLabel
+
+ // DuplicateLabel occurs when a label is declared more than once.
+ //
+ // Example:
+ // func f() int {
+ // L:
+ // L:
+ // return 1
+ // }
+ DuplicateLabel
+
+ // MisplacedLabel occurs when a break or continue label is not on a for,
+ // switch, or select statement.
+ //
+ // Example:
+ // func f() {
+ // L:
+ // a := []int{1,2,3}
+ // for _, e := range a {
+ // if e > 10 {
+ // break L
+ // }
+ // println(a)
+ // }
+ // }
+ MisplacedLabel
+
+ // UnusedLabel occurs when a label is declared but not used.
+ //
+ // Example:
+ // func f() {
+ // L:
+ // }
+ UnusedLabel
+
+ // JumpOverDecl occurs when a label jumps over a variable declaration.
+ //
+ // Example:
+ // func f() int {
+ // goto L
+ // x := 2
+ // L:
+ // x++
+ // return x
+ // }
+ JumpOverDecl
+
+ // JumpIntoBlock occurs when a forward jump goes to a label inside a nested
+ // block.
+ //
+ // Example:
+ // func f(x int) {
+ // goto L
+ // if x > 0 {
+ // L:
+ // print("inside block")
+ // }
+ // }
+ JumpIntoBlock
+
+ /* control flow > calls */
+
+ // InvalidMethodExpr occurs when a pointer method is called but the argument
+ // is not addressable.
+ //
+ // Example:
+ // type T struct {}
+ //
+ // func (*T) m() int { return 1 }
+ //
+ // var _ = T.m(T{})
+ InvalidMethodExpr
+
+ // WrongArgCount occurs when too few or too many arguments are passed by a
+ // function call.
+ //
+ // Example:
+ // func f(i int) {}
+ // var x = f()
+ WrongArgCount
+
+ // InvalidCall occurs when an expression is called that is not of function
+ // type.
+ //
+ // Example:
+ // var x = "x"
+ // var y = x()
+ InvalidCall
+
+ /* control flow > suspended */
+
+ // UnusedResults occurs when a restricted expression-only built-in function
+ // is suspended via go or defer. Such a suspension discards the results of
+ // these side-effect free built-in functions, and therefore is ineffectual.
+ //
+ // Example:
+ // func f(a []int) int {
+ // defer len(a)
+ // return i
+ // }
+ UnusedResults
+
+ // InvalidDefer occurs when a deferred expression is not a function call,
+ // for example if the expression is a type conversion.
+ //
+ // Example:
+ // func f(i int) int {
+ // defer int32(i)
+ // return i
+ // }
+ InvalidDefer
+
+ // InvalidGo occurs when a go expression is not a function call, for example
+ // if the expression is a type conversion.
+ //
+ // Example:
+ // func f(i int) int {
+ // go int32(i)
+ // return i
+ // }
+ InvalidGo
+
+ // All codes below were added in Go 1.17.
+
+ /* decl */
+
+ // BadDecl occurs when a declaration has invalid syntax.
+ BadDecl
+
+ // RepeatedDecl occurs when an identifier occurs more than once on the left
+ // hand side of a short variable declaration.
+ //
+ // Example:
+ // func _() {
+ // x, y, y := 1, 2, 3
+ // }
+ RepeatedDecl
+
+ /* unsafe */
+
+ // InvalidUnsafeAdd occurs when unsafe.Add is called with a
+ // length argument that is not of integer type.
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // var p unsafe.Pointer
+ // var _ = unsafe.Add(p, float64(1))
+ InvalidUnsafeAdd
+
+ // InvalidUnsafeSlice occurs when unsafe.Slice is called with a
+ // pointer argument that is not of pointer type or a length argument
+ // that is not of integer type, negative, or out of bounds.
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // var x int
+ // var _ = unsafe.Slice(x, 1)
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // var x int
+ // var _ = unsafe.Slice(&x, float64(1))
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // var x int
+ // var _ = unsafe.Slice(&x, -1)
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // var x int
+ // var _ = unsafe.Slice(&x, uint64(1) << 63)
+ InvalidUnsafeSlice
+
+ // All codes below were added in Go 1.18.
+
+ /* features */
+
+ // UnsupportedFeature occurs when a language feature is used that is not
+ // supported at this Go version.
+ UnsupportedFeature
+
+ /* type params */
+
+ // NotAGenericType occurs when a non-generic type is used where a generic
+ // type is expected: in type or function instantiation.
+ //
+ // Example:
+ // type T int
+ //
+ // var _ T[int]
+ NotAGenericType
+
+ // WrongTypeArgCount occurs when a type or function is instantiated with an
+ // incorrect number of type arguments, including when a generic type or
+ // function is used without instantiation.
+ //
+ // Errors involving failed type inference are assigned other error codes.
+ //
+ // Example:
+ // type T[p any] int
+ //
+ // var _ T[int, string]
+ //
+ // Example:
+ // func f[T any]() {}
+ //
+ // var x = f
+ WrongTypeArgCount
+
+ // CannotInferTypeArgs occurs when type or function type argument inference
+ // fails to infer all type arguments.
+ //
+ // Example:
+ // func f[T any]() {}
+ //
+ // func _() {
+ // f()
+ // }
+ //
+ // Example:
+ // type N[P, Q any] struct{}
+ //
+ // var _ N[int]
+ CannotInferTypeArgs
+
+ // InvalidTypeArg occurs when a type argument does not satisfy its
+ // corresponding type parameter constraints.
+ //
+ // Example:
+ // type T[P ~int] struct{}
+ //
+ // var _ T[string]
+ InvalidTypeArg // arguments? InferenceFailed
+
+ // InvalidInstanceCycle occurs when an invalid cycle is detected
+ // within the instantiation graph.
+ //
+ // Example:
+ // func f[T any]() { f[*T]() }
+ InvalidInstanceCycle
+
+ // InvalidUnion occurs when an embedded union or approximation element is
+ // not valid.
+ //
+ // Example:
+ // type _ interface {
+ // ~int | interface{ m() }
+ // }
+ InvalidUnion
+
+ // MisplacedConstraintIface occurs when a constraint-type interface is used
+ // outside of constraint position.
+ //
+ // Example:
+ // type I interface { ~int }
+ //
+ // var _ I
+ MisplacedConstraintIface
+
+ // InvalidMethodTypeParams occurs when methods have type parameters.
+ //
+ // It cannot be encountered with an AST parsed using go/parser.
+ InvalidMethodTypeParams
+
+ // MisplacedTypeParam occurs when a type parameter is used in a place where
+ // it is not permitted.
+ //
+ // Example:
+ // type T[P any] P
+ //
+ // Example:
+ // type T[P any] struct{ *P }
+ MisplacedTypeParam
+
+ // InvalidUnsafeSliceData occurs when unsafe.SliceData is called with
+ // an argument that is not of slice type. It also occurs if it is used
+ // in a package compiled for a language version before go1.20.
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // var x int
+ // var _ = unsafe.SliceData(x)
+ InvalidUnsafeSliceData
+
+ // InvalidUnsafeString occurs when unsafe.String is called with
+ // a length argument that is not of integer type, negative, or
+ // out of bounds. It also occurs if it is used in a package
+ // compiled for a language version before go1.20.
+ //
+ // Example:
+ // import "unsafe"
+ //
+ // var b [10]byte
+ // var _ = unsafe.String(&b[0], -1)
+ InvalidUnsafeString
+
+ // InvalidUnsafeStringData occurs if it is used in a package
+ // compiled for a language version before go1.20.
+ _ // not used anymore
+
+)
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go b/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go
new file mode 100644
index 000000000..15ecf7c5d
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typesinternal/errorcode_string.go
@@ -0,0 +1,179 @@
+// Code generated by "stringer -type=ErrorCode"; DO NOT EDIT.
+
+package typesinternal
+
+import "strconv"
+
+func _() {
+ // An "invalid array index" compiler error signifies that the constant values have changed.
+ // Re-run the stringer command to generate them again.
+ var x [1]struct{}
+ _ = x[InvalidSyntaxTree - -1]
+ _ = x[Test-1]
+ _ = x[BlankPkgName-2]
+ _ = x[MismatchedPkgName-3]
+ _ = x[InvalidPkgUse-4]
+ _ = x[BadImportPath-5]
+ _ = x[BrokenImport-6]
+ _ = x[ImportCRenamed-7]
+ _ = x[UnusedImport-8]
+ _ = x[InvalidInitCycle-9]
+ _ = x[DuplicateDecl-10]
+ _ = x[InvalidDeclCycle-11]
+ _ = x[InvalidTypeCycle-12]
+ _ = x[InvalidConstInit-13]
+ _ = x[InvalidConstVal-14]
+ _ = x[InvalidConstType-15]
+ _ = x[UntypedNilUse-16]
+ _ = x[WrongAssignCount-17]
+ _ = x[UnassignableOperand-18]
+ _ = x[NoNewVar-19]
+ _ = x[MultiValAssignOp-20]
+ _ = x[InvalidIfaceAssign-21]
+ _ = x[InvalidChanAssign-22]
+ _ = x[IncompatibleAssign-23]
+ _ = x[UnaddressableFieldAssign-24]
+ _ = x[NotAType-25]
+ _ = x[InvalidArrayLen-26]
+ _ = x[BlankIfaceMethod-27]
+ _ = x[IncomparableMapKey-28]
+ _ = x[InvalidIfaceEmbed-29]
+ _ = x[InvalidPtrEmbed-30]
+ _ = x[BadRecv-31]
+ _ = x[InvalidRecv-32]
+ _ = x[DuplicateFieldAndMethod-33]
+ _ = x[DuplicateMethod-34]
+ _ = x[InvalidBlank-35]
+ _ = x[InvalidIota-36]
+ _ = x[MissingInitBody-37]
+ _ = x[InvalidInitSig-38]
+ _ = x[InvalidInitDecl-39]
+ _ = x[InvalidMainDecl-40]
+ _ = x[TooManyValues-41]
+ _ = x[NotAnExpr-42]
+ _ = x[TruncatedFloat-43]
+ _ = x[NumericOverflow-44]
+ _ = x[UndefinedOp-45]
+ _ = x[MismatchedTypes-46]
+ _ = x[DivByZero-47]
+ _ = x[NonNumericIncDec-48]
+ _ = x[UnaddressableOperand-49]
+ _ = x[InvalidIndirection-50]
+ _ = x[NonIndexableOperand-51]
+ _ = x[InvalidIndex-52]
+ _ = x[SwappedSliceIndices-53]
+ _ = x[NonSliceableOperand-54]
+ _ = x[InvalidSliceExpr-55]
+ _ = x[InvalidShiftCount-56]
+ _ = x[InvalidShiftOperand-57]
+ _ = x[InvalidReceive-58]
+ _ = x[InvalidSend-59]
+ _ = x[DuplicateLitKey-60]
+ _ = x[MissingLitKey-61]
+ _ = x[InvalidLitIndex-62]
+ _ = x[OversizeArrayLit-63]
+ _ = x[MixedStructLit-64]
+ _ = x[InvalidStructLit-65]
+ _ = x[MissingLitField-66]
+ _ = x[DuplicateLitField-67]
+ _ = x[UnexportedLitField-68]
+ _ = x[InvalidLitField-69]
+ _ = x[UntypedLit-70]
+ _ = x[InvalidLit-71]
+ _ = x[AmbiguousSelector-72]
+ _ = x[UndeclaredImportedName-73]
+ _ = x[UnexportedName-74]
+ _ = x[UndeclaredName-75]
+ _ = x[MissingFieldOrMethod-76]
+ _ = x[BadDotDotDotSyntax-77]
+ _ = x[NonVariadicDotDotDot-78]
+ _ = x[MisplacedDotDotDot-79]
+ _ = x[InvalidDotDotDotOperand-80]
+ _ = x[InvalidDotDotDot-81]
+ _ = x[UncalledBuiltin-82]
+ _ = x[InvalidAppend-83]
+ _ = x[InvalidCap-84]
+ _ = x[InvalidClose-85]
+ _ = x[InvalidCopy-86]
+ _ = x[InvalidComplex-87]
+ _ = x[InvalidDelete-88]
+ _ = x[InvalidImag-89]
+ _ = x[InvalidLen-90]
+ _ = x[SwappedMakeArgs-91]
+ _ = x[InvalidMake-92]
+ _ = x[InvalidReal-93]
+ _ = x[InvalidAssert-94]
+ _ = x[ImpossibleAssert-95]
+ _ = x[InvalidConversion-96]
+ _ = x[InvalidUntypedConversion-97]
+ _ = x[BadOffsetofSyntax-98]
+ _ = x[InvalidOffsetof-99]
+ _ = x[UnusedExpr-100]
+ _ = x[UnusedVar-101]
+ _ = x[MissingReturn-102]
+ _ = x[WrongResultCount-103]
+ _ = x[OutOfScopeResult-104]
+ _ = x[InvalidCond-105]
+ _ = x[InvalidPostDecl-106]
+ _ = x[InvalidChanRange-107]
+ _ = x[InvalidIterVar-108]
+ _ = x[InvalidRangeExpr-109]
+ _ = x[MisplacedBreak-110]
+ _ = x[MisplacedContinue-111]
+ _ = x[MisplacedFallthrough-112]
+ _ = x[DuplicateCase-113]
+ _ = x[DuplicateDefault-114]
+ _ = x[BadTypeKeyword-115]
+ _ = x[InvalidTypeSwitch-116]
+ _ = x[InvalidExprSwitch-117]
+ _ = x[InvalidSelectCase-118]
+ _ = x[UndeclaredLabel-119]
+ _ = x[DuplicateLabel-120]
+ _ = x[MisplacedLabel-121]
+ _ = x[UnusedLabel-122]
+ _ = x[JumpOverDecl-123]
+ _ = x[JumpIntoBlock-124]
+ _ = x[InvalidMethodExpr-125]
+ _ = x[WrongArgCount-126]
+ _ = x[InvalidCall-127]
+ _ = x[UnusedResults-128]
+ _ = x[InvalidDefer-129]
+ _ = x[InvalidGo-130]
+ _ = x[BadDecl-131]
+ _ = x[RepeatedDecl-132]
+ _ = x[InvalidUnsafeAdd-133]
+ _ = x[InvalidUnsafeSlice-134]
+ _ = x[UnsupportedFeature-135]
+ _ = x[NotAGenericType-136]
+ _ = x[WrongTypeArgCount-137]
+ _ = x[CannotInferTypeArgs-138]
+ _ = x[InvalidTypeArg-139]
+ _ = x[InvalidInstanceCycle-140]
+ _ = x[InvalidUnion-141]
+ _ = x[MisplacedConstraintIface-142]
+ _ = x[InvalidMethodTypeParams-143]
+ _ = x[MisplacedTypeParam-144]
+ _ = x[InvalidUnsafeSliceData-145]
+ _ = x[InvalidUnsafeString-146]
+}
+
+const (
+ _ErrorCode_name_0 = "InvalidSyntaxTree"
+ _ErrorCode_name_1 = "TestBlankPkgNameMismatchedPkgNameInvalidPkgUseBadImportPathBrokenImportImportCRenamedUnusedImportInvalidInitCycleDuplicateDeclInvalidDeclCycleInvalidTypeCycleInvalidConstInitInvalidConstValInvalidConstTypeUntypedNilUseWrongAssignCountUnassignableOperandNoNewVarMultiValAssignOpInvalidIfaceAssignInvalidChanAssignIncompatibleAssignUnaddressableFieldAssignNotATypeInvalidArrayLenBlankIfaceMethodIncomparableMapKeyInvalidIfaceEmbedInvalidPtrEmbedBadRecvInvalidRecvDuplicateFieldAndMethodDuplicateMethodInvalidBlankInvalidIotaMissingInitBodyInvalidInitSigInvalidInitDeclInvalidMainDeclTooManyValuesNotAnExprTruncatedFloatNumericOverflowUndefinedOpMismatchedTypesDivByZeroNonNumericIncDecUnaddressableOperandInvalidIndirectionNonIndexableOperandInvalidIndexSwappedSliceIndicesNonSliceableOperandInvalidSliceExprInvalidShiftCountInvalidShiftOperandInvalidReceiveInvalidSendDuplicateLitKeyMissingLitKeyInvalidLitIndexOversizeArrayLitMixedStructLitInvalidStructLitMissingLitFieldDuplicateLitFieldUnexportedLitFieldInvalidLitFieldUntypedLitInvalidLitAmbiguousSelectorUndeclaredImportedNameUnexportedNameUndeclaredNameMissingFieldOrMethodBadDotDotDotSyntaxNonVariadicDotDotDotMisplacedDotDotDotInvalidDotDotDotOperandInvalidDotDotDotUncalledBuiltinInvalidAppendInvalidCapInvalidCloseInvalidCopyInvalidComplexInvalidDeleteInvalidImagInvalidLenSwappedMakeArgsInvalidMakeInvalidRealInvalidAssertImpossibleAssertInvalidConversionInvalidUntypedConversionBadOffsetofSyntaxInvalidOffsetofUnusedExprUnusedVarMissingReturnWrongResultCountOutOfScopeResultInvalidCondInvalidPostDeclInvalidChanRangeInvalidIterVarInvalidRangeExprMisplacedBreakMisplacedContinueMisplacedFallthroughDuplicateCaseDuplicateDefaultBadTypeKeywordInvalidTypeSwitchInvalidExprSwitchInvalidSelectCaseUndeclaredLabelDuplicateLabelMisplacedLabelUnusedLabelJumpOverDeclJumpIntoBlockInvalidMethodExprWrongArgCountInvalidCallUnusedResultsInvalidDeferInvalidGoBadDeclRepeatedDeclInvalidUnsafeAddInvalidUnsafeSliceUnsupportedFeatureNotAGenericTypeWrongTypeArgCountCannotInferTypeArgsInvalidTypeArgInvalidInstanceCycleInvalidUnionMisplacedConstraintIfaceInvalidMethodTypeParamsMisplacedTypeParamInvalidUnsafeSliceDataInvalidUnsafeString"
+)
+
+var (
+ _ErrorCode_index_1 = [...]uint16{0, 4, 16, 33, 46, 59, 71, 85, 97, 113, 126, 142, 158, 174, 189, 205, 218, 234, 253, 261, 277, 295, 312, 330, 354, 362, 377, 393, 411, 428, 443, 450, 461, 484, 499, 511, 522, 537, 551, 566, 581, 594, 603, 617, 632, 643, 658, 667, 683, 703, 721, 740, 752, 771, 790, 806, 823, 842, 856, 867, 882, 895, 910, 926, 940, 956, 971, 988, 1006, 1021, 1031, 1041, 1058, 1080, 1094, 1108, 1128, 1146, 1166, 1184, 1207, 1223, 1238, 1251, 1261, 1273, 1284, 1298, 1311, 1322, 1332, 1347, 1358, 1369, 1382, 1398, 1415, 1439, 1456, 1471, 1481, 1490, 1503, 1519, 1535, 1546, 1561, 1577, 1591, 1607, 1621, 1638, 1658, 1671, 1687, 1701, 1718, 1735, 1752, 1767, 1781, 1795, 1806, 1818, 1831, 1848, 1861, 1872, 1885, 1897, 1906, 1913, 1925, 1941, 1959, 1977, 1992, 2009, 2028, 2042, 2062, 2074, 2098, 2121, 2139, 2161, 2180}
+)
+
+func (i ErrorCode) String() string {
+ switch {
+ case i == -1:
+ return _ErrorCode_name_0
+ case 1 <= i && i <= 146:
+ i -= 1
+ return _ErrorCode_name_1[_ErrorCode_index_1[i]:_ErrorCode_index_1[i+1]]
+ default:
+ return "ErrorCode(" + strconv.FormatInt(int64(i), 10) + ")"
+ }
+}
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/recv.go b/vendor/golang.org/x/tools/internal/typesinternal/recv.go
new file mode 100644
index 000000000..fea7c8b75
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typesinternal/recv.go
@@ -0,0 +1,43 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package typesinternal
+
+import (
+ "go/types"
+
+ "golang.org/x/tools/internal/aliases"
+)
+
+// ReceiverNamed returns the named type (if any) associated with the
+// type of recv, which may be of the form N or *N, or aliases thereof.
+// It also reports whether a Pointer was present.
+func ReceiverNamed(recv *types.Var) (isPtr bool, named *types.Named) {
+ t := recv.Type()
+ if ptr, ok := aliases.Unalias(t).(*types.Pointer); ok {
+ isPtr = true
+ t = ptr.Elem()
+ }
+ named, _ = aliases.Unalias(t).(*types.Named)
+ return
+}
+
+// Unpointer returns T given *T or an alias thereof.
+// For all other types it is the identity function.
+// It does not look at underlying types.
+// The result may be an alias.
+//
+// Use this function to strip off the optional pointer on a receiver
+// in a field or method selection, without losing the named type
+// (which is needed to compute the method set).
+//
+// See also [typeparams.MustDeref], which removes one level of
+// indirection from the type, regardless of named types (analogous to
+// a LOAD instruction).
+func Unpointer(t types.Type) types.Type {
+ if ptr, ok := aliases.Unalias(t).(*types.Pointer); ok {
+ return ptr.Elem()
+ }
+ return t
+}
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/toonew.go b/vendor/golang.org/x/tools/internal/typesinternal/toonew.go
new file mode 100644
index 000000000..cc86487ea
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typesinternal/toonew.go
@@ -0,0 +1,89 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package typesinternal
+
+import (
+ "go/types"
+
+ "golang.org/x/tools/internal/stdlib"
+ "golang.org/x/tools/internal/versions"
+)
+
+// TooNewStdSymbols computes the set of package-level symbols
+// exported by pkg that are not available at the specified version.
+// The result maps each symbol to its minimum version.
+//
+// The pkg is allowed to contain type errors.
+func TooNewStdSymbols(pkg *types.Package, version string) map[types.Object]string {
+ disallowed := make(map[types.Object]string)
+
+ // Pass 1: package-level symbols.
+ symbols := stdlib.PackageSymbols[pkg.Path()]
+ for _, sym := range symbols {
+ symver := sym.Version.String()
+ if versions.Before(version, symver) {
+ switch sym.Kind {
+ case stdlib.Func, stdlib.Var, stdlib.Const, stdlib.Type:
+ disallowed[pkg.Scope().Lookup(sym.Name)] = symver
+ }
+ }
+ }
+
+ // Pass 2: fields and methods.
+ //
+ // We allow fields and methods if their associated type is
+ // disallowed, as otherwise we would report false positives
+ // for compatibility shims. Consider:
+ //
+ // //go:build go1.22
+ // type T struct { F std.Real } // correct new API
+ //
+ // //go:build !go1.22
+ // type T struct { F fake } // shim
+ // type fake struct { ... }
+ // func (fake) M () {}
+ //
+ // These alternative declarations of T use either the std.Real
+ // type, introduced in go1.22, or a fake type, for the field
+ // F. (The fakery could be arbitrarily deep, involving more
+ // nested fields and methods than are shown here.) Clients
+ // that use the compatibility shim T will compile with any
+ // version of go, whether older or newer than go1.22, but only
+ // the newer version will use the std.Real implementation.
+ //
+ // Now consider a reference to method M in new(T).F.M() in a
+ // module that requires a minimum of go1.21. The analysis may
+ // occur using a version of Go higher than 1.21, selecting the
+ // first version of T, so the method M is Real.M. This would
+ // spuriously cause the analyzer to report a reference to a
+ // too-new symbol even though this expression compiles just
+ // fine (with the fake implementation) using go1.21.
+ for _, sym := range symbols {
+ symVersion := sym.Version.String()
+ if !versions.Before(version, symVersion) {
+ continue // allowed
+ }
+
+ var obj types.Object
+ switch sym.Kind {
+ case stdlib.Field:
+ typename, name := sym.SplitField()
+ if t := pkg.Scope().Lookup(typename); t != nil && disallowed[t] == "" {
+ obj, _, _ = types.LookupFieldOrMethod(t.Type(), false, pkg, name)
+ }
+
+ case stdlib.Method:
+ ptr, recvname, name := sym.SplitMethod()
+ if t := pkg.Scope().Lookup(recvname); t != nil && disallowed[t] == "" {
+ obj, _, _ = types.LookupFieldOrMethod(t.Type(), ptr, pkg, name)
+ }
+ }
+ if obj != nil {
+ disallowed[obj] = symVersion
+ }
+ }
+
+ return disallowed
+}
diff --git a/vendor/golang.org/x/tools/internal/typesinternal/types.go b/vendor/golang.org/x/tools/internal/typesinternal/types.go
new file mode 100644
index 000000000..7c77c2fbc
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/typesinternal/types.go
@@ -0,0 +1,50 @@
+// Copyright 2020 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// Package typesinternal provides access to internal go/types APIs that are not
+// yet exported.
+package typesinternal
+
+import (
+ "go/token"
+ "go/types"
+ "reflect"
+ "unsafe"
+)
+
+func SetUsesCgo(conf *types.Config) bool {
+ v := reflect.ValueOf(conf).Elem()
+
+ f := v.FieldByName("go115UsesCgo")
+ if !f.IsValid() {
+ f = v.FieldByName("UsesCgo")
+ if !f.IsValid() {
+ return false
+ }
+ }
+
+ addr := unsafe.Pointer(f.UnsafeAddr())
+ *(*bool)(addr) = true
+
+ return true
+}
+
+// ReadGo116ErrorData extracts additional information from types.Error values
+// generated by Go version 1.16 and later: the error code, start position, and
+// end position. If all positions are valid, start <= err.Pos <= end.
+//
+// If the data could not be read, the final result parameter will be false.
+func ReadGo116ErrorData(err types.Error) (code ErrorCode, start, end token.Pos, ok bool) {
+ var data [3]int
+ // By coincidence all of these fields are ints, which simplifies things.
+ v := reflect.ValueOf(err)
+ for i, name := range []string{"go116code", "go116start", "go116end"} {
+ f := v.FieldByName(name)
+ if !f.IsValid() {
+ return 0, 0, 0, false
+ }
+ data[i] = int(f.Int())
+ }
+ return ErrorCode(data[0]), token.Pos(data[1]), token.Pos(data[2]), true
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/features.go b/vendor/golang.org/x/tools/internal/versions/features.go
new file mode 100644
index 000000000..b53f17861
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/features.go
@@ -0,0 +1,43 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package versions
+
+// This file contains predicates for working with file versions to
+// decide when a tool should consider a language feature enabled.
+
+// GoVersions that features in x/tools can be gated to.
+const (
+ Go1_18 = "go1.18"
+ Go1_19 = "go1.19"
+ Go1_20 = "go1.20"
+ Go1_21 = "go1.21"
+ Go1_22 = "go1.22"
+)
+
+// Future is an invalid unknown Go version sometime in the future.
+// Do not use directly with Compare.
+const Future = ""
+
+// AtLeast reports whether the file version v comes after a Go release.
+//
+// Use this predicate to enable a behavior once a certain Go release
+// has happened (and stays enabled in the future).
+func AtLeast(v, release string) bool {
+ if v == Future {
+ return true // an unknown future version is always after y.
+ }
+ return Compare(Lang(v), Lang(release)) >= 0
+}
+
+// Before reports whether the file version v is strictly before a Go release.
+//
+// Use this predicate to disable a behavior once a certain Go release
+// has happened (and stays enabled in the future).
+func Before(v, release string) bool {
+ if v == Future {
+ return false // an unknown future version happens after y.
+ }
+ return Compare(Lang(v), Lang(release)) < 0
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/gover.go b/vendor/golang.org/x/tools/internal/versions/gover.go
new file mode 100644
index 000000000..bbabcd22e
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/gover.go
@@ -0,0 +1,172 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+// This is a fork of internal/gover for use by x/tools until
+// go1.21 and earlier are no longer supported by x/tools.
+
+package versions
+
+import "strings"
+
+// A gover is a parsed Go gover: major[.Minor[.Patch]][kind[pre]]
+// The numbers are the original decimal strings to avoid integer overflows
+// and since there is very little actual math. (Probably overflow doesn't matter in practice,
+// but at the time this code was written, there was an existing test that used
+// go1.99999999999, which does not fit in an int on 32-bit platforms.
+// The "big decimal" representation avoids the problem entirely.)
+type gover struct {
+ major string // decimal
+ minor string // decimal or ""
+ patch string // decimal or ""
+ kind string // "", "alpha", "beta", "rc"
+ pre string // decimal or ""
+}
+
+// compare returns -1, 0, or +1 depending on whether
+// x < y, x == y, or x > y, interpreted as toolchain versions.
+// The versions x and y must not begin with a "go" prefix: just "1.21" not "go1.21".
+// Malformed versions compare less than well-formed versions and equal to each other.
+// The language version "1.21" compares less than the release candidate and eventual releases "1.21rc1" and "1.21.0".
+func compare(x, y string) int {
+ vx := parse(x)
+ vy := parse(y)
+
+ if c := cmpInt(vx.major, vy.major); c != 0 {
+ return c
+ }
+ if c := cmpInt(vx.minor, vy.minor); c != 0 {
+ return c
+ }
+ if c := cmpInt(vx.patch, vy.patch); c != 0 {
+ return c
+ }
+ if c := strings.Compare(vx.kind, vy.kind); c != 0 { // "" < alpha < beta < rc
+ return c
+ }
+ if c := cmpInt(vx.pre, vy.pre); c != 0 {
+ return c
+ }
+ return 0
+}
+
+// lang returns the Go language version. For example, lang("1.2.3") == "1.2".
+func lang(x string) string {
+ v := parse(x)
+ if v.minor == "" || v.major == "1" && v.minor == "0" {
+ return v.major
+ }
+ return v.major + "." + v.minor
+}
+
+// isValid reports whether the version x is valid.
+func isValid(x string) bool {
+ return parse(x) != gover{}
+}
+
+// parse parses the Go version string x into a version.
+// It returns the zero version if x is malformed.
+func parse(x string) gover {
+ var v gover
+
+ // Parse major version.
+ var ok bool
+ v.major, x, ok = cutInt(x)
+ if !ok {
+ return gover{}
+ }
+ if x == "" {
+ // Interpret "1" as "1.0.0".
+ v.minor = "0"
+ v.patch = "0"
+ return v
+ }
+
+ // Parse . before minor version.
+ if x[0] != '.' {
+ return gover{}
+ }
+
+ // Parse minor version.
+ v.minor, x, ok = cutInt(x[1:])
+ if !ok {
+ return gover{}
+ }
+ if x == "" {
+ // Patch missing is same as "0" for older versions.
+ // Starting in Go 1.21, patch missing is different from explicit .0.
+ if cmpInt(v.minor, "21") < 0 {
+ v.patch = "0"
+ }
+ return v
+ }
+
+ // Parse patch if present.
+ if x[0] == '.' {
+ v.patch, x, ok = cutInt(x[1:])
+ if !ok || x != "" {
+ // Note that we are disallowing prereleases (alpha, beta, rc) for patch releases here (x != "").
+ // Allowing them would be a bit confusing because we already have:
+ // 1.21 < 1.21rc1
+ // But a prerelease of a patch would have the opposite effect:
+ // 1.21.3rc1 < 1.21.3
+ // We've never needed them before, so let's not start now.
+ return gover{}
+ }
+ return v
+ }
+
+ // Parse prerelease.
+ i := 0
+ for i < len(x) && (x[i] < '0' || '9' < x[i]) {
+ if x[i] < 'a' || 'z' < x[i] {
+ return gover{}
+ }
+ i++
+ }
+ if i == 0 {
+ return gover{}
+ }
+ v.kind, x = x[:i], x[i:]
+ if x == "" {
+ return v
+ }
+ v.pre, x, ok = cutInt(x)
+ if !ok || x != "" {
+ return gover{}
+ }
+
+ return v
+}
+
+// cutInt scans the leading decimal number at the start of x to an integer
+// and returns that value and the rest of the string.
+func cutInt(x string) (n, rest string, ok bool) {
+ i := 0
+ for i < len(x) && '0' <= x[i] && x[i] <= '9' {
+ i++
+ }
+ if i == 0 || x[0] == '0' && i != 1 { // no digits or unnecessary leading zero
+ return "", "", false
+ }
+ return x[:i], x[i:], true
+}
+
+// cmpInt returns cmp.Compare(x, y) interpreting x and y as decimal numbers.
+// (Copied from golang.org/x/mod/semver's compareInt.)
+func cmpInt(x, y string) int {
+ if x == y {
+ return 0
+ }
+ if len(x) < len(y) {
+ return -1
+ }
+ if len(x) > len(y) {
+ return +1
+ }
+ if x < y {
+ return -1
+ } else {
+ return +1
+ }
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/toolchain.go b/vendor/golang.org/x/tools/internal/versions/toolchain.go
new file mode 100644
index 000000000..377bf7a53
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/toolchain.go
@@ -0,0 +1,14 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package versions
+
+// toolchain is maximum version (<1.22) that the go toolchain used
+// to build the current tool is known to support.
+//
+// When a tool is built with >=1.22, the value of toolchain is unused.
+//
+// x/tools does not support building with go <1.18. So we take this
+// as the minimum possible maximum.
+var toolchain string = Go1_18
diff --git a/vendor/golang.org/x/tools/internal/versions/toolchain_go119.go b/vendor/golang.org/x/tools/internal/versions/toolchain_go119.go
new file mode 100644
index 000000000..f65beed9d
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/toolchain_go119.go
@@ -0,0 +1,14 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.19
+// +build go1.19
+
+package versions
+
+func init() {
+ if Compare(toolchain, Go1_19) < 0 {
+ toolchain = Go1_19
+ }
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/toolchain_go120.go b/vendor/golang.org/x/tools/internal/versions/toolchain_go120.go
new file mode 100644
index 000000000..1a9efa126
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/toolchain_go120.go
@@ -0,0 +1,14 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.20
+// +build go1.20
+
+package versions
+
+func init() {
+ if Compare(toolchain, Go1_20) < 0 {
+ toolchain = Go1_20
+ }
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/toolchain_go121.go b/vendor/golang.org/x/tools/internal/versions/toolchain_go121.go
new file mode 100644
index 000000000..b7ef216df
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/toolchain_go121.go
@@ -0,0 +1,14 @@
+// Copyright 2024 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.21
+// +build go1.21
+
+package versions
+
+func init() {
+ if Compare(toolchain, Go1_21) < 0 {
+ toolchain = Go1_21
+ }
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/types.go b/vendor/golang.org/x/tools/internal/versions/types.go
new file mode 100644
index 000000000..562eef21f
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/types.go
@@ -0,0 +1,19 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package versions
+
+import (
+ "go/types"
+)
+
+// GoVersion returns the Go version of the type package.
+// It returns zero if no version can be determined.
+func GoVersion(pkg *types.Package) string {
+ // TODO(taking): x/tools can call GoVersion() [from 1.21] after 1.25.
+ if pkg, ok := any(pkg).(interface{ GoVersion() string }); ok {
+ return pkg.GoVersion()
+ }
+ return ""
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/types_go121.go b/vendor/golang.org/x/tools/internal/versions/types_go121.go
new file mode 100644
index 000000000..b4345d334
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/types_go121.go
@@ -0,0 +1,30 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build !go1.22
+// +build !go1.22
+
+package versions
+
+import (
+ "go/ast"
+ "go/types"
+)
+
+// FileVersion returns a language version (<=1.21) derived from runtime.Version()
+// or an unknown future version.
+func FileVersion(info *types.Info, file *ast.File) string {
+ // In x/tools built with Go <= 1.21, we do not have Info.FileVersions
+ // available. We use a go version derived from the toolchain used to
+ // compile the tool by default.
+ // This will be <= go1.21. We take this as the maximum version that
+ // this tool can support.
+ //
+ // There are no features currently in x/tools that need to tell fine grained
+ // differences for versions <1.22.
+ return toolchain
+}
+
+// InitFileVersions is a noop when compiled with this Go version.
+func InitFileVersions(*types.Info) {}
diff --git a/vendor/golang.org/x/tools/internal/versions/types_go122.go b/vendor/golang.org/x/tools/internal/versions/types_go122.go
new file mode 100644
index 000000000..e8180632a
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/types_go122.go
@@ -0,0 +1,41 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+//go:build go1.22
+// +build go1.22
+
+package versions
+
+import (
+ "go/ast"
+ "go/types"
+)
+
+// FileVersions returns a file's Go version.
+// The reported version is an unknown Future version if a
+// version cannot be determined.
+func FileVersion(info *types.Info, file *ast.File) string {
+ // In tools built with Go >= 1.22, the Go version of a file
+ // follow a cascades of sources:
+ // 1) types.Info.FileVersion, which follows the cascade:
+ // 1.a) file version (ast.File.GoVersion),
+ // 1.b) the package version (types.Config.GoVersion), or
+ // 2) is some unknown Future version.
+ //
+ // File versions require a valid package version to be provided to types
+ // in Config.GoVersion. Config.GoVersion is either from the package's module
+ // or the toolchain (go run). This value should be provided by go/packages
+ // or unitchecker.Config.GoVersion.
+ if v := info.FileVersions[file]; IsValid(v) {
+ return v
+ }
+ // Note: we could instead return runtime.Version() [if valid].
+ // This would act as a max version on what a tool can support.
+ return Future
+}
+
+// InitFileVersions initializes info to record Go versions for Go files.
+func InitFileVersions(info *types.Info) {
+ info.FileVersions = make(map[*ast.File]string)
+}
diff --git a/vendor/golang.org/x/tools/internal/versions/versions.go b/vendor/golang.org/x/tools/internal/versions/versions.go
new file mode 100644
index 000000000..8d1f7453d
--- /dev/null
+++ b/vendor/golang.org/x/tools/internal/versions/versions.go
@@ -0,0 +1,57 @@
+// Copyright 2023 The Go Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style
+// license that can be found in the LICENSE file.
+
+package versions
+
+import (
+ "strings"
+)
+
+// Note: If we use build tags to use go/versions when go >=1.22,
+// we run into go.dev/issue/53737. Under some operations users would see an
+// import of "go/versions" even if they would not compile the file.
+// For example, during `go get -u ./...` (go.dev/issue/64490) we do not try to include
+// For this reason, this library just a clone of go/versions for the moment.
+
+// Lang returns the Go language version for version x.
+// If x is not a valid version, Lang returns the empty string.
+// For example:
+//
+// Lang("go1.21rc2") = "go1.21"
+// Lang("go1.21.2") = "go1.21"
+// Lang("go1.21") = "go1.21"
+// Lang("go1") = "go1"
+// Lang("bad") = ""
+// Lang("1.21") = ""
+func Lang(x string) string {
+ v := lang(stripGo(x))
+ if v == "" {
+ return ""
+ }
+ return x[:2+len(v)] // "go"+v without allocation
+}
+
+// Compare returns -1, 0, or +1 depending on whether
+// x < y, x == y, or x > y, interpreted as Go versions.
+// The versions x and y must begin with a "go" prefix: "go1.21" not "1.21".
+// Invalid versions, including the empty string, compare less than
+// valid versions and equal to each other.
+// The language version "go1.21" compares less than the
+// release candidate and eventual releases "go1.21rc1" and "go1.21.0".
+// Custom toolchain suffixes are ignored during comparison:
+// "go1.21.0" and "go1.21.0-bigcorp" are equal.
+func Compare(x, y string) int { return compare(stripGo(x), stripGo(y)) }
+
+// IsValid reports whether the version x is valid.
+func IsValid(x string) bool { return isValid(stripGo(x)) }
+
+// stripGo converts from a "go1.21" version to a "1.21" version.
+// If v does not start with "go", stripGo returns the empty string (a known invalid version).
+func stripGo(v string) string {
+ v, _, _ = strings.Cut(v, "-") // strip -bigcorp suffix.
+ if len(v) < 2 || v[:2] != "go" {
+ return ""
+ }
+ return v[2:]
+}
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/types.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/types.go
index b1c5f6f4c..6556eda65 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/types.go
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/types.go
@@ -70,6 +70,12 @@ type CustomResourceDefinitionSpec struct {
// Top-level and per-version columns are mutually exclusive.
// +optional
AdditionalPrinterColumns []CustomResourceColumnDefinition
+ // selectableFields specifies paths to fields that may be used as field selectors.
+ // A maximum of 8 selectable fields are allowed.
+ // See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors
+ // Top-level and per-version columns are mutually exclusive.
+ // +optional
+ SelectableFields []SelectableField
// `conversion` defines conversion settings for the CRD.
Conversion *CustomResourceConversion
@@ -207,6 +213,25 @@ type CustomResourceDefinitionVersion struct {
// be explicitly set to null
// +optional
AdditionalPrinterColumns []CustomResourceColumnDefinition
+
+ // selectableFields specifies paths to fields that may be used as field selectors.
+ // A maximum of 8 selectable fields are allowed.
+ // See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors
+ // +optional
+ SelectableFields []SelectableField
+}
+
+// SelectableField specifies the JSON path of a field that may be used with field selectors.
+type SelectableField struct {
+ // jsonPath is a simple JSON path which is evaluated against each custom resource to produce a
+ // field selector value.
+ // Only JSON paths without the array notation are allowed.
+ // Must point to a field of type string, boolean or integer. Types with enum values
+ // and strings with formats are allowed.
+ // If jsonPath refers to absent field in a resource, the jsonPath evaluates to an empty string.
+ // Must not point to metdata fields.
+ // Required.
+ JSONPath string
}
// CustomResourceColumnDefinition specifies a column for server side printing.
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/conversion.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/conversion.go
index 4d29ff823..2ca72bb16 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/conversion.go
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/conversion.go
@@ -80,7 +80,7 @@ func Convert_apiextensions_CustomResourceDefinitionSpec_To_v1_CustomResourceDefi
out.Versions = []CustomResourceDefinitionVersion{{Name: in.Version, Served: true, Storage: true}}
}
- // If spec.{subresources,validation,additionalPrinterColumns} exists, move to versions
+ // If spec.{subresources,validation,additionalPrinterColumns,selectableFields} exists, move to versions
if in.Subresources != nil {
subresources := &CustomResourceSubresources{}
if err := Convert_apiextensions_CustomResourceSubresources_To_v1_CustomResourceSubresources(in.Subresources, subresources, s); err != nil {
@@ -110,6 +110,17 @@ func Convert_apiextensions_CustomResourceDefinitionSpec_To_v1_CustomResourceDefi
out.Versions[i].AdditionalPrinterColumns = additionalPrinterColumns
}
}
+ if in.SelectableFields != nil {
+ selectableFields := make([]SelectableField, len(in.SelectableFields))
+ for i := range in.SelectableFields {
+ if err := Convert_apiextensions_SelectableField_To_v1_SelectableField(&in.SelectableFields[i], &selectableFields[i], s); err != nil {
+ return err
+ }
+ }
+ for i := range out.Versions {
+ out.Versions[i].SelectableFields = selectableFields
+ }
+ }
return nil
}
@@ -125,13 +136,15 @@ func Convert_v1_CustomResourceDefinitionSpec_To_apiextensions_CustomResourceDefi
// Copy versions[0] to version
out.Version = out.Versions[0].Name
- // If versions[*].{subresources,schema,additionalPrinterColumns} are identical, move to spec
+ // If versions[*].{subresources,schema,additionalPrinterColumns,selectableFields} are identical, move to spec
subresources := out.Versions[0].Subresources
subresourcesIdentical := true
validation := out.Versions[0].Schema
validationIdentical := true
additionalPrinterColumns := out.Versions[0].AdditionalPrinterColumns
additionalPrinterColumnsIdentical := true
+ selectableFields := out.Versions[0].SelectableFields
+ selectableFieldsIdentical := true
// Detect if per-version fields are identical
for _, v := range out.Versions {
@@ -144,6 +157,9 @@ func Convert_v1_CustomResourceDefinitionSpec_To_apiextensions_CustomResourceDefi
if additionalPrinterColumnsIdentical && !apiequality.Semantic.DeepEqual(v.AdditionalPrinterColumns, additionalPrinterColumns) {
additionalPrinterColumnsIdentical = false
}
+ if selectableFieldsIdentical && !apiequality.Semantic.DeepEqual(v.SelectableFields, selectableFields) {
+ selectableFieldsIdentical = false
+ }
}
// If they are, set the top-level fields and clear the per-version fields
@@ -156,6 +172,9 @@ func Convert_v1_CustomResourceDefinitionSpec_To_apiextensions_CustomResourceDefi
if additionalPrinterColumnsIdentical {
out.AdditionalPrinterColumns = additionalPrinterColumns
}
+ if selectableFieldsIdentical {
+ out.SelectableFields = selectableFields
+ }
for i := range out.Versions {
if subresourcesIdentical {
out.Versions[i].Subresources = nil
@@ -166,6 +185,9 @@ func Convert_v1_CustomResourceDefinitionSpec_To_apiextensions_CustomResourceDefi
if additionalPrinterColumnsIdentical {
out.Versions[i].AdditionalPrinterColumns = nil
}
+ if selectableFieldsIdentical {
+ out.Versions[i].SelectableFields = nil
+ }
}
return nil
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.pb.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.pb.go
index 6c22a5169..8e081e4b1 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.pb.go
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.pb.go
@@ -15,7 +15,7 @@ limitations under the License.
*/
// Code generated by protoc-gen-gogo. DO NOT EDIT.
-// source: k8s.io/kubernetes/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto
+// source: k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto
package v1
@@ -51,7 +51,7 @@ const _ = proto.GoGoProtoPackageIsVersion3 // please upgrade the proto package
func (m *ConversionRequest) Reset() { *m = ConversionRequest{} }
func (*ConversionRequest) ProtoMessage() {}
func (*ConversionRequest) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{0}
+ return fileDescriptor_c5e101a0235c8c62, []int{0}
}
func (m *ConversionRequest) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -79,7 +79,7 @@ var xxx_messageInfo_ConversionRequest proto.InternalMessageInfo
func (m *ConversionResponse) Reset() { *m = ConversionResponse{} }
func (*ConversionResponse) ProtoMessage() {}
func (*ConversionResponse) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{1}
+ return fileDescriptor_c5e101a0235c8c62, []int{1}
}
func (m *ConversionResponse) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -107,7 +107,7 @@ var xxx_messageInfo_ConversionResponse proto.InternalMessageInfo
func (m *ConversionReview) Reset() { *m = ConversionReview{} }
func (*ConversionReview) ProtoMessage() {}
func (*ConversionReview) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{2}
+ return fileDescriptor_c5e101a0235c8c62, []int{2}
}
func (m *ConversionReview) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -135,7 +135,7 @@ var xxx_messageInfo_ConversionReview proto.InternalMessageInfo
func (m *CustomResourceColumnDefinition) Reset() { *m = CustomResourceColumnDefinition{} }
func (*CustomResourceColumnDefinition) ProtoMessage() {}
func (*CustomResourceColumnDefinition) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{3}
+ return fileDescriptor_c5e101a0235c8c62, []int{3}
}
func (m *CustomResourceColumnDefinition) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -163,7 +163,7 @@ var xxx_messageInfo_CustomResourceColumnDefinition proto.InternalMessageInfo
func (m *CustomResourceConversion) Reset() { *m = CustomResourceConversion{} }
func (*CustomResourceConversion) ProtoMessage() {}
func (*CustomResourceConversion) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{4}
+ return fileDescriptor_c5e101a0235c8c62, []int{4}
}
func (m *CustomResourceConversion) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -191,7 +191,7 @@ var xxx_messageInfo_CustomResourceConversion proto.InternalMessageInfo
func (m *CustomResourceDefinition) Reset() { *m = CustomResourceDefinition{} }
func (*CustomResourceDefinition) ProtoMessage() {}
func (*CustomResourceDefinition) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{5}
+ return fileDescriptor_c5e101a0235c8c62, []int{5}
}
func (m *CustomResourceDefinition) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -219,7 +219,7 @@ var xxx_messageInfo_CustomResourceDefinition proto.InternalMessageInfo
func (m *CustomResourceDefinitionCondition) Reset() { *m = CustomResourceDefinitionCondition{} }
func (*CustomResourceDefinitionCondition) ProtoMessage() {}
func (*CustomResourceDefinitionCondition) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{6}
+ return fileDescriptor_c5e101a0235c8c62, []int{6}
}
func (m *CustomResourceDefinitionCondition) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -247,7 +247,7 @@ var xxx_messageInfo_CustomResourceDefinitionCondition proto.InternalMessageInfo
func (m *CustomResourceDefinitionList) Reset() { *m = CustomResourceDefinitionList{} }
func (*CustomResourceDefinitionList) ProtoMessage() {}
func (*CustomResourceDefinitionList) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{7}
+ return fileDescriptor_c5e101a0235c8c62, []int{7}
}
func (m *CustomResourceDefinitionList) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -275,7 +275,7 @@ var xxx_messageInfo_CustomResourceDefinitionList proto.InternalMessageInfo
func (m *CustomResourceDefinitionNames) Reset() { *m = CustomResourceDefinitionNames{} }
func (*CustomResourceDefinitionNames) ProtoMessage() {}
func (*CustomResourceDefinitionNames) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{8}
+ return fileDescriptor_c5e101a0235c8c62, []int{8}
}
func (m *CustomResourceDefinitionNames) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -303,7 +303,7 @@ var xxx_messageInfo_CustomResourceDefinitionNames proto.InternalMessageInfo
func (m *CustomResourceDefinitionSpec) Reset() { *m = CustomResourceDefinitionSpec{} }
func (*CustomResourceDefinitionSpec) ProtoMessage() {}
func (*CustomResourceDefinitionSpec) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{9}
+ return fileDescriptor_c5e101a0235c8c62, []int{9}
}
func (m *CustomResourceDefinitionSpec) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -331,7 +331,7 @@ var xxx_messageInfo_CustomResourceDefinitionSpec proto.InternalMessageInfo
func (m *CustomResourceDefinitionStatus) Reset() { *m = CustomResourceDefinitionStatus{} }
func (*CustomResourceDefinitionStatus) ProtoMessage() {}
func (*CustomResourceDefinitionStatus) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{10}
+ return fileDescriptor_c5e101a0235c8c62, []int{10}
}
func (m *CustomResourceDefinitionStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -359,7 +359,7 @@ var xxx_messageInfo_CustomResourceDefinitionStatus proto.InternalMessageInfo
func (m *CustomResourceDefinitionVersion) Reset() { *m = CustomResourceDefinitionVersion{} }
func (*CustomResourceDefinitionVersion) ProtoMessage() {}
func (*CustomResourceDefinitionVersion) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{11}
+ return fileDescriptor_c5e101a0235c8c62, []int{11}
}
func (m *CustomResourceDefinitionVersion) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -387,7 +387,7 @@ var xxx_messageInfo_CustomResourceDefinitionVersion proto.InternalMessageInfo
func (m *CustomResourceSubresourceScale) Reset() { *m = CustomResourceSubresourceScale{} }
func (*CustomResourceSubresourceScale) ProtoMessage() {}
func (*CustomResourceSubresourceScale) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{12}
+ return fileDescriptor_c5e101a0235c8c62, []int{12}
}
func (m *CustomResourceSubresourceScale) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -415,7 +415,7 @@ var xxx_messageInfo_CustomResourceSubresourceScale proto.InternalMessageInfo
func (m *CustomResourceSubresourceStatus) Reset() { *m = CustomResourceSubresourceStatus{} }
func (*CustomResourceSubresourceStatus) ProtoMessage() {}
func (*CustomResourceSubresourceStatus) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{13}
+ return fileDescriptor_c5e101a0235c8c62, []int{13}
}
func (m *CustomResourceSubresourceStatus) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -443,7 +443,7 @@ var xxx_messageInfo_CustomResourceSubresourceStatus proto.InternalMessageInfo
func (m *CustomResourceSubresources) Reset() { *m = CustomResourceSubresources{} }
func (*CustomResourceSubresources) ProtoMessage() {}
func (*CustomResourceSubresources) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{14}
+ return fileDescriptor_c5e101a0235c8c62, []int{14}
}
func (m *CustomResourceSubresources) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -471,7 +471,7 @@ var xxx_messageInfo_CustomResourceSubresources proto.InternalMessageInfo
func (m *CustomResourceValidation) Reset() { *m = CustomResourceValidation{} }
func (*CustomResourceValidation) ProtoMessage() {}
func (*CustomResourceValidation) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{15}
+ return fileDescriptor_c5e101a0235c8c62, []int{15}
}
func (m *CustomResourceValidation) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -499,7 +499,7 @@ var xxx_messageInfo_CustomResourceValidation proto.InternalMessageInfo
func (m *ExternalDocumentation) Reset() { *m = ExternalDocumentation{} }
func (*ExternalDocumentation) ProtoMessage() {}
func (*ExternalDocumentation) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{16}
+ return fileDescriptor_c5e101a0235c8c62, []int{16}
}
func (m *ExternalDocumentation) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -527,7 +527,7 @@ var xxx_messageInfo_ExternalDocumentation proto.InternalMessageInfo
func (m *JSON) Reset() { *m = JSON{} }
func (*JSON) ProtoMessage() {}
func (*JSON) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{17}
+ return fileDescriptor_c5e101a0235c8c62, []int{17}
}
func (m *JSON) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -555,7 +555,7 @@ var xxx_messageInfo_JSON proto.InternalMessageInfo
func (m *JSONSchemaProps) Reset() { *m = JSONSchemaProps{} }
func (*JSONSchemaProps) ProtoMessage() {}
func (*JSONSchemaProps) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{18}
+ return fileDescriptor_c5e101a0235c8c62, []int{18}
}
func (m *JSONSchemaProps) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -583,7 +583,7 @@ var xxx_messageInfo_JSONSchemaProps proto.InternalMessageInfo
func (m *JSONSchemaPropsOrArray) Reset() { *m = JSONSchemaPropsOrArray{} }
func (*JSONSchemaPropsOrArray) ProtoMessage() {}
func (*JSONSchemaPropsOrArray) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{19}
+ return fileDescriptor_c5e101a0235c8c62, []int{19}
}
func (m *JSONSchemaPropsOrArray) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -611,7 +611,7 @@ var xxx_messageInfo_JSONSchemaPropsOrArray proto.InternalMessageInfo
func (m *JSONSchemaPropsOrBool) Reset() { *m = JSONSchemaPropsOrBool{} }
func (*JSONSchemaPropsOrBool) ProtoMessage() {}
func (*JSONSchemaPropsOrBool) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{20}
+ return fileDescriptor_c5e101a0235c8c62, []int{20}
}
func (m *JSONSchemaPropsOrBool) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -639,7 +639,7 @@ var xxx_messageInfo_JSONSchemaPropsOrBool proto.InternalMessageInfo
func (m *JSONSchemaPropsOrStringArray) Reset() { *m = JSONSchemaPropsOrStringArray{} }
func (*JSONSchemaPropsOrStringArray) ProtoMessage() {}
func (*JSONSchemaPropsOrStringArray) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{21}
+ return fileDescriptor_c5e101a0235c8c62, []int{21}
}
func (m *JSONSchemaPropsOrStringArray) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -664,10 +664,38 @@ func (m *JSONSchemaPropsOrStringArray) XXX_DiscardUnknown() {
var xxx_messageInfo_JSONSchemaPropsOrStringArray proto.InternalMessageInfo
+func (m *SelectableField) Reset() { *m = SelectableField{} }
+func (*SelectableField) ProtoMessage() {}
+func (*SelectableField) Descriptor() ([]byte, []int) {
+ return fileDescriptor_c5e101a0235c8c62, []int{22}
+}
+func (m *SelectableField) XXX_Unmarshal(b []byte) error {
+ return m.Unmarshal(b)
+}
+func (m *SelectableField) XXX_Marshal(b []byte, deterministic bool) ([]byte, error) {
+ b = b[:cap(b)]
+ n, err := m.MarshalToSizedBuffer(b)
+ if err != nil {
+ return nil, err
+ }
+ return b[:n], nil
+}
+func (m *SelectableField) XXX_Merge(src proto.Message) {
+ xxx_messageInfo_SelectableField.Merge(m, src)
+}
+func (m *SelectableField) XXX_Size() int {
+ return m.Size()
+}
+func (m *SelectableField) XXX_DiscardUnknown() {
+ xxx_messageInfo_SelectableField.DiscardUnknown(m)
+}
+
+var xxx_messageInfo_SelectableField proto.InternalMessageInfo
+
func (m *ServiceReference) Reset() { *m = ServiceReference{} }
func (*ServiceReference) ProtoMessage() {}
func (*ServiceReference) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{22}
+ return fileDescriptor_c5e101a0235c8c62, []int{23}
}
func (m *ServiceReference) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -695,7 +723,7 @@ var xxx_messageInfo_ServiceReference proto.InternalMessageInfo
func (m *ValidationRule) Reset() { *m = ValidationRule{} }
func (*ValidationRule) ProtoMessage() {}
func (*ValidationRule) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{23}
+ return fileDescriptor_c5e101a0235c8c62, []int{24}
}
func (m *ValidationRule) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -723,7 +751,7 @@ var xxx_messageInfo_ValidationRule proto.InternalMessageInfo
func (m *WebhookClientConfig) Reset() { *m = WebhookClientConfig{} }
func (*WebhookClientConfig) ProtoMessage() {}
func (*WebhookClientConfig) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{24}
+ return fileDescriptor_c5e101a0235c8c62, []int{25}
}
func (m *WebhookClientConfig) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -751,7 +779,7 @@ var xxx_messageInfo_WebhookClientConfig proto.InternalMessageInfo
func (m *WebhookConversion) Reset() { *m = WebhookConversion{} }
func (*WebhookConversion) ProtoMessage() {}
func (*WebhookConversion) Descriptor() ([]byte, []int) {
- return fileDescriptor_f5a35c9667703937, []int{25}
+ return fileDescriptor_c5e101a0235c8c62, []int{26}
}
func (m *WebhookConversion) XXX_Unmarshal(b []byte) error {
return m.Unmarshal(b)
@@ -803,6 +831,7 @@ func init() {
proto.RegisterType((*JSONSchemaPropsOrArray)(nil), "k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrArray")
proto.RegisterType((*JSONSchemaPropsOrBool)(nil), "k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrBool")
proto.RegisterType((*JSONSchemaPropsOrStringArray)(nil), "k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.JSONSchemaPropsOrStringArray")
+ proto.RegisterType((*SelectableField)(nil), "k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.SelectableField")
proto.RegisterType((*ServiceReference)(nil), "k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.ServiceReference")
proto.RegisterType((*ValidationRule)(nil), "k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.ValidationRule")
proto.RegisterType((*WebhookClientConfig)(nil), "k8s.io.apiextensions_apiserver.pkg.apis.apiextensions.v1.WebhookClientConfig")
@@ -810,208 +839,209 @@ func init() {
}
func init() {
- proto.RegisterFile("k8s.io/kubernetes/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto", fileDescriptor_f5a35c9667703937)
-}
-
-var fileDescriptor_f5a35c9667703937 = []byte{
- // 3137 bytes of a gzipped FileDescriptorProto
- 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x5a, 0xdf, 0x6f, 0x5c, 0x47,
- 0xf5, 0xcf, 0x5d, 0x7b, 0xed, 0xf5, 0xd8, 0x89, 0xed, 0x49, 0xec, 0xef, 0x8d, 0x9b, 0x78, 0x9d,
- 0xcd, 0xb7, 0xc1, 0x6d, 0xd3, 0x75, 0x1b, 0x5a, 0x1a, 0xca, 0x2f, 0x79, 0x6d, 0xa7, 0x75, 0x13,
- 0xc7, 0xd6, 0x6c, 0x92, 0xba, 0x2d, 0xa2, 0xbd, 0xde, 0x3b, 0xbb, 0xbe, 0xf5, 0xfd, 0x95, 0x99,
- 0x7b, 0xfd, 0x43, 0x02, 0xa9, 0x02, 0x55, 0x40, 0x25, 0x28, 0x0f, 0xa8, 0x3c, 0x21, 0x84, 0x50,
- 0x1f, 0xe0, 0x01, 0xde, 0xe0, 0x5f, 0xe8, 0x0b, 0x52, 0x25, 0x24, 0x54, 0x09, 0x69, 0x45, 0x97,
- 0x7f, 0x00, 0x09, 0x10, 0xc2, 0x0f, 0x08, 0xcd, 0x8f, 0x3b, 0x77, 0xf6, 0xee, 0x6e, 0x12, 0xd9,
- 0xeb, 0xf6, 0x6d, 0xf7, 0x9c, 0x33, 0xe7, 0x73, 0xe6, 0xcc, 0x99, 0x33, 0x67, 0xce, 0x1d, 0x60,
- 0xed, 0x5c, 0xa7, 0x65, 0x27, 0x58, 0xd8, 0x89, 0xb7, 0x30, 0xf1, 0x71, 0x84, 0xe9, 0xc2, 0x2e,
- 0xf6, 0xed, 0x80, 0x2c, 0x48, 0x86, 0x15, 0x3a, 0x78, 0x3f, 0xc2, 0x3e, 0x75, 0x02, 0x9f, 0x3e,
- 0x6d, 0x85, 0x0e, 0xc5, 0x64, 0x17, 0x93, 0x85, 0x70, 0xa7, 0xc1, 0x78, 0xb4, 0x5d, 0x60, 0x61,
- 0xf7, 0xd9, 0x85, 0x06, 0xf6, 0x31, 0xb1, 0x22, 0x6c, 0x97, 0x43, 0x12, 0x44, 0x01, 0xbc, 0x2e,
- 0x34, 0x95, 0xdb, 0x04, 0xdf, 0x54, 0x9a, 0xca, 0xe1, 0x4e, 0x83, 0xf1, 0x68, 0xbb, 0x40, 0x79,
- 0xf7, 0xd9, 0x99, 0xa7, 0x1b, 0x4e, 0xb4, 0x1d, 0x6f, 0x95, 0x6b, 0x81, 0xb7, 0xd0, 0x08, 0x1a,
- 0xc1, 0x02, 0x57, 0xb8, 0x15, 0xd7, 0xf9, 0x3f, 0xfe, 0x87, 0xff, 0x12, 0x40, 0x33, 0xcf, 0xa5,
- 0x26, 0x7b, 0x56, 0x6d, 0xdb, 0xf1, 0x31, 0x39, 0x48, 0xed, 0xf4, 0x70, 0x64, 0x75, 0x31, 0x6f,
- 0x66, 0xa1, 0xd7, 0x28, 0x12, 0xfb, 0x91, 0xe3, 0xe1, 0x8e, 0x01, 0x5f, 0x7a, 0xd8, 0x00, 0x5a,
- 0xdb, 0xc6, 0x9e, 0x95, 0x1d, 0x57, 0x3a, 0x34, 0xc0, 0xe4, 0x52, 0xe0, 0xef, 0x62, 0xc2, 0x26,
- 0x88, 0xf0, 0xfd, 0x18, 0xd3, 0x08, 0x56, 0xc0, 0x40, 0xec, 0xd8, 0xa6, 0x31, 0x67, 0xcc, 0x8f,
- 0x54, 0x9e, 0xf9, 0xa8, 0x59, 0x3c, 0xd5, 0x6a, 0x16, 0x07, 0xee, 0xae, 0x2e, 0x1f, 0x36, 0x8b,
- 0x97, 0x7a, 0x21, 0x45, 0x07, 0x21, 0xa6, 0xe5, 0xbb, 0xab, 0xcb, 0x88, 0x0d, 0x86, 0x2f, 0x81,
- 0x49, 0x1b, 0x53, 0x87, 0x60, 0x7b, 0x71, 0x63, 0xf5, 0x9e, 0xd0, 0x6f, 0xe6, 0xb8, 0xc6, 0xf3,
- 0x52, 0xe3, 0xe4, 0x72, 0x56, 0x00, 0x75, 0x8e, 0x81, 0x9b, 0x60, 0x38, 0xd8, 0x7a, 0x1b, 0xd7,
- 0x22, 0x6a, 0x0e, 0xcc, 0x0d, 0xcc, 0x8f, 0x5e, 0x7b, 0xba, 0x9c, 0x2e, 0x9e, 0x32, 0x81, 0xaf,
- 0x98, 0x9c, 0x6c, 0x19, 0x59, 0x7b, 0x2b, 0xc9, 0xa2, 0x55, 0xc6, 0x25, 0xda, 0xf0, 0xba, 0xd0,
- 0x82, 0x12, 0x75, 0xa5, 0x5f, 0xe5, 0x00, 0xd4, 0x27, 0x4f, 0xc3, 0xc0, 0xa7, 0xb8, 0x2f, 0xb3,
- 0xa7, 0x60, 0xa2, 0xc6, 0x35, 0x47, 0xd8, 0x96, 0xb8, 0x66, 0xee, 0x28, 0xd6, 0x9b, 0x12, 0x7f,
- 0x62, 0x29, 0xa3, 0x0e, 0x75, 0x00, 0xc0, 0x3b, 0x60, 0x88, 0x60, 0x1a, 0xbb, 0x91, 0x39, 0x30,
- 0x67, 0xcc, 0x8f, 0x5e, 0xbb, 0xda, 0x13, 0x8a, 0x87, 0x36, 0x0b, 0xbe, 0xf2, 0xee, 0xb3, 0xe5,
- 0x6a, 0x64, 0x45, 0x31, 0xad, 0x9c, 0x91, 0x48, 0x43, 0x88, 0xeb, 0x40, 0x52, 0x57, 0xe9, 0xbf,
- 0x06, 0x98, 0xd0, 0xbd, 0xb4, 0xeb, 0xe0, 0x3d, 0x48, 0xc0, 0x30, 0x11, 0xc1, 0xc2, 0xfd, 0x34,
- 0x7a, 0xed, 0x66, 0xf9, 0xa8, 0x3b, 0xaa, 0xdc, 0x11, 0x7f, 0x95, 0x51, 0xb6, 0x5c, 0xf2, 0x0f,
- 0x4a, 0x80, 0xe0, 0x2e, 0x28, 0x10, 0xb9, 0x46, 0x3c, 0x90, 0x46, 0xaf, 0xdd, 0xea, 0x0f, 0xa8,
- 0xd0, 0x59, 0x19, 0x6b, 0x35, 0x8b, 0x85, 0xe4, 0x1f, 0x52, 0x58, 0xa5, 0x5f, 0xe4, 0xc0, 0xec,
- 0x52, 0x4c, 0xa3, 0xc0, 0x43, 0x98, 0x06, 0x31, 0xa9, 0xe1, 0xa5, 0xc0, 0x8d, 0x3d, 0x7f, 0x19,
- 0xd7, 0x1d, 0xdf, 0x89, 0x58, 0x8c, 0xce, 0x81, 0x41, 0xdf, 0xf2, 0xb0, 0x8c, 0x99, 0x31, 0xe9,
- 0xc9, 0xc1, 0xdb, 0x96, 0x87, 0x11, 0xe7, 0x30, 0x09, 0x16, 0x22, 0x72, 0x07, 0x28, 0x89, 0x3b,
- 0x07, 0x21, 0x46, 0x9c, 0x03, 0xaf, 0x80, 0xa1, 0x7a, 0x40, 0x3c, 0x4b, 0xac, 0xde, 0x48, 0xba,
- 0x1e, 0x37, 0x38, 0x15, 0x49, 0x2e, 0x7c, 0x1e, 0x8c, 0xda, 0x98, 0xd6, 0x88, 0x13, 0x32, 0x68,
- 0x73, 0x90, 0x0b, 0x9f, 0x95, 0xc2, 0xa3, 0xcb, 0x29, 0x0b, 0xe9, 0x72, 0xf0, 0x2a, 0x28, 0x84,
- 0xc4, 0x09, 0x88, 0x13, 0x1d, 0x98, 0xf9, 0x39, 0x63, 0x3e, 0x5f, 0x99, 0x90, 0x63, 0x0a, 0x1b,
- 0x92, 0x8e, 0x94, 0x04, 0x93, 0x7e, 0x9b, 0x06, 0xfe, 0x86, 0x15, 0x6d, 0x9b, 0x43, 0x1c, 0x41,
- 0x49, 0xbf, 0x52, 0x5d, 0xbf, 0xcd, 0xe8, 0x48, 0x49, 0x94, 0xfe, 0x6c, 0x00, 0x33, 0xeb, 0xa1,
- 0xc4, 0xbd, 0xf0, 0x06, 0x28, 0xd0, 0x88, 0xe5, 0x9c, 0xc6, 0x81, 0xf4, 0xcf, 0x93, 0x89, 0xaa,
- 0xaa, 0xa4, 0x1f, 0x36, 0x8b, 0xd3, 0xe9, 0x88, 0x84, 0xca, 0x7d, 0xa3, 0xc6, 0xb2, 0x90, 0xdb,
- 0xc3, 0x5b, 0xdb, 0x41, 0xb0, 0x23, 0x57, 0xff, 0x18, 0x21, 0xf7, 0xaa, 0x50, 0x94, 0x62, 0x8a,
- 0x90, 0x93, 0x64, 0x94, 0x00, 0x95, 0xfe, 0x93, 0xcb, 0x4e, 0x4c, 0x5b, 0xf4, 0xb7, 0x40, 0x81,
- 0x6d, 0x21, 0xdb, 0x8a, 0x2c, 0xb9, 0x09, 0x9e, 0x79, 0xb4, 0x0d, 0x27, 0xf6, 0xeb, 0x1a, 0x8e,
- 0xac, 0x0a, 0x94, 0xae, 0x00, 0x29, 0x0d, 0x29, 0xad, 0x70, 0x1f, 0x0c, 0xd2, 0x10, 0xd7, 0xe4,
- 0x7c, 0xef, 0x1d, 0x23, 0xda, 0x7b, 0xcc, 0xa1, 0x1a, 0xe2, 0x5a, 0x1a, 0x8c, 0xec, 0x1f, 0xe2,
- 0x88, 0xf0, 0x1d, 0x03, 0x0c, 0x51, 0x9e, 0x17, 0x64, 0x2e, 0xd9, 0x3c, 0x01, 0xf0, 0x4c, 0xde,
- 0x11, 0xff, 0x91, 0xc4, 0x2d, 0xfd, 0x33, 0x07, 0x2e, 0xf5, 0x1a, 0xba, 0x14, 0xf8, 0xb6, 0x58,
- 0x84, 0x55, 0xb9, 0xaf, 0x44, 0x64, 0x3d, 0xaf, 0xef, 0xab, 0xc3, 0x66, 0xf1, 0xf1, 0x87, 0x2a,
- 0xd0, 0x36, 0xe0, 0x97, 0xd5, 0x94, 0xc5, 0x26, 0xbd, 0xd4, 0x6e, 0xd8, 0x61, 0xb3, 0x38, 0xae,
- 0x86, 0xb5, 0xdb, 0x0a, 0x77, 0x01, 0x74, 0x2d, 0x1a, 0xdd, 0x21, 0x96, 0x4f, 0x85, 0x5a, 0xc7,
- 0xc3, 0xd2, 0x73, 0x4f, 0x3e, 0x5a, 0x50, 0xb0, 0x11, 0x95, 0x19, 0x09, 0x09, 0x6f, 0x75, 0x68,
- 0x43, 0x5d, 0x10, 0x58, 0xce, 0x20, 0xd8, 0xa2, 0x2a, 0x0d, 0x68, 0x39, 0x9c, 0x51, 0x91, 0xe4,
- 0xc2, 0x27, 0xc0, 0xb0, 0x87, 0x29, 0xb5, 0x1a, 0x98, 0xef, 0xfd, 0x91, 0xf4, 0x50, 0x5c, 0x13,
- 0x64, 0x94, 0xf0, 0x4b, 0xff, 0x32, 0xc0, 0x85, 0x5e, 0x5e, 0xbb, 0xe5, 0xd0, 0x08, 0x7e, 0xb3,
- 0x23, 0xec, 0xcb, 0x8f, 0x36, 0x43, 0x36, 0x9a, 0x07, 0xbd, 0x4a, 0x25, 0x09, 0x45, 0x0b, 0xf9,
- 0x3d, 0x90, 0x77, 0x22, 0xec, 0x25, 0xa7, 0x25, 0xea, 0x7f, 0xd8, 0x55, 0x4e, 0x4b, 0xf8, 0xfc,
- 0x2a, 0x03, 0x42, 0x02, 0xaf, 0xf4, 0x61, 0x0e, 0x5c, 0xec, 0x35, 0x84, 0xe5, 0x71, 0xca, 0x9c,
- 0x1d, 0xba, 0x31, 0xb1, 0x5c, 0x19, 0x6c, 0xca, 0xd9, 0x1b, 0x9c, 0x8a, 0x24, 0x97, 0xe5, 0x4e,
- 0xea, 0xf8, 0x8d, 0xd8, 0xb5, 0x88, 0x8c, 0x24, 0x35, 0xe1, 0xaa, 0xa4, 0x23, 0x25, 0x01, 0xcb,
- 0x00, 0xd0, 0xed, 0x80, 0x44, 0x1c, 0x83, 0x57, 0x38, 0x23, 0x95, 0x33, 0x2c, 0x23, 0x54, 0x15,
- 0x15, 0x69, 0x12, 0xec, 0x20, 0xd9, 0x71, 0x7c, 0x5b, 0x2e, 0xb8, 0xda, 0xbb, 0x37, 0x1d, 0xdf,
- 0x46, 0x9c, 0xc3, 0xf0, 0x5d, 0x87, 0x46, 0x8c, 0x22, 0x57, 0xbb, 0xcd, 0xe1, 0x5c, 0x52, 0x49,
- 0x30, 0xfc, 0x1a, 0x4b, 0xb0, 0x01, 0x71, 0x30, 0x35, 0x87, 0x52, 0xfc, 0x25, 0x45, 0x45, 0x9a,
- 0x44, 0xe9, 0x2f, 0x83, 0xbd, 0xe3, 0x83, 0x25, 0x10, 0x78, 0x19, 0xe4, 0x1b, 0x24, 0x88, 0x43,
- 0xe9, 0x25, 0xe5, 0xed, 0x97, 0x18, 0x11, 0x09, 0x1e, 0xfc, 0x36, 0xc8, 0xfb, 0x72, 0xc2, 0x2c,
- 0x82, 0x5e, 0xed, 0xff, 0x32, 0x73, 0x6f, 0xa5, 0xe8, 0xc2, 0x91, 0x02, 0x14, 0x3e, 0x07, 0xf2,
- 0xb4, 0x16, 0x84, 0x58, 0x3a, 0x71, 0x36, 0x11, 0xaa, 0x32, 0xe2, 0x61, 0xb3, 0x78, 0x3a, 0x51,
- 0xc7, 0x09, 0x48, 0x08, 0xc3, 0xef, 0x1b, 0xa0, 0x20, 0x8f, 0x0b, 0x6a, 0x0e, 0xf3, 0xf0, 0x7c,
- 0xad, 0xff, 0x76, 0xcb, 0xb2, 0x37, 0x5d, 0x33, 0x49, 0xa0, 0x48, 0x81, 0xc3, 0xef, 0x1a, 0x00,
- 0xd4, 0xd4, 0xd9, 0x65, 0x8e, 0x70, 0x1f, 0xf6, 0x6d, 0xab, 0x68, 0xa7, 0xa2, 0x08, 0x84, 0xb4,
- 0x54, 0xd2, 0x50, 0x61, 0x15, 0x4c, 0x85, 0x04, 0x73, 0xdd, 0x77, 0xfd, 0x1d, 0x3f, 0xd8, 0xf3,
- 0x6f, 0x38, 0xd8, 0xb5, 0xa9, 0x09, 0xe6, 0x8c, 0xf9, 0x42, 0xe5, 0xa2, 0xb4, 0x7f, 0x6a, 0xa3,
- 0x9b, 0x10, 0xea, 0x3e, 0xb6, 0xf4, 0xee, 0x40, 0xb6, 0xd6, 0xca, 0x9e, 0x17, 0xf0, 0x7d, 0x31,
- 0x79, 0x91, 0x87, 0xa9, 0x69, 0xf0, 0x85, 0x78, 0xa3, 0xff, 0x0b, 0xa1, 0x72, 0x7d, 0x7a, 0x48,
- 0x2b, 0x12, 0x45, 0x9a, 0x09, 0xf0, 0xa7, 0x06, 0x38, 0x6d, 0xd5, 0x6a, 0x38, 0x8c, 0xb0, 0x2d,
- 0xb6, 0x71, 0xee, 0x64, 0xa3, 0x7a, 0x4a, 0x1a, 0x74, 0x7a, 0x51, 0x47, 0x45, 0xed, 0x46, 0xc0,
- 0x17, 0xc1, 0x19, 0x1a, 0x05, 0x04, 0xdb, 0x49, 0x04, 0xc9, 0xec, 0x02, 0x5b, 0xcd, 0xe2, 0x99,
- 0x6a, 0x1b, 0x07, 0x65, 0x24, 0x4b, 0x1f, 0xe7, 0x41, 0xf1, 0x21, 0x11, 0xfa, 0x08, 0x45, 0xef,
- 0x15, 0x30, 0xc4, 0x67, 0x6a, 0x73, 0x87, 0x14, 0xb4, 0xa3, 0x9e, 0x53, 0x91, 0xe4, 0xb2, 0xe3,
- 0x89, 0xe1, 0xb3, 0xe3, 0x69, 0x80, 0x0b, 0xaa, 0xe3, 0xa9, 0x2a, 0xc8, 0x28, 0xe1, 0xc3, 0x6b,
- 0x00, 0xd8, 0x38, 0x24, 0x98, 0x65, 0x24, 0xdb, 0x1c, 0xe6, 0xd2, 0x6a, 0x7d, 0x96, 0x15, 0x07,
- 0x69, 0x52, 0xf0, 0x06, 0x80, 0xc9, 0x3f, 0x27, 0xf0, 0x5f, 0xb5, 0x88, 0xef, 0xf8, 0x0d, 0xb3,
- 0xc0, 0xcd, 0x9e, 0x66, 0xa7, 0xed, 0x72, 0x07, 0x17, 0x75, 0x19, 0x01, 0x77, 0xc1, 0x90, 0xb8,
- 0x46, 0xf3, 0xbc, 0xd1, 0xc7, 0x1d, 0x77, 0xcf, 0x72, 0x1d, 0x9b, 0x43, 0x55, 0x00, 0x77, 0x0f,
- 0x47, 0x41, 0x12, 0x0d, 0xbe, 0x67, 0x80, 0x31, 0x1a, 0x6f, 0x11, 0x29, 0x4d, 0x79, 0x56, 0x1f,
- 0xbd, 0x76, 0xa7, 0x5f, 0xf0, 0x55, 0x4d, 0x77, 0x65, 0xa2, 0xd5, 0x2c, 0x8e, 0xe9, 0x14, 0xd4,
- 0x86, 0x0d, 0x7f, 0x6f, 0x00, 0xd3, 0xb2, 0x45, 0xe8, 0x5b, 0xee, 0x06, 0x71, 0xfc, 0x08, 0x13,
- 0x71, 0x21, 0x12, 0xc7, 0x47, 0x1f, 0x6b, 0xc5, 0xec, 0x3d, 0xab, 0x32, 0x27, 0x57, 0xda, 0x5c,
- 0xec, 0x61, 0x01, 0xea, 0x69, 0x5b, 0xe9, 0xdf, 0x46, 0x36, 0xb5, 0x68, 0xb3, 0xac, 0xd6, 0x2c,
- 0x17, 0xc3, 0x65, 0x30, 0xc1, 0xaa, 0x5f, 0x84, 0x43, 0xd7, 0xa9, 0x59, 0x94, 0xdf, 0x7e, 0x44,
- 0x74, 0xab, 0x6b, 0x78, 0x35, 0xc3, 0x47, 0x1d, 0x23, 0xe0, 0x2b, 0x00, 0x8a, 0xb2, 0xb0, 0x4d,
- 0x8f, 0xa8, 0x04, 0x54, 0x81, 0x57, 0xed, 0x90, 0x40, 0x5d, 0x46, 0xc1, 0x25, 0x30, 0xe9, 0x5a,
- 0x5b, 0xd8, 0xad, 0x62, 0x17, 0xd7, 0xa2, 0x80, 0x70, 0x55, 0xe2, 0x7e, 0x38, 0xd5, 0x6a, 0x16,
- 0x27, 0x6f, 0x65, 0x99, 0xa8, 0x53, 0xbe, 0x74, 0x29, 0xbb, 0x97, 0xf5, 0x89, 0x8b, 0x62, 0xfb,
- 0x83, 0x1c, 0x98, 0xe9, 0x1d, 0x14, 0xf0, 0x3b, 0xaa, 0x34, 0x16, 0x15, 0xdf, 0x6b, 0x27, 0x10,
- 0x7a, 0xf2, 0x3a, 0x00, 0x3a, 0xaf, 0x02, 0xf0, 0x80, 0x9d, 0xd7, 0x96, 0x9b, 0x5c, 0xfb, 0x37,
- 0x4f, 0x02, 0x9d, 0xe9, 0xaf, 0x8c, 0x88, 0x2a, 0xc0, 0x72, 0xf9, 0xa1, 0x6f, 0xb9, 0xb8, 0xf4,
- 0x61, 0xc7, 0xd5, 0x36, 0xdd, 0xac, 0xf0, 0x07, 0x06, 0x18, 0x0f, 0x42, 0xec, 0x2f, 0x6e, 0xac,
- 0xde, 0xfb, 0xa2, 0xd8, 0xb4, 0xd2, 0x41, 0xab, 0x47, 0x37, 0x91, 0xdd, 0xaf, 0x85, 0xae, 0x0d,
- 0x12, 0x84, 0xb4, 0x72, 0xb6, 0xd5, 0x2c, 0x8e, 0xaf, 0xb7, 0xa3, 0xa0, 0x2c, 0x6c, 0xc9, 0x03,
- 0x53, 0x2b, 0xfb, 0x11, 0x26, 0xbe, 0xe5, 0x2e, 0x07, 0xb5, 0xd8, 0xc3, 0x7e, 0x24, 0x6c, 0xcc,
- 0xb4, 0x0b, 0x8c, 0x47, 0x6c, 0x17, 0x5c, 0x04, 0x03, 0x31, 0x71, 0x65, 0xd4, 0x8e, 0xaa, 0x26,
- 0x18, 0xba, 0x85, 0x18, 0xbd, 0x74, 0x09, 0x0c, 0x32, 0x3b, 0xe1, 0x79, 0x30, 0x40, 0xac, 0x3d,
- 0xae, 0x75, 0xac, 0x32, 0xcc, 0x44, 0x90, 0xb5, 0x87, 0x18, 0xad, 0xf4, 0xf7, 0x39, 0x30, 0x9e,
- 0x99, 0x0b, 0x9c, 0x01, 0x39, 0xd5, 0x59, 0x03, 0x52, 0x69, 0x6e, 0x75, 0x19, 0xe5, 0x1c, 0x1b,
- 0xbe, 0xa0, 0xb2, 0xab, 0x00, 0x2d, 0xaa, 0xc3, 0x82, 0x53, 0x59, 0x59, 0x96, 0xaa, 0x63, 0x86,
- 0x24, 0xe9, 0x91, 0xd9, 0x80, 0xeb, 0x72, 0x57, 0x08, 0x1b, 0x70, 0x1d, 0x31, 0xda, 0x51, 0x7b,
- 0x25, 0x49, 0xb3, 0x26, 0xff, 0x08, 0xcd, 0x9a, 0xa1, 0x07, 0x36, 0x6b, 0x2e, 0x83, 0x7c, 0xe4,
- 0x44, 0x2e, 0xe6, 0x27, 0x95, 0x56, 0x0c, 0xdf, 0x61, 0x44, 0x24, 0x78, 0x10, 0x83, 0x61, 0x1b,
- 0xd7, 0xad, 0xd8, 0x8d, 0xf8, 0xa1, 0x34, 0x7a, 0xed, 0xeb, 0xc7, 0x8b, 0x1e, 0xd1, 0xcc, 0x58,
- 0x16, 0x2a, 0x51, 0xa2, 0x1b, 0x3e, 0x0e, 0x86, 0x3d, 0x6b, 0xdf, 0xf1, 0x62, 0x8f, 0x57, 0x8c,
- 0x86, 0x10, 0x5b, 0x13, 0x24, 0x94, 0xf0, 0x58, 0x12, 0xc4, 0xfb, 0x35, 0x37, 0xa6, 0xce, 0x2e,
- 0x96, 0x4c, 0x59, 0xd2, 0xa9, 0x24, 0xb8, 0x92, 0xe1, 0xa3, 0x8e, 0x11, 0x1c, 0xcc, 0xf1, 0xf9,
- 0xe0, 0x51, 0x0d, 0x4c, 0x90, 0x50, 0xc2, 0x6b, 0x07, 0x93, 0xf2, 0x63, 0xbd, 0xc0, 0xe4, 0xe0,
- 0x8e, 0x11, 0xf0, 0x29, 0x30, 0xe2, 0x59, 0xfb, 0xb7, 0xb0, 0xdf, 0x88, 0xb6, 0xcd, 0xd3, 0x73,
- 0xc6, 0xfc, 0x40, 0xe5, 0x74, 0xab, 0x59, 0x1c, 0x59, 0x4b, 0x88, 0x28, 0xe5, 0x73, 0x61, 0xc7,
- 0x97, 0xc2, 0x67, 0x34, 0xe1, 0x84, 0x88, 0x52, 0x3e, 0xab, 0x4c, 0x42, 0x2b, 0x62, 0xfb, 0xca,
- 0x1c, 0x6f, 0xbf, 0x38, 0x6f, 0x08, 0x32, 0x4a, 0xf8, 0x70, 0x1e, 0x14, 0x3c, 0x6b, 0x9f, 0xdf,
- 0x29, 0xcd, 0x09, 0xae, 0x96, 0x37, 0x14, 0xd7, 0x24, 0x0d, 0x29, 0x2e, 0x97, 0x74, 0x7c, 0x21,
- 0x39, 0xa9, 0x49, 0x4a, 0x1a, 0x52, 0x5c, 0x16, 0xbf, 0xb1, 0xef, 0xdc, 0x8f, 0xb1, 0x10, 0x86,
- 0xdc, 0x33, 0x2a, 0x7e, 0xef, 0xa6, 0x2c, 0xa4, 0xcb, 0xb1, 0x3b, 0x9d, 0x17, 0xbb, 0x91, 0x13,
- 0xba, 0x78, 0xbd, 0x6e, 0x9e, 0xe5, 0xfe, 0xe7, 0xa5, 0xfc, 0x9a, 0xa2, 0x22, 0x4d, 0x02, 0xbe,
- 0x05, 0x06, 0xb1, 0x1f, 0x7b, 0xe6, 0x39, 0x7e, 0x7c, 0x1f, 0x37, 0xfa, 0xd4, 0x7e, 0x59, 0xf1,
- 0x63, 0x0f, 0x71, 0xcd, 0xf0, 0x05, 0x70, 0xda, 0xb3, 0xf6, 0x59, 0x12, 0xc0, 0x24, 0x62, 0x17,
- 0xcd, 0x29, 0x3e, 0xef, 0x49, 0x56, 0xc4, 0xae, 0xe9, 0x0c, 0xd4, 0x2e, 0xc7, 0x07, 0x3a, 0xbe,
- 0x36, 0x70, 0x5a, 0x1b, 0xa8, 0x33, 0x50, 0xbb, 0x1c, 0x73, 0x32, 0xc1, 0xf7, 0x63, 0x87, 0x60,
- 0xdb, 0xfc, 0x3f, 0x5e, 0xf7, 0xca, 0xfe, 0xae, 0xa0, 0x21, 0xc5, 0x85, 0xf7, 0x93, 0x96, 0x83,
- 0xc9, 0x37, 0xdf, 0x46, 0xdf, 0x52, 0xf7, 0x3a, 0x59, 0x24, 0xc4, 0x3a, 0x10, 0xa7, 0x8a, 0xde,
- 0x6c, 0x80, 0x3e, 0xc8, 0x5b, 0xae, 0xbb, 0x5e, 0x37, 0xcf, 0x73, 0x8f, 0xf7, 0xf1, 0xb4, 0x50,
- 0x19, 0x66, 0x91, 0xe9, 0x47, 0x02, 0x86, 0xe1, 0x05, 0x3e, 0x8b, 0x85, 0x99, 0x13, 0xc3, 0x5b,
- 0x67, 0xfa, 0x91, 0x80, 0xe1, 0xf3, 0xf3, 0x0f, 0xd6, 0xeb, 0xe6, 0x63, 0x27, 0x37, 0x3f, 0xa6,
- 0x1f, 0x09, 0x18, 0x68, 0x83, 0x01, 0x3f, 0x88, 0xcc, 0x0b, 0xfd, 0x3e, 0x7b, 0xf9, 0x69, 0x72,
- 0x3b, 0x88, 0x10, 0x53, 0x0f, 0x7f, 0x64, 0x00, 0x10, 0xa6, 0x91, 0x78, 0xf1, 0xb8, 0x2d, 0x80,
- 0x0c, 0x5a, 0x39, 0x8d, 0xde, 0x15, 0x3f, 0x22, 0x07, 0xe9, 0xbd, 0x46, 0x8b, 0x72, 0xcd, 0x00,
- 0xf8, 0x73, 0x03, 0x9c, 0xd3, 0xcb, 0x5d, 0x65, 0xd9, 0x2c, 0xf7, 0xc3, 0x7a, 0x1f, 0x03, 0xb9,
- 0x12, 0x04, 0x6e, 0xc5, 0x6c, 0x35, 0x8b, 0xe7, 0x16, 0xbb, 0x00, 0xa2, 0xae, 0x66, 0xc0, 0x5f,
- 0x1b, 0x60, 0x52, 0x66, 0x47, 0xcd, 0xb8, 0x22, 0x77, 0xdb, 0x5b, 0x7d, 0x74, 0x5b, 0x16, 0x42,
- 0x78, 0x4f, 0x7d, 0x65, 0xec, 0xe0, 0xa3, 0x4e, 0xab, 0xe0, 0xef, 0x0c, 0x30, 0x66, 0xe3, 0x10,
- 0xfb, 0x36, 0xf6, 0x6b, 0xcc, 0xcc, 0xb9, 0xe3, 0xf6, 0x15, 0xb2, 0x66, 0x2e, 0x6b, 0xda, 0x85,
- 0x85, 0x65, 0x69, 0xe1, 0x98, 0xce, 0x3a, 0x6c, 0x16, 0xa7, 0xd3, 0xa1, 0x3a, 0x07, 0xb5, 0x19,
- 0x08, 0x7f, 0x6c, 0x80, 0xf1, 0xd4, 0xed, 0xe2, 0x80, 0xb8, 0x74, 0x32, 0x0b, 0xcf, 0x4b, 0xd0,
- 0xc5, 0x76, 0x2c, 0x94, 0x05, 0x87, 0xbf, 0x31, 0x58, 0xb5, 0x95, 0xdc, 0xd5, 0xa8, 0x59, 0xe2,
- 0x1e, 0x7c, 0xbd, 0x9f, 0x1e, 0x54, 0xca, 0x85, 0x03, 0xaf, 0xa6, 0x95, 0x9c, 0xe2, 0x1c, 0x36,
- 0x8b, 0x53, 0xba, 0xff, 0x14, 0x03, 0xe9, 0xc6, 0xc1, 0x77, 0x0d, 0x30, 0x86, 0xd3, 0x82, 0x99,
- 0x9a, 0x97, 0x8f, 0xeb, 0xba, 0xae, 0xe5, 0xb7, 0xb8, 0x4e, 0x6b, 0x2c, 0x8a, 0xda, 0x60, 0x59,
- 0xed, 0x87, 0xf7, 0x2d, 0x2f, 0x74, 0xb1, 0xf9, 0xff, 0xfd, 0xab, 0xfd, 0x56, 0x84, 0x4a, 0x94,
- 0xe8, 0x86, 0x57, 0x41, 0xc1, 0x8f, 0x5d, 0xd7, 0xda, 0x72, 0xb1, 0xf9, 0x38, 0xaf, 0x22, 0x54,
- 0x7f, 0xf1, 0xb6, 0xa4, 0x23, 0x25, 0x01, 0xeb, 0x60, 0x6e, 0xff, 0xa6, 0x7a, 0x7c, 0xd1, 0xb5,
- 0x81, 0x67, 0x5e, 0xe1, 0x5a, 0x66, 0x5a, 0xcd, 0xe2, 0xf4, 0x66, 0xf7, 0x16, 0xdf, 0x43, 0x75,
- 0xc0, 0x37, 0xc0, 0x63, 0x9a, 0xcc, 0x8a, 0xb7, 0x85, 0x6d, 0x1b, 0xdb, 0xc9, 0x45, 0xcb, 0xfc,
- 0x02, 0x87, 0x50, 0xfb, 0x78, 0x33, 0x2b, 0x80, 0x1e, 0x34, 0x1a, 0xde, 0x02, 0xd3, 0x1a, 0x7b,
- 0xd5, 0x8f, 0xd6, 0x49, 0x35, 0x22, 0x8e, 0xdf, 0x30, 0xe7, 0xb9, 0xde, 0x73, 0xc9, 0xee, 0xdb,
- 0xd4, 0x78, 0xa8, 0xc7, 0x18, 0xf8, 0x72, 0x9b, 0x36, 0xfe, 0xe1, 0xc2, 0x0a, 0x6f, 0xe2, 0x03,
- 0x6a, 0x3e, 0xc1, 0x8b, 0x0b, 0xbe, 0xce, 0x9b, 0x1a, 0x1d, 0xf5, 0x90, 0x87, 0xdf, 0x00, 0x67,
- 0x33, 0x1c, 0x76, 0xaf, 0x30, 0x9f, 0x14, 0x17, 0x04, 0x56, 0x89, 0x6e, 0x26, 0x44, 0xd4, 0x4d,
- 0x12, 0x7e, 0x15, 0x40, 0x8d, 0xbc, 0x66, 0x85, 0x7c, 0xfc, 0x53, 0xe2, 0xae, 0xc2, 0x56, 0x74,
- 0x53, 0xd2, 0x50, 0x17, 0x39, 0xf8, 0x81, 0xd1, 0x36, 0x93, 0xf4, 0x36, 0x4b, 0xcd, 0xab, 0x7c,
- 0xc3, 0xbe, 0x7c, 0xf4, 0x00, 0x4c, 0x95, 0xa1, 0xd8, 0xc5, 0x9a, 0x87, 0x35, 0x14, 0xd4, 0x03,
- 0x7d, 0x86, 0x5d, 0xa6, 0x33, 0x39, 0x1c, 0x4e, 0x80, 0x81, 0x1d, 0x2c, 0x3f, 0x1b, 0x23, 0xf6,
- 0x13, 0xbe, 0x09, 0xf2, 0xbb, 0x96, 0x1b, 0x27, 0xad, 0x80, 0xfe, 0x9d, 0xf5, 0x48, 0xe8, 0x7d,
- 0x31, 0x77, 0xdd, 0x98, 0x79, 0xdf, 0x00, 0xd3, 0xdd, 0x4f, 0x95, 0xcf, 0xcb, 0xa2, 0x9f, 0x19,
- 0x60, 0xb2, 0xe3, 0x00, 0xe9, 0x62, 0x8c, 0xdb, 0x6e, 0xcc, 0xbd, 0x3e, 0x9e, 0x04, 0x62, 0x23,
- 0xf0, 0x8a, 0x56, 0xb7, 0xec, 0x87, 0x06, 0x98, 0xc8, 0x26, 0xe6, 0xcf, 0xc9, 0x4b, 0xa5, 0xf7,
- 0x72, 0x60, 0xba, 0x7b, 0x0d, 0x0e, 0x3d, 0xd5, 0x5d, 0xe8, 0x7b, 0x83, 0xa6, 0x5b, 0xcb, 0xf6,
- 0x1d, 0x03, 0x8c, 0xbe, 0xad, 0xe4, 0x92, 0xaf, 0x99, 0xfd, 0xec, 0x0a, 0x25, 0x47, 0x5f, 0xca,
- 0xa0, 0x48, 0x87, 0x2c, 0xfd, 0xd6, 0x00, 0x53, 0x5d, 0x8f, 0x73, 0x78, 0x05, 0x0c, 0x59, 0xae,
- 0x1b, 0xec, 0x89, 0x6e, 0x9e, 0xd6, 0x96, 0x5f, 0xe4, 0x54, 0x24, 0xb9, 0x9a, 0xcf, 0x72, 0x9f,
- 0x81, 0xcf, 0x4a, 0x7f, 0x30, 0xc0, 0x85, 0x07, 0x45, 0xdd, 0x67, 0xbd, 0x86, 0xf3, 0xa0, 0x20,
- 0x8b, 0xed, 0x03, 0xbe, 0x7e, 0x32, 0xbb, 0xca, 0x8c, 0xc0, 0x5f, 0xcb, 0x88, 0x5f, 0xa5, 0x5f,
- 0x1a, 0x60, 0xa2, 0x8a, 0xc9, 0xae, 0x53, 0xc3, 0x08, 0xd7, 0x31, 0xc1, 0x7e, 0x0d, 0xc3, 0x05,
- 0x30, 0xc2, 0xbf, 0x36, 0x86, 0x56, 0x2d, 0xf9, 0x46, 0x32, 0x29, 0x1d, 0x3d, 0x72, 0x3b, 0x61,
- 0xa0, 0x54, 0x46, 0x7d, 0x4f, 0xc9, 0xf5, 0xfc, 0x9e, 0x72, 0x01, 0x0c, 0x86, 0x69, 0x03, 0xb8,
- 0xc0, 0xb8, 0xbc, 0xe7, 0xcb, 0xa9, 0x9c, 0x1b, 0x90, 0x88, 0x77, 0xb9, 0xf2, 0x92, 0x1b, 0x90,
- 0x08, 0x71, 0x6a, 0xe9, 0x4f, 0x39, 0x70, 0xa6, 0x3d, 0x3f, 0x33, 0x40, 0x12, 0xbb, 0x1d, 0x1f,
- 0x70, 0x18, 0x0f, 0x71, 0x8e, 0xfe, 0x6e, 0x20, 0xf7, 0xe0, 0x77, 0x03, 0xf0, 0x25, 0x30, 0x29,
- 0x7f, 0xae, 0xec, 0x87, 0x04, 0x53, 0xfe, 0x65, 0x72, 0xa0, 0xfd, 0xbd, 0xdf, 0x5a, 0x56, 0x00,
- 0x75, 0x8e, 0x81, 0x5f, 0xc9, 0xbc, 0x69, 0xb8, 0x9c, 0xbe, 0x67, 0x60, 0xb5, 0x1d, 0x2f, 0x1d,
- 0xee, 0xb1, 0x2d, 0xbf, 0x42, 0x48, 0x40, 0x32, 0x0f, 0x1d, 0x16, 0xc0, 0x48, 0x9d, 0x09, 0xf0,
- 0x3e, 0x79, 0xbe, 0xdd, 0xe9, 0x37, 0x12, 0x06, 0x4a, 0x65, 0xe0, 0xd7, 0xc0, 0x78, 0x10, 0x8a,
- 0x2a, 0x76, 0xdd, 0xb5, 0xab, 0xd8, 0xad, 0xf3, 0x8e, 0x5e, 0x21, 0x69, 0xbb, 0xb6, 0xb1, 0x50,
- 0x56, 0xb6, 0xf4, 0x47, 0x03, 0x9c, 0x4d, 0x1e, 0x13, 0xb9, 0x0e, 0xf6, 0xa3, 0xa5, 0xc0, 0xaf,
- 0x3b, 0x0d, 0x78, 0x5e, 0xb4, 0x4f, 0xb5, 0x9e, 0x64, 0xd2, 0x3a, 0x85, 0xf7, 0xc1, 0x30, 0x15,
- 0xb1, 0x22, 0xc3, 0xf8, 0x95, 0xa3, 0x87, 0x71, 0x36, 0xe8, 0x44, 0xf5, 0x97, 0x50, 0x13, 0x1c,
- 0x16, 0xc9, 0x35, 0xab, 0x12, 0xfb, 0xb6, 0x6c, 0xa1, 0x8f, 0x89, 0x48, 0x5e, 0x5a, 0x14, 0x34,
- 0xa4, 0xb8, 0xa5, 0x7f, 0x18, 0x60, 0xb2, 0xe3, 0x71, 0x14, 0xfc, 0x9e, 0x01, 0xc6, 0x6a, 0xda,
- 0xf4, 0x64, 0x3e, 0x58, 0x3b, 0xfe, 0x03, 0x2c, 0x4d, 0xa9, 0x28, 0xa1, 0x74, 0x0a, 0x6a, 0x03,
- 0x85, 0x9b, 0xc0, 0xac, 0x65, 0xde, 0x21, 0x66, 0xbe, 0x6c, 0x5e, 0x68, 0x35, 0x8b, 0xe6, 0x52,
- 0x0f, 0x19, 0xd4, 0x73, 0x74, 0xe5, 0x5b, 0x1f, 0x7d, 0x3a, 0x7b, 0xea, 0xe3, 0x4f, 0x67, 0x4f,
- 0x7d, 0xf2, 0xe9, 0xec, 0xa9, 0x77, 0x5a, 0xb3, 0xc6, 0x47, 0xad, 0x59, 0xe3, 0xe3, 0xd6, 0xac,
- 0xf1, 0x49, 0x6b, 0xd6, 0xf8, 0x6b, 0x6b, 0xd6, 0xf8, 0xc9, 0xdf, 0x66, 0x4f, 0xbd, 0x7e, 0xfd,
- 0xa8, 0xaf, 0x8f, 0xff, 0x17, 0x00, 0x00, 0xff, 0xff, 0x28, 0x77, 0xf5, 0x22, 0xd1, 0x2c, 0x00,
- 0x00,
+ proto.RegisterFile("k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto", fileDescriptor_c5e101a0235c8c62)
+}
+
+var fileDescriptor_c5e101a0235c8c62 = []byte{
+ // 3166 bytes of a gzipped FileDescriptorProto
+ 0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xc4, 0x5a, 0xdb, 0x6f, 0x1b, 0xc7,
+ 0xd5, 0xf7, 0x52, 0x37, 0x6a, 0x24, 0x59, 0xd2, 0xd8, 0xd2, 0xb7, 0x56, 0x6c, 0x51, 0xa6, 0xbf,
+ 0xf8, 0x53, 0x12, 0x87, 0x4a, 0xf4, 0x25, 0x8d, 0x9b, 0x5e, 0x02, 0x51, 0x92, 0x13, 0xc5, 0x92,
+ 0x25, 0x0c, 0x6d, 0x47, 0x49, 0x8a, 0x26, 0x2b, 0xee, 0x90, 0xda, 0x68, 0xb9, 0xbb, 0x9e, 0xd9,
+ 0xd5, 0x05, 0x68, 0x81, 0xa0, 0x45, 0xd0, 0x36, 0x40, 0x9b, 0x3e, 0x14, 0xe9, 0x53, 0x51, 0x14,
+ 0x45, 0x1e, 0xda, 0x87, 0xf6, 0xad, 0xfd, 0x17, 0xf2, 0x52, 0x20, 0x40, 0x81, 0x22, 0x40, 0x01,
+ 0xa2, 0x61, 0xff, 0x81, 0x02, 0x6d, 0x51, 0x54, 0x0f, 0x45, 0x31, 0x97, 0x9d, 0x9d, 0x5d, 0x92,
+ 0xb6, 0x61, 0x51, 0xc9, 0x1b, 0x79, 0xce, 0x99, 0xf3, 0x3b, 0x73, 0xe6, 0xcc, 0x99, 0x33, 0x67,
+ 0x07, 0xbc, 0xb2, 0x77, 0x9d, 0x96, 0x1c, 0x7f, 0xc1, 0x0a, 0x1c, 0x7c, 0x18, 0x62, 0x8f, 0x3a,
+ 0xbe, 0x47, 0x9f, 0xb6, 0x02, 0x87, 0x62, 0xb2, 0x8f, 0xc9, 0x42, 0xb0, 0x57, 0x67, 0x3c, 0x9a,
+ 0x16, 0x58, 0xd8, 0x7f, 0x76, 0xa1, 0x8e, 0x3d, 0x4c, 0xac, 0x10, 0xdb, 0xa5, 0x80, 0xf8, 0xa1,
+ 0x0f, 0xaf, 0x0b, 0x4d, 0xa5, 0x94, 0xe0, 0x5b, 0x4a, 0x53, 0x29, 0xd8, 0xab, 0x33, 0x1e, 0x4d,
+ 0x0b, 0x94, 0xf6, 0x9f, 0x9d, 0x79, 0xba, 0xee, 0x84, 0xbb, 0xd1, 0x4e, 0xa9, 0xea, 0x37, 0x16,
+ 0xea, 0x7e, 0xdd, 0x5f, 0xe0, 0x0a, 0x77, 0xa2, 0x1a, 0xff, 0xc7, 0xff, 0xf0, 0x5f, 0x02, 0x68,
+ 0xe6, 0xb9, 0xc4, 0xe4, 0x86, 0x55, 0xdd, 0x75, 0x3c, 0x4c, 0x8e, 0x12, 0x3b, 0x1b, 0x38, 0xb4,
+ 0x3a, 0x98, 0x37, 0xb3, 0xd0, 0x6d, 0x14, 0x89, 0xbc, 0xd0, 0x69, 0xe0, 0xb6, 0x01, 0x5f, 0x7a,
+ 0xd0, 0x00, 0x5a, 0xdd, 0xc5, 0x0d, 0x2b, 0x3b, 0xae, 0x78, 0x6c, 0x80, 0xc9, 0x65, 0xdf, 0xdb,
+ 0xc7, 0x84, 0x4d, 0x10, 0xe1, 0x7b, 0x11, 0xa6, 0x21, 0x2c, 0x83, 0xbe, 0xc8, 0xb1, 0x4d, 0x63,
+ 0xce, 0x98, 0x1f, 0x2e, 0x3f, 0xf3, 0x71, 0xb3, 0x70, 0xa6, 0xd5, 0x2c, 0xf4, 0xdd, 0x59, 0x5b,
+ 0x39, 0x6e, 0x16, 0x2e, 0x77, 0x43, 0x0a, 0x8f, 0x02, 0x4c, 0x4b, 0x77, 0xd6, 0x56, 0x10, 0x1b,
+ 0x0c, 0x5f, 0x06, 0x93, 0x36, 0xa6, 0x0e, 0xc1, 0xf6, 0xd2, 0xd6, 0xda, 0x5d, 0xa1, 0xdf, 0xcc,
+ 0x71, 0x8d, 0x17, 0xa4, 0xc6, 0xc9, 0x95, 0xac, 0x00, 0x6a, 0x1f, 0x03, 0xb7, 0xc1, 0x90, 0xbf,
+ 0xf3, 0x0e, 0xae, 0x86, 0xd4, 0xec, 0x9b, 0xeb, 0x9b, 0x1f, 0x59, 0x7c, 0xba, 0x94, 0x2c, 0x9e,
+ 0x32, 0x81, 0xaf, 0x98, 0x9c, 0x6c, 0x09, 0x59, 0x07, 0xab, 0xf1, 0xa2, 0x95, 0xc7, 0x25, 0xda,
+ 0xd0, 0xa6, 0xd0, 0x82, 0x62, 0x75, 0xc5, 0x5f, 0xe6, 0x00, 0xd4, 0x27, 0x4f, 0x03, 0xdf, 0xa3,
+ 0xb8, 0x27, 0xb3, 0xa7, 0x60, 0xa2, 0xca, 0x35, 0x87, 0xd8, 0x96, 0xb8, 0x66, 0xee, 0x51, 0xac,
+ 0x37, 0x25, 0xfe, 0xc4, 0x72, 0x46, 0x1d, 0x6a, 0x03, 0x80, 0xb7, 0xc1, 0x20, 0xc1, 0x34, 0x72,
+ 0x43, 0xb3, 0x6f, 0xce, 0x98, 0x1f, 0x59, 0xbc, 0xd6, 0x15, 0x8a, 0x87, 0x36, 0x0b, 0xbe, 0xd2,
+ 0xfe, 0xb3, 0xa5, 0x4a, 0x68, 0x85, 0x11, 0x2d, 0x9f, 0x95, 0x48, 0x83, 0x88, 0xeb, 0x40, 0x52,
+ 0x57, 0xf1, 0x3f, 0x06, 0x98, 0xd0, 0xbd, 0xb4, 0xef, 0xe0, 0x03, 0x48, 0xc0, 0x10, 0x11, 0xc1,
+ 0xc2, 0xfd, 0x34, 0xb2, 0x78, 0xb3, 0xf4, 0xa8, 0x3b, 0xaa, 0xd4, 0x16, 0x7f, 0xe5, 0x11, 0xb6,
+ 0x5c, 0xf2, 0x0f, 0x8a, 0x81, 0xe0, 0x3e, 0xc8, 0x13, 0xb9, 0x46, 0x3c, 0x90, 0x46, 0x16, 0xd7,
+ 0x7b, 0x03, 0x2a, 0x74, 0x96, 0x47, 0x5b, 0xcd, 0x42, 0x3e, 0xfe, 0x87, 0x14, 0x56, 0xf1, 0xe7,
+ 0x39, 0x30, 0xbb, 0x1c, 0xd1, 0xd0, 0x6f, 0x20, 0x4c, 0xfd, 0x88, 0x54, 0xf1, 0xb2, 0xef, 0x46,
+ 0x0d, 0x6f, 0x05, 0xd7, 0x1c, 0xcf, 0x09, 0x59, 0x8c, 0xce, 0x81, 0x7e, 0xcf, 0x6a, 0x60, 0x19,
+ 0x33, 0xa3, 0xd2, 0x93, 0xfd, 0xb7, 0xac, 0x06, 0x46, 0x9c, 0xc3, 0x24, 0x58, 0x88, 0xc8, 0x1d,
+ 0xa0, 0x24, 0x6e, 0x1f, 0x05, 0x18, 0x71, 0x0e, 0xbc, 0x0a, 0x06, 0x6b, 0x3e, 0x69, 0x58, 0x62,
+ 0xf5, 0x86, 0x93, 0xf5, 0xb8, 0xc1, 0xa9, 0x48, 0x72, 0xe1, 0xf3, 0x60, 0xc4, 0xc6, 0xb4, 0x4a,
+ 0x9c, 0x80, 0x41, 0x9b, 0xfd, 0x5c, 0xf8, 0x9c, 0x14, 0x1e, 0x59, 0x49, 0x58, 0x48, 0x97, 0x83,
+ 0xd7, 0x40, 0x3e, 0x20, 0x8e, 0x4f, 0x9c, 0xf0, 0xc8, 0x1c, 0x98, 0x33, 0xe6, 0x07, 0xca, 0x13,
+ 0x72, 0x4c, 0x7e, 0x4b, 0xd2, 0x91, 0x92, 0x60, 0xd2, 0xef, 0x50, 0xdf, 0xdb, 0xb2, 0xc2, 0x5d,
+ 0x73, 0x90, 0x23, 0x28, 0xe9, 0x57, 0x2b, 0x9b, 0xb7, 0x18, 0x1d, 0x29, 0x89, 0xe2, 0x9f, 0x0c,
+ 0x60, 0x66, 0x3d, 0x14, 0xbb, 0x17, 0xde, 0x00, 0x79, 0x1a, 0xb2, 0x9c, 0x53, 0x3f, 0x92, 0xfe,
+ 0x79, 0x32, 0x56, 0x55, 0x91, 0xf4, 0xe3, 0x66, 0x61, 0x3a, 0x19, 0x11, 0x53, 0xb9, 0x6f, 0xd4,
+ 0x58, 0x16, 0x72, 0x07, 0x78, 0x67, 0xd7, 0xf7, 0xf7, 0xe4, 0xea, 0x9f, 0x20, 0xe4, 0x5e, 0x13,
+ 0x8a, 0x12, 0x4c, 0x11, 0x72, 0x92, 0x8c, 0x62, 0xa0, 0xe2, 0xbf, 0x73, 0xd9, 0x89, 0x69, 0x8b,
+ 0xfe, 0x36, 0xc8, 0xb3, 0x2d, 0x64, 0x5b, 0xa1, 0x25, 0x37, 0xc1, 0x33, 0x0f, 0xb7, 0xe1, 0xc4,
+ 0x7e, 0xdd, 0xc0, 0xa1, 0x55, 0x86, 0xd2, 0x15, 0x20, 0xa1, 0x21, 0xa5, 0x15, 0x1e, 0x82, 0x7e,
+ 0x1a, 0xe0, 0xaa, 0x9c, 0xef, 0xdd, 0x13, 0x44, 0x7b, 0x97, 0x39, 0x54, 0x02, 0x5c, 0x4d, 0x82,
+ 0x91, 0xfd, 0x43, 0x1c, 0x11, 0xbe, 0x6b, 0x80, 0x41, 0xca, 0xf3, 0x82, 0xcc, 0x25, 0xdb, 0xa7,
+ 0x00, 0x9e, 0xc9, 0x3b, 0xe2, 0x3f, 0x92, 0xb8, 0xc5, 0x7f, 0xe4, 0xc0, 0xe5, 0x6e, 0x43, 0x97,
+ 0x7d, 0xcf, 0x16, 0x8b, 0xb0, 0x26, 0xf7, 0x95, 0x88, 0xac, 0xe7, 0xf5, 0x7d, 0x75, 0xdc, 0x2c,
+ 0x3c, 0xfe, 0x40, 0x05, 0xda, 0x06, 0xfc, 0xb2, 0x9a, 0xb2, 0xd8, 0xa4, 0x97, 0xd3, 0x86, 0x1d,
+ 0x37, 0x0b, 0xe3, 0x6a, 0x58, 0xda, 0x56, 0xb8, 0x0f, 0xa0, 0x6b, 0xd1, 0xf0, 0x36, 0xb1, 0x3c,
+ 0x2a, 0xd4, 0x3a, 0x0d, 0x2c, 0x3d, 0xf7, 0xe4, 0xc3, 0x05, 0x05, 0x1b, 0x51, 0x9e, 0x91, 0x90,
+ 0x70, 0xbd, 0x4d, 0x1b, 0xea, 0x80, 0xc0, 0x72, 0x06, 0xc1, 0x16, 0x55, 0x69, 0x40, 0xcb, 0xe1,
+ 0x8c, 0x8a, 0x24, 0x17, 0x3e, 0x01, 0x86, 0x1a, 0x98, 0x52, 0xab, 0x8e, 0xf9, 0xde, 0x1f, 0x4e,
+ 0x0e, 0xc5, 0x0d, 0x41, 0x46, 0x31, 0xbf, 0xf8, 0x4f, 0x03, 0x5c, 0xec, 0xe6, 0xb5, 0x75, 0x87,
+ 0x86, 0xf0, 0x1b, 0x6d, 0x61, 0x5f, 0x7a, 0xb8, 0x19, 0xb2, 0xd1, 0x3c, 0xe8, 0x55, 0x2a, 0x89,
+ 0x29, 0x5a, 0xc8, 0x1f, 0x80, 0x01, 0x27, 0xc4, 0x8d, 0xf8, 0xb4, 0x44, 0xbd, 0x0f, 0xbb, 0xf2,
+ 0x98, 0x84, 0x1f, 0x58, 0x63, 0x40, 0x48, 0xe0, 0x15, 0x3f, 0xca, 0x81, 0x4b, 0xdd, 0x86, 0xb0,
+ 0x3c, 0x4e, 0x99, 0xb3, 0x03, 0x37, 0x22, 0x96, 0x2b, 0x83, 0x4d, 0x39, 0x7b, 0x8b, 0x53, 0x91,
+ 0xe4, 0xb2, 0xdc, 0x49, 0x1d, 0xaf, 0x1e, 0xb9, 0x16, 0x91, 0x91, 0xa4, 0x26, 0x5c, 0x91, 0x74,
+ 0xa4, 0x24, 0x60, 0x09, 0x00, 0xba, 0xeb, 0x93, 0x90, 0x63, 0xf0, 0x0a, 0x67, 0xb8, 0x7c, 0x96,
+ 0x65, 0x84, 0x8a, 0xa2, 0x22, 0x4d, 0x82, 0x1d, 0x24, 0x7b, 0x8e, 0x67, 0xcb, 0x05, 0x57, 0x7b,
+ 0xf7, 0xa6, 0xe3, 0xd9, 0x88, 0x73, 0x18, 0xbe, 0xeb, 0xd0, 0x90, 0x51, 0xe4, 0x6a, 0xa7, 0x1c,
+ 0xce, 0x25, 0x95, 0x04, 0xc3, 0xaf, 0xb2, 0x04, 0xeb, 0x13, 0x07, 0x53, 0x73, 0x30, 0xc1, 0x5f,
+ 0x56, 0x54, 0xa4, 0x49, 0x14, 0xff, 0xdc, 0xdf, 0x3d, 0x3e, 0x58, 0x02, 0x81, 0x57, 0xc0, 0x40,
+ 0x9d, 0xf8, 0x51, 0x20, 0xbd, 0xa4, 0xbc, 0xfd, 0x32, 0x23, 0x22, 0xc1, 0x83, 0xdf, 0x02, 0x03,
+ 0x9e, 0x9c, 0x30, 0x8b, 0xa0, 0xd7, 0x7a, 0xbf, 0xcc, 0xdc, 0x5b, 0x09, 0xba, 0x70, 0xa4, 0x00,
+ 0x85, 0xcf, 0x81, 0x01, 0x5a, 0xf5, 0x03, 0x2c, 0x9d, 0x38, 0x1b, 0x0b, 0x55, 0x18, 0xf1, 0xb8,
+ 0x59, 0x18, 0x8b, 0xd5, 0x71, 0x02, 0x12, 0xc2, 0xf0, 0x7b, 0x06, 0xc8, 0xcb, 0xe3, 0x82, 0x9a,
+ 0x43, 0x3c, 0x3c, 0x5f, 0xef, 0xbd, 0xdd, 0xb2, 0xec, 0x4d, 0xd6, 0x4c, 0x12, 0x28, 0x52, 0xe0,
+ 0xf0, 0x3b, 0x06, 0x00, 0x55, 0x75, 0x76, 0x99, 0xc3, 0xdc, 0x87, 0x3d, 0xdb, 0x2a, 0xda, 0xa9,
+ 0x28, 0x02, 0x21, 0x29, 0x95, 0x34, 0x54, 0x58, 0x01, 0x53, 0x01, 0xc1, 0x5c, 0xf7, 0x1d, 0x6f,
+ 0xcf, 0xf3, 0x0f, 0xbc, 0x1b, 0x0e, 0x76, 0x6d, 0x6a, 0x82, 0x39, 0x63, 0x3e, 0x5f, 0xbe, 0x24,
+ 0xed, 0x9f, 0xda, 0xea, 0x24, 0x84, 0x3a, 0x8f, 0x2d, 0xbe, 0xd7, 0x97, 0xad, 0xb5, 0xb2, 0xe7,
+ 0x05, 0xfc, 0x40, 0x4c, 0x5e, 0xe4, 0x61, 0x6a, 0x1a, 0x7c, 0x21, 0xde, 0xec, 0xfd, 0x42, 0xa8,
+ 0x5c, 0x9f, 0x1c, 0xd2, 0x8a, 0x44, 0x91, 0x66, 0x02, 0xfc, 0x89, 0x01, 0xc6, 0xac, 0x6a, 0x15,
+ 0x07, 0x21, 0xb6, 0xc5, 0x36, 0xce, 0x9d, 0x6e, 0x54, 0x4f, 0x49, 0x83, 0xc6, 0x96, 0x74, 0x54,
+ 0x94, 0x36, 0x02, 0xbe, 0x08, 0xce, 0xd2, 0xd0, 0x27, 0xd8, 0x8e, 0x23, 0x48, 0x66, 0x17, 0xd8,
+ 0x6a, 0x16, 0xce, 0x56, 0x52, 0x1c, 0x94, 0x91, 0x2c, 0xb6, 0x06, 0x41, 0xe1, 0x01, 0x11, 0xfa,
+ 0x10, 0x45, 0xef, 0x55, 0x30, 0xc8, 0x67, 0x6a, 0x73, 0x87, 0xe4, 0xb5, 0xa3, 0x9e, 0x53, 0x91,
+ 0xe4, 0xb2, 0xe3, 0x89, 0xe1, 0xb3, 0xe3, 0xa9, 0x8f, 0x0b, 0xaa, 0xe3, 0xa9, 0x22, 0xc8, 0x28,
+ 0xe6, 0xc3, 0x45, 0x00, 0x6c, 0x1c, 0x10, 0xcc, 0x32, 0x92, 0x6d, 0x0e, 0x71, 0x69, 0xb5, 0x3e,
+ 0x2b, 0x8a, 0x83, 0x34, 0x29, 0x78, 0x03, 0xc0, 0xf8, 0x9f, 0xe3, 0x7b, 0xaf, 0x59, 0xc4, 0x73,
+ 0xbc, 0xba, 0x99, 0xe7, 0x66, 0x4f, 0xb3, 0xd3, 0x76, 0xa5, 0x8d, 0x8b, 0x3a, 0x8c, 0x80, 0xfb,
+ 0x60, 0x50, 0x5c, 0xa3, 0x79, 0xde, 0xe8, 0xe1, 0x8e, 0xbb, 0x6b, 0xb9, 0x8e, 0xcd, 0xa1, 0xca,
+ 0x80, 0xbb, 0x87, 0xa3, 0x20, 0x89, 0x06, 0xdf, 0x37, 0xc0, 0x28, 0x8d, 0x76, 0x88, 0x94, 0xa6,
+ 0x3c, 0xab, 0x8f, 0x2c, 0xde, 0xee, 0x15, 0x7c, 0x45, 0xd3, 0x5d, 0x9e, 0x68, 0x35, 0x0b, 0xa3,
+ 0x3a, 0x05, 0xa5, 0xb0, 0xe1, 0xef, 0x0c, 0x60, 0x5a, 0xb6, 0x08, 0x7d, 0xcb, 0xdd, 0x22, 0x8e,
+ 0x17, 0x62, 0x22, 0x2e, 0x44, 0xe2, 0xf8, 0xe8, 0x61, 0xad, 0x98, 0xbd, 0x67, 0x95, 0xe7, 0xe4,
+ 0x4a, 0x9b, 0x4b, 0x5d, 0x2c, 0x40, 0x5d, 0x6d, 0x63, 0x79, 0x63, 0x82, 0x62, 0x17, 0x57, 0x43,
+ 0x6b, 0xc7, 0xc5, 0x32, 0x57, 0x0d, 0x73, 0x83, 0xd7, 0x1e, 0xdd, 0xe0, 0x4a, 0x5a, 0x63, 0x72,
+ 0x5f, 0xcf, 0x30, 0x28, 0x6a, 0x03, 0x2f, 0xfe, 0xcb, 0xc8, 0x26, 0x3b, 0xcd, 0xef, 0x95, 0xaa,
+ 0xe5, 0x62, 0xb8, 0x02, 0x26, 0x58, 0x3d, 0x8e, 0x70, 0xe0, 0x3a, 0x55, 0x8b, 0xf2, 0xfb, 0x98,
+ 0xd8, 0x6f, 0x09, 0x50, 0x86, 0x8f, 0xda, 0x46, 0xc0, 0x57, 0x01, 0x14, 0x85, 0x6a, 0x4a, 0x8f,
+ 0xa8, 0x4d, 0x54, 0xc9, 0x59, 0x69, 0x93, 0x40, 0x1d, 0x46, 0xc1, 0x65, 0x30, 0xe9, 0x5a, 0x3b,
+ 0xd8, 0x15, 0xf3, 0xf3, 0x09, 0x57, 0x25, 0x6e, 0xac, 0x53, 0xad, 0x66, 0x61, 0x72, 0x3d, 0xcb,
+ 0x44, 0xed, 0xf2, 0xc5, 0xcb, 0xd9, 0xec, 0xa2, 0x4f, 0x5c, 0x94, 0xff, 0x1f, 0xe6, 0xc0, 0x4c,
+ 0xf7, 0x30, 0x85, 0xdf, 0x56, 0xc5, 0xba, 0xa8, 0x41, 0x5f, 0x3f, 0x85, 0xcd, 0x20, 0x2f, 0x28,
+ 0xa0, 0xfd, 0x72, 0x02, 0x8f, 0x58, 0x05, 0x61, 0xb9, 0x71, 0x23, 0x62, 0xfb, 0x34, 0xd0, 0x99,
+ 0xfe, 0xf2, 0xb0, 0xa8, 0x4b, 0x2c, 0x97, 0x97, 0x21, 0x96, 0x8b, 0x8b, 0x1f, 0xb5, 0x5d, 0xb6,
+ 0x93, 0xf4, 0x01, 0xbf, 0x6f, 0x80, 0x71, 0x3f, 0xc0, 0xde, 0xd2, 0xd6, 0xda, 0xdd, 0xff, 0x17,
+ 0x69, 0x44, 0x3a, 0xe8, 0x04, 0x31, 0xce, 0x6e, 0xfc, 0x42, 0xd7, 0x16, 0xf1, 0x03, 0x5a, 0x3e,
+ 0xd7, 0x6a, 0x16, 0xc6, 0x37, 0xd3, 0x28, 0x28, 0x0b, 0x5b, 0x6c, 0x80, 0xa9, 0xd5, 0xc3, 0x10,
+ 0x13, 0xcf, 0x72, 0x57, 0xfc, 0x6a, 0xd4, 0xc0, 0x5e, 0x28, 0x6c, 0xcc, 0x34, 0x30, 0x8c, 0x87,
+ 0x6c, 0x60, 0x5c, 0x02, 0x7d, 0x11, 0x71, 0x65, 0xd4, 0x8e, 0xa8, 0xb6, 0x1c, 0x5a, 0x47, 0x8c,
+ 0x5e, 0xbc, 0x0c, 0xfa, 0x99, 0x9d, 0xf0, 0x02, 0xe8, 0x23, 0xd6, 0x01, 0xd7, 0x3a, 0x5a, 0x1e,
+ 0x62, 0x22, 0xc8, 0x3a, 0x40, 0x8c, 0x56, 0xfc, 0xdb, 0x1c, 0x18, 0xcf, 0xcc, 0x05, 0xce, 0x80,
+ 0x9c, 0xea, 0xf5, 0x01, 0xa9, 0x34, 0xb7, 0xb6, 0x82, 0x72, 0x8e, 0x0d, 0x5f, 0x50, 0xf9, 0x5e,
+ 0x80, 0x16, 0xd4, 0xf1, 0xc5, 0xa9, 0xac, 0x50, 0x4c, 0xd4, 0x31, 0x43, 0xe2, 0x84, 0xcd, 0x6c,
+ 0xc0, 0x35, 0xb9, 0x2b, 0x84, 0x0d, 0xb8, 0x86, 0x18, 0xed, 0x51, 0xbb, 0x37, 0x71, 0xfb, 0x68,
+ 0xe0, 0x21, 0xda, 0x47, 0x83, 0xf7, 0x6d, 0x1f, 0x5d, 0x01, 0x03, 0xa1, 0x13, 0xba, 0x98, 0x9f,
+ 0x9d, 0x5a, 0x79, 0x7e, 0x9b, 0x11, 0x91, 0xe0, 0x41, 0x0c, 0x86, 0x6c, 0x5c, 0xb3, 0x22, 0x37,
+ 0xe4, 0xc7, 0xe4, 0xc8, 0xe2, 0xd7, 0x4f, 0x16, 0x3d, 0xa2, 0xbd, 0xb2, 0x22, 0x54, 0xa2, 0x58,
+ 0x37, 0x7c, 0x1c, 0x0c, 0x35, 0xac, 0x43, 0xa7, 0x11, 0x35, 0x78, 0x0d, 0x6b, 0x08, 0xb1, 0x0d,
+ 0x41, 0x42, 0x31, 0x8f, 0x25, 0x41, 0x7c, 0x58, 0x75, 0x23, 0xea, 0xec, 0x63, 0xc9, 0x94, 0x45,
+ 0xa6, 0x4a, 0x82, 0xab, 0x19, 0x3e, 0x6a, 0x1b, 0xc1, 0xc1, 0x1c, 0x8f, 0x0f, 0x1e, 0xd1, 0xc0,
+ 0x04, 0x09, 0xc5, 0xbc, 0x34, 0x98, 0x94, 0x1f, 0xed, 0x06, 0x26, 0x07, 0xb7, 0x8d, 0x80, 0x4f,
+ 0x81, 0xe1, 0x86, 0x75, 0xb8, 0x8e, 0xbd, 0x7a, 0xb8, 0x6b, 0x8e, 0xcd, 0x19, 0xf3, 0x7d, 0xe5,
+ 0xb1, 0x56, 0xb3, 0x30, 0xbc, 0x11, 0x13, 0x51, 0xc2, 0xe7, 0xc2, 0x8e, 0x27, 0x85, 0xcf, 0x6a,
+ 0xc2, 0x31, 0x11, 0x25, 0x7c, 0x56, 0x2b, 0x05, 0x56, 0xc8, 0xf6, 0x95, 0x39, 0x9e, 0xbe, 0xca,
+ 0x6f, 0x09, 0x32, 0x8a, 0xf9, 0x70, 0x1e, 0xe4, 0x1b, 0xd6, 0x21, 0xbf, 0xe5, 0x9a, 0x13, 0x5c,
+ 0x2d, 0x6f, 0x71, 0x6e, 0x48, 0x1a, 0x52, 0x5c, 0x2e, 0xe9, 0x78, 0x42, 0x72, 0x52, 0x93, 0x94,
+ 0x34, 0xa4, 0xb8, 0x2c, 0x7e, 0x23, 0xcf, 0xb9, 0x17, 0x61, 0x21, 0x0c, 0xb9, 0x67, 0x54, 0xfc,
+ 0xde, 0x49, 0x58, 0x48, 0x97, 0x63, 0xb7, 0xcc, 0x46, 0xe4, 0x86, 0x4e, 0xe0, 0xe2, 0xcd, 0x9a,
+ 0x79, 0x8e, 0xfb, 0x9f, 0x5f, 0x2e, 0x36, 0x14, 0x15, 0x69, 0x12, 0xf0, 0x6d, 0xd0, 0x8f, 0xbd,
+ 0xa8, 0x61, 0x9e, 0xe7, 0xe7, 0xf3, 0x49, 0xa3, 0x4f, 0xed, 0x97, 0x55, 0x2f, 0x6a, 0x20, 0xae,
+ 0x19, 0xbe, 0x00, 0xc6, 0x1a, 0xd6, 0x21, 0x4b, 0x02, 0x98, 0x84, 0xec, 0xea, 0x3b, 0xc5, 0xe7,
+ 0x3d, 0xc9, 0xca, 0xea, 0x0d, 0x9d, 0x81, 0xd2, 0x72, 0x7c, 0xa0, 0xe3, 0x69, 0x03, 0xa7, 0xb5,
+ 0x81, 0x3a, 0x03, 0xa5, 0xe5, 0x98, 0x93, 0x09, 0xbe, 0x17, 0x39, 0x04, 0xdb, 0xe6, 0xff, 0xf0,
+ 0x4a, 0x5c, 0x76, 0x9c, 0x05, 0x0d, 0x29, 0x2e, 0xbc, 0x17, 0x37, 0x41, 0x4c, 0xbe, 0xf9, 0xb6,
+ 0x7a, 0x96, 0xba, 0x37, 0xc9, 0x12, 0x21, 0xd6, 0x91, 0x38, 0x55, 0xf4, 0xf6, 0x07, 0xf4, 0xc0,
+ 0x80, 0xe5, 0xba, 0x9b, 0x35, 0xf3, 0xc2, 0x49, 0x2b, 0xa2, 0xec, 0x69, 0xa1, 0x32, 0xcc, 0x12,
+ 0xd3, 0x8f, 0x04, 0x0c, 0xc3, 0xf3, 0x3d, 0x16, 0x0b, 0x33, 0xa7, 0x86, 0xb7, 0xc9, 0xf4, 0x23,
+ 0x01, 0xc3, 0xe7, 0xe7, 0x1d, 0x6d, 0xd6, 0xcc, 0xc7, 0x4e, 0x6f, 0x7e, 0x4c, 0x3f, 0x12, 0x30,
+ 0xd0, 0x06, 0x7d, 0x9e, 0x1f, 0x9a, 0x17, 0x7b, 0x7d, 0xf6, 0xf2, 0xd3, 0xe4, 0x96, 0x1f, 0x22,
+ 0xa6, 0x1e, 0xfe, 0xd0, 0x00, 0x20, 0x48, 0x22, 0xf1, 0xd2, 0x49, 0x9b, 0x12, 0x19, 0xb4, 0x52,
+ 0x12, 0xbd, 0xab, 0x5e, 0x48, 0x8e, 0x92, 0x9b, 0x96, 0x16, 0xe5, 0x9a, 0x01, 0xf0, 0x67, 0x06,
+ 0x38, 0xaf, 0x17, 0xe0, 0xca, 0xb2, 0x59, 0xee, 0x87, 0xcd, 0x1e, 0x06, 0x72, 0xd9, 0xf7, 0xdd,
+ 0xb2, 0xd9, 0x6a, 0x16, 0xce, 0x2f, 0x75, 0x00, 0x44, 0x1d, 0xcd, 0x80, 0xbf, 0x32, 0xc0, 0xa4,
+ 0xcc, 0x8e, 0x9a, 0x71, 0x05, 0xee, 0xb6, 0xb7, 0x7b, 0xe8, 0xb6, 0x2c, 0x84, 0xf0, 0x9e, 0xfa,
+ 0xee, 0xd9, 0xc6, 0x47, 0xed, 0x56, 0xc1, 0xdf, 0x1a, 0x60, 0xd4, 0xc6, 0x01, 0xf6, 0x6c, 0xec,
+ 0x55, 0x99, 0x99, 0x73, 0x27, 0xed, 0x74, 0x64, 0xcd, 0x5c, 0xd1, 0xb4, 0x0b, 0x0b, 0x4b, 0xd2,
+ 0xc2, 0x51, 0x9d, 0x75, 0xdc, 0x2c, 0x4c, 0x27, 0x43, 0x75, 0x0e, 0x4a, 0x19, 0x08, 0x7f, 0x64,
+ 0x80, 0xf1, 0xc4, 0xed, 0xe2, 0x80, 0xb8, 0x7c, 0x3a, 0x0b, 0xcf, 0x4b, 0xd0, 0xa5, 0x34, 0x16,
+ 0xca, 0x82, 0xc3, 0x5f, 0x1b, 0xac, 0xda, 0x8a, 0x6f, 0x8f, 0xd4, 0x2c, 0x72, 0x0f, 0xbe, 0xd1,
+ 0x4b, 0x0f, 0x2a, 0xe5, 0xc2, 0x81, 0xd7, 0x92, 0x4a, 0x4e, 0x71, 0x8e, 0x9b, 0x85, 0x29, 0xdd,
+ 0x7f, 0x8a, 0x81, 0x74, 0xe3, 0xe0, 0x7b, 0x06, 0x18, 0xc5, 0x49, 0xc1, 0x4c, 0xcd, 0x2b, 0x27,
+ 0x75, 0x5d, 0xc7, 0xf2, 0x5b, 0x5c, 0xf0, 0x35, 0x16, 0x45, 0x29, 0x58, 0x56, 0xfb, 0xe1, 0x43,
+ 0xab, 0x11, 0xb8, 0xd8, 0xfc, 0xdf, 0xde, 0xd5, 0x7e, 0xab, 0x42, 0x25, 0x8a, 0x75, 0xc3, 0x6b,
+ 0x20, 0xef, 0x45, 0xae, 0xcb, 0xae, 0xc3, 0xe6, 0xe3, 0xbc, 0x8a, 0x50, 0x1d, 0xcf, 0x5b, 0x92,
+ 0x8e, 0x94, 0x04, 0xac, 0x81, 0xb9, 0xc3, 0x9b, 0xd1, 0x0e, 0x26, 0x1e, 0x0e, 0x31, 0xed, 0xd8,
+ 0x52, 0x34, 0xaf, 0x72, 0x2d, 0x33, 0xad, 0x66, 0x61, 0x7a, 0xbb, 0x73, 0xd3, 0xf1, 0x81, 0x3a,
+ 0xe0, 0x9b, 0xe0, 0x31, 0x4d, 0x66, 0xb5, 0xb1, 0x83, 0x6d, 0x1b, 0xdb, 0xf1, 0x45, 0xcb, 0xfc,
+ 0x3f, 0x0e, 0xa1, 0xf6, 0xf1, 0x76, 0x56, 0x00, 0xdd, 0x6f, 0x34, 0x5c, 0x07, 0xd3, 0x1a, 0x7b,
+ 0xcd, 0x0b, 0x37, 0x49, 0x25, 0x24, 0x8e, 0x57, 0x37, 0xe7, 0xb9, 0xde, 0xf3, 0xf1, 0xee, 0xdb,
+ 0xd6, 0x78, 0xa8, 0xcb, 0x18, 0xf8, 0x4a, 0x4a, 0x1b, 0xff, 0x94, 0x62, 0x05, 0x37, 0xf1, 0x11,
+ 0x35, 0x9f, 0xe0, 0xc5, 0x05, 0x5f, 0xe7, 0x6d, 0x8d, 0x8e, 0xba, 0xc8, 0xc3, 0x97, 0xc0, 0xb9,
+ 0x0c, 0x87, 0xdd, 0x2b, 0xcc, 0x27, 0xc5, 0x05, 0x81, 0x55, 0xa2, 0xdb, 0x31, 0x11, 0x75, 0x92,
+ 0x84, 0x5f, 0x05, 0x50, 0x23, 0x6f, 0x58, 0x01, 0x1f, 0xff, 0x94, 0xb8, 0xab, 0xb0, 0x15, 0xdd,
+ 0x96, 0x34, 0xd4, 0x41, 0x0e, 0x7e, 0x68, 0xa4, 0x66, 0x92, 0xdc, 0x66, 0xa9, 0x79, 0x8d, 0x6f,
+ 0xd8, 0x57, 0x1e, 0x3d, 0x00, 0x13, 0x65, 0x28, 0x72, 0xb1, 0xe6, 0x61, 0x0d, 0x05, 0x75, 0x41,
+ 0x9f, 0x61, 0x97, 0xe9, 0x4c, 0x0e, 0x87, 0x13, 0xa0, 0x6f, 0x0f, 0xcb, 0x0f, 0xd9, 0x88, 0xfd,
+ 0x84, 0x6f, 0x81, 0x81, 0x7d, 0xcb, 0x8d, 0xe2, 0x56, 0x40, 0xef, 0xce, 0x7a, 0x24, 0xf4, 0xbe,
+ 0x98, 0xbb, 0x6e, 0xcc, 0x7c, 0x60, 0x80, 0xe9, 0xce, 0xa7, 0xca, 0x17, 0x65, 0xd1, 0x4f, 0x0d,
+ 0x30, 0xd9, 0x76, 0x80, 0x74, 0x30, 0xc6, 0x4d, 0x1b, 0x73, 0xb7, 0x87, 0x27, 0x81, 0xd8, 0x08,
+ 0xbc, 0xa2, 0xd5, 0x2d, 0xfb, 0x81, 0x01, 0x26, 0xb2, 0x89, 0xf9, 0x0b, 0xf2, 0x52, 0xf1, 0xfd,
+ 0x1c, 0x98, 0xee, 0x5c, 0x83, 0xc3, 0x86, 0xea, 0x2e, 0xf4, 0xbc, 0x41, 0xd3, 0xa9, 0x89, 0xfc,
+ 0xae, 0x01, 0x46, 0xde, 0x51, 0x72, 0xf1, 0xf7, 0xd5, 0x5e, 0x76, 0x85, 0xe2, 0xa3, 0x2f, 0x61,
+ 0x50, 0xa4, 0x43, 0x16, 0x7f, 0x63, 0x80, 0xa9, 0x8e, 0xc7, 0x39, 0xbc, 0x0a, 0x06, 0x2d, 0xd7,
+ 0xf5, 0x0f, 0x44, 0x37, 0x4f, 0xfb, 0x50, 0xb0, 0xc4, 0xa9, 0x48, 0x72, 0x35, 0x9f, 0xe5, 0x3e,
+ 0x07, 0x9f, 0x15, 0x7f, 0x6f, 0x80, 0x8b, 0xf7, 0x8b, 0xba, 0xcf, 0x7b, 0x0d, 0xe7, 0x41, 0x5e,
+ 0x16, 0xdb, 0x47, 0x7c, 0xfd, 0x64, 0x76, 0x95, 0x19, 0x81, 0xbf, 0xdf, 0x11, 0xbf, 0x8a, 0x2f,
+ 0x81, 0xf1, 0x4c, 0x03, 0x3a, 0xf5, 0xa4, 0xc7, 0x78, 0xe0, 0x93, 0x9e, 0x5f, 0x18, 0x60, 0xa2,
+ 0x82, 0xc9, 0xbe, 0x53, 0xc5, 0x08, 0xd7, 0x30, 0xc1, 0x5e, 0x15, 0xc3, 0x05, 0x30, 0xcc, 0x3f,
+ 0xa0, 0x06, 0x56, 0x35, 0xfe, 0xec, 0x33, 0x29, 0x75, 0x0c, 0xdf, 0x8a, 0x19, 0x28, 0x91, 0x51,
+ 0x9f, 0x88, 0x72, 0x5d, 0x3f, 0x11, 0x5d, 0x04, 0xfd, 0x41, 0xd2, 0x41, 0xce, 0x33, 0x2e, 0xb7,
+ 0x84, 0x53, 0x39, 0xd7, 0x27, 0x21, 0x6f, 0x93, 0x0d, 0x48, 0xae, 0x4f, 0x42, 0xc4, 0xa9, 0xc5,
+ 0x3f, 0xe6, 0xc0, 0xd9, 0x74, 0x82, 0x67, 0x80, 0x24, 0x72, 0xdb, 0xbe, 0x49, 0x31, 0x1e, 0xe2,
+ 0x1c, 0xfd, 0x29, 0x44, 0xee, 0xfe, 0x4f, 0x21, 0xe0, 0xcb, 0x60, 0x52, 0xfe, 0x5c, 0x3d, 0x0c,
+ 0x08, 0xa6, 0xfc, 0x63, 0x6b, 0x5f, 0xfa, 0x09, 0xe3, 0x46, 0x56, 0x00, 0xb5, 0x8f, 0x81, 0x5f,
+ 0xc9, 0x3c, 0xd3, 0xb8, 0x92, 0x3c, 0xd1, 0x60, 0xc5, 0x21, 0x5f, 0x9f, 0xbb, 0x2c, 0x67, 0xac,
+ 0x12, 0xe2, 0x93, 0xcc, 0xdb, 0x8d, 0x05, 0x30, 0x5c, 0x63, 0x02, 0x7c, 0xe1, 0x06, 0xd2, 0x4e,
+ 0xbf, 0x11, 0x33, 0x50, 0x22, 0x03, 0xbf, 0x06, 0xc6, 0xfd, 0x40, 0x94, 0xc1, 0x9b, 0xae, 0x5d,
+ 0xc1, 0x6e, 0x8d, 0xb7, 0x04, 0xf3, 0x71, 0xdf, 0x36, 0xc5, 0x42, 0x59, 0xd9, 0xe2, 0x1f, 0x0c,
+ 0x70, 0x2e, 0x7e, 0x1f, 0xe5, 0x3a, 0xd8, 0x0b, 0x97, 0x7d, 0xaf, 0xe6, 0xd4, 0xe1, 0x05, 0xd1,
+ 0x7f, 0xd5, 0x9a, 0x9a, 0x71, 0xef, 0x15, 0xde, 0x03, 0x43, 0x54, 0xc4, 0x8a, 0xdc, 0x07, 0xaf,
+ 0x9e, 0xe4, 0x83, 0x4a, 0x3a, 0xe8, 0x44, 0xf9, 0x18, 0x53, 0x63, 0x1c, 0xb6, 0x15, 0xaa, 0x56,
+ 0x39, 0xf2, 0x6c, 0xd9, 0x83, 0x1f, 0x15, 0x5b, 0x61, 0x79, 0x49, 0xd0, 0x90, 0xe2, 0x16, 0xff,
+ 0x6e, 0x80, 0xc9, 0xb6, 0xf7, 0x5e, 0xf0, 0xbb, 0x06, 0x18, 0xad, 0x6a, 0xd3, 0x93, 0x09, 0x65,
+ 0xe3, 0xe4, 0x6f, 0xca, 0x34, 0xa5, 0xa2, 0x06, 0xd3, 0x29, 0x28, 0x05, 0x0a, 0xb7, 0x81, 0x59,
+ 0xcd, 0x3c, 0xad, 0xcc, 0x7c, 0xac, 0xbd, 0xd8, 0x6a, 0x16, 0xcc, 0xe5, 0x2e, 0x32, 0xa8, 0xeb,
+ 0xe8, 0xf2, 0x37, 0x3f, 0xfe, 0x6c, 0xf6, 0xcc, 0x27, 0x9f, 0xcd, 0x9e, 0xf9, 0xf4, 0xb3, 0xd9,
+ 0x33, 0xef, 0xb6, 0x66, 0x8d, 0x8f, 0x5b, 0xb3, 0xc6, 0x27, 0xad, 0x59, 0xe3, 0xd3, 0xd6, 0xac,
+ 0xf1, 0x97, 0xd6, 0xac, 0xf1, 0xe3, 0xbf, 0xce, 0x9e, 0x79, 0xe3, 0xfa, 0xa3, 0x3e, 0xa8, 0xfe,
+ 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff, 0xa3, 0x1c, 0x7a, 0x10, 0x8b, 0x2d, 0x00, 0x00,
}
func (m *ConversionRequest) Marshal() (dAtA []byte, err error) {
@@ -1618,6 +1648,20 @@ func (m *CustomResourceDefinitionVersion) MarshalToSizedBuffer(dAtA []byte) (int
_ = i
var l int
_ = l
+ if len(m.SelectableFields) > 0 {
+ for iNdEx := len(m.SelectableFields) - 1; iNdEx >= 0; iNdEx-- {
+ {
+ size, err := m.SelectableFields[iNdEx].MarshalToSizedBuffer(dAtA[:i])
+ if err != nil {
+ return 0, err
+ }
+ i -= size
+ i = encodeVarintGenerated(dAtA, i, uint64(size))
+ }
+ i--
+ dAtA[i] = 0x4a
+ }
+ }
if m.DeprecationWarning != nil {
i -= len(*m.DeprecationWarning)
copy(dAtA[i:], *m.DeprecationWarning)
@@ -2570,6 +2614,34 @@ func (m *JSONSchemaPropsOrStringArray) MarshalToSizedBuffer(dAtA []byte) (int, e
return len(dAtA) - i, nil
}
+func (m *SelectableField) Marshal() (dAtA []byte, err error) {
+ size := m.Size()
+ dAtA = make([]byte, size)
+ n, err := m.MarshalToSizedBuffer(dAtA[:size])
+ if err != nil {
+ return nil, err
+ }
+ return dAtA[:n], nil
+}
+
+func (m *SelectableField) MarshalTo(dAtA []byte) (int, error) {
+ size := m.Size()
+ return m.MarshalToSizedBuffer(dAtA[:size])
+}
+
+func (m *SelectableField) MarshalToSizedBuffer(dAtA []byte) (int, error) {
+ i := len(dAtA)
+ _ = i
+ var l int
+ _ = l
+ i -= len(m.JSONPath)
+ copy(dAtA[i:], m.JSONPath)
+ i = encodeVarintGenerated(dAtA, i, uint64(len(m.JSONPath)))
+ i--
+ dAtA[i] = 0xa
+ return len(dAtA) - i, nil
+}
+
func (m *ServiceReference) Marshal() (dAtA []byte, err error) {
size := m.Size()
dAtA = make([]byte, size)
@@ -3027,6 +3099,12 @@ func (m *CustomResourceDefinitionVersion) Size() (n int) {
l = len(*m.DeprecationWarning)
n += 1 + l + sovGenerated(uint64(l))
}
+ if len(m.SelectableFields) > 0 {
+ for _, e := range m.SelectableFields {
+ l = e.Size()
+ n += 1 + l + sovGenerated(uint64(l))
+ }
+ }
return n
}
@@ -3341,6 +3419,17 @@ func (m *JSONSchemaPropsOrStringArray) Size() (n int) {
return n
}
+func (m *SelectableField) Size() (n int) {
+ if m == nil {
+ return 0
+ }
+ var l int
+ _ = l
+ l = len(m.JSONPath)
+ n += 1 + l + sovGenerated(uint64(l))
+ return n
+}
+
func (m *ServiceReference) Size() (n int) {
if m == nil {
return 0
@@ -3605,6 +3694,11 @@ func (this *CustomResourceDefinitionVersion) String() string {
repeatedStringForAdditionalPrinterColumns += strings.Replace(strings.Replace(f.String(), "CustomResourceColumnDefinition", "CustomResourceColumnDefinition", 1), `&`, ``, 1) + ","
}
repeatedStringForAdditionalPrinterColumns += "}"
+ repeatedStringForSelectableFields := "[]SelectableField{"
+ for _, f := range this.SelectableFields {
+ repeatedStringForSelectableFields += strings.Replace(strings.Replace(f.String(), "SelectableField", "SelectableField", 1), `&`, ``, 1) + ","
+ }
+ repeatedStringForSelectableFields += "}"
s := strings.Join([]string{`&CustomResourceDefinitionVersion{`,
`Name:` + fmt.Sprintf("%v", this.Name) + `,`,
`Served:` + fmt.Sprintf("%v", this.Served) + `,`,
@@ -3614,6 +3708,7 @@ func (this *CustomResourceDefinitionVersion) String() string {
`AdditionalPrinterColumns:` + repeatedStringForAdditionalPrinterColumns + `,`,
`Deprecated:` + fmt.Sprintf("%v", this.Deprecated) + `,`,
`DeprecationWarning:` + valueToStringGenerated(this.DeprecationWarning) + `,`,
+ `SelectableFields:` + repeatedStringForSelectableFields + `,`,
`}`,
}, "")
return s
@@ -3837,6 +3932,16 @@ func (this *JSONSchemaPropsOrStringArray) String() string {
}, "")
return s
}
+func (this *SelectableField) String() string {
+ if this == nil {
+ return "nil"
+ }
+ s := strings.Join([]string{`&SelectableField{`,
+ `JSONPath:` + fmt.Sprintf("%v", this.JSONPath) + `,`,
+ `}`,
+ }, "")
+ return s
+}
func (this *ServiceReference) String() string {
if this == nil {
return "nil"
@@ -6027,6 +6132,40 @@ func (m *CustomResourceDefinitionVersion) Unmarshal(dAtA []byte) error {
s := string(dAtA[iNdEx:postIndex])
m.DeprecationWarning = &s
iNdEx = postIndex
+ case 9:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field SelectableFields", wireType)
+ }
+ var msglen int
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ msglen |= int(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ if msglen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + msglen
+ if postIndex < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.SelectableFields = append(m.SelectableFields, SelectableField{})
+ if err := m.SelectableFields[len(m.SelectableFields)-1].Unmarshal(dAtA[iNdEx:postIndex]); err != nil {
+ return err
+ }
+ iNdEx = postIndex
default:
iNdEx = preIndex
skippy, err := skipGenerated(dAtA[iNdEx:])
@@ -8667,6 +8806,88 @@ func (m *JSONSchemaPropsOrStringArray) Unmarshal(dAtA []byte) error {
}
return nil
}
+func (m *SelectableField) Unmarshal(dAtA []byte) error {
+ l := len(dAtA)
+ iNdEx := 0
+ for iNdEx < l {
+ preIndex := iNdEx
+ var wire uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ wire |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ fieldNum := int32(wire >> 3)
+ wireType := int(wire & 0x7)
+ if wireType == 4 {
+ return fmt.Errorf("proto: SelectableField: wiretype end group for non-group")
+ }
+ if fieldNum <= 0 {
+ return fmt.Errorf("proto: SelectableField: illegal tag %d (wire type %d)", fieldNum, wire)
+ }
+ switch fieldNum {
+ case 1:
+ if wireType != 2 {
+ return fmt.Errorf("proto: wrong wireType = %d for field JSONPath", wireType)
+ }
+ var stringLen uint64
+ for shift := uint(0); ; shift += 7 {
+ if shift >= 64 {
+ return ErrIntOverflowGenerated
+ }
+ if iNdEx >= l {
+ return io.ErrUnexpectedEOF
+ }
+ b := dAtA[iNdEx]
+ iNdEx++
+ stringLen |= uint64(b&0x7F) << shift
+ if b < 0x80 {
+ break
+ }
+ }
+ intStringLen := int(stringLen)
+ if intStringLen < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ postIndex := iNdEx + intStringLen
+ if postIndex < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if postIndex > l {
+ return io.ErrUnexpectedEOF
+ }
+ m.JSONPath = string(dAtA[iNdEx:postIndex])
+ iNdEx = postIndex
+ default:
+ iNdEx = preIndex
+ skippy, err := skipGenerated(dAtA[iNdEx:])
+ if err != nil {
+ return err
+ }
+ if (skippy < 0) || (iNdEx+skippy) < 0 {
+ return ErrInvalidLengthGenerated
+ }
+ if (iNdEx + skippy) > l {
+ return io.ErrUnexpectedEOF
+ }
+ iNdEx += skippy
+ }
+ }
+
+ if iNdEx > l {
+ return io.ErrUnexpectedEOF
+ }
+ return nil
+}
func (m *ServiceReference) Unmarshal(dAtA []byte) error {
l := len(dAtA)
iNdEx := 0
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto
index 3c39d63a5..2ad78822f 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/generated.proto
@@ -40,6 +40,7 @@ message ConversionRequest {
optional string desiredAPIVersion = 2;
// objects is the list of custom resource objects to be converted.
+ // +listType=atomic
repeated k8s.io.apimachinery.pkg.runtime.RawExtension objects = 3;
}
@@ -53,6 +54,7 @@ message ConversionResponse {
// The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list
// must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace).
// The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored.
+ // +listType=atomic
repeated k8s.io.apimachinery.pkg.runtime.RawExtension convertedObjects = 2;
// result contains the result of conversion with extra details if the conversion failed. `result.status` determines if
@@ -182,6 +184,7 @@ message CustomResourceDefinitionNames {
// and used by clients to support invocations like `kubectl get `.
// It must be all lowercase.
// +optional
+ // +listType=atomic
repeated string shortNames = 3;
// kind is the serialized kind of the resource. It is normally CamelCase and singular.
@@ -196,6 +199,7 @@ message CustomResourceDefinitionNames {
// This is published in API discovery documents, and used by clients to support invocations like
// `kubectl get all`.
// +optional
+ // +listType=atomic
repeated string categories = 6;
}
@@ -221,6 +225,7 @@ message CustomResourceDefinitionSpec {
// by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing
// major version, then minor version. An example sorted list of versions:
// v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+ // +listType=atomic
repeated CustomResourceDefinitionVersion versions = 7;
// conversion defines conversion settings for the CRD.
@@ -256,6 +261,7 @@ message CustomResourceDefinitionStatus {
// versions from this list.
// Versions may not be removed from `spec.versions` while they exist in this list.
// +optional
+ // +listType=atomic
repeated string storedVersions = 3;
}
@@ -297,7 +303,17 @@ message CustomResourceDefinitionVersion {
// See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
// If no columns are specified, a single column displaying the age of the custom resource is used.
// +optional
+ // +listType=atomic
repeated CustomResourceColumnDefinition additionalPrinterColumns = 6;
+
+ // selectableFields specifies paths to fields that may be used as field selectors.
+ // A maximum of 8 selectable fields are allowed.
+ // See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors
+ //
+ // +featureGate=CustomResourceFieldSelectors
+ // +optional
+ // +listType=atomic
+ repeated SelectableField selectableFields = 9;
}
// CustomResourceSubresourceScale defines how to serve the scale subresource for CustomResources.
@@ -439,20 +455,25 @@ message JSONSchemaProps {
optional double multipleOf = 19;
+ // +listType=atomic
repeated JSON enum = 20;
optional int64 maxProperties = 21;
optional int64 minProperties = 22;
+ // +listType=atomic
repeated string required = 23;
optional JSONSchemaPropsOrArray items = 24;
+ // +listType=atomic
repeated JSONSchemaProps allOf = 25;
+ // +listType=atomic
repeated JSONSchemaProps oneOf = 26;
+ // +listType=atomic
repeated JSONSchemaProps anyOf = 27;
optional JSONSchemaProps not = 28;
@@ -518,6 +539,7 @@ message JSONSchemaProps {
// to ensure those properties are present for all list items.
//
// +optional
+ // +listType=atomic
repeated string xKubernetesListMapKeys = 41;
// x-kubernetes-list-type annotates an array to further describe its topology.
@@ -564,6 +586,7 @@ message JSONSchemaProps {
message JSONSchemaPropsOrArray {
optional JSONSchemaProps schema = 1;
+ // +listType=atomic
repeated JSONSchemaProps jSONSchemas = 2;
}
@@ -579,9 +602,23 @@ message JSONSchemaPropsOrBool {
message JSONSchemaPropsOrStringArray {
optional JSONSchemaProps schema = 1;
+ // +listType=atomic
repeated string property = 2;
}
+// SelectableField specifies the JSON path of a field that may be used with field selectors.
+message SelectableField {
+ // jsonPath is a simple JSON path which is evaluated against each custom resource to produce a
+ // field selector value.
+ // Only JSON paths without the array notation are allowed.
+ // Must point to a field of type string, boolean or integer. Types with enum values
+ // and strings with formats are allowed.
+ // If jsonPath refers to absent field in a resource, the jsonPath evaluates to an empty string.
+ // Must not point to metdata fields.
+ // Required.
+ optional string jsonPath = 1;
+}
+
// ServiceReference holds a reference to Service.legacy.k8s.io
message ServiceReference {
// namespace is the namespace of the service.
@@ -787,6 +824,7 @@ message WebhookConversion {
// are supported by API server, conversion will fail for the custom resource.
// If a persisted Webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail.
+ // +listType=atomic
repeated string conversionReviewVersions = 3;
}
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types.go
index 59ec0e372..e1d1e0be3 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types.go
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types.go
@@ -56,6 +56,7 @@ type CustomResourceDefinitionSpec struct {
// by GA > beta > alpha (where GA is a version with no suffix such as beta or alpha), and then by comparing
// major version, then minor version. An example sorted list of versions:
// v10, v2, v1, v11beta2, v10beta3, v3beta1, v12alpha1, v11alpha2, foo1, foo10.
+ // +listType=atomic
Versions []CustomResourceDefinitionVersion `json:"versions" protobuf:"bytes,7,rep,name=versions"`
// conversion defines conversion settings for the CRD.
@@ -96,6 +97,7 @@ type WebhookConversion struct {
// are supported by API server, conversion will fail for the custom resource.
// If a persisted Webhook configuration specifies allowed versions and does not
// include any versions known to the API Server, calls to the webhook will fail.
+ // +listType=atomic
ConversionReviewVersions []string `json:"conversionReviewVersions" protobuf:"bytes,3,rep,name=conversionReviewVersions"`
}
@@ -195,7 +197,30 @@ type CustomResourceDefinitionVersion struct {
// See https://kubernetes.io/docs/reference/using-api/api-concepts/#receiving-resources-as-tables for details.
// If no columns are specified, a single column displaying the age of the custom resource is used.
// +optional
+ // +listType=atomic
AdditionalPrinterColumns []CustomResourceColumnDefinition `json:"additionalPrinterColumns,omitempty" protobuf:"bytes,6,rep,name=additionalPrinterColumns"`
+
+ // selectableFields specifies paths to fields that may be used as field selectors.
+ // A maximum of 8 selectable fields are allowed.
+ // See https://kubernetes.io/docs/concepts/overview/working-with-objects/field-selectors
+ //
+ // +featureGate=CustomResourceFieldSelectors
+ // +optional
+ // +listType=atomic
+ SelectableFields []SelectableField `json:"selectableFields,omitempty" protobuf:"bytes,9,rep,name=selectableFields"`
+}
+
+// SelectableField specifies the JSON path of a field that may be used with field selectors.
+type SelectableField struct {
+ // jsonPath is a simple JSON path which is evaluated against each custom resource to produce a
+ // field selector value.
+ // Only JSON paths without the array notation are allowed.
+ // Must point to a field of type string, boolean or integer. Types with enum values
+ // and strings with formats are allowed.
+ // If jsonPath refers to absent field in a resource, the jsonPath evaluates to an empty string.
+ // Must not point to metdata fields.
+ // Required.
+ JSONPath string `json:"jsonPath" protobuf:"bytes,1,opt,name=jsonPath"`
}
// CustomResourceColumnDefinition specifies a column for server side printing.
@@ -237,6 +262,7 @@ type CustomResourceDefinitionNames struct {
// and used by clients to support invocations like `kubectl get `.
// It must be all lowercase.
// +optional
+ // +listType=atomic
ShortNames []string `json:"shortNames,omitempty" protobuf:"bytes,3,opt,name=shortNames"`
// kind is the serialized kind of the resource. It is normally CamelCase and singular.
// Custom resource instances will use this value as the `kind` attribute in API calls.
@@ -248,6 +274,7 @@ type CustomResourceDefinitionNames struct {
// This is published in API discovery documents, and used by clients to support invocations like
// `kubectl get all`.
// +optional
+ // +listType=atomic
Categories []string `json:"categories,omitempty" protobuf:"bytes,6,rep,name=categories"`
}
@@ -345,6 +372,7 @@ type CustomResourceDefinitionStatus struct {
// versions from this list.
// Versions may not be removed from `spec.versions` while they exist in this list.
// +optional
+ // +listType=atomic
StoredVersions []string `json:"storedVersions" protobuf:"bytes,3,rep,name=storedVersions"`
}
@@ -463,6 +491,7 @@ type ConversionRequest struct {
// desiredAPIVersion is the version to convert given objects to. e.g. "myapi.example.com/v1"
DesiredAPIVersion string `json:"desiredAPIVersion" protobuf:"bytes,2,name=desiredAPIVersion"`
// objects is the list of custom resource objects to be converted.
+ // +listType=atomic
Objects []runtime.RawExtension `json:"objects" protobuf:"bytes,3,rep,name=objects"`
}
@@ -475,6 +504,7 @@ type ConversionResponse struct {
// The webhook is expected to set `apiVersion` of these objects to the `request.desiredAPIVersion`. The list
// must also have the same size as the input list with the same objects in the same order (equal kind, metadata.uid, metadata.name and metadata.namespace).
// The webhook is allowed to mutate labels and annotations. Any other change to the metadata is silently ignored.
+ // +listType=atomic
ConvertedObjects []runtime.RawExtension `json:"convertedObjects" protobuf:"bytes,2,rep,name=convertedObjects"`
// result contains the result of conversion with extra details if the conversion failed. `result.status` determines if
// the conversion failed or succeeded. The `result.status` field is required and represents the success or failure of the
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema.go
index a81451ad6..5dbdf576b 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema.go
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/types_jsonschema.go
@@ -76,25 +76,30 @@ type JSONSchemaProps struct {
// default is a default value for undefined object fields.
// Defaulting is a beta feature under the CustomResourceDefaulting feature gate.
// Defaulting requires spec.preserveUnknownFields to be false.
- Default *JSON `json:"default,omitempty" protobuf:"bytes,8,opt,name=default"`
- Maximum *float64 `json:"maximum,omitempty" protobuf:"bytes,9,opt,name=maximum"`
- ExclusiveMaximum bool `json:"exclusiveMaximum,omitempty" protobuf:"bytes,10,opt,name=exclusiveMaximum"`
- Minimum *float64 `json:"minimum,omitempty" protobuf:"bytes,11,opt,name=minimum"`
- ExclusiveMinimum bool `json:"exclusiveMinimum,omitempty" protobuf:"bytes,12,opt,name=exclusiveMinimum"`
- MaxLength *int64 `json:"maxLength,omitempty" protobuf:"bytes,13,opt,name=maxLength"`
- MinLength *int64 `json:"minLength,omitempty" protobuf:"bytes,14,opt,name=minLength"`
- Pattern string `json:"pattern,omitempty" protobuf:"bytes,15,opt,name=pattern"`
- MaxItems *int64 `json:"maxItems,omitempty" protobuf:"bytes,16,opt,name=maxItems"`
- MinItems *int64 `json:"minItems,omitempty" protobuf:"bytes,17,opt,name=minItems"`
- UniqueItems bool `json:"uniqueItems,omitempty" protobuf:"bytes,18,opt,name=uniqueItems"`
- MultipleOf *float64 `json:"multipleOf,omitempty" protobuf:"bytes,19,opt,name=multipleOf"`
- Enum []JSON `json:"enum,omitempty" protobuf:"bytes,20,rep,name=enum"`
- MaxProperties *int64 `json:"maxProperties,omitempty" protobuf:"bytes,21,opt,name=maxProperties"`
- MinProperties *int64 `json:"minProperties,omitempty" protobuf:"bytes,22,opt,name=minProperties"`
- Required []string `json:"required,omitempty" protobuf:"bytes,23,rep,name=required"`
- Items *JSONSchemaPropsOrArray `json:"items,omitempty" protobuf:"bytes,24,opt,name=items"`
- AllOf []JSONSchemaProps `json:"allOf,omitempty" protobuf:"bytes,25,rep,name=allOf"`
- OneOf []JSONSchemaProps `json:"oneOf,omitempty" protobuf:"bytes,26,rep,name=oneOf"`
+ Default *JSON `json:"default,omitempty" protobuf:"bytes,8,opt,name=default"`
+ Maximum *float64 `json:"maximum,omitempty" protobuf:"bytes,9,opt,name=maximum"`
+ ExclusiveMaximum bool `json:"exclusiveMaximum,omitempty" protobuf:"bytes,10,opt,name=exclusiveMaximum"`
+ Minimum *float64 `json:"minimum,omitempty" protobuf:"bytes,11,opt,name=minimum"`
+ ExclusiveMinimum bool `json:"exclusiveMinimum,omitempty" protobuf:"bytes,12,opt,name=exclusiveMinimum"`
+ MaxLength *int64 `json:"maxLength,omitempty" protobuf:"bytes,13,opt,name=maxLength"`
+ MinLength *int64 `json:"minLength,omitempty" protobuf:"bytes,14,opt,name=minLength"`
+ Pattern string `json:"pattern,omitempty" protobuf:"bytes,15,opt,name=pattern"`
+ MaxItems *int64 `json:"maxItems,omitempty" protobuf:"bytes,16,opt,name=maxItems"`
+ MinItems *int64 `json:"minItems,omitempty" protobuf:"bytes,17,opt,name=minItems"`
+ UniqueItems bool `json:"uniqueItems,omitempty" protobuf:"bytes,18,opt,name=uniqueItems"`
+ MultipleOf *float64 `json:"multipleOf,omitempty" protobuf:"bytes,19,opt,name=multipleOf"`
+ // +listType=atomic
+ Enum []JSON `json:"enum,omitempty" protobuf:"bytes,20,rep,name=enum"`
+ MaxProperties *int64 `json:"maxProperties,omitempty" protobuf:"bytes,21,opt,name=maxProperties"`
+ MinProperties *int64 `json:"minProperties,omitempty" protobuf:"bytes,22,opt,name=minProperties"`
+ // +listType=atomic
+ Required []string `json:"required,omitempty" protobuf:"bytes,23,rep,name=required"`
+ Items *JSONSchemaPropsOrArray `json:"items,omitempty" protobuf:"bytes,24,opt,name=items"`
+ // +listType=atomic
+ AllOf []JSONSchemaProps `json:"allOf,omitempty" protobuf:"bytes,25,rep,name=allOf"`
+ // +listType=atomic
+ OneOf []JSONSchemaProps `json:"oneOf,omitempty" protobuf:"bytes,26,rep,name=oneOf"`
+ // +listType=atomic
AnyOf []JSONSchemaProps `json:"anyOf,omitempty" protobuf:"bytes,27,rep,name=anyOf"`
Not *JSONSchemaProps `json:"not,omitempty" protobuf:"bytes,28,opt,name=not"`
Properties map[string]JSONSchemaProps `json:"properties,omitempty" protobuf:"bytes,29,rep,name=properties"`
@@ -150,6 +155,7 @@ type JSONSchemaProps struct {
// to ensure those properties are present for all list items.
//
// +optional
+ // +listType=atomic
XListMapKeys []string `json:"x-kubernetes-list-map-keys,omitempty" protobuf:"bytes,41,rep,name=xKubernetesListMapKeys"`
// x-kubernetes-list-type annotates an array to further describe its topology.
@@ -343,7 +349,8 @@ type JSONSchemaURL string
// JSONSchemaPropsOrArray represents a value that can either be a JSONSchemaProps
// or an array of JSONSchemaProps. Mainly here for serialization purposes.
type JSONSchemaPropsOrArray struct {
- Schema *JSONSchemaProps `protobuf:"bytes,1,opt,name=schema"`
+ Schema *JSONSchemaProps `protobuf:"bytes,1,opt,name=schema"`
+ // +listType=atomic
JSONSchemas []JSONSchemaProps `protobuf:"bytes,2,rep,name=jSONSchemas"`
}
@@ -385,8 +392,9 @@ type JSONSchemaDependencies map[string]JSONSchemaPropsOrStringArray
// JSONSchemaPropsOrStringArray represents a JSONSchemaProps or a string array.
type JSONSchemaPropsOrStringArray struct {
- Schema *JSONSchemaProps `protobuf:"bytes,1,opt,name=schema"`
- Property []string `protobuf:"bytes,2,rep,name=property"`
+ Schema *JSONSchemaProps `protobuf:"bytes,1,opt,name=schema"`
+ // +listType=atomic
+ Property []string `protobuf:"bytes,2,rep,name=property"`
}
// OpenAPISchemaType is used by the kube-openapi generator when constructing
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.conversion.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.conversion.go
index 405021bf3..bb1d7e014 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.conversion.go
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.conversion.go
@@ -192,6 +192,16 @@ func RegisterConversions(s *runtime.Scheme) error {
}); err != nil {
return err
}
+ if err := s.AddGeneratedConversionFunc((*SelectableField)(nil), (*apiextensions.SelectableField)(nil), func(a, b interface{}, scope conversion.Scope) error {
+ return Convert_v1_SelectableField_To_apiextensions_SelectableField(a.(*SelectableField), b.(*apiextensions.SelectableField), scope)
+ }); err != nil {
+ return err
+ }
+ if err := s.AddGeneratedConversionFunc((*apiextensions.SelectableField)(nil), (*SelectableField)(nil), func(a, b interface{}, scope conversion.Scope) error {
+ return Convert_apiextensions_SelectableField_To_v1_SelectableField(a.(*apiextensions.SelectableField), b.(*SelectableField), scope)
+ }); err != nil {
+ return err
+ }
if err := s.AddGeneratedConversionFunc((*ServiceReference)(nil), (*apiextensions.ServiceReference)(nil), func(a, b interface{}, scope conversion.Scope) error {
return Convert_v1_ServiceReference_To_apiextensions_ServiceReference(a.(*ServiceReference), b.(*apiextensions.ServiceReference), scope)
}); err != nil {
@@ -493,6 +503,7 @@ func autoConvert_apiextensions_CustomResourceDefinitionSpec_To_v1_CustomResource
out.Versions = nil
}
// WARNING: in.AdditionalPrinterColumns requires manual conversion: does not exist in peer-type
+ // WARNING: in.SelectableFields requires manual conversion: does not exist in peer-type
if in.Conversion != nil {
in, out := &in.Conversion, &out.Conversion
*out = new(CustomResourceConversion)
@@ -553,6 +564,7 @@ func autoConvert_v1_CustomResourceDefinitionVersion_To_apiextensions_CustomResou
}
out.Subresources = (*apiextensions.CustomResourceSubresources)(unsafe.Pointer(in.Subresources))
out.AdditionalPrinterColumns = *(*[]apiextensions.CustomResourceColumnDefinition)(unsafe.Pointer(&in.AdditionalPrinterColumns))
+ out.SelectableFields = *(*[]apiextensions.SelectableField)(unsafe.Pointer(&in.SelectableFields))
return nil
}
@@ -578,6 +590,7 @@ func autoConvert_apiextensions_CustomResourceDefinitionVersion_To_v1_CustomResou
}
out.Subresources = (*CustomResourceSubresources)(unsafe.Pointer(in.Subresources))
out.AdditionalPrinterColumns = *(*[]CustomResourceColumnDefinition)(unsafe.Pointer(&in.AdditionalPrinterColumns))
+ out.SelectableFields = *(*[]SelectableField)(unsafe.Pointer(&in.SelectableFields))
return nil
}
@@ -1225,6 +1238,26 @@ func Convert_apiextensions_JSONSchemaPropsOrStringArray_To_v1_JSONSchemaPropsOrS
return autoConvert_apiextensions_JSONSchemaPropsOrStringArray_To_v1_JSONSchemaPropsOrStringArray(in, out, s)
}
+func autoConvert_v1_SelectableField_To_apiextensions_SelectableField(in *SelectableField, out *apiextensions.SelectableField, s conversion.Scope) error {
+ out.JSONPath = in.JSONPath
+ return nil
+}
+
+// Convert_v1_SelectableField_To_apiextensions_SelectableField is an autogenerated conversion function.
+func Convert_v1_SelectableField_To_apiextensions_SelectableField(in *SelectableField, out *apiextensions.SelectableField, s conversion.Scope) error {
+ return autoConvert_v1_SelectableField_To_apiextensions_SelectableField(in, out, s)
+}
+
+func autoConvert_apiextensions_SelectableField_To_v1_SelectableField(in *apiextensions.SelectableField, out *SelectableField, s conversion.Scope) error {
+ out.JSONPath = in.JSONPath
+ return nil
+}
+
+// Convert_apiextensions_SelectableField_To_v1_SelectableField is an autogenerated conversion function.
+func Convert_apiextensions_SelectableField_To_v1_SelectableField(in *apiextensions.SelectableField, out *SelectableField, s conversion.Scope) error {
+ return autoConvert_apiextensions_SelectableField_To_v1_SelectableField(in, out, s)
+}
+
func autoConvert_v1_ServiceReference_To_apiextensions_ServiceReference(in *ServiceReference, out *apiextensions.ServiceReference, s conversion.Scope) error {
out.Namespace = in.Namespace
out.Name = in.Name
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.deepcopy.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.deepcopy.go
index bc23fcd86..f85a0b067 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1/zz_generated.deepcopy.go
@@ -329,6 +329,11 @@ func (in *CustomResourceDefinitionVersion) DeepCopyInto(out *CustomResourceDefin
*out = make([]CustomResourceColumnDefinition, len(*in))
copy(*out, *in)
}
+ if in.SelectableFields != nil {
+ in, out := &in.SelectableFields, &out.SelectableFields
+ *out = make([]SelectableField, len(*in))
+ copy(*out, *in)
+ }
return
}
@@ -585,6 +590,22 @@ func (in *JSONSchemaPropsOrStringArray) DeepCopy() *JSONSchemaPropsOrStringArray
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelectableField) DeepCopyInto(out *SelectableField) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectableField.
+func (in *SelectableField) DeepCopy() *SelectableField {
+ if in == nil {
+ return nil
+ }
+ out := new(SelectableField)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceReference) DeepCopyInto(out *ServiceReference) {
*out = *in
diff --git a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/zz_generated.deepcopy.go b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/zz_generated.deepcopy.go
index b5e5c35c5..3be35f308 100644
--- a/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/zz_generated.deepcopy.go
+++ b/vendor/k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/zz_generated.deepcopy.go
@@ -197,6 +197,11 @@ func (in *CustomResourceDefinitionSpec) DeepCopyInto(out *CustomResourceDefiniti
*out = make([]CustomResourceColumnDefinition, len(*in))
copy(*out, *in)
}
+ if in.SelectableFields != nil {
+ in, out := &in.SelectableFields, &out.SelectableFields
+ *out = make([]SelectableField, len(*in))
+ copy(*out, *in)
+ }
if in.Conversion != nil {
in, out := &in.Conversion, &out.Conversion
*out = new(CustomResourceConversion)
@@ -272,6 +277,11 @@ func (in *CustomResourceDefinitionVersion) DeepCopyInto(out *CustomResourceDefin
*out = make([]CustomResourceColumnDefinition, len(*in))
copy(*out, *in)
}
+ if in.SelectableFields != nil {
+ in, out := &in.SelectableFields, &out.SelectableFields
+ *out = make([]SelectableField, len(*in))
+ copy(*out, *in)
+ }
return
}
@@ -507,6 +517,22 @@ func (in *JSONSchemaPropsOrStringArray) DeepCopy() *JSONSchemaPropsOrStringArray
return out
}
+// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
+func (in *SelectableField) DeepCopyInto(out *SelectableField) {
+ *out = *in
+ return
+}
+
+// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new SelectableField.
+func (in *SelectableField) DeepCopy() *SelectableField {
+ if in == nil {
+ return nil
+ }
+ out := new(SelectableField)
+ in.DeepCopyInto(out)
+ return out
+}
+
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (in *ServiceReference) DeepCopyInto(out *ServiceReference) {
*out = *in
diff --git a/vendor/k8s.io/gengo/examples/set-gen/sets/byte.go b/vendor/k8s.io/gengo/examples/set-gen/sets/byte.go
deleted file mode 100644
index e9660c2f3..000000000
--- a/vendor/k8s.io/gengo/examples/set-gen/sets/byte.go
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by set-gen. DO NOT EDIT.
-
-package sets
-
-import (
- "reflect"
- "sort"
-)
-
-// sets.Byte is a set of bytes, implemented via map[byte]struct{} for minimal memory consumption.
-type Byte map[byte]Empty
-
-// NewByte creates a Byte from a list of values.
-func NewByte(items ...byte) Byte {
- ss := make(Byte, len(items))
- ss.Insert(items...)
- return ss
-}
-
-// ByteKeySet creates a Byte from a keys of a map[byte](? extends interface{}).
-// If the value passed in is not actually a map, this will panic.
-func ByteKeySet(theMap interface{}) Byte {
- v := reflect.ValueOf(theMap)
- ret := Byte{}
-
- for _, keyValue := range v.MapKeys() {
- ret.Insert(keyValue.Interface().(byte))
- }
- return ret
-}
-
-// Insert adds items to the set.
-func (s Byte) Insert(items ...byte) Byte {
- for _, item := range items {
- s[item] = Empty{}
- }
- return s
-}
-
-// Delete removes all items from the set.
-func (s Byte) Delete(items ...byte) Byte {
- for _, item := range items {
- delete(s, item)
- }
- return s
-}
-
-// Has returns true if and only if item is contained in the set.
-func (s Byte) Has(item byte) bool {
- _, contained := s[item]
- return contained
-}
-
-// HasAll returns true if and only if all items are contained in the set.
-func (s Byte) HasAll(items ...byte) bool {
- for _, item := range items {
- if !s.Has(item) {
- return false
- }
- }
- return true
-}
-
-// HasAny returns true if any items are contained in the set.
-func (s Byte) HasAny(items ...byte) bool {
- for _, item := range items {
- if s.Has(item) {
- return true
- }
- }
- return false
-}
-
-// Clone returns a new set which is a copy of the current set.
-func (s Byte) Clone() Byte {
- result := make(Byte, len(s))
- for key := range s {
- result.Insert(key)
- }
- return result
-}
-
-// Difference returns a set of objects that are not in s2.
-// For example:
-// s1 = {a1, a2, a3}
-// s2 = {a1, a2, a4, a5}
-// s1.Difference(s2) = {a3}
-// s2.Difference(s1) = {a4, a5}
-func (s1 Byte) Difference(s2 Byte) Byte {
- result := NewByte()
- for key := range s1 {
- if !s2.Has(key) {
- result.Insert(key)
- }
- }
- return result
-}
-
-// SymmetricDifference returns a set of elements which are in either of the sets, but not in their intersection.
-// For example:
-// s1 = {a1, a2, a3}
-// s2 = {a1, a2, a4, a5}
-// s1.SymmetricDifference(s2) = {a3, a4, a5}
-// s2.SymmetricDifference(s1) = {a3, a4, a5}
-func (s1 Byte) SymmetricDifference(s2 Byte) Byte {
- return s1.Difference(s2).Union(s2.Difference(s1))
-}
-
-// Union returns a new set which includes items in either s1 or s2.
-// For example:
-// s1 = {a1, a2}
-// s2 = {a3, a4}
-// s1.Union(s2) = {a1, a2, a3, a4}
-// s2.Union(s1) = {a1, a2, a3, a4}
-func (s1 Byte) Union(s2 Byte) Byte {
- result := s1.Clone()
- for key := range s2 {
- result.Insert(key)
- }
- return result
-}
-
-// Intersection returns a new set which includes the item in BOTH s1 and s2
-// For example:
-// s1 = {a1, a2}
-// s2 = {a2, a3}
-// s1.Intersection(s2) = {a2}
-func (s1 Byte) Intersection(s2 Byte) Byte {
- var walk, other Byte
- result := NewByte()
- if s1.Len() < s2.Len() {
- walk = s1
- other = s2
- } else {
- walk = s2
- other = s1
- }
- for key := range walk {
- if other.Has(key) {
- result.Insert(key)
- }
- }
- return result
-}
-
-// IsSuperset returns true if and only if s1 is a superset of s2.
-func (s1 Byte) IsSuperset(s2 Byte) bool {
- for item := range s2 {
- if !s1.Has(item) {
- return false
- }
- }
- return true
-}
-
-// Equal returns true if and only if s1 is equal (as a set) to s2.
-// Two sets are equal if their membership is identical.
-// (In practice, this means same elements, order doesn't matter)
-func (s1 Byte) Equal(s2 Byte) bool {
- return len(s1) == len(s2) && s1.IsSuperset(s2)
-}
-
-type sortableSliceOfByte []byte
-
-func (s sortableSliceOfByte) Len() int { return len(s) }
-func (s sortableSliceOfByte) Less(i, j int) bool { return lessByte(s[i], s[j]) }
-func (s sortableSliceOfByte) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-
-// List returns the contents as a sorted byte slice.
-func (s Byte) List() []byte {
- res := make(sortableSliceOfByte, 0, len(s))
- for key := range s {
- res = append(res, key)
- }
- sort.Sort(res)
- return []byte(res)
-}
-
-// UnsortedList returns the slice with contents in random order.
-func (s Byte) UnsortedList() []byte {
- res := make([]byte, 0, len(s))
- for key := range s {
- res = append(res, key)
- }
- return res
-}
-
-// Returns a single element from the set.
-func (s Byte) PopAny() (byte, bool) {
- for key := range s {
- s.Delete(key)
- return key, true
- }
- var zeroValue byte
- return zeroValue, false
-}
-
-// Len returns the size of the set.
-func (s Byte) Len() int {
- return len(s)
-}
-
-func lessByte(lhs, rhs byte) bool {
- return lhs < rhs
-}
diff --git a/vendor/k8s.io/gengo/examples/set-gen/sets/int.go b/vendor/k8s.io/gengo/examples/set-gen/sets/int.go
deleted file mode 100644
index f614f06e1..000000000
--- a/vendor/k8s.io/gengo/examples/set-gen/sets/int.go
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by set-gen. DO NOT EDIT.
-
-package sets
-
-import (
- "reflect"
- "sort"
-)
-
-// sets.Int is a set of ints, implemented via map[int]struct{} for minimal memory consumption.
-type Int map[int]Empty
-
-// NewInt creates a Int from a list of values.
-func NewInt(items ...int) Int {
- ss := make(Int, len(items))
- ss.Insert(items...)
- return ss
-}
-
-// IntKeySet creates a Int from a keys of a map[int](? extends interface{}).
-// If the value passed in is not actually a map, this will panic.
-func IntKeySet(theMap interface{}) Int {
- v := reflect.ValueOf(theMap)
- ret := Int{}
-
- for _, keyValue := range v.MapKeys() {
- ret.Insert(keyValue.Interface().(int))
- }
- return ret
-}
-
-// Insert adds items to the set.
-func (s Int) Insert(items ...int) Int {
- for _, item := range items {
- s[item] = Empty{}
- }
- return s
-}
-
-// Delete removes all items from the set.
-func (s Int) Delete(items ...int) Int {
- for _, item := range items {
- delete(s, item)
- }
- return s
-}
-
-// Has returns true if and only if item is contained in the set.
-func (s Int) Has(item int) bool {
- _, contained := s[item]
- return contained
-}
-
-// HasAll returns true if and only if all items are contained in the set.
-func (s Int) HasAll(items ...int) bool {
- for _, item := range items {
- if !s.Has(item) {
- return false
- }
- }
- return true
-}
-
-// HasAny returns true if any items are contained in the set.
-func (s Int) HasAny(items ...int) bool {
- for _, item := range items {
- if s.Has(item) {
- return true
- }
- }
- return false
-}
-
-// Clone returns a new set which is a copy of the current set.
-func (s Int) Clone() Int {
- result := make(Int, len(s))
- for key := range s {
- result.Insert(key)
- }
- return result
-}
-
-// Difference returns a set of objects that are not in s2.
-// For example:
-// s1 = {a1, a2, a3}
-// s2 = {a1, a2, a4, a5}
-// s1.Difference(s2) = {a3}
-// s2.Difference(s1) = {a4, a5}
-func (s1 Int) Difference(s2 Int) Int {
- result := NewInt()
- for key := range s1 {
- if !s2.Has(key) {
- result.Insert(key)
- }
- }
- return result
-}
-
-// SymmetricDifference returns a set of elements which are in either of the sets, but not in their intersection.
-// For example:
-// s1 = {a1, a2, a3}
-// s2 = {a1, a2, a4, a5}
-// s1.SymmetricDifference(s2) = {a3, a4, a5}
-// s2.SymmetricDifference(s1) = {a3, a4, a5}
-func (s1 Int) SymmetricDifference(s2 Int) Int {
- return s1.Difference(s2).Union(s2.Difference(s1))
-}
-
-// Union returns a new set which includes items in either s1 or s2.
-// For example:
-// s1 = {a1, a2}
-// s2 = {a3, a4}
-// s1.Union(s2) = {a1, a2, a3, a4}
-// s2.Union(s1) = {a1, a2, a3, a4}
-func (s1 Int) Union(s2 Int) Int {
- result := s1.Clone()
- for key := range s2 {
- result.Insert(key)
- }
- return result
-}
-
-// Intersection returns a new set which includes the item in BOTH s1 and s2
-// For example:
-// s1 = {a1, a2}
-// s2 = {a2, a3}
-// s1.Intersection(s2) = {a2}
-func (s1 Int) Intersection(s2 Int) Int {
- var walk, other Int
- result := NewInt()
- if s1.Len() < s2.Len() {
- walk = s1
- other = s2
- } else {
- walk = s2
- other = s1
- }
- for key := range walk {
- if other.Has(key) {
- result.Insert(key)
- }
- }
- return result
-}
-
-// IsSuperset returns true if and only if s1 is a superset of s2.
-func (s1 Int) IsSuperset(s2 Int) bool {
- for item := range s2 {
- if !s1.Has(item) {
- return false
- }
- }
- return true
-}
-
-// Equal returns true if and only if s1 is equal (as a set) to s2.
-// Two sets are equal if their membership is identical.
-// (In practice, this means same elements, order doesn't matter)
-func (s1 Int) Equal(s2 Int) bool {
- return len(s1) == len(s2) && s1.IsSuperset(s2)
-}
-
-type sortableSliceOfInt []int
-
-func (s sortableSliceOfInt) Len() int { return len(s) }
-func (s sortableSliceOfInt) Less(i, j int) bool { return lessInt(s[i], s[j]) }
-func (s sortableSliceOfInt) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-
-// List returns the contents as a sorted int slice.
-func (s Int) List() []int {
- res := make(sortableSliceOfInt, 0, len(s))
- for key := range s {
- res = append(res, key)
- }
- sort.Sort(res)
- return []int(res)
-}
-
-// UnsortedList returns the slice with contents in random order.
-func (s Int) UnsortedList() []int {
- res := make([]int, 0, len(s))
- for key := range s {
- res = append(res, key)
- }
- return res
-}
-
-// Returns a single element from the set.
-func (s Int) PopAny() (int, bool) {
- for key := range s {
- s.Delete(key)
- return key, true
- }
- var zeroValue int
- return zeroValue, false
-}
-
-// Len returns the size of the set.
-func (s Int) Len() int {
- return len(s)
-}
-
-func lessInt(lhs, rhs int) bool {
- return lhs < rhs
-}
diff --git a/vendor/k8s.io/gengo/examples/set-gen/sets/int64.go b/vendor/k8s.io/gengo/examples/set-gen/sets/int64.go
deleted file mode 100644
index 995d99bd9..000000000
--- a/vendor/k8s.io/gengo/examples/set-gen/sets/int64.go
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by set-gen. DO NOT EDIT.
-
-package sets
-
-import (
- "reflect"
- "sort"
-)
-
-// sets.Int64 is a set of int64s, implemented via map[int64]struct{} for minimal memory consumption.
-type Int64 map[int64]Empty
-
-// NewInt64 creates a Int64 from a list of values.
-func NewInt64(items ...int64) Int64 {
- ss := make(Int64, len(items))
- ss.Insert(items...)
- return ss
-}
-
-// Int64KeySet creates a Int64 from a keys of a map[int64](? extends interface{}).
-// If the value passed in is not actually a map, this will panic.
-func Int64KeySet(theMap interface{}) Int64 {
- v := reflect.ValueOf(theMap)
- ret := Int64{}
-
- for _, keyValue := range v.MapKeys() {
- ret.Insert(keyValue.Interface().(int64))
- }
- return ret
-}
-
-// Insert adds items to the set.
-func (s Int64) Insert(items ...int64) Int64 {
- for _, item := range items {
- s[item] = Empty{}
- }
- return s
-}
-
-// Delete removes all items from the set.
-func (s Int64) Delete(items ...int64) Int64 {
- for _, item := range items {
- delete(s, item)
- }
- return s
-}
-
-// Has returns true if and only if item is contained in the set.
-func (s Int64) Has(item int64) bool {
- _, contained := s[item]
- return contained
-}
-
-// HasAll returns true if and only if all items are contained in the set.
-func (s Int64) HasAll(items ...int64) bool {
- for _, item := range items {
- if !s.Has(item) {
- return false
- }
- }
- return true
-}
-
-// HasAny returns true if any items are contained in the set.
-func (s Int64) HasAny(items ...int64) bool {
- for _, item := range items {
- if s.Has(item) {
- return true
- }
- }
- return false
-}
-
-// Clone returns a new set which is a copy of the current set.
-func (s Int64) Clone() Int64 {
- result := make(Int64, len(s))
- for key := range s {
- result.Insert(key)
- }
- return result
-}
-
-// Difference returns a set of objects that are not in s2.
-// For example:
-// s1 = {a1, a2, a3}
-// s2 = {a1, a2, a4, a5}
-// s1.Difference(s2) = {a3}
-// s2.Difference(s1) = {a4, a5}
-func (s1 Int64) Difference(s2 Int64) Int64 {
- result := NewInt64()
- for key := range s1 {
- if !s2.Has(key) {
- result.Insert(key)
- }
- }
- return result
-}
-
-// SymmetricDifference returns a set of elements which are in either of the sets, but not in their intersection.
-// For example:
-// s1 = {a1, a2, a3}
-// s2 = {a1, a2, a4, a5}
-// s1.SymmetricDifference(s2) = {a3, a4, a5}
-// s2.SymmetricDifference(s1) = {a3, a4, a5}
-func (s1 Int64) SymmetricDifference(s2 Int64) Int64 {
- return s1.Difference(s2).Union(s2.Difference(s1))
-}
-
-// Union returns a new set which includes items in either s1 or s2.
-// For example:
-// s1 = {a1, a2}
-// s2 = {a3, a4}
-// s1.Union(s2) = {a1, a2, a3, a4}
-// s2.Union(s1) = {a1, a2, a3, a4}
-func (s1 Int64) Union(s2 Int64) Int64 {
- result := s1.Clone()
- for key := range s2 {
- result.Insert(key)
- }
- return result
-}
-
-// Intersection returns a new set which includes the item in BOTH s1 and s2
-// For example:
-// s1 = {a1, a2}
-// s2 = {a2, a3}
-// s1.Intersection(s2) = {a2}
-func (s1 Int64) Intersection(s2 Int64) Int64 {
- var walk, other Int64
- result := NewInt64()
- if s1.Len() < s2.Len() {
- walk = s1
- other = s2
- } else {
- walk = s2
- other = s1
- }
- for key := range walk {
- if other.Has(key) {
- result.Insert(key)
- }
- }
- return result
-}
-
-// IsSuperset returns true if and only if s1 is a superset of s2.
-func (s1 Int64) IsSuperset(s2 Int64) bool {
- for item := range s2 {
- if !s1.Has(item) {
- return false
- }
- }
- return true
-}
-
-// Equal returns true if and only if s1 is equal (as a set) to s2.
-// Two sets are equal if their membership is identical.
-// (In practice, this means same elements, order doesn't matter)
-func (s1 Int64) Equal(s2 Int64) bool {
- return len(s1) == len(s2) && s1.IsSuperset(s2)
-}
-
-type sortableSliceOfInt64 []int64
-
-func (s sortableSliceOfInt64) Len() int { return len(s) }
-func (s sortableSliceOfInt64) Less(i, j int) bool { return lessInt64(s[i], s[j]) }
-func (s sortableSliceOfInt64) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-
-// List returns the contents as a sorted int64 slice.
-func (s Int64) List() []int64 {
- res := make(sortableSliceOfInt64, 0, len(s))
- for key := range s {
- res = append(res, key)
- }
- sort.Sort(res)
- return []int64(res)
-}
-
-// UnsortedList returns the slice with contents in random order.
-func (s Int64) UnsortedList() []int64 {
- res := make([]int64, 0, len(s))
- for key := range s {
- res = append(res, key)
- }
- return res
-}
-
-// Returns a single element from the set.
-func (s Int64) PopAny() (int64, bool) {
- for key := range s {
- s.Delete(key)
- return key, true
- }
- var zeroValue int64
- return zeroValue, false
-}
-
-// Len returns the size of the set.
-func (s Int64) Len() int {
- return len(s)
-}
-
-func lessInt64(lhs, rhs int64) bool {
- return lhs < rhs
-}
diff --git a/vendor/k8s.io/gengo/examples/set-gen/sets/string.go b/vendor/k8s.io/gengo/examples/set-gen/sets/string.go
deleted file mode 100644
index 4a4a92fd2..000000000
--- a/vendor/k8s.io/gengo/examples/set-gen/sets/string.go
+++ /dev/null
@@ -1,221 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by set-gen. DO NOT EDIT.
-
-package sets
-
-import (
- "reflect"
- "sort"
-)
-
-// sets.String is a set of strings, implemented via map[string]struct{} for minimal memory consumption.
-type String map[string]Empty
-
-// NewString creates a String from a list of values.
-func NewString(items ...string) String {
- ss := make(String, len(items))
- ss.Insert(items...)
- return ss
-}
-
-// StringKeySet creates a String from a keys of a map[string](? extends interface{}).
-// If the value passed in is not actually a map, this will panic.
-func StringKeySet(theMap interface{}) String {
- v := reflect.ValueOf(theMap)
- ret := String{}
-
- for _, keyValue := range v.MapKeys() {
- ret.Insert(keyValue.Interface().(string))
- }
- return ret
-}
-
-// Insert adds items to the set.
-func (s String) Insert(items ...string) String {
- for _, item := range items {
- s[item] = Empty{}
- }
- return s
-}
-
-// Delete removes all items from the set.
-func (s String) Delete(items ...string) String {
- for _, item := range items {
- delete(s, item)
- }
- return s
-}
-
-// Has returns true if and only if item is contained in the set.
-func (s String) Has(item string) bool {
- _, contained := s[item]
- return contained
-}
-
-// HasAll returns true if and only if all items are contained in the set.
-func (s String) HasAll(items ...string) bool {
- for _, item := range items {
- if !s.Has(item) {
- return false
- }
- }
- return true
-}
-
-// HasAny returns true if any items are contained in the set.
-func (s String) HasAny(items ...string) bool {
- for _, item := range items {
- if s.Has(item) {
- return true
- }
- }
- return false
-}
-
-// Clone returns a new set which is a copy of the current set.
-func (s String) Clone() String {
- result := make(String, len(s))
- for key := range s {
- result.Insert(key)
- }
- return result
-}
-
-// Difference returns a set of objects that are not in s2.
-// For example:
-// s1 = {a1, a2, a3}
-// s2 = {a1, a2, a4, a5}
-// s1.Difference(s2) = {a3}
-// s2.Difference(s1) = {a4, a5}
-func (s1 String) Difference(s2 String) String {
- result := NewString()
- for key := range s1 {
- if !s2.Has(key) {
- result.Insert(key)
- }
- }
- return result
-}
-
-// SymmetricDifference returns a set of elements which are in either of the sets, but not in their intersection.
-// For example:
-// s1 = {a1, a2, a3}
-// s2 = {a1, a2, a4, a5}
-// s1.SymmetricDifference(s2) = {a3, a4, a5}
-// s2.SymmetricDifference(s1) = {a3, a4, a5}
-func (s1 String) SymmetricDifference(s2 String) String {
- return s1.Difference(s2).Union(s2.Difference(s1))
-}
-
-// Union returns a new set which includes items in either s1 or s2.
-// For example:
-// s1 = {a1, a2}
-// s2 = {a3, a4}
-// s1.Union(s2) = {a1, a2, a3, a4}
-// s2.Union(s1) = {a1, a2, a3, a4}
-func (s1 String) Union(s2 String) String {
- result := s1.Clone()
- for key := range s2 {
- result.Insert(key)
- }
- return result
-}
-
-// Intersection returns a new set which includes the item in BOTH s1 and s2
-// For example:
-// s1 = {a1, a2}
-// s2 = {a2, a3}
-// s1.Intersection(s2) = {a2}
-func (s1 String) Intersection(s2 String) String {
- var walk, other String
- result := NewString()
- if s1.Len() < s2.Len() {
- walk = s1
- other = s2
- } else {
- walk = s2
- other = s1
- }
- for key := range walk {
- if other.Has(key) {
- result.Insert(key)
- }
- }
- return result
-}
-
-// IsSuperset returns true if and only if s1 is a superset of s2.
-func (s1 String) IsSuperset(s2 String) bool {
- for item := range s2 {
- if !s1.Has(item) {
- return false
- }
- }
- return true
-}
-
-// Equal returns true if and only if s1 is equal (as a set) to s2.
-// Two sets are equal if their membership is identical.
-// (In practice, this means same elements, order doesn't matter)
-func (s1 String) Equal(s2 String) bool {
- return len(s1) == len(s2) && s1.IsSuperset(s2)
-}
-
-type sortableSliceOfString []string
-
-func (s sortableSliceOfString) Len() int { return len(s) }
-func (s sortableSliceOfString) Less(i, j int) bool { return lessString(s[i], s[j]) }
-func (s sortableSliceOfString) Swap(i, j int) { s[i], s[j] = s[j], s[i] }
-
-// List returns the contents as a sorted string slice.
-func (s String) List() []string {
- res := make(sortableSliceOfString, 0, len(s))
- for key := range s {
- res = append(res, key)
- }
- sort.Sort(res)
- return []string(res)
-}
-
-// UnsortedList returns the slice with contents in random order.
-func (s String) UnsortedList() []string {
- res := make([]string, 0, len(s))
- for key := range s {
- res = append(res, key)
- }
- return res
-}
-
-// Returns a single element from the set.
-func (s String) PopAny() (string, bool) {
- for key := range s {
- s.Delete(key)
- return key, true
- }
- var zeroValue string
- return zeroValue, false
-}
-
-// Len returns the size of the set.
-func (s String) Len() int {
- return len(s)
-}
-
-func lessString(lhs, rhs string) bool {
- return lhs < rhs
-}
diff --git a/vendor/k8s.io/gengo/v2/LICENSE b/vendor/k8s.io/gengo/v2/LICENSE
new file mode 100644
index 000000000..00b240110
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/LICENSE
@@ -0,0 +1,202 @@
+
+ Apache License
+ Version 2.0, January 2004
+ http://www.apache.org/licenses/
+
+ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+ 1. Definitions.
+
+ "License" shall mean the terms and conditions for use, reproduction,
+ and distribution as defined by Sections 1 through 9 of this document.
+
+ "Licensor" shall mean the copyright owner or entity authorized by
+ the copyright owner that is granting the License.
+
+ "Legal Entity" shall mean the union of the acting entity and all
+ other entities that control, are controlled by, or are under common
+ control with that entity. For the purposes of this definition,
+ "control" means (i) the power, direct or indirect, to cause the
+ direction or management of such entity, whether by contract or
+ otherwise, or (ii) ownership of fifty percent (50%) or more of the
+ outstanding shares, or (iii) beneficial ownership of such entity.
+
+ "You" (or "Your") shall mean an individual or Legal Entity
+ exercising permissions granted by this License.
+
+ "Source" form shall mean the preferred form for making modifications,
+ including but not limited to software source code, documentation
+ source, and configuration files.
+
+ "Object" form shall mean any form resulting from mechanical
+ transformation or translation of a Source form, including but
+ not limited to compiled object code, generated documentation,
+ and conversions to other media types.
+
+ "Work" shall mean the work of authorship, whether in Source or
+ Object form, made available under the License, as indicated by a
+ copyright notice that is included in or attached to the work
+ (an example is provided in the Appendix below).
+
+ "Derivative Works" shall mean any work, whether in Source or Object
+ form, that is based on (or derived from) the Work and for which the
+ editorial revisions, annotations, elaborations, or other modifications
+ represent, as a whole, an original work of authorship. For the purposes
+ of this License, Derivative Works shall not include works that remain
+ separable from, or merely link (or bind by name) to the interfaces of,
+ the Work and Derivative Works thereof.
+
+ "Contribution" shall mean any work of authorship, including
+ the original version of the Work and any modifications or additions
+ to that Work or Derivative Works thereof, that is intentionally
+ submitted to Licensor for inclusion in the Work by the copyright owner
+ or by an individual or Legal Entity authorized to submit on behalf of
+ the copyright owner. For the purposes of this definition, "submitted"
+ means any form of electronic, verbal, or written communication sent
+ to the Licensor or its representatives, including but not limited to
+ communication on electronic mailing lists, source code control systems,
+ and issue tracking systems that are managed by, or on behalf of, the
+ Licensor for the purpose of discussing and improving the Work, but
+ excluding communication that is conspicuously marked or otherwise
+ designated in writing by the copyright owner as "Not a Contribution."
+
+ "Contributor" shall mean Licensor and any individual or Legal Entity
+ on behalf of whom a Contribution has been received by Licensor and
+ subsequently incorporated within the Work.
+
+ 2. Grant of Copyright License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ copyright license to reproduce, prepare Derivative Works of,
+ publicly display, publicly perform, sublicense, and distribute the
+ Work and such Derivative Works in Source or Object form.
+
+ 3. Grant of Patent License. Subject to the terms and conditions of
+ this License, each Contributor hereby grants to You a perpetual,
+ worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+ (except as stated in this section) patent license to make, have made,
+ use, offer to sell, sell, import, and otherwise transfer the Work,
+ where such license applies only to those patent claims licensable
+ by such Contributor that are necessarily infringed by their
+ Contribution(s) alone or by combination of their Contribution(s)
+ with the Work to which such Contribution(s) was submitted. If You
+ institute patent litigation against any entity (including a
+ cross-claim or counterclaim in a lawsuit) alleging that the Work
+ or a Contribution incorporated within the Work constitutes direct
+ or contributory patent infringement, then any patent licenses
+ granted to You under this License for that Work shall terminate
+ as of the date such litigation is filed.
+
+ 4. Redistribution. You may reproduce and distribute copies of the
+ Work or Derivative Works thereof in any medium, with or without
+ modifications, and in Source or Object form, provided that You
+ meet the following conditions:
+
+ (a) You must give any other recipients of the Work or
+ Derivative Works a copy of this License; and
+
+ (b) You must cause any modified files to carry prominent notices
+ stating that You changed the files; and
+
+ (c) You must retain, in the Source form of any Derivative Works
+ that You distribute, all copyright, patent, trademark, and
+ attribution notices from the Source form of the Work,
+ excluding those notices that do not pertain to any part of
+ the Derivative Works; and
+
+ (d) If the Work includes a "NOTICE" text file as part of its
+ distribution, then any Derivative Works that You distribute must
+ include a readable copy of the attribution notices contained
+ within such NOTICE file, excluding those notices that do not
+ pertain to any part of the Derivative Works, in at least one
+ of the following places: within a NOTICE text file distributed
+ as part of the Derivative Works; within the Source form or
+ documentation, if provided along with the Derivative Works; or,
+ within a display generated by the Derivative Works, if and
+ wherever such third-party notices normally appear. The contents
+ of the NOTICE file are for informational purposes only and
+ do not modify the License. You may add Your own attribution
+ notices within Derivative Works that You distribute, alongside
+ or as an addendum to the NOTICE text from the Work, provided
+ that such additional attribution notices cannot be construed
+ as modifying the License.
+
+ You may add Your own copyright statement to Your modifications and
+ may provide additional or different license terms and conditions
+ for use, reproduction, or distribution of Your modifications, or
+ for any such Derivative Works as a whole, provided Your use,
+ reproduction, and distribution of the Work otherwise complies with
+ the conditions stated in this License.
+
+ 5. Submission of Contributions. Unless You explicitly state otherwise,
+ any Contribution intentionally submitted for inclusion in the Work
+ by You to the Licensor shall be under the terms and conditions of
+ this License, without any additional terms or conditions.
+ Notwithstanding the above, nothing herein shall supersede or modify
+ the terms of any separate license agreement you may have executed
+ with Licensor regarding such Contributions.
+
+ 6. Trademarks. This License does not grant permission to use the trade
+ names, trademarks, service marks, or product names of the Licensor,
+ except as required for reasonable and customary use in describing the
+ origin of the Work and reproducing the content of the NOTICE file.
+
+ 7. Disclaimer of Warranty. Unless required by applicable law or
+ agreed to in writing, Licensor provides the Work (and each
+ Contributor provides its Contributions) on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+ implied, including, without limitation, any warranties or conditions
+ of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+ PARTICULAR PURPOSE. You are solely responsible for determining the
+ appropriateness of using or redistributing the Work and assume any
+ risks associated with Your exercise of permissions under this License.
+
+ 8. Limitation of Liability. In no event and under no legal theory,
+ whether in tort (including negligence), contract, or otherwise,
+ unless required by applicable law (such as deliberate and grossly
+ negligent acts) or agreed to in writing, shall any Contributor be
+ liable to You for damages, including any direct, indirect, special,
+ incidental, or consequential damages of any character arising as a
+ result of this License or out of the use or inability to use the
+ Work (including but not limited to damages for loss of goodwill,
+ work stoppage, computer failure or malfunction, or any and all
+ other commercial damages or losses), even if such Contributor
+ has been advised of the possibility of such damages.
+
+ 9. Accepting Warranty or Additional Liability. While redistributing
+ the Work or Derivative Works thereof, You may choose to offer,
+ and charge a fee for, acceptance of support, warranty, indemnity,
+ or other liability obligations and/or rights consistent with this
+ License. However, in accepting such obligations, You may act only
+ on Your own behalf and on Your sole responsibility, not on behalf
+ of any other Contributor, and only if You agree to indemnify,
+ defend, and hold each Contributor harmless for any liability
+ incurred by, or claims asserted against, such Contributor by reason
+ of your accepting any such warranty or additional liability.
+
+ END OF TERMS AND CONDITIONS
+
+ APPENDIX: How to apply the Apache License to your work.
+
+ To apply the Apache License to your work, attach the following
+ boilerplate notice, with the fields enclosed by brackets "[]"
+ replaced with your own identifying information. (Don't include
+ the brackets!) The text should be enclosed in the appropriate
+ comment syntax for the file format. We also recommend that a
+ file or class name and description of purpose be included on the
+ same "printed page" as the copyright notice for easier
+ identification within third-party archives.
+
+ Copyright 2014 The Kubernetes Authors.
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
diff --git a/vendor/k8s.io/gengo/v2/README.md b/vendor/k8s.io/gengo/v2/README.md
new file mode 100644
index 000000000..79d1070d1
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/README.md
@@ -0,0 +1,53 @@
+[![GoDoc Widget]][GoDoc] [![GoReport]][GoReportStatus]
+
+[GoDoc]: https://godoc.org/k8s.io/gengo
+[GoDoc Widget]: https://godoc.org/k8s.io/gengo?status.svg
+[GoReport]: https://goreportcard.com/badge/github.com/kubernetes/gengo
+[GoReportStatus]: https://goreportcard.com/report/github.com/kubernetes/gengo
+
+# Gengo: a framework for building simple code generators
+
+This repo is used by Kubernetes to build some codegen tooling. It is not
+intended to be general-purpose and makes some assumptions that may not hold
+outside of Kubernetes.
+
+In the past this repo was partially supported for external use (outside of the
+Kubernetes project overall), but that is no longer true. We may change the API
+in incompatible ways, without warning.
+
+If you are not building something that is part of Kubernetes, DO NOT DEPEND ON
+THIS REPO.
+
+## New usage within Kubernetes
+
+Gengo is a very opinionated framework. It is primarily aimed at generating Go
+code derived from types defined in other Go code, but it is possible to use it
+for other things (e.g. proto files). Net new tools should consider using
+`golang.org/x/tools/go/packages` directly. Gengo can serve as an example of
+how to do that.
+
+If you still decide you want to use gengo, see the
+[simple examples](./examples) in this repo or the more extensive tools in the
+Kubernetes [code-generator](https://github.com/kubernetes/code-generator/)
+repo.
+
+## Overview
+
+Gengo is used to build tools (generally a tool is a binary). Each tool
+describes some number of `Targets`. A target is a single output package, which
+may be the same as the inputs (if the tool generates code alongside the inputs)
+or different. Each `Target` describes some number of `Generators`. A
+generator is responsible for emitting a single file into the target directory.
+
+Gengo helps the tool to load and process input packages, e.g. extracting type
+information and associating comments. Each target will be offered every known
+type, and can filter that down to the set of types it cares about. Each
+generator will be offered the result of the target's filtering, and can filter
+the set of types further. Finally, the generator will be called to emit code
+for all of the remaining types.
+
+The `tracer` example in this repo can be used to examine all of the hooks.
+
+## Contributing
+
+Please see [CONTRIBUTING.md](CONTRIBUTING.md) for instructions on how to contribute.
diff --git a/vendor/k8s.io/gengo/v2/comments.go b/vendor/k8s.io/gengo/v2/comments.go
new file mode 100644
index 000000000..ba49c432b
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/comments.go
@@ -0,0 +1,83 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package gengo
+
+import (
+ "fmt"
+ "strings"
+)
+
+// ExtractCommentTags parses comments for lines of the form:
+//
+// 'marker' + "key=value".
+//
+// Values are optional; "" is the default. A tag can be specified more than
+// one time and all values are returned. If the resulting map has an entry for
+// a key, the value (a slice) is guaranteed to have at least 1 element.
+//
+// Example: if you pass "+" for 'marker', and the following lines are in
+// the comments:
+//
+// +foo=value1
+// +bar
+// +foo=value2
+// +baz="qux"
+//
+// Then this function will return:
+//
+// map[string][]string{"foo":{"value1, "value2"}, "bar": {""}, "baz": {"qux"}}
+func ExtractCommentTags(marker string, lines []string) map[string][]string {
+ out := map[string][]string{}
+ for _, line := range lines {
+ line = strings.Trim(line, " ")
+ if len(line) == 0 {
+ continue
+ }
+ if !strings.HasPrefix(line, marker) {
+ continue
+ }
+ // TODO: we could support multiple values per key if we split on spaces
+ kv := strings.SplitN(line[len(marker):], "=", 2)
+ if len(kv) == 2 {
+ out[kv[0]] = append(out[kv[0]], kv[1])
+ } else if len(kv) == 1 {
+ out[kv[0]] = append(out[kv[0]], "")
+ }
+ }
+ return out
+}
+
+// ExtractSingleBoolCommentTag parses comments for lines of the form:
+//
+// 'marker' + "key=value1"
+//
+// If the tag is not found, the default value is returned. Values are asserted
+// to be boolean ("true" or "false"), and any other value will cause an error
+// to be returned. If the key has multiple values, the first one will be used.
+func ExtractSingleBoolCommentTag(marker string, key string, defaultVal bool, lines []string) (bool, error) {
+ values := ExtractCommentTags(marker, lines)[key]
+ if values == nil {
+ return defaultVal, nil
+ }
+ if values[0] == "true" {
+ return true, nil
+ }
+ if values[0] == "false" {
+ return false, nil
+ }
+ return false, fmt.Errorf("tag value for %q is not boolean: %q", key, values[0])
+}
diff --git a/vendor/k8s.io/gengo/v2/execute.go b/vendor/k8s.io/gengo/v2/execute.go
new file mode 100644
index 000000000..c4aba2b11
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/execute.go
@@ -0,0 +1,98 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package gengo is a code-generation framework.
+package gengo
+
+import (
+ "bytes"
+ "fmt"
+ "os"
+ "path/filepath"
+ "strconv"
+ "strings"
+ "time"
+
+ "k8s.io/gengo/v2/generator"
+ "k8s.io/gengo/v2/namer"
+ "k8s.io/gengo/v2/parser"
+)
+
+// StdBuildTag is a suggested build-tag which tools can use both as an argument
+// to GoBoilerplate and to Execute.
+const StdBuildTag = "ignore_autogenerated"
+
+// StdGeneratedBy is a suggested "generated by" line which tools can use as an
+// argument to GoBoilerplate.
+const StdGeneratedBy = "// Code generated by GENERATOR_NAME. DO NOT EDIT."
+
+// GoBoilerplate returns the Go file header:
+// - an optional build tag (negative, set it to ignore generated code)
+// - an optional boilerplate file
+// - an optional "generated by" comment
+func GoBoilerplate(headerFile, buildTag, generatedBy string) ([]byte, error) {
+ buf := bytes.Buffer{}
+
+ if buildTag != "" {
+ buf.WriteString(
+ fmt.Sprintf("//go:build !%s\n// +build !%s\n\n", buildTag, buildTag))
+ }
+
+ if headerFile != "" {
+ b, err := os.ReadFile(headerFile)
+ if err != nil {
+ return nil, err
+ }
+ b = bytes.ReplaceAll(b, []byte("YEAR"), []byte(strconv.Itoa(time.Now().UTC().Year())))
+ buf.Write(b)
+ buf.WriteByte('\n')
+ }
+
+ if generatedBy != "" {
+ generatorName := filepath.Base(os.Args[0])
+ // Strip the extension from the name to normalize output between *nix and Windows.
+ generatorName = generatorName[:len(generatorName)-len(filepath.Ext(generatorName))]
+ generatedByComment := strings.ReplaceAll(generatedBy, "GENERATOR_NAME", generatorName)
+ buf.WriteString(fmt.Sprintf("%s\n\n", generatedByComment))
+ }
+
+ return buf.Bytes(), nil
+}
+
+// Execute implements most of a tool's main loop.
+func Execute(nameSystems namer.NameSystems, defaultSystem string, getTargets func(*generator.Context) []generator.Target, buildTag string, patterns []string) error {
+ var buildTags []string
+ if buildTag != "" {
+ buildTags = append(buildTags, buildTag)
+ }
+
+ p := parser.NewWithOptions(parser.Options{BuildTags: buildTags})
+ if err := p.LoadPackages(patterns...); err != nil {
+ return fmt.Errorf("failed making a parser: %v", err)
+ }
+
+ c, err := generator.NewContext(p, nameSystems, defaultSystem)
+ if err != nil {
+ return fmt.Errorf("failed making a context: %v", err)
+ }
+
+ targets := getTargets(c)
+ if err := c.ExecuteTargets(targets); err != nil {
+ return fmt.Errorf("failed executing generator: %v", err)
+ }
+
+ return nil
+}
diff --git a/vendor/k8s.io/gengo/v2/generator/doc.go b/vendor/k8s.io/gengo/v2/generator/doc.go
new file mode 100644
index 000000000..ef0031cd6
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/generator/doc.go
@@ -0,0 +1,31 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package generator defines an interface for code generators to implement.
+//
+// To use this package, you'll implement the "Package" and "Generator"
+// interfaces; you'll call NewContext to load up the types you want to work
+// with, and then you'll call one or more of the Execute methods. See the
+// interface definitions for explanations. All output will have gofmt called on
+// it automatically, so you do not need to worry about generating correct
+// indentation.
+//
+// This package also exposes SnippetWriter. SnippetWriter reduces to a minimum
+// the boilerplate involved in setting up a template from go's text/template
+// package. Additionally, all naming systems in the Context will be added as
+// functions to the parsed template, so that they can be called directly from
+// your templates!
+package generator // import "k8s.io/gengo/v2/generator"
diff --git a/vendor/k8s.io/gengo/v2/generator/error_tracker.go b/vendor/k8s.io/gengo/v2/generator/error_tracker.go
new file mode 100644
index 000000000..964dae37b
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/generator/error_tracker.go
@@ -0,0 +1,50 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+ "io"
+)
+
+// ErrorTracker tracks errors to the underlying writer, so that you can ignore
+// them until you're ready to return.
+type ErrorTracker struct {
+ io.Writer
+ err error
+}
+
+// NewErrorTracker makes a new error tracker; note that it implements io.Writer.
+func NewErrorTracker(w io.Writer) *ErrorTracker {
+ return &ErrorTracker{Writer: w}
+}
+
+// Write intercepts calls to Write.
+func (et *ErrorTracker) Write(p []byte) (n int, err error) {
+ if et.err != nil {
+ return 0, et.err
+ }
+ n, err = et.Writer.Write(p)
+ if err != nil {
+ et.err = err
+ }
+ return n, err
+}
+
+// Error returns nil if no error has occurred, otherwise it returns the error.
+func (et *ErrorTracker) Error() error {
+ return et.err
+}
diff --git a/vendor/k8s.io/gengo/v2/generator/execute.go b/vendor/k8s.io/gengo/v2/generator/execute.go
new file mode 100644
index 000000000..02b4c3318
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/generator/execute.go
@@ -0,0 +1,266 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+ "bytes"
+ "errors"
+ "fmt"
+ "io"
+ "os"
+ "path/filepath"
+ "strings"
+
+ "golang.org/x/tools/imports"
+ "k8s.io/gengo/v2/namer"
+ "k8s.io/gengo/v2/types"
+ "k8s.io/klog/v2"
+)
+
+// ExecuteTargets runs the generators for the provided targets.
+func (c *Context) ExecuteTargets(targets []Target) error {
+ klog.V(5).Infof("ExecuteTargets: %d targets", len(targets))
+
+ var errs []error
+ for _, tgt := range targets {
+ if err := c.ExecuteTarget(tgt); err != nil {
+ errs = append(errs, err)
+ }
+ }
+ if len(errs) > 0 {
+ return fmt.Errorf("some targets had errors: %w", errors.Join(errs...))
+ }
+ return nil
+}
+
+type DefaultFileType struct {
+ Format func([]byte) ([]byte, error)
+ Assemble func(io.Writer, *File)
+}
+
+func (ft DefaultFileType) AssembleFile(f *File, pathname string) error {
+ klog.V(5).Infof("Assembling file %q", pathname)
+
+ destFile, err := os.Create(pathname)
+ if err != nil {
+ return err
+ }
+ defer destFile.Close()
+
+ b := &bytes.Buffer{}
+ et := NewErrorTracker(b)
+ ft.Assemble(et, f)
+ if et.Error() != nil {
+ return et.Error()
+ }
+ if formatted, err := ft.Format(b.Bytes()); err != nil {
+ err = fmt.Errorf("unable to format file %q (%v)", pathname, err)
+ // Write the file anyway, so they can see what's going wrong and fix the generator.
+ if _, err2 := destFile.Write(b.Bytes()); err2 != nil {
+ return err2
+ }
+ return err
+ } else {
+ _, err = destFile.Write(formatted)
+ return err
+ }
+}
+
+func assembleGoFile(w io.Writer, f *File) {
+ w.Write(f.Header)
+ fmt.Fprintf(w, "package %v\n\n", f.PackageName)
+
+ if len(f.Imports) > 0 {
+ fmt.Fprint(w, "import (\n")
+ for i := range f.Imports {
+ if strings.Contains(i, "\"") {
+ // they included quotes, or are using the
+ // `name "path/to/pkg"` format.
+ fmt.Fprintf(w, "\t%s\n", i)
+ } else {
+ fmt.Fprintf(w, "\t%q\n", i)
+ }
+ }
+ fmt.Fprint(w, ")\n\n")
+ }
+
+ if f.Vars.Len() > 0 {
+ fmt.Fprint(w, "var (\n")
+ w.Write(f.Vars.Bytes())
+ fmt.Fprint(w, ")\n\n")
+ }
+
+ if f.Consts.Len() > 0 {
+ fmt.Fprint(w, "const (\n")
+ w.Write(f.Consts.Bytes())
+ fmt.Fprint(w, ")\n\n")
+ }
+
+ w.Write(f.Body.Bytes())
+}
+
+func importsWrapper(src []byte) ([]byte, error) {
+ return imports.Process("", src, nil)
+}
+
+func NewGoFile() *DefaultFileType {
+ return &DefaultFileType{
+ Format: importsWrapper,
+ Assemble: assembleGoFile,
+ }
+}
+
+// format should be one line only, and not end with \n.
+func addIndentHeaderComment(b *bytes.Buffer, format string, args ...interface{}) {
+ if b.Len() > 0 {
+ fmt.Fprintf(b, "\n// "+format+"\n", args...)
+ } else {
+ fmt.Fprintf(b, "// "+format+"\n", args...)
+ }
+}
+
+func (c *Context) filteredBy(f func(*Context, *types.Type) bool) *Context {
+ c2 := *c
+ c2.Order = []*types.Type{}
+ for _, t := range c.Order {
+ if f(c, t) {
+ c2.Order = append(c2.Order, t)
+ }
+ }
+ return &c2
+}
+
+// make a new context; inheret c.Namers, but add on 'namers'. In case of a name
+// collision, the namer in 'namers' wins.
+func (c *Context) addNameSystems(namers namer.NameSystems) *Context {
+ if namers == nil {
+ return c
+ }
+ c2 := *c
+ // Copy the existing name systems so we don't corrupt a parent context
+ c2.Namers = namer.NameSystems{}
+ for k, v := range c.Namers {
+ c2.Namers[k] = v
+ }
+
+ for name, namer := range namers {
+ c2.Namers[name] = namer
+ }
+ return &c2
+}
+
+// ExecuteTarget runs the generators for a single target.
+func (c *Context) ExecuteTarget(tgt Target) error {
+ tgtDir := tgt.Dir()
+ if tgtDir == "" {
+ return fmt.Errorf("no directory for target %s", tgt.Path())
+ }
+ klog.V(5).Infof("Executing target %q (%q)", tgt.Name(), tgtDir)
+
+ // Filter out any types the *package* doesn't care about.
+ packageContext := c.filteredBy(tgt.Filter)
+
+ if err := os.MkdirAll(tgtDir, 0755); err != nil {
+ return err
+ }
+
+ files := map[string]*File{}
+ for _, g := range tgt.Generators(packageContext) {
+ // Filter out types the *generator* doesn't care about.
+ genContext := packageContext.filteredBy(g.Filter)
+ // Now add any extra name systems defined by this generator
+ genContext = genContext.addNameSystems(g.Namers(genContext))
+
+ fileType := g.FileType()
+ if len(fileType) == 0 {
+ return fmt.Errorf("generator %q must specify a file type", g.Name())
+ }
+ f := files[g.Filename()]
+ if f == nil {
+ // This is the first generator to reference this file, so start it.
+ f = &File{
+ Name: g.Filename(),
+ FileType: fileType,
+ PackageName: tgt.Name(),
+ PackagePath: tgt.Path(),
+ PackageDir: tgt.Dir(),
+ Header: tgt.Header(g.Filename()),
+ Imports: map[string]struct{}{},
+ }
+ files[f.Name] = f
+ } else if f.FileType != g.FileType() {
+ return fmt.Errorf("file %q already has type %q, but generator %q wants to use type %q", f.Name, f.FileType, g.Name(), g.FileType())
+ }
+
+ if vars := g.PackageVars(genContext); len(vars) > 0 {
+ addIndentHeaderComment(&f.Vars, "Package-wide variables from generator %q.", g.Name())
+ for _, v := range vars {
+ if _, err := fmt.Fprintf(&f.Vars, "%s\n", v); err != nil {
+ return err
+ }
+ }
+ }
+ if consts := g.PackageConsts(genContext); len(consts) > 0 {
+ addIndentHeaderComment(&f.Consts, "Package-wide consts from generator %q.", g.Name())
+ for _, v := range consts {
+ if _, err := fmt.Fprintf(&f.Consts, "%s\n", v); err != nil {
+ return err
+ }
+ }
+ }
+ if err := genContext.executeBody(&f.Body, g); err != nil {
+ return err
+ }
+ if imports := g.Imports(genContext); len(imports) > 0 {
+ for _, i := range imports {
+ f.Imports[i] = struct{}{}
+ }
+ }
+ }
+
+ var errs []error
+ for _, f := range files {
+ finalPath := filepath.Join(tgtDir, f.Name)
+ assembler, ok := c.FileTypes[f.FileType]
+ if !ok {
+ return fmt.Errorf("the file type %q registered for file %q does not exist in the context", f.FileType, f.Name)
+ }
+ if err := assembler.AssembleFile(f, finalPath); err != nil {
+ errs = append(errs, err)
+ }
+ }
+ if len(errs) > 0 {
+ return fmt.Errorf("errors in target %q: %w", tgt.Path(), errors.Join(errs...))
+ }
+ return nil
+}
+
+func (c *Context) executeBody(w io.Writer, generator Generator) error {
+ et := NewErrorTracker(w)
+ if err := generator.Init(c, et); err != nil {
+ return err
+ }
+ for _, t := range c.Order {
+ if err := generator.GenerateType(c, t, et); err != nil {
+ return err
+ }
+ }
+ if err := generator.Finalize(c, et); err != nil {
+ return err
+ }
+ return et.Error()
+}
diff --git a/vendor/k8s.io/gengo/v2/generator/generator.go b/vendor/k8s.io/gengo/v2/generator/generator.go
new file mode 100644
index 000000000..7dfb1b2be
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/generator/generator.go
@@ -0,0 +1,214 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+ "bytes"
+ "io"
+
+ "k8s.io/gengo/v2/namer"
+ "k8s.io/gengo/v2/parser"
+ "k8s.io/gengo/v2/types"
+)
+
+// Target describes a Go package into which code will be generated. A single
+// Target may have many Generators, each of which emits one file.
+type Target interface {
+ // Name returns the package short name (as in `package foo`).
+ Name() string
+ // Path returns the package import path (as in `import "example.com/foo"`).
+ Path() string
+ // Dir returns the location of the resulting package on disk. This may be
+ // the same directory as an input package (when generating code in-place)
+ // or a different directory entirely.
+ Dir() string
+
+ // Filter should return true if this package cares about this type.
+ // Otherwise, this type will be omitted from the type ordering for
+ // this package.
+ Filter(*Context, *types.Type) bool
+
+ // Header should return a header for the file, including comment markers.
+ // Useful for copyright notices and doc strings. Include an
+ // autogeneration notice! Do not include the "package x" line.
+ Header(filename string) []byte
+
+ // Generators returns the list of generators for this package. It is
+ // allowed for more than one generator to write to the same file.
+ // A Context is passed in case the list of generators depends on the
+ // input types.
+ Generators(*Context) []Generator
+}
+
+type File struct {
+ Name string
+ FileType string
+ PackageName string
+ Header []byte
+ PackagePath string
+ PackageDir string
+ Imports map[string]struct{}
+ Vars bytes.Buffer
+ Consts bytes.Buffer
+ Body bytes.Buffer
+}
+
+type FileType interface {
+ AssembleFile(f *File, path string) error
+}
+
+// Generator is the contract for anything that wants to do auto-generation.
+// It's expected that the io.Writers passed to the below functions will be
+// ErrorTrackers; this allows implementations to not check for io errors,
+// making more readable code.
+//
+// The call order for the functions that take a Context is:
+// 1. Filter() // Subsequent calls see only types that pass this.
+// 2. Namers() // Subsequent calls see the namers provided by this.
+// 3. PackageVars()
+// 4. PackageConsts()
+// 5. Init()
+// 6. GenerateType() // Called N times, once per type in the context's Order.
+// 7. Imports()
+//
+// You may have multiple generators for the same file.
+type Generator interface {
+ // The name of this generator. Will be included in generated comments.
+ Name() string
+
+ // Filter should return true if this generator cares about this type.
+ // (otherwise, GenerateType will not be called.)
+ //
+ // Filter is called before any of the generator's other functions;
+ // subsequent calls will get a context with only the types that passed
+ // this filter.
+ Filter(*Context, *types.Type) bool
+
+ // If this generator needs special namers, return them here. These will
+ // override the original namers in the context if there is a collision.
+ // You may return nil if you don't need special names. These names will
+ // be available in the context passed to the rest of the generator's
+ // functions.
+ //
+ // A use case for this is to return a namer that tracks imports.
+ Namers(*Context) namer.NameSystems
+
+ // Init should write an init function, and any other content that's not
+ // generated per-type. (It's not intended for generator specific
+ // initialization! Do that when your Target constructs the
+ // Generators.)
+ Init(*Context, io.Writer) error
+
+ // Finalize should write finish up functions, and any other content that's not
+ // generated per-type.
+ Finalize(*Context, io.Writer) error
+
+ // PackageVars should emit an array of variable lines. They will be
+ // placed in a var ( ... ) block. There's no need to include a leading
+ // \t or trailing \n.
+ PackageVars(*Context) []string
+
+ // PackageConsts should emit an array of constant lines. They will be
+ // placed in a const ( ... ) block. There's no need to include a leading
+ // \t or trailing \n.
+ PackageConsts(*Context) []string
+
+ // GenerateType should emit the code for a particular type.
+ GenerateType(*Context, *types.Type, io.Writer) error
+
+ // Imports should return a list of necessary imports. They will be
+ // formatted correctly. You do not need to include quotation marks,
+ // return only the package name; alternatively, you can also return
+ // imports in the format `name "path/to/pkg"`. Imports will be called
+ // after Init, PackageVars, PackageConsts, and GenerateType, to allow
+ // you to keep track of what imports you actually need.
+ Imports(*Context) []string
+
+ // Preferred file name of this generator, not including a path. It is
+ // allowed for multiple generators to use the same filename, but it's
+ // up to you to make sure they don't have colliding import names.
+ // TODO: provide per-file import tracking, removing the requirement
+ // that generators coordinate..
+ Filename() string
+
+ // A registered file type in the context to generate this file with. If
+ // the FileType is not found in the context, execution will stop.
+ FileType() string
+}
+
+// Context is global context for individual generators to consume.
+type Context struct {
+ // A map from the naming system to the names for that system. E.g., you
+ // might have public names and several private naming systems.
+ Namers namer.NameSystems
+
+ // All the types, in case you want to look up something.
+ Universe types.Universe
+
+ // All the user-specified packages. This is after recursive expansion.
+ Inputs []string
+
+ // The canonical ordering of the types (will be filtered by both the
+ // Target's and Generator's Filter methods).
+ Order []*types.Type
+
+ // A set of types this context can process. If this is empty or nil,
+ // the default "go" filetype will be provided.
+ FileTypes map[string]FileType
+
+ // Allows generators to add packages at runtime.
+ parser *parser.Parser
+}
+
+// NewContext generates a context from the given parser, naming systems, and
+// the naming system you wish to construct the canonical ordering from.
+func NewContext(p *parser.Parser, nameSystems namer.NameSystems, canonicalOrderName string) (*Context, error) {
+ universe, err := p.NewUniverse()
+ if err != nil {
+ return nil, err
+ }
+
+ c := &Context{
+ Namers: namer.NameSystems{},
+ Universe: universe,
+ Inputs: p.UserRequestedPackages(),
+ FileTypes: map[string]FileType{
+ GoFileType: NewGoFile(),
+ },
+ parser: p,
+ }
+
+ for name, systemNamer := range nameSystems {
+ c.Namers[name] = systemNamer
+ if name == canonicalOrderName {
+ orderer := namer.Orderer{Namer: systemNamer}
+ c.Order = orderer.OrderUniverse(universe)
+ }
+ }
+ return c, nil
+}
+
+// LoadPackages adds Go packages to the context.
+func (c *Context) LoadPackages(patterns ...string) ([]*types.Package, error) {
+ return c.parser.LoadPackagesTo(&c.Universe, patterns...)
+}
+
+// FindPackages expands Go package patterns into a list of package import
+// paths, akin to `go list -find`.
+func (c *Context) FindPackages(patterns ...string) ([]string, error) {
+ return c.parser.FindPackages(patterns...)
+}
diff --git a/vendor/k8s.io/gengo/v2/generator/go_generator.go b/vendor/k8s.io/gengo/v2/generator/go_generator.go
new file mode 100644
index 000000000..14d2148b9
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/generator/go_generator.go
@@ -0,0 +1,61 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+ "io"
+
+ "k8s.io/gengo/v2/namer"
+ "k8s.io/gengo/v2/types"
+)
+
+const (
+ GoFileType = "go"
+)
+
+// GoGenerator implements a do-nothing Generator for Go files. It can be
+// used as a base for custom Generators, which embed it and then define the
+// methods they need to specialize.
+type GoGenerator struct {
+ // OutputFilename is used as the Generator's name, and filename.
+ OutputFilename string
+
+ // Body, if present, will be used as the return from the "Init" method.
+ // This causes it to be static content for the entire file if no other
+ // generator touches the file.
+ OptionalBody []byte
+}
+
+func (gg GoGenerator) Name() string { return gg.OutputFilename }
+func (gg GoGenerator) Filter(*Context, *types.Type) bool { return true }
+func (gg GoGenerator) Namers(*Context) namer.NameSystems { return nil }
+func (gg GoGenerator) Imports(*Context) []string { return []string{} }
+func (gg GoGenerator) PackageVars(*Context) []string { return []string{} }
+func (gg GoGenerator) PackageConsts(*Context) []string { return []string{} }
+func (gg GoGenerator) GenerateType(*Context, *types.Type, io.Writer) error { return nil }
+func (gg GoGenerator) Filename() string { return gg.OutputFilename }
+func (gg GoGenerator) FileType() string { return GoFileType }
+func (gg GoGenerator) Finalize(*Context, io.Writer) error { return nil }
+
+func (gg GoGenerator) Init(c *Context, w io.Writer) error {
+ _, err := w.Write(gg.OptionalBody)
+ return err
+}
+
+var (
+ _ = Generator(GoGenerator{})
+)
diff --git a/vendor/k8s.io/gengo/v2/generator/import_tracker.go b/vendor/k8s.io/gengo/v2/generator/import_tracker.go
new file mode 100644
index 000000000..70b86cf56
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/generator/import_tracker.go
@@ -0,0 +1,89 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+ "go/token"
+ "strings"
+
+ "k8s.io/klog/v2"
+
+ "k8s.io/gengo/v2/namer"
+ "k8s.io/gengo/v2/types"
+)
+
+// NewImportTrackerForPackage creates a new import tracker which is aware
+// of a generator's output package. The tracker will not add import lines
+// when symbols or types are added from the same package, and LocalNameOf
+// will return empty string for the output package.
+//
+// e.g.:
+//
+// tracker := NewImportTrackerForPackage("bar.com/pkg/foo")
+// tracker.AddSymbol(types.Name{"bar.com/pkg/foo.MyType"})
+// tracker.AddSymbol(types.Name{"bar.com/pkg/baz.MyType"})
+// tracker.AddSymbol(types.Name{"bar.com/pkg/baz/baz.MyType"})
+//
+// tracker.LocalNameOf("bar.com/pkg/foo") -> ""
+// tracker.LocalNameOf("bar.com/pkg/baz") -> "baz"
+// tracker.LocalNameOf("bar.com/pkg/baz/baz") -> "bazbaz"
+// tracker.ImportLines() -> {`baz "bar.com/pkg/baz"`, `bazbaz "bar.com/pkg/baz/baz"`}
+func NewImportTrackerForPackage(local string, typesToAdd ...*types.Type) *namer.DefaultImportTracker {
+ tracker := namer.NewDefaultImportTracker(types.Name{Package: local})
+ tracker.IsInvalidType = func(*types.Type) bool { return false }
+ tracker.LocalName = func(name types.Name) string { return goTrackerLocalName(&tracker, name) }
+ tracker.PrintImport = func(path, name string) string { return name + " \"" + path + "\"" }
+
+ tracker.AddTypes(typesToAdd...)
+ return &tracker
+}
+
+func NewImportTracker(typesToAdd ...*types.Type) *namer.DefaultImportTracker {
+ return NewImportTrackerForPackage("", typesToAdd...)
+}
+
+func goTrackerLocalName(tracker namer.ImportTracker, t types.Name) string {
+ path := t.Package
+
+ // Using backslashes in package names causes gengo to produce Go code which
+ // will not compile with the gc compiler. See the comment on GoSeperator.
+ if strings.ContainsRune(path, '\\') {
+ klog.Warningf("Warning: backslash used in import path '%v', this is unsupported.\n", path)
+ }
+
+ dirs := strings.Split(path, namer.GoSeperator)
+ for n := len(dirs) - 1; n >= 0; n-- {
+ // follow kube convention of not having anything between directory names
+ name := strings.Join(dirs[n:], "")
+ name = strings.ReplaceAll(name, "_", "")
+ // These characters commonly appear in import paths for go
+ // packages, but aren't legal go names. So we'll sanitize.
+ name = strings.ReplaceAll(name, ".", "")
+ name = strings.ReplaceAll(name, "-", "")
+ if _, found := tracker.PathOf(name); found {
+ // This name collides with some other package
+ continue
+ }
+
+ // If the import name is a Go keyword, prefix with an underscore.
+ if token.Lookup(name).IsKeyword() {
+ name = "_" + name
+ }
+ return name
+ }
+ panic("can't find import for " + path)
+}
diff --git a/vendor/k8s.io/gengo/v2/generator/simple_target.go b/vendor/k8s.io/gengo/v2/generator/simple_target.go
new file mode 100644
index 000000000..34df8245d
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/generator/simple_target.go
@@ -0,0 +1,77 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+ "k8s.io/gengo/v2/types"
+)
+
+// SimpleTarget is implements Target in terms of static configuration.
+// The package name, path, and dir are required to be non-empty.
+type SimpleTarget struct {
+ // PkgName is the name of the resulting package (as in "package xxxx").
+ // Required.
+ PkgName string
+ // PkgPath is the canonical Go import-path of the resulting package (as in
+ // "import example.com/xxxx/yyyy"). Required.
+ PkgPath string
+ // PkgDir is the location of the resulting package on disk (which may not
+ // exist yet). It may be absolute or relative to CWD. Required.
+ PkgDir string
+
+ // HeaderComment is emitted at the top of every output file. Optional.
+ HeaderComment []byte
+
+ // PkgDocComment is emitted after the header comment for a "doc.go" file.
+ // Optional.
+ PkgDocComment []byte
+
+ // FilterFunc will be called to implement Target.Filter. Optional.
+ FilterFunc func(*Context, *types.Type) bool
+
+ // GeneratorsFunc will be called to implement Target.Generators. Optional.
+ GeneratorsFunc func(*Context) []Generator
+}
+
+func (st SimpleTarget) Name() string { return st.PkgName }
+func (st SimpleTarget) Path() string { return st.PkgPath }
+func (st SimpleTarget) Dir() string { return st.PkgDir }
+
+func (st SimpleTarget) Filter(c *Context, t *types.Type) bool {
+ if st.FilterFunc != nil {
+ return st.FilterFunc(c, t)
+ }
+ return true
+}
+
+func (st SimpleTarget) Generators(c *Context) []Generator {
+ if st.GeneratorsFunc != nil {
+ return st.GeneratorsFunc(c)
+ }
+ return nil
+}
+
+func (st SimpleTarget) Header(filename string) []byte {
+ if filename == "doc.go" {
+ return append(st.HeaderComment, st.PkgDocComment...)
+ }
+ return st.HeaderComment
+}
+
+var (
+ _ = Target(SimpleTarget{})
+)
diff --git a/vendor/k8s.io/gengo/v2/generator/snippet_writer.go b/vendor/k8s.io/gengo/v2/generator/snippet_writer.go
new file mode 100644
index 000000000..7f4610c00
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/generator/snippet_writer.go
@@ -0,0 +1,154 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package generator
+
+import (
+ "fmt"
+ "io"
+ "runtime"
+ "text/template"
+)
+
+// SnippetWriter is an attempt to make the template library usable.
+// Methods are chainable, and you don't have to check Error() until you're all
+// done.
+type SnippetWriter struct {
+ w io.Writer
+ context *Context
+ // Left & right delimiters. text/template defaults to "{{" and "}}"
+ // which is totally unusable for go code based templates.
+ left, right string
+ funcMap template.FuncMap
+ err error
+}
+
+// w is the destination; left and right are the delimiters; @ and $ are both
+// reasonable choices.
+//
+// c is used to make a function for every naming system, to which you can pass
+// a type and get the corresponding name.
+func NewSnippetWriter(w io.Writer, c *Context, left, right string) *SnippetWriter {
+ sw := &SnippetWriter{
+ w: w,
+ context: c,
+ left: left,
+ right: right,
+ funcMap: template.FuncMap{},
+ }
+ for name, namer := range c.Namers {
+ sw.funcMap[name] = namer.Name
+ }
+ return sw
+}
+
+// Do parses format and runs args through it. You can have arbitrary logic in
+// the format (see the text/template documentation), but consider running many
+// short templates with ordinary go logic in between--this may be more
+// readable. Do is chainable. Any error causes every other call to do to be
+// ignored, and the error will be returned by Error(). So you can check it just
+// once, at the end of your function.
+//
+// 'args' can be quite literally anything; read the text/template documentation
+// for details. Maps and structs work particularly nicely. Conveniently, the
+// types package is designed to have structs that are easily referencable from
+// the template language.
+//
+// Example:
+//
+// sw := generator.NewSnippetWriter(outBuffer, context, "$", "$")
+// sw.Do(`The public type name is: $.type|public$`, map[string]interface{}{"type": t})
+// return sw.Error()
+//
+// Where:
+// - "$" starts a template directive
+// - "." references the entire thing passed as args
+// - "type" therefore sees a map and looks up the key "type"
+// - "|" means "pass the thing on the left to the thing on the right"
+// - "public" is the name of a naming system, so the SnippetWriter has given
+// the template a function called "public" that takes a *types.Type and
+// returns the naming system's name. E.g., if the type is "string" this might
+// return "String".
+// - the second "$" ends the template directive.
+//
+// The map is actually not necessary. The below does the same thing:
+//
+// sw.Do(`The public type name is: $.|public$`, t)
+//
+// You may or may not find it more readable to use the map with a descriptive
+// key, but if you want to pass more than one arg, the map or a custom struct
+// becomes a requirement. You can do arbitrary logic inside these templates,
+// but you should consider doing the logic in go and stitching them together
+// for the sake of your readers.
+//
+// TODO: Change Do() to optionally take a list of pairs of parameters (key, value)
+// and have it construct a combined map with that and args.
+func (s *SnippetWriter) Do(format string, args interface{}) *SnippetWriter {
+ if s.err != nil {
+ return s
+ }
+ // Name the template by source file:line so it can be found when
+ // there's an error.
+ _, file, line, _ := runtime.Caller(1)
+ tmpl, err := template.
+ New(fmt.Sprintf("%s:%d", file, line)).
+ Delims(s.left, s.right).
+ Funcs(s.funcMap).
+ Parse(format)
+ if err != nil {
+ s.err = err
+ return s
+ }
+ err = tmpl.Execute(s.w, args)
+ if err != nil {
+ s.err = err
+ }
+ return s
+}
+
+// Args exists to make it convenient to construct arguments for
+// SnippetWriter.Do.
+type Args map[interface{}]interface{}
+
+// With makes a copy of a and adds the given key, value pair.
+func (a Args) With(key, value interface{}) Args {
+ a2 := Args{key: value}
+ for k, v := range a {
+ a2[k] = v
+ }
+ return a2
+}
+
+// WithArgs makes a copy of a and adds the given arguments.
+func (a Args) WithArgs(rhs Args) Args {
+ a2 := Args{}
+ for k, v := range rhs {
+ a2[k] = v
+ }
+ for k, v := range a {
+ a2[k] = v
+ }
+ return a2
+}
+
+func (s *SnippetWriter) Out() io.Writer {
+ return s.w
+}
+
+// Error returns any encountered error.
+func (s *SnippetWriter) Error() error {
+ return s.err
+}
diff --git a/vendor/k8s.io/gengo/v2/namer/doc.go b/vendor/k8s.io/gengo/v2/namer/doc.go
new file mode 100644
index 000000000..76309ebb0
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/namer/doc.go
@@ -0,0 +1,31 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package namer has support for making different type naming systems.
+//
+// This is because sometimes you want to refer to the literal type, sometimes
+// you want to make a name for the thing you're generating, and you want to
+// make the name based on the type. For example, if you have `type foo string`,
+// you want to be able to generate something like `func FooPrinter(f *foo) {
+// Print(string(*f)) }`; that is, you want to refer to a public name, a literal
+// name, and the underlying literal name.
+//
+// This package supports the idea of a "Namer" and a set of "NameSystems" to
+// support these use cases.
+//
+// Additionally, a "RawNamer" can optionally keep track of what needs to be
+// imported.
+package namer // import "k8s.io/gengo/v2/namer"
diff --git a/vendor/k8s.io/gengo/v2/namer/import_tracker.go b/vendor/k8s.io/gengo/v2/namer/import_tracker.go
new file mode 100644
index 000000000..f8c5a9411
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/namer/import_tracker.go
@@ -0,0 +1,121 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package namer
+
+import (
+ "sort"
+
+ "k8s.io/gengo/v2/types"
+)
+
+// ImportTracker may be passed to a namer.RawNamer, to track the imports needed
+// for the types it names.
+//
+// TODO: pay attention to the package name (instead of renaming every package).
+type DefaultImportTracker struct {
+ pathToName map[string]string
+ // forbidden names are in here. (e.g. "go" is a directory in which
+ // there is code, but "go" is not a legal name for a package, so we put
+ // it here to prevent us from naming any package "go")
+ nameToPath map[string]string
+ local types.Name
+
+ // Returns true if a given types is an invalid type and should be ignored.
+ IsInvalidType func(*types.Type) bool
+ // Returns the final local name for the given name
+ LocalName func(types.Name) string
+ // Returns the "import" line for a given (path, name).
+ PrintImport func(string, string) string
+}
+
+func NewDefaultImportTracker(local types.Name) DefaultImportTracker {
+ return DefaultImportTracker{
+ pathToName: map[string]string{},
+ nameToPath: map[string]string{},
+ local: local,
+ }
+}
+
+func (tracker *DefaultImportTracker) AddTypes(types ...*types.Type) {
+ for _, t := range types {
+ tracker.AddType(t)
+ }
+}
+func (tracker *DefaultImportTracker) AddSymbol(symbol types.Name) {
+ if tracker.local.Package == symbol.Package {
+ return
+ }
+
+ if len(symbol.Package) == 0 {
+ return
+ }
+ path := symbol.Path
+ if len(path) == 0 {
+ path = symbol.Package
+ }
+ if _, ok := tracker.pathToName[path]; ok {
+ return
+ }
+
+ name := tracker.LocalName(symbol)
+ tracker.nameToPath[name] = path
+ tracker.pathToName[path] = name
+}
+
+func (tracker *DefaultImportTracker) AddType(t *types.Type) {
+ if tracker.local.Package == t.Name.Package {
+ return
+ }
+
+ if tracker.IsInvalidType(t) {
+ if t.Kind == types.Builtin {
+ return
+ }
+ if _, ok := tracker.nameToPath[t.Name.Package]; !ok {
+ tracker.nameToPath[t.Name.Package] = ""
+ }
+ return
+ }
+
+ tracker.AddSymbol(t.Name)
+}
+
+func (tracker *DefaultImportTracker) ImportLines() []string {
+ importPaths := []string{}
+ for path := range tracker.pathToName {
+ importPaths = append(importPaths, path)
+ }
+ sort.Strings(importPaths)
+ out := []string{}
+ for _, path := range importPaths {
+ out = append(out, tracker.PrintImport(path, tracker.pathToName[path]))
+ }
+ return out
+}
+
+// LocalNameOf returns the name you would use to refer to the package at the
+// specified path within the body of a file.
+func (tracker *DefaultImportTracker) LocalNameOf(path string) string {
+ return tracker.pathToName[path]
+}
+
+// PathOf returns the path that a given localName is referring to within the
+// body of a file.
+func (tracker *DefaultImportTracker) PathOf(localName string) (string, bool) {
+ name, ok := tracker.nameToPath[localName]
+ return name, ok
+}
diff --git a/vendor/k8s.io/gengo/v2/namer/namer.go b/vendor/k8s.io/gengo/v2/namer/namer.go
new file mode 100644
index 000000000..e82fe66ad
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/namer/namer.go
@@ -0,0 +1,395 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package namer
+
+import (
+ "fmt"
+ "path/filepath"
+ "strconv"
+ "strings"
+
+ "k8s.io/gengo/v2/types"
+)
+
+const (
+ // GoSeperator is used to split go import paths.
+ // Forward slash is used instead of filepath.Seperator because it is the
+ // only universally-accepted path delimiter and the only delimiter not
+ // potentially forbidden by Go compilers. (In particular gc does not allow
+ // the use of backslashes in import paths.)
+ // See https://golang.org/ref/spec#Import_declarations.
+ // See also https://github.com/kubernetes/gengo/issues/83#issuecomment-367040772.
+ GoSeperator = "/"
+)
+
+// Returns whether a name is a private Go name.
+func IsPrivateGoName(name string) bool {
+ return len(name) == 0 || strings.ToLower(name[:1]) == name[:1]
+}
+
+// NewPublicNamer is a helper function that returns a namer that makes
+// CamelCase names. See the NameStrategy struct for an explanation of the
+// arguments to this constructor.
+func NewPublicNamer(prependPackageNames int, ignoreWords ...string) *NameStrategy {
+ n := &NameStrategy{
+ Join: Joiner(IC, IC),
+ IgnoreWords: map[string]bool{},
+ PrependPackageNames: prependPackageNames,
+ }
+ for _, w := range ignoreWords {
+ n.IgnoreWords[w] = true
+ }
+ return n
+}
+
+// NewPrivateNamer is a helper function that returns a namer that makes
+// camelCase names. See the NameStrategy struct for an explanation of the
+// arguments to this constructor.
+func NewPrivateNamer(prependPackageNames int, ignoreWords ...string) *NameStrategy {
+ n := &NameStrategy{
+ Join: Joiner(IL, IC),
+ IgnoreWords: map[string]bool{},
+ PrependPackageNames: prependPackageNames,
+ }
+ for _, w := range ignoreWords {
+ n.IgnoreWords[w] = true
+ }
+ return n
+}
+
+// NewRawNamer will return a Namer that makes a name by which you would
+// directly refer to a type, optionally keeping track of the import paths
+// necessary to reference the names it provides. Tracker may be nil.
+// The 'pkg' is the full package name, in which the Namer is used - all
+// types from that package will be referenced by just type name without
+// referencing the package.
+//
+// For example, if the type is map[string]int, a raw namer will literally
+// return "map[string]int".
+//
+// Or if the type, in package foo, is "type Bar struct { ... }", then the raw
+// namer will return "foo.Bar" as the name of the type, and if 'tracker' was
+// not nil, will record that package foo needs to be imported.
+func NewRawNamer(pkg string, tracker ImportTracker) *rawNamer {
+ return &rawNamer{pkg: pkg, tracker: tracker}
+}
+
+// Names is a map from Type to name, as defined by some Namer.
+type Names map[*types.Type]string
+
+// Namer takes a type, and assigns a name.
+//
+// The purpose of this complexity is so that you can assign coherent
+// side-by-side systems of names for the types. For example, you might want a
+// public interface, a private implementation struct, and also to reference
+// literally the type name.
+//
+// Note that it is safe to call your own Name() function recursively to find
+// the names of keys, elements, etc. This is because anonymous types can't have
+// cycles in their names, and named types don't require the sort of recursion
+// that would be problematic.
+type Namer interface {
+ Name(*types.Type) string
+}
+
+// NameSystems is a map of a system name to a namer for that system.
+type NameSystems map[string]Namer
+
+// NameStrategy is a general Namer. The easiest way to use it is to copy the
+// Public/PrivateNamer variables, and modify the members you wish to change.
+//
+// The Name method produces a name for the given type, of the forms:
+// Anonymous types:
+// Named types:
+//
+// In all cases, every part of the name is run through the capitalization
+// functions.
+//
+// The IgnoreWords map can be set if you have directory names that are
+// semantically meaningless for naming purposes, e.g. "proto".
+//
+// Prefix and Suffix can be used to disambiguate parallel systems of type
+// names. For example, if you want to generate an interface and an
+// implementation, you might want to suffix one with "Interface" and the other
+// with "Implementation". Another common use-- if you want to generate private
+// types, and one of your source types could be "string", you can't use the
+// default lowercase private namer. You'll have to add a suffix or prefix.
+type NameStrategy struct {
+ Prefix, Suffix string
+ Join func(pre string, parts []string, post string) string
+
+ // Add non-meaningful package directory names here (e.g. "proto") and
+ // they will be ignored.
+ IgnoreWords map[string]bool
+
+ // If > 0, prepend exactly that many package directory names (or as
+ // many as there are). Package names listed in "IgnoreWords" will be
+ // ignored.
+ //
+ // For example, if Ignore words lists "proto" and type Foo is in
+ // pkg/server/frobbing/proto, then a value of 1 will give a type name
+ // of FrobbingFoo, 2 gives ServerFrobbingFoo, etc.
+ PrependPackageNames int
+
+ // A cache of names thus far assigned by this namer.
+ Names
+}
+
+// IC ensures the first character is uppercase.
+func IC(in string) string {
+ if in == "" {
+ return in
+ }
+ return strings.ToUpper(in[:1]) + in[1:]
+}
+
+// IL ensures the first character is lowercase.
+func IL(in string) string {
+ if in == "" {
+ return in
+ }
+ return strings.ToLower(in[:1]) + in[1:]
+}
+
+// Joiner lets you specify functions that preprocess the various components of
+// a name before joining them. You can construct e.g. camelCase or CamelCase or
+// any other way of joining words. (See the IC and IL convenience functions.)
+func Joiner(first, others func(string) string) func(pre string, in []string, post string) string {
+ return func(pre string, in []string, post string) string {
+ tmp := []string{others(pre)}
+ for i := range in {
+ tmp = append(tmp, others(in[i]))
+ }
+ tmp = append(tmp, others(post))
+ return first(strings.Join(tmp, ""))
+ }
+}
+
+func (ns *NameStrategy) removePrefixAndSuffix(s string) string {
+ // The join function may have changed capitalization.
+ lowerIn := strings.ToLower(s)
+ lowerP := strings.ToLower(ns.Prefix)
+ lowerS := strings.ToLower(ns.Suffix)
+ b, e := 0, len(s)
+ if strings.HasPrefix(lowerIn, lowerP) {
+ b = len(ns.Prefix)
+ }
+ if strings.HasSuffix(lowerIn, lowerS) {
+ e -= len(ns.Suffix)
+ }
+ return s[b:e]
+}
+
+var (
+ importPathNameSanitizer = strings.NewReplacer("-", "_", ".", "")
+)
+
+// filters out unwanted directory names and sanitizes remaining names.
+func (ns *NameStrategy) filterDirs(path string) []string {
+ allDirs := strings.Split(path, GoSeperator)
+ dirs := make([]string, 0, len(allDirs))
+ for _, p := range allDirs {
+ if ns.IgnoreWords == nil || !ns.IgnoreWords[p] {
+ dirs = append(dirs, importPathNameSanitizer.Replace(p))
+ }
+ }
+ return dirs
+}
+
+// See the comment on NameStrategy.
+func (ns *NameStrategy) Name(t *types.Type) string {
+ if ns.Names == nil {
+ ns.Names = Names{}
+ }
+ if s, ok := ns.Names[t]; ok {
+ return s
+ }
+
+ if t.Name.Package != "" {
+ dirs := append(ns.filterDirs(t.Name.Package), t.Name.Name)
+ i := ns.PrependPackageNames + 1
+ dn := len(dirs)
+ if i > dn {
+ i = dn
+ }
+ name := ns.Join(ns.Prefix, dirs[dn-i:], ns.Suffix)
+ ns.Names[t] = name
+ return name
+ }
+
+ // Only anonymous types remain.
+ var name string
+ switch t.Kind {
+ case types.Builtin:
+ name = ns.Join(ns.Prefix, []string{t.Name.Name}, ns.Suffix)
+ case types.Map:
+ name = ns.Join(ns.Prefix, []string{
+ "Map",
+ ns.removePrefixAndSuffix(ns.Name(t.Key)),
+ "To",
+ ns.removePrefixAndSuffix(ns.Name(t.Elem)),
+ }, ns.Suffix)
+ case types.Slice:
+ name = ns.Join(ns.Prefix, []string{
+ "Slice",
+ ns.removePrefixAndSuffix(ns.Name(t.Elem)),
+ }, ns.Suffix)
+ case types.Array:
+ name = ns.Join(ns.Prefix, []string{
+ "Array",
+ ns.removePrefixAndSuffix(fmt.Sprintf("%d", t.Len)),
+ ns.removePrefixAndSuffix(ns.Name(t.Elem)),
+ }, ns.Suffix)
+ case types.Pointer:
+ name = ns.Join(ns.Prefix, []string{
+ "Pointer",
+ ns.removePrefixAndSuffix(ns.Name(t.Elem)),
+ }, ns.Suffix)
+ case types.Struct:
+ names := []string{"Struct"}
+ for _, m := range t.Members {
+ names = append(names, ns.removePrefixAndSuffix(ns.Name(m.Type)))
+ }
+ name = ns.Join(ns.Prefix, names, ns.Suffix)
+ case types.Chan:
+ name = ns.Join(ns.Prefix, []string{
+ "Chan",
+ ns.removePrefixAndSuffix(ns.Name(t.Elem)),
+ }, ns.Suffix)
+ case types.Interface:
+ // TODO: add to name test
+ names := []string{"Interface"}
+ for _, m := range t.Methods {
+ // TODO: include function signature
+ names = append(names, m.Name.Name)
+ }
+ name = ns.Join(ns.Prefix, names, ns.Suffix)
+ case types.Func:
+ // TODO: add to name test
+ parts := []string{"Func"}
+ for _, pt := range t.Signature.Parameters {
+ parts = append(parts, ns.removePrefixAndSuffix(ns.Name(pt)))
+ }
+ parts = append(parts, "Returns")
+ for _, rt := range t.Signature.Results {
+ parts = append(parts, ns.removePrefixAndSuffix(ns.Name(rt)))
+ }
+ name = ns.Join(ns.Prefix, parts, ns.Suffix)
+ default:
+ name = "unnameable_" + string(t.Kind)
+ }
+ ns.Names[t] = name
+ return name
+}
+
+// ImportTracker allows a raw namer to keep track of the packages needed for
+// import. You can implement yourself or use the one in the generation package.
+type ImportTracker interface {
+ AddType(*types.Type)
+ AddSymbol(types.Name)
+ LocalNameOf(packagePath string) string
+ PathOf(localName string) (string, bool)
+ ImportLines() []string
+}
+
+type rawNamer struct {
+ pkg string
+ tracker ImportTracker
+ Names
+}
+
+// Name makes a name the way you'd write it to literally refer to type t,
+// making ordinary assumptions about how you've imported t's package (or using
+// r.tracker to specifically track the package imports).
+func (r *rawNamer) Name(t *types.Type) string {
+ if r.Names == nil {
+ r.Names = Names{}
+ }
+ if name, ok := r.Names[t]; ok {
+ return name
+ }
+ if t.Name.Package != "" {
+ var name string
+ if r.tracker != nil {
+ r.tracker.AddType(t)
+ if t.Name.Package == r.pkg {
+ name = t.Name.Name
+ } else {
+ name = r.tracker.LocalNameOf(t.Name.Package) + "." + t.Name.Name
+ }
+ } else {
+ if t.Name.Package == r.pkg {
+ name = t.Name.Name
+ } else {
+ name = filepath.Base(t.Name.Package) + "." + t.Name.Name
+ }
+ }
+ r.Names[t] = name
+ return name
+ }
+ var name string
+ switch t.Kind {
+ case types.Builtin:
+ name = t.Name.Name
+ case types.Map:
+ name = "map[" + r.Name(t.Key) + "]" + r.Name(t.Elem)
+ case types.Slice:
+ name = "[]" + r.Name(t.Elem)
+ case types.Array:
+ l := strconv.Itoa(int(t.Len))
+ name = "[" + l + "]" + r.Name(t.Elem)
+ case types.Pointer:
+ name = "*" + r.Name(t.Elem)
+ case types.Struct:
+ elems := []string{}
+ for _, m := range t.Members {
+ elems = append(elems, m.Name+" "+r.Name(m.Type))
+ }
+ name = "struct{" + strings.Join(elems, "; ") + "}"
+ case types.Chan:
+ // TODO: include directionality
+ name = "chan " + r.Name(t.Elem)
+ case types.Interface:
+ // TODO: add to name test
+ elems := []string{}
+ for _, m := range t.Methods {
+ // TODO: include function signature
+ elems = append(elems, m.Name.Name)
+ }
+ name = "interface{" + strings.Join(elems, "; ") + "}"
+ case types.Func:
+ // TODO: add to name test
+ params := []string{}
+ for _, pt := range t.Signature.Parameters {
+ params = append(params, r.Name(pt))
+ }
+ results := []string{}
+ for _, rt := range t.Signature.Results {
+ results = append(results, r.Name(rt))
+ }
+ name = "func(" + strings.Join(params, ",") + ")"
+ if len(results) == 1 {
+ name += " " + results[0]
+ } else if len(results) > 1 {
+ name += " (" + strings.Join(results, ",") + ")"
+ }
+ default:
+ name = "unnameable_" + string(t.Kind)
+ }
+ r.Names[t] = name
+ return name
+}
diff --git a/vendor/k8s.io/gengo/v2/namer/order.go b/vendor/k8s.io/gengo/v2/namer/order.go
new file mode 100644
index 000000000..e676f0115
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/namer/order.go
@@ -0,0 +1,72 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package namer
+
+import (
+ "sort"
+
+ "k8s.io/gengo/v2/types"
+)
+
+// Orderer produces an ordering of types given a Namer.
+type Orderer struct {
+ Namer
+}
+
+// OrderUniverse assigns a name to every type in the Universe, including Types,
+// Functions and Variables, and returns a list sorted by those names.
+func (o *Orderer) OrderUniverse(u types.Universe) []*types.Type {
+ list := tList{
+ namer: o.Namer,
+ }
+ for _, p := range u {
+ for _, t := range p.Types {
+ list.types = append(list.types, t)
+ }
+ for _, f := range p.Functions {
+ list.types = append(list.types, f)
+ }
+ for _, v := range p.Variables {
+ list.types = append(list.types, v)
+ }
+ for _, v := range p.Constants {
+ list.types = append(list.types, v)
+ }
+ }
+ sort.Sort(list)
+ return list.types
+}
+
+// OrderTypes assigns a name to every type, and returns a list sorted by those
+// names.
+func (o *Orderer) OrderTypes(typeList []*types.Type) []*types.Type {
+ list := tList{
+ namer: o.Namer,
+ types: typeList,
+ }
+ sort.Sort(list)
+ return list.types
+}
+
+type tList struct {
+ namer Namer
+ types []*types.Type
+}
+
+func (t tList) Len() int { return len(t.types) }
+func (t tList) Less(i, j int) bool { return t.namer.Name(t.types[i]) < t.namer.Name(t.types[j]) }
+func (t tList) Swap(i, j int) { t.types[i], t.types[j] = t.types[j], t.types[i] }
diff --git a/vendor/k8s.io/gengo/v2/namer/plural_namer.go b/vendor/k8s.io/gengo/v2/namer/plural_namer.go
new file mode 100644
index 000000000..6bded6a04
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/namer/plural_namer.go
@@ -0,0 +1,120 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package namer
+
+import (
+ "strings"
+
+ "k8s.io/gengo/v2/types"
+)
+
+var consonants = "bcdfghjklmnpqrstvwxyz"
+
+type pluralNamer struct {
+ // key is the case-sensitive type name, value is the case-insensitive
+ // intended output.
+ exceptions map[string]string
+ finalize func(string) string
+}
+
+// NewPublicPluralNamer returns a namer that returns the plural form of the input
+// type's name, starting with a uppercase letter.
+func NewPublicPluralNamer(exceptions map[string]string) *pluralNamer {
+ return &pluralNamer{exceptions, IC}
+}
+
+// NewPrivatePluralNamer returns a namer that returns the plural form of the input
+// type's name, starting with a lowercase letter.
+func NewPrivatePluralNamer(exceptions map[string]string) *pluralNamer {
+ return &pluralNamer{exceptions, IL}
+}
+
+// NewAllLowercasePluralNamer returns a namer that returns the plural form of the input
+// type's name, with all letters in lowercase.
+func NewAllLowercasePluralNamer(exceptions map[string]string) *pluralNamer {
+ return &pluralNamer{exceptions, strings.ToLower}
+}
+
+// Name returns the plural form of the type's name. If the type's name is found
+// in the exceptions map, the map value is returned.
+func (r *pluralNamer) Name(t *types.Type) string {
+ singular := t.Name.Name
+ var plural string
+ var ok bool
+ if plural, ok = r.exceptions[singular]; ok {
+ return r.finalize(plural)
+ }
+ if len(singular) < 2 {
+ return r.finalize(singular)
+ }
+
+ switch rune(singular[len(singular)-1]) {
+ case 's', 'x', 'z':
+ plural = esPlural(singular)
+ case 'y':
+ sl := rune(singular[len(singular)-2])
+ if isConsonant(sl) {
+ plural = iesPlural(singular)
+ } else {
+ plural = sPlural(singular)
+ }
+ case 'h':
+ sl := rune(singular[len(singular)-2])
+ if sl == 'c' || sl == 's' {
+ plural = esPlural(singular)
+ } else {
+ plural = sPlural(singular)
+ }
+ case 'e':
+ sl := rune(singular[len(singular)-2])
+ if sl == 'f' {
+ plural = vesPlural(singular[:len(singular)-1])
+ } else {
+ plural = sPlural(singular)
+ }
+ case 'f':
+ plural = vesPlural(singular)
+ default:
+ plural = sPlural(singular)
+ }
+ return r.finalize(plural)
+}
+
+func iesPlural(singular string) string {
+ return singular[:len(singular)-1] + "ies"
+}
+
+func vesPlural(singular string) string {
+ return singular[:len(singular)-1] + "ves"
+}
+
+func esPlural(singular string) string {
+ return singular + "es"
+}
+
+func sPlural(singular string) string {
+ return singular + "s"
+}
+
+func isConsonant(char rune) bool {
+ for _, c := range consonants {
+ if char == c {
+ return true
+ }
+ }
+ return false
+}
diff --git a/vendor/k8s.io/gengo/examples/set-gen/sets/doc.go b/vendor/k8s.io/gengo/v2/parser/doc.go
similarity index 74%
rename from vendor/k8s.io/gengo/examples/set-gen/sets/doc.go
rename to vendor/k8s.io/gengo/v2/parser/doc.go
index b152a0bf0..8dc84facf 100644
--- a/vendor/k8s.io/gengo/examples/set-gen/sets/doc.go
+++ b/vendor/k8s.io/gengo/v2/parser/doc.go
@@ -1,5 +1,5 @@
/*
-Copyright The Kubernetes Authors.
+Copyright 2015 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -14,7 +14,6 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-// Code generated by set-gen. DO NOT EDIT.
-
-// Package sets has auto-generated set types.
-package sets
+// Package parser provides code to parse go files, type-check them, extract the
+// types.
+package parser // import "k8s.io/gengo/v2/parser"
diff --git a/vendor/k8s.io/gengo/v2/parser/parse.go b/vendor/k8s.io/gengo/v2/parser/parse.go
new file mode 100644
index 000000000..a5993d163
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/parser/parse.go
@@ -0,0 +1,821 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package parser
+
+import (
+ "errors"
+ "fmt"
+ "go/ast"
+ "go/constant"
+ "go/token"
+ gotypes "go/types"
+ "path/filepath"
+ "sort"
+ "strings"
+ "time"
+
+ "golang.org/x/tools/go/packages"
+ "k8s.io/gengo/v2/types"
+ "k8s.io/klog/v2"
+)
+
+// Parser lets you add all the go files in all the packages that you care
+// about, then constructs the type source data.
+type Parser struct {
+ // Map of package paths to definitions. These keys should be canonical
+ // Go import paths (example.com/foo/bar) and not local paths (./foo/bar).
+ goPkgs map[string]*packages.Package
+
+ // Keep track of which packages were directly requested (as opposed to
+ // those which are transitively loaded).
+ userRequested map[string]bool
+
+ // Keep track of which packages have already been scanned for types.
+ fullyProcessed map[string]bool
+
+ // Build tags to set when loading packages.
+ buildTags []string
+
+ // Tracks accumulated parsed files, so we can do position lookups later.
+ fset *token.FileSet
+
+ // All comments from everywhere in every parsed file. This map is keyed by
+ // the file-line on which the comment block ends, which makes it easy to
+ // look up comments which immediately precede a given obect (e.g. a type or
+ // function definition), which is what we almost always want. We need this
+ // because Go's own ast package does a very poor job of handling comments.
+ endLineToCommentGroup map[fileLine]*ast.CommentGroup
+}
+
+// key type for finding comments.
+type fileLine struct {
+ file string
+ line int
+}
+
+// New constructs a new Parser.
+func New() *Parser {
+ return NewWithOptions(Options{})
+}
+
+func NewWithOptions(opts Options) *Parser {
+ return &Parser{
+ goPkgs: map[string]*packages.Package{},
+ userRequested: map[string]bool{},
+ fullyProcessed: map[string]bool{},
+ fset: token.NewFileSet(),
+ endLineToCommentGroup: map[fileLine]*ast.CommentGroup{},
+ buildTags: opts.BuildTags,
+ }
+}
+
+// Options holds optional settings for the Parser.
+type Options struct {
+ // BuildTags is a list of optional tags to be specified when loading
+ // packages.
+ BuildTags []string
+}
+
+// FindPackages expands the provided patterns into a list of Go import-paths,
+// much like `go list -find`.
+func (p *Parser) FindPackages(patterns ...string) ([]string, error) {
+ return p.findPackages(nil, patterns...)
+}
+
+// baseCfg is an optional (may be nil) config which might be injected by tests.
+func (p *Parser) findPackages(baseCfg *packages.Config, patterns ...string) ([]string, error) {
+ toFind := make([]string, 0, len(patterns))
+ results := make([]string, 0, len(patterns))
+ for _, pat := range patterns {
+ if pkg := p.goPkgs[pat]; pkg != nil {
+ results = append(results, pkg.PkgPath)
+ } else {
+ toFind = append(toFind, pat)
+ }
+ }
+ if len(toFind) == 0 {
+ return results, nil
+ }
+
+ cfg := packages.Config{
+ Mode: packages.NeedName | packages.NeedFiles,
+ BuildFlags: []string{"-tags", strings.Join(p.buildTags, ",")},
+ Tests: false,
+ }
+ if baseCfg != nil {
+ // This is to support tests, e.g. to inject a fake GOPATH or CWD.
+ cfg.Dir = baseCfg.Dir
+ cfg.Env = baseCfg.Env
+ }
+
+ pkgs, err := packages.Load(&cfg, toFind...)
+ if err != nil {
+ return nil, fmt.Errorf("error loading packages: %w", err)
+ }
+ var allErrs []error
+ for _, pkg := range pkgs {
+ results = append(results, pkg.PkgPath)
+
+ // pkg.Errors is not a slice of `error`, but concrete types. We have
+ // to iteratively convert each one into `error`.
+ var errs []error
+ for _, e := range pkg.Errors {
+ errs = append(errs, e)
+ }
+ if len(errs) > 0 {
+ allErrs = append(allErrs, fmt.Errorf("error(s) in %q:\n%w", pkg.PkgPath, errors.Join(errs...)))
+ }
+ }
+ if len(allErrs) != 0 {
+ return nil, errors.Join(allErrs...)
+ }
+ return results, nil
+}
+
+// LoadPackages loads and parses the specified Go packages. Specifically
+// named packages (without a trailing "/...") which do not exist or have no Go
+// files are an error.
+func (p *Parser) LoadPackages(patterns ...string) error {
+ _, err := p.loadPackages(patterns...)
+ return err
+}
+
+// LoadPackagesWithConfigForTesting loads and parses the specified Go packages with the
+// specified packages.Config as a starting point. This is for testing, and
+// only the .Dir and .Env fields of the Config will be considered.
+func (p *Parser) LoadPackagesWithConfigForTesting(cfg *packages.Config, patterns ...string) error {
+ _, err := p.loadPackagesWithConfig(cfg, patterns...)
+ return err
+}
+
+// LoadPackagesTo loads and parses the specified Go packages, and inserts them
+// into the specified Universe. It returns the packages which match the
+// patterns, but loads all packages and their imports, recursively, into the
+// universe. See NewUniverse for more.
+func (p *Parser) LoadPackagesTo(u *types.Universe, patterns ...string) ([]*types.Package, error) {
+ // Load Packages.
+ pkgs, err := p.loadPackages(patterns...)
+ if err != nil {
+ return nil, err
+ }
+
+ // Load types in all packages (it will internally filter).
+ if err := p.addPkgsToUniverse(pkgs, u); err != nil {
+ return nil, err
+ }
+
+ // Return the results as gengo types.Packages.
+ ret := make([]*types.Package, 0, len(pkgs))
+ for _, pkg := range pkgs {
+ ret = append(ret, u.Package(pkg.PkgPath))
+ }
+
+ return ret, nil
+}
+
+func (p *Parser) loadPackages(patterns ...string) ([]*packages.Package, error) {
+ return p.loadPackagesWithConfig(nil, patterns...)
+}
+
+// baseCfg is an optional (may be nil) config which might be injected by tests.
+func (p *Parser) loadPackagesWithConfig(baseCfg *packages.Config, patterns ...string) ([]*packages.Package, error) {
+ klog.V(5).Infof("loadPackages %q", patterns)
+
+ // Loading packages is slow - only do ones we know we have not already done
+ // (e.g. if a tool calls LoadPackages itself).
+ existingPkgs, netNewPkgs, err := p.alreadyLoaded(baseCfg, patterns...)
+ if err != nil {
+ return nil, err
+ }
+ if vlog := klog.V(5); vlog.Enabled() {
+ if len(existingPkgs) > 0 {
+ keys := make([]string, 0, len(existingPkgs))
+ for _, p := range existingPkgs {
+ keys = append(keys, p.PkgPath)
+ }
+ vlog.Infof(" already have: %q", keys)
+ }
+ if len(netNewPkgs) > 0 {
+ vlog.Infof(" to be loaded: %q", netNewPkgs)
+ }
+ }
+
+ // If these were not user-requested before, they are now.
+ for _, pkg := range existingPkgs {
+ if !p.userRequested[pkg.PkgPath] {
+ p.userRequested[pkg.PkgPath] = true
+ }
+ }
+ for _, pkg := range netNewPkgs {
+ if !p.userRequested[pkg] {
+ p.userRequested[pkg] = true
+ }
+ }
+
+ if len(netNewPkgs) == 0 {
+ return existingPkgs, nil
+ }
+
+ cfg := packages.Config{
+ Mode: packages.NeedName |
+ packages.NeedFiles | packages.NeedImports | packages.NeedDeps |
+ packages.NeedModule | packages.NeedTypes | packages.NeedSyntax,
+ BuildFlags: []string{"-tags", strings.Join(p.buildTags, ",")},
+ Fset: p.fset,
+ Tests: false,
+ }
+ if baseCfg != nil {
+ // This is to support tests, e.g. to inject a fake GOPATH or CWD.
+ cfg.Dir = baseCfg.Dir
+ cfg.Env = baseCfg.Env
+ }
+
+ tBefore := time.Now()
+ pkgs, err := packages.Load(&cfg, netNewPkgs...)
+ if err != nil {
+ return nil, fmt.Errorf("error loading packages: %w", err)
+ }
+ klog.V(5).Infof(" loaded %d pkg(s) in %v", len(pkgs), time.Since(tBefore))
+
+ // Handle any errors.
+ collectErrors := func(pkg *packages.Package) error {
+ var errs []error
+ for _, e := range pkg.Errors {
+ if e.Kind == packages.ListError || e.Kind == packages.ParseError {
+ errs = append(errs, e)
+ }
+ }
+ if len(errs) > 0 {
+ return fmt.Errorf("error(s) in %q:\n%w", pkg.PkgPath, errors.Join(errs...))
+ }
+ return nil
+ }
+ if err := forEachPackageRecursive(pkgs, collectErrors); err != nil {
+ return nil, err
+ }
+
+ // Finish integrating packages into our state.
+ absorbPkg := func(pkg *packages.Package) error {
+ p.goPkgs[pkg.PkgPath] = pkg
+
+ for _, f := range pkg.Syntax {
+ for _, c := range f.Comments {
+ // We need to do this on _every_ pkg, not just user-requested
+ // ones, because some generators look at tags in other
+ // packages.
+ //
+ // TODO: It would be nice if we only did this on user-requested
+ // packages. The problem is that we don't always know which
+ // other packages will need this information, and even when we
+ // do we may have already loaded the package (as a transitive
+ // dep) and might have stored pointers into it. Doing a
+ // thorough "reload" without invalidating all those pointers is
+ // a problem for another day.
+ position := p.fset.Position(c.End()) // Fset is synchronized
+ p.endLineToCommentGroup[fileLine{position.Filename, position.Line}] = c
+ }
+ }
+
+ return nil
+ }
+ if err := forEachPackageRecursive(pkgs, absorbPkg); err != nil {
+ return nil, err
+ }
+
+ return append(existingPkgs, pkgs...), nil
+}
+
+// alreadyLoaded figures out which of the specified patterns have already been loaded
+// and which have not, and returns those respectively.
+// baseCfg is an optional (may be nil) config which might be injected by tests.
+func (p *Parser) alreadyLoaded(baseCfg *packages.Config, patterns ...string) ([]*packages.Package, []string, error) {
+ existingPkgs := make([]*packages.Package, 0, len(patterns))
+ netNewPkgs := make([]string, 0, len(patterns))
+
+ // Expand and canonicalize the requested patterns. This should be fast.
+ if pkgPaths, err := p.findPackages(baseCfg, patterns...); err != nil {
+ return nil, nil, err
+ } else {
+ for _, pkgPath := range pkgPaths {
+ if pkg := p.goPkgs[pkgPath]; pkg != nil {
+ existingPkgs = append(existingPkgs, pkg)
+ } else {
+ netNewPkgs = append(netNewPkgs, pkgPath)
+ }
+ }
+ }
+ return existingPkgs, netNewPkgs, nil
+}
+
+// forEachPackageRecursive will run the provided function on all of the specified
+// packages, and on their imports recursively. Errors are accumulated and
+// returned as via errors.Join.
+func forEachPackageRecursive(pkgs []*packages.Package, fn func(pkg *packages.Package) error) error {
+ seen := map[string]bool{} // PkgPaths we have already visited
+ var errs []error
+ for _, pkg := range pkgs {
+ errs = append(errs, recursePackage(pkg, fn, seen)...)
+ }
+ if len(errs) > 0 {
+ return errors.Join(errs...)
+ }
+ return nil
+}
+
+func recursePackage(pkg *packages.Package, fn func(pkg *packages.Package) error, seen map[string]bool) []error {
+ if seen[pkg.PkgPath] {
+ return nil
+ }
+ var errs []error
+ seen[pkg.PkgPath] = true
+ if err := fn(pkg); err != nil {
+ errs = append(errs, err)
+ }
+ for _, imp := range pkg.Imports {
+ errs = append(errs, recursePackage(imp, fn, seen)...)
+ }
+ return errs
+}
+
+// UserRequestedPackages fetches a list of the user-imported packages.
+func (p *Parser) UserRequestedPackages() []string {
+ // Iterate packages in a predictable order.
+ pkgPaths := make([]string, 0, len(p.userRequested))
+ for k := range p.userRequested {
+ pkgPaths = append(pkgPaths, string(k))
+ }
+ sort.Strings(pkgPaths)
+ return pkgPaths
+}
+
+// NewUniverse finalizes the loaded packages, searches through them for types
+// and produces a new Universe. The returned Universe has one types.Package
+// entry for each Go package that has been loaded, including all of their
+// dependencies, recursively. It also has one entry, whose key is "", which
+// represents "builtin" types.
+func (p *Parser) NewUniverse() (types.Universe, error) {
+ u := types.Universe{}
+
+ pkgs := []*packages.Package{}
+ for _, path := range p.UserRequestedPackages() {
+ pkgs = append(pkgs, p.goPkgs[path])
+ }
+ if err := p.addPkgsToUniverse(pkgs, &u); err != nil {
+ return nil, err
+ }
+
+ return u, nil
+}
+
+// addCommentsToType takes any accumulated comment lines prior to obj and
+// attaches them to the type t.
+func (p *Parser) addCommentsToType(obj gotypes.Object, t *types.Type) {
+ t.CommentLines = p.docComment(obj.Pos())
+ t.SecondClosestCommentLines = p.priorDetachedComment(obj.Pos())
+}
+
+// packageDir tries to figure out the directory of the specified package.
+func packageDir(pkg *packages.Package) (string, error) {
+ // Sometimes Module is present but has no Dir, e.g. when it is vendored.
+ if pkg.Module != nil && pkg.Module.Dir != "" {
+ // NOTE: this will not work if tests are loaded, because Go mutates the
+ // Package.PkgPath.
+ subdir := strings.TrimPrefix(pkg.PkgPath, pkg.Module.Path)
+ return filepath.Join(pkg.Module.Dir, subdir), nil
+ }
+ if len(pkg.GoFiles) > 0 {
+ return filepath.Dir(pkg.GoFiles[0]), nil
+ }
+ if len(pkg.IgnoredFiles) > 0 {
+ return filepath.Dir(pkg.IgnoredFiles[0]), nil
+ }
+ return "", fmt.Errorf("can't find package dir for %q - no module info and no Go files", pkg.PkgPath)
+}
+
+// addPkgsToUniverse adds the packages, and all of their deps, recursively, to
+// the universe and (if needed) searches through them for types.
+func (p *Parser) addPkgsToUniverse(pkgs []*packages.Package, u *types.Universe) error {
+ addOne := func(pkg *packages.Package) error {
+ if err := p.addPkgToUniverse(pkg, u); err != nil {
+ return err
+ }
+ return nil
+ }
+ if err := forEachPackageRecursive(pkgs, addOne); err != nil {
+ return err
+ }
+ return nil
+}
+
+// addPkgToUniverse adds one package to the universe and (if needed) searches
+// through it for types.
+func (p *Parser) addPkgToUniverse(pkg *packages.Package, u *types.Universe) error {
+ pkgPath := pkg.PkgPath
+ if p.fullyProcessed[pkgPath] {
+ return nil
+ }
+
+ // This will get-or-create the Package.
+ gengoPkg := u.Package(pkgPath)
+
+ if gengoPkg.Dir == "" {
+ // We're keeping this package, though we might not fully process it.
+ if vlog := klog.V(5); vlog.Enabled() {
+ why := "user-requested"
+ if !p.userRequested[pkgPath] {
+ why = "dependency"
+ }
+ vlog.Infof("addPkgToUniverse %q (%s)", pkgPath, why)
+ }
+
+ absPath := ""
+ if dir, err := packageDir(pkg); err != nil {
+ return err
+ } else {
+ absPath = dir
+ }
+
+ gengoPkg.Path = pkg.PkgPath
+ gengoPkg.Dir = absPath
+ }
+
+ // If the package was not user-requested, we can stop here.
+ if !p.userRequested[pkgPath] {
+ return nil
+ }
+
+ // Mark it as done, so we don't ever re-process it.
+ p.fullyProcessed[pkgPath] = true
+ gengoPkg.Name = pkg.Name
+
+ // For historical reasons we treat files named "doc.go" specially.
+ // TODO: It would be nice to not do this and instead treat package
+ // doc-comments as the "global" config place. This would require changing
+ // most generators and input files.
+ for _, f := range pkg.Syntax {
+ // This gets the filename for the ast.File. Iterating pkg.GoFiles is
+ // documented as unreliable.
+ pos := p.fset.Position(f.FileStart)
+ if filepath.Base(pos.Filename) == "doc.go" {
+ gengoPkg.Comments = []string{}
+ for i := range f.Comments {
+ gengoPkg.Comments = append(gengoPkg.Comments, splitLines(f.Comments[i].Text())...)
+ }
+ if f.Doc != nil {
+ gengoPkg.DocComments = splitLines(f.Doc.Text())
+ }
+ }
+ }
+
+ // Walk all the types, recursively and save them for later access.
+ s := pkg.Types.Scope()
+ for _, n := range s.Names() {
+ switch obj := s.Lookup(n).(type) {
+ case *gotypes.TypeName:
+ t := p.walkType(*u, nil, obj.Type())
+ p.addCommentsToType(obj, t)
+ case *gotypes.Func:
+ // We only care about functions, not concrete/abstract methods.
+ if obj.Type() != nil && obj.Type().(*gotypes.Signature).Recv() == nil {
+ t := p.addFunction(*u, nil, obj)
+ p.addCommentsToType(obj, t)
+ }
+ case *gotypes.Var:
+ if !obj.IsField() {
+ t := p.addVariable(*u, nil, obj)
+ p.addCommentsToType(obj, t)
+ }
+ case *gotypes.Const:
+ t := p.addConstant(*u, nil, obj)
+ p.addCommentsToType(obj, t)
+ default:
+ klog.Infof("addPkgToUniverse %q: unhandled object of type %T: %v", pkgPath, obj, obj)
+ }
+ }
+
+ // Add all of this package's imports.
+ importedPkgs := []string{}
+ for _, imp := range pkg.Imports {
+ if err := p.addPkgToUniverse(imp, u); err != nil {
+ return err
+ }
+ importedPkgs = append(importedPkgs, imp.PkgPath)
+ }
+ sort.Strings(importedPkgs)
+ u.AddImports(pkg.PkgPath, importedPkgs...)
+
+ return nil
+}
+
+// If the specified position has a "doc comment", return that.
+func (p *Parser) docComment(pos token.Pos) []string {
+ // An object's doc comment always ends on the line before the object's own
+ // declaration.
+ c1 := p.priorCommentLines(pos, 1)
+ return splitLines(c1.Text()) // safe even if c1 is nil
+}
+
+// If there is a detached (not immediately before a declaration) comment,
+// return that.
+func (p *Parser) priorDetachedComment(pos token.Pos) []string {
+ // An object's doc comment always ends on the line before the object's own
+ // declaration.
+ c1 := p.priorCommentLines(pos, 1)
+
+ // Using a literal "2" here is brittle in theory (it means literally 2
+ // lines), but in practice Go code is gofmt'ed (which elides repeated blank
+ // lines), so it works.
+ var c2 *ast.CommentGroup
+ if c1 == nil {
+ c2 = p.priorCommentLines(pos, 2)
+ } else {
+ c2 = p.priorCommentLines(c1.List[0].Slash, 2)
+ }
+ return splitLines(c2.Text()) // safe even if c1 is nil
+}
+
+// If there's a comment block which ends nlines before pos, return it.
+func (p *Parser) priorCommentLines(pos token.Pos, lines int) *ast.CommentGroup {
+ position := p.fset.Position(pos)
+ key := fileLine{position.Filename, position.Line - lines}
+ return p.endLineToCommentGroup[key]
+}
+
+func splitLines(str string) []string {
+ return strings.Split(strings.TrimRight(str, "\n"), "\n")
+}
+
+func goFuncNameToName(in string) types.Name {
+ name := strings.TrimPrefix(in, "func ")
+ nameParts := strings.Split(name, "(")
+ return goNameToName(nameParts[0])
+}
+
+func goVarNameToName(in string) types.Name {
+ nameParts := strings.Split(in, " ")
+ // nameParts[0] is "var".
+ // nameParts[2:] is the type of the variable, we ignore it for now.
+ return goNameToName(nameParts[1])
+}
+
+func goNameToName(in string) types.Name {
+ // Detect anonymous type names. (These may have '.' characters because
+ // embedded types may have packages, so we detect them specially.)
+ if strings.HasPrefix(in, "struct{") ||
+ strings.HasPrefix(in, "<-chan") ||
+ strings.HasPrefix(in, "chan<-") ||
+ strings.HasPrefix(in, "chan ") ||
+ strings.HasPrefix(in, "func(") ||
+ strings.HasPrefix(in, "func (") ||
+ strings.HasPrefix(in, "*") ||
+ strings.HasPrefix(in, "map[") ||
+ strings.HasPrefix(in, "[") {
+ return types.Name{Name: in}
+ }
+
+ // Otherwise, if there are '.' characters present, the name has a
+ // package path in front.
+ nameParts := strings.Split(in, ".")
+ name := types.Name{Name: in}
+ if n := len(nameParts); n >= 2 {
+ // The final "." is the name of the type--previous ones must
+ // have been in the package path.
+ name.Package, name.Name = strings.Join(nameParts[:n-1], "."), nameParts[n-1]
+ }
+ return name
+}
+
+func (p *Parser) convertSignature(u types.Universe, t *gotypes.Signature) *types.Signature {
+ signature := &types.Signature{}
+ for i := 0; i < t.Params().Len(); i++ {
+ signature.Parameters = append(signature.Parameters, p.walkType(u, nil, t.Params().At(i).Type()))
+ signature.ParameterNames = append(signature.ParameterNames, t.Params().At(i).Name())
+ }
+ for i := 0; i < t.Results().Len(); i++ {
+ signature.Results = append(signature.Results, p.walkType(u, nil, t.Results().At(i).Type()))
+ signature.ResultNames = append(signature.ResultNames, t.Results().At(i).Name())
+ }
+ if r := t.Recv(); r != nil {
+ signature.Receiver = p.walkType(u, nil, r.Type())
+ }
+ signature.Variadic = t.Variadic()
+ return signature
+}
+
+// walkType adds the type, and any necessary child types.
+func (p *Parser) walkType(u types.Universe, useName *types.Name, in gotypes.Type) *types.Type {
+ // Most of the cases are underlying types of the named type.
+ name := goNameToName(in.String())
+ if useName != nil {
+ name = *useName
+ }
+
+ switch t := in.(type) {
+ case *gotypes.Struct:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Struct
+ for i := 0; i < t.NumFields(); i++ {
+ f := t.Field(i)
+ m := types.Member{
+ Name: f.Name(),
+ Embedded: f.Anonymous(),
+ Tags: t.Tag(i),
+ Type: p.walkType(u, nil, f.Type()),
+ CommentLines: p.docComment(f.Pos()),
+ }
+ out.Members = append(out.Members, m)
+ }
+ return out
+ case *gotypes.Map:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Map
+ out.Elem = p.walkType(u, nil, t.Elem())
+ out.Key = p.walkType(u, nil, t.Key())
+ return out
+ case *gotypes.Pointer:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Pointer
+ out.Elem = p.walkType(u, nil, t.Elem())
+ return out
+ case *gotypes.Slice:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Slice
+ out.Elem = p.walkType(u, nil, t.Elem())
+ return out
+ case *gotypes.Array:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Array
+ out.Elem = p.walkType(u, nil, t.Elem())
+ out.Len = in.(*gotypes.Array).Len()
+ return out
+ case *gotypes.Chan:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Chan
+ out.Elem = p.walkType(u, nil, t.Elem())
+ // TODO: need to store direction, otherwise raw type name
+ // cannot be properly written.
+ return out
+ case *gotypes.Basic:
+ out := u.Type(types.Name{
+ Package: "", // This is a magic package name in the Universe.
+ Name: t.Name(),
+ })
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Unsupported
+ return out
+ case *gotypes.Signature:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Func
+ out.Signature = p.convertSignature(u, t)
+ return out
+ case *gotypes.Interface:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Interface
+ t.Complete()
+ for i := 0; i < t.NumMethods(); i++ {
+ if out.Methods == nil {
+ out.Methods = map[string]*types.Type{}
+ }
+ method := t.Method(i)
+ name := goNameToName(method.String())
+ mt := p.walkType(u, &name, method.Type())
+ mt.CommentLines = p.docComment(method.Pos())
+ out.Methods[method.Name()] = mt
+ }
+ return out
+ case *gotypes.Named:
+ var out *types.Type
+ switch t.Underlying().(type) {
+ case *gotypes.Named, *gotypes.Basic, *gotypes.Map, *gotypes.Slice:
+ name := goNameToName(t.String())
+ out = u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Alias
+ out.Underlying = p.walkType(u, nil, t.Underlying())
+ default:
+ // gotypes package makes everything "named" with an
+ // underlying anonymous type--we remove that annoying
+ // "feature" for users. This flattens those types
+ // together.
+ name := goNameToName(t.String())
+ if out := u.Type(name); out.Kind != types.Unknown {
+ return out // short circuit if we've already made this.
+ }
+ out = p.walkType(u, &name, t.Underlying())
+ }
+ // If the underlying type didn't already add methods, add them.
+ // (Interface types will have already added methods.)
+ if len(out.Methods) == 0 {
+ for i := 0; i < t.NumMethods(); i++ {
+ if out.Methods == nil {
+ out.Methods = map[string]*types.Type{}
+ }
+ method := t.Method(i)
+ name := goNameToName(method.String())
+ mt := p.walkType(u, &name, method.Type())
+ mt.CommentLines = p.docComment(method.Pos())
+ out.Methods[method.Name()] = mt
+ }
+ }
+ return out
+ default:
+ out := u.Type(name)
+ if out.Kind != types.Unknown {
+ return out
+ }
+ out.Kind = types.Unsupported
+ klog.Warningf("Making unsupported type entry %q for: %#v\n", out, t)
+ return out
+ }
+}
+
+func (p *Parser) addFunction(u types.Universe, useName *types.Name, in *gotypes.Func) *types.Type {
+ name := goFuncNameToName(in.String())
+ if useName != nil {
+ name = *useName
+ }
+ out := u.Function(name)
+ out.Kind = types.DeclarationOf
+ out.Underlying = p.walkType(u, nil, in.Type())
+ return out
+}
+
+func (p *Parser) addVariable(u types.Universe, useName *types.Name, in *gotypes.Var) *types.Type {
+ name := goVarNameToName(in.String())
+ if useName != nil {
+ name = *useName
+ }
+ out := u.Variable(name)
+ out.Kind = types.DeclarationOf
+ out.Underlying = p.walkType(u, nil, in.Type())
+ return out
+}
+
+func (p *Parser) addConstant(u types.Universe, useName *types.Name, in *gotypes.Const) *types.Type {
+ name := goVarNameToName(in.String())
+ if useName != nil {
+ name = *useName
+ }
+ out := u.Constant(name)
+ out.Kind = types.DeclarationOf
+ out.Underlying = p.walkType(u, nil, in.Type())
+
+ var constval string
+
+ // For strings, we use `StringVal()` to get the un-truncated,
+ // un-quoted string. For other values, `.String()` is preferable to
+ // get something relatively human readable (especially since for
+ // floating point types, `ExactString()` will generate numeric
+ // expressions using `big.(*Float).Text()`.
+ switch in.Val().Kind() {
+ case constant.String:
+ constval = constant.StringVal(in.Val())
+ default:
+ constval = in.Val().String()
+ }
+
+ out.ConstValue = &constval
+ return out
+}
diff --git a/vendor/k8s.io/gengo/examples/set-gen/sets/empty.go b/vendor/k8s.io/gengo/v2/types/doc.go
similarity index 64%
rename from vendor/k8s.io/gengo/examples/set-gen/sets/empty.go
rename to vendor/k8s.io/gengo/v2/types/doc.go
index e11e622c5..23acb879c 100644
--- a/vendor/k8s.io/gengo/examples/set-gen/sets/empty.go
+++ b/vendor/k8s.io/gengo/v2/types/doc.go
@@ -1,5 +1,5 @@
/*
-Copyright The Kubernetes Authors.
+Copyright 2015 The Kubernetes Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
@@ -14,10 +14,6 @@ See the License for the specific language governing permissions and
limitations under the License.
*/
-// Code generated by set-gen. DO NOT EDIT.
-
-package sets
-
-// Empty is public since it is used by some internal API objects for conversions between external
-// string arrays and internal sets, and conversion logic requires public types today.
-type Empty struct{}
+// Package types contains go type information, packaged in a way that makes
+// auto-generation convenient, whether by template or straight go functions.
+package types // import "k8s.io/gengo/v2/types"
diff --git a/vendor/k8s.io/gengo/v2/types/types.go b/vendor/k8s.io/gengo/v2/types/types.go
new file mode 100644
index 000000000..e9c8319c6
--- /dev/null
+++ b/vendor/k8s.io/gengo/v2/types/types.go
@@ -0,0 +1,539 @@
+/*
+Copyright 2015 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package types
+
+import "strings"
+
+// Ref makes a reference to the given type. It can only be used for e.g.
+// passing to namers.
+func Ref(packageName, typeName string) *Type {
+ return &Type{Name: Name{
+ Name: typeName,
+ Package: packageName,
+ }}
+}
+
+// A type name may have a package qualifier.
+type Name struct {
+ // Empty if embedded or builtin. This is the package path unless Path is specified.
+ Package string
+ // The type name.
+ Name string
+ // An optional location of the type definition for languages that can have disjoint
+ // packages and paths.
+ Path string
+}
+
+// String returns the name formatted as a string.
+func (n Name) String() string {
+ if n.Package == "" {
+ return n.Name
+ }
+ return n.Package + "." + n.Name
+}
+
+// ParseFullyQualifiedName parses a name like k8s.io/kubernetes/pkg/api.Pod into a Name.
+func ParseFullyQualifiedName(fqn string) Name {
+ cs := strings.Split(fqn, ".")
+ pkg := ""
+ if len(cs) > 1 {
+ pkg = strings.Join(cs[0:len(cs)-1], ".")
+ }
+ return Name{
+ Name: cs[len(cs)-1],
+ Package: pkg,
+ }
+}
+
+// The possible classes of types.
+type Kind string
+
+const (
+ // Builtin is a primitive, like bool, string, int.
+ Builtin Kind = "Builtin"
+ Struct Kind = "Struct"
+ Map Kind = "Map"
+ Slice Kind = "Slice"
+ Pointer Kind = "Pointer"
+
+ // Alias is an alias of another type, e.g. in:
+ // type Foo string
+ // type Bar Foo
+ // Bar is an alias of Foo.
+ //
+ // In the real go type system, Foo is a "Named" string; but to simplify
+ // generation, this type system will just say that Foo *is* a builtin.
+ // We then need "Alias" as a way for us to say that Bar *is* a Foo.
+ Alias Kind = "Alias"
+
+ // Interface is any type that could have differing types at run time.
+ Interface Kind = "Interface"
+
+ // Array is just like slice, but has a fixed length.
+ Array Kind = "Array"
+
+ // The remaining types are included for completeness, but are not well
+ // supported.
+ Chan Kind = "Chan"
+ Func Kind = "Func"
+
+ // DeclarationOf is different from other Kinds; it indicates that instead of
+ // representing an actual Type, the type is a declaration of an instance of
+ // a type. E.g., a top-level function, variable, or constant. See the
+ // comment for Type.Name for more detail.
+ DeclarationOf Kind = "DeclarationOf"
+ Unknown Kind = ""
+ Unsupported Kind = "Unsupported"
+
+ // Protobuf is protobuf type.
+ Protobuf Kind = "Protobuf"
+)
+
+// Package holds package-level information.
+// Fields are public, as everything in this package, to enable consumption by
+// templates (for example). But it is strongly encouraged for code to build by
+// using the provided functions.
+type Package struct {
+ // Canonical import-path of this package.
+ Path string
+
+ // The location (on disk) of this package.
+ Dir string
+
+ // Short name of this package, as in the 'package x' line.
+ Name string
+
+ // The comment right above the package declaration in doc.go, if any.
+ DocComments []string
+
+ // All comments from doc.go, if any.
+ // TODO: remove Comments and use DocComments everywhere.
+ Comments []string
+
+ // Types within this package, indexed by their name (*not* including
+ // package name).
+ Types map[string]*Type
+
+ // Functions within this package, indexed by their name (*not* including
+ // package name).
+ Functions map[string]*Type
+
+ // Global variables within this package, indexed by their name (*not* including
+ // package name).
+ Variables map[string]*Type
+
+ // Global constants within this package, indexed by their name (*not* including
+ // package name).
+ Constants map[string]*Type
+
+ // Packages imported by this package, indexed by (canonicalized)
+ // package path.
+ Imports map[string]*Package
+}
+
+// Has returns true if the given name references a type known to this package.
+func (p *Package) Has(name string) bool {
+ _, has := p.Types[name]
+ return has
+}
+
+// Type gets the given Type in this Package. If the Type is not already
+// defined, this will add it and return the new Type value. The caller is
+// expected to finish initialization.
+func (p *Package) Type(typeName string) *Type {
+ if t, ok := p.Types[typeName]; ok {
+ return t
+ }
+ if p.Path == "" {
+ // Import the standard builtin types!
+ if t, ok := builtins.Types[typeName]; ok {
+ p.Types[typeName] = t
+ return t
+ }
+ }
+ t := &Type{Name: Name{Package: p.Path, Name: typeName}}
+ p.Types[typeName] = t
+ return t
+}
+
+// Function gets the given function Type in this Package. If the function is
+// not already defined, this will add it. If a function is added, it's the
+// caller's responsibility to finish construction of the function by setting
+// Underlying to the correct type.
+func (p *Package) Function(funcName string) *Type {
+ if t, ok := p.Functions[funcName]; ok {
+ return t
+ }
+ t := &Type{Name: Name{Package: p.Path, Name: funcName}}
+ t.Kind = DeclarationOf
+ p.Functions[funcName] = t
+ return t
+}
+
+// Variable gets the given variable Type in this Package. If the variable is
+// not already defined, this will add it. If a variable is added, it's the caller's
+// responsibility to finish construction of the variable by setting Underlying
+// to the correct type.
+func (p *Package) Variable(varName string) *Type {
+ if t, ok := p.Variables[varName]; ok {
+ return t
+ }
+ t := &Type{Name: Name{Package: p.Path, Name: varName}}
+ t.Kind = DeclarationOf
+ p.Variables[varName] = t
+ return t
+}
+
+// Constant gets the given constant Type in this Package. If the constant is
+// not already defined, this will add it. If a constant is added, it's the caller's
+// responsibility to finish construction of the constant by setting Underlying
+// to the correct type.
+func (p *Package) Constant(constName string) *Type {
+ if t, ok := p.Constants[constName]; ok {
+ return t
+ }
+ t := &Type{Name: Name{Package: p.Path, Name: constName}}
+ t.Kind = DeclarationOf
+ p.Constants[constName] = t
+ return t
+}
+
+// HasImport returns true if p imports packageName. Package names include the
+// package directory.
+func (p *Package) HasImport(packageName string) bool {
+ _, has := p.Imports[packageName]
+ return has
+}
+
+// Universe is a map of all packages. The key is the package name, but you
+// should use Package(), Type(), Function(), or Variable() instead of direct
+// access.
+type Universe map[string]*Package
+
+// Type returns the canonical type for the given fully-qualified name. Builtin
+// types will always be found, even if they haven't been explicitly added to
+// the map. If a non-existing type is requested, this will create (a marker for)
+// it.
+func (u Universe) Type(n Name) *Type {
+ return u.Package(n.Package).Type(n.Name)
+}
+
+// Function returns the canonical function for the given fully-qualified name.
+// If a non-existing function is requested, this will create (a marker for) it.
+// If a marker is created, it's the caller's responsibility to finish
+// construction of the function by setting Underlying to the correct type.
+func (u Universe) Function(n Name) *Type {
+ return u.Package(n.Package).Function(n.Name)
+}
+
+// Variable returns the canonical variable for the given fully-qualified name.
+// If a non-existing variable is requested, this will create (a marker for) it.
+// If a marker is created, it's the caller's responsibility to finish
+// construction of the variable by setting Underlying to the correct type.
+func (u Universe) Variable(n Name) *Type {
+ return u.Package(n.Package).Variable(n.Name)
+}
+
+// Constant returns the canonical constant for the given fully-qualified name.
+// If a non-existing constant is requested, this will create (a marker for) it.
+// If a marker is created, it's the caller's responsibility to finish
+// construction of the constant by setting Underlying to the correct type.
+func (u Universe) Constant(n Name) *Type {
+ return u.Package(n.Package).Constant(n.Name)
+}
+
+// AddImports registers import lines for packageName. May be called multiple times.
+// You are responsible for canonicalizing all package paths.
+func (u Universe) AddImports(packagePath string, importPaths ...string) {
+ p := u.Package(packagePath)
+ for _, i := range importPaths {
+ p.Imports[i] = u.Package(i)
+ }
+}
+
+// Package returns the Package for the given path.
+// If a non-existing package is requested, this will create (a marker for) it.
+// If a marker is created, it's the caller's responsibility to finish
+// construction of the package.
+func (u Universe) Package(packagePath string) *Package {
+ if p, ok := u[packagePath]; ok {
+ return p
+ }
+ p := &Package{
+ Path: packagePath,
+ Types: map[string]*Type{},
+ Functions: map[string]*Type{},
+ Variables: map[string]*Type{},
+ Constants: map[string]*Type{},
+ Imports: map[string]*Package{},
+ }
+ u[packagePath] = p
+ return p
+}
+
+// Type represents a subset of possible go types.
+type Type struct {
+ // There are two general categories of types, those explicitly named
+ // and those anonymous. Named ones will have a non-empty package in the
+ // name field.
+ //
+ // An exception: If Kind == DeclarationOf, then this name is the name of a
+ // top-level function, variable, or const, and the type can be found in Underlying.
+ // We do this to allow the naming system to work against these objects, even
+ // though they aren't strictly speaking types.
+ Name Name
+
+ // The general kind of this type.
+ Kind Kind
+
+ // If there are comment lines immediately before the type definition,
+ // they will be recorded here.
+ CommentLines []string
+
+ // If there are comment lines preceding the `CommentLines`, they will be
+ // recorded here. There are two cases:
+ // ---
+ // SecondClosestCommentLines
+ // a blank line
+ // CommentLines
+ // type definition
+ // ---
+ //
+ // or
+ // ---
+ // SecondClosestCommentLines
+ // a blank line
+ // type definition
+ // ---
+ SecondClosestCommentLines []string
+
+ // If Kind == Struct
+ Members []Member
+
+ // If Kind == Map, Slice, Pointer, or Chan
+ Elem *Type
+
+ // If Kind == Map, this is the map's key type.
+ Key *Type
+
+ // If Kind == Alias, this is the underlying type.
+ // If Kind == DeclarationOf, this is the type of the declaration.
+ Underlying *Type
+
+ // If Kind == Interface, this is the set of all required functions.
+ // Otherwise, if this is a named type, this is the list of methods that
+ // type has. (All elements will have Kind=="Func")
+ Methods map[string]*Type
+
+ // If Kind == func, this is the signature of the function.
+ Signature *Signature
+
+ // ConstValue contains a stringified constant value if
+ // Kind == DeclarationOf and this is a constant value
+ // declaration. For string constants, this field contains
+ // the entire, un-quoted value. For other types, it contains
+ // a human-readable literal.
+ ConstValue *string
+
+ // TODO: Add:
+ // * channel direction
+
+ // If Kind == Array
+ Len int64
+}
+
+// String returns the name of the type.
+func (t *Type) String() string {
+ if t == nil {
+ return "" // makes tests easier
+ }
+ return t.Name.String()
+}
+
+// IsPrimitive returns whether the type is a built-in type or is an alias to a
+// built-in type. For example: strings and aliases of strings are primitives,
+// structs are not.
+func (t *Type) IsPrimitive() bool {
+ if t.Kind == Builtin || (t.Kind == Alias && t.Underlying.Kind == Builtin) {
+ return true
+ }
+ return false
+}
+
+// IsAssignable returns whether the type is deep-assignable. For example,
+// slices and maps and pointers are shallow copies, but ints and strings are
+// complete.
+func (t *Type) IsAssignable() bool {
+ if t.IsPrimitive() {
+ return true
+ }
+ if t.Kind == Struct {
+ for _, m := range t.Members {
+ if !m.Type.IsAssignable() {
+ return false
+ }
+ }
+ return true
+ }
+ return false
+}
+
+// IsAnonymousStruct returns true if the type is an anonymous struct or an alias
+// to an anonymous struct.
+func (t *Type) IsAnonymousStruct() bool {
+ return (t.Kind == Struct && t.Name.Name == "struct{}") || (t.Kind == Alias && t.Underlying.IsAnonymousStruct())
+}
+
+// A single struct member
+type Member struct {
+ // The name of the member.
+ Name string
+
+ // If the member is embedded (anonymous) this will be true, and the
+ // Name will be the type name.
+ Embedded bool
+
+ // If there are comment lines immediately before the member in the type
+ // definition, they will be recorded here.
+ CommentLines []string
+
+ // If there are tags along with this member, they will be saved here.
+ Tags string
+
+ // The type of this member.
+ Type *Type
+}
+
+// String returns the name and type of the member.
+func (m Member) String() string {
+ return m.Name + " " + m.Type.String()
+}
+
+// Signature is a function's signature.
+type Signature struct {
+ // If a method of some type, this is the type it's a member of.
+ Receiver *Type
+ Parameters []*Type
+ ParameterNames []string
+ Results []*Type
+ ResultNames []string
+
+ // True if the last in parameter is of the form ...T.
+ Variadic bool
+
+ // If there are comment lines immediately before this
+ // signature/method/function declaration, they will be recorded here.
+ CommentLines []string
+}
+
+// Built in types.
+var (
+ String = &Type{
+ Name: Name{Name: "string"},
+ Kind: Builtin,
+ }
+ Int64 = &Type{
+ Name: Name{Name: "int64"},
+ Kind: Builtin,
+ }
+ Int32 = &Type{
+ Name: Name{Name: "int32"},
+ Kind: Builtin,
+ }
+ Int16 = &Type{
+ Name: Name{Name: "int16"},
+ Kind: Builtin,
+ }
+ Int = &Type{
+ Name: Name{Name: "int"},
+ Kind: Builtin,
+ }
+ Uint64 = &Type{
+ Name: Name{Name: "uint64"},
+ Kind: Builtin,
+ }
+ Uint32 = &Type{
+ Name: Name{Name: "uint32"},
+ Kind: Builtin,
+ }
+ Uint16 = &Type{
+ Name: Name{Name: "uint16"},
+ Kind: Builtin,
+ }
+ Uint = &Type{
+ Name: Name{Name: "uint"},
+ Kind: Builtin,
+ }
+ Uintptr = &Type{
+ Name: Name{Name: "uintptr"},
+ Kind: Builtin,
+ }
+ Float64 = &Type{
+ Name: Name{Name: "float64"},
+ Kind: Builtin,
+ }
+ Float32 = &Type{
+ Name: Name{Name: "float32"},
+ Kind: Builtin,
+ }
+ Float = &Type{
+ Name: Name{Name: "float"},
+ Kind: Builtin,
+ }
+ Bool = &Type{
+ Name: Name{Name: "bool"},
+ Kind: Builtin,
+ }
+ Byte = &Type{
+ Name: Name{Name: "byte"},
+ Kind: Builtin,
+ }
+
+ builtins = &Package{
+ Types: map[string]*Type{
+ "bool": Bool,
+ "string": String,
+ "int": Int,
+ "int64": Int64,
+ "int32": Int32,
+ "int16": Int16,
+ "int8": Byte,
+ "uint": Uint,
+ "uint64": Uint64,
+ "uint32": Uint32,
+ "uint16": Uint16,
+ "uint8": Byte,
+ "uintptr": Uintptr,
+ "byte": Byte,
+ "float": Float,
+ "float64": Float64,
+ "float32": Float32,
+ },
+ Imports: map[string]*Package{},
+ Path: "",
+ Name: "",
+ }
+)
+
+func IsInteger(t *Type) bool {
+ switch t {
+ case Int, Int64, Int32, Int16, Uint, Uint64, Uint32, Uint16, Byte:
+ return true
+ default:
+ return false
+ }
+}
diff --git a/vendor/k8s.io/kube-openapi/cmd/openapi-gen/args/args.go b/vendor/k8s.io/kube-openapi/cmd/openapi-gen/args/args.go
index 19783370e..153784ed9 100644
--- a/vendor/k8s.io/kube-openapi/cmd/openapi-gen/args/args.go
+++ b/vendor/k8s.io/kube-openapi/cmd/openapi-gen/args/args.go
@@ -18,59 +18,61 @@ package args
import (
"fmt"
- "path/filepath"
"github.com/spf13/pflag"
- "k8s.io/gengo/args"
)
-// CustomArgs is used by the gengo framework to pass args specific to this generator.
-type CustomArgs struct {
- // ReportFilename is added to CustomArgs for specifying name of report file used
+type Args struct {
+ OutputDir string // must be a directory path
+ OutputPkg string // must be a Go import-path
+ OutputFile string
+
+ GoHeaderFile string
+
+ // ReportFilename is added to Args for specifying name of report file used
// by API linter. If specified, API rule violations will be printed to report file.
// Otherwise default value "-" will be used which indicates stdout.
ReportFilename string
}
-// NewDefaults returns default arguments for the generator. Returning the arguments instead
+// New returns default arguments for the generator. Returning the arguments instead
// of using default flag parsing allows registering custom arguments afterwards
-func NewDefaults() (*args.GeneratorArgs, *CustomArgs) {
- // Default() sets a couple of flag default values for example the boilerplate.
- // WithoutDefaultFlagParsing() disables implicit addition of command line flags and parsing,
- // which allows registering custom arguments afterwards
- genericArgs := args.Default().WithoutDefaultFlagParsing()
- genericArgs.GoHeaderFilePath = filepath.Join(args.DefaultSourceTree(), "k8s.io/kube-openapi/boilerplate/boilerplate.go.txt")
-
- customArgs := &CustomArgs{}
- genericArgs.CustomArgs = customArgs
+func New() *Args {
+ args := &Args{}
// Default value for report filename is "-", which stands for stdout
- customArgs.ReportFilename = "-"
- // Default value for output file base name
- genericArgs.OutputFileBaseName = "openapi_generated"
+ args.ReportFilename = "-"
- return genericArgs, customArgs
+ return args
}
// AddFlags add the generator flags to the flag set.
-func (c *CustomArgs) AddFlags(fs *pflag.FlagSet) {
- fs.StringVarP(&c.ReportFilename, "report-filename", "r", c.ReportFilename, "Name of report file used by API linter to print API violations. Default \"-\" stands for standard output. NOTE that if valid filename other than \"-\" is specified, API linter won't return error on detected API violations. This allows further check of existing API violations without stopping the OpenAPI generation toolchain.")
+func (args *Args) AddFlags(fs *pflag.FlagSet) {
+ fs.StringVar(&args.OutputDir, "output-dir", "",
+ "the base directory under which to generate results")
+ fs.StringVar(&args.OutputPkg, "output-pkg", "",
+ "the base Go import-path under which to generate results")
+ fs.StringVar(&args.OutputFile, "output-file", "generated.openapi.go",
+ "the name of the file to be generated")
+ fs.StringVar(&args.GoHeaderFile, "go-header-file", "",
+ "the path to a file containing boilerplate header text; the string \"YEAR\" will be replaced with the current 4-digit year")
+ fs.StringVarP(&args.ReportFilename, "report-filename", "r", args.ReportFilename,
+ "Name of report file used by API linter to print API violations. Default \"-\" stands for standard output. NOTE that if valid filename other than \"-\" is specified, API linter won't return error on detected API violations. This allows further check of existing API violations without stopping the OpenAPI generation toolchain.")
}
// Validate checks the given arguments.
-func Validate(genericArgs *args.GeneratorArgs) error {
- c, ok := genericArgs.CustomArgs.(*CustomArgs)
- if !ok {
- return fmt.Errorf("input arguments don't contain valid custom arguments")
+func (args *Args) Validate() error {
+ if len(args.OutputDir) == 0 {
+ return fmt.Errorf("--output-dir must be specified")
}
- if len(c.ReportFilename) == 0 {
- return fmt.Errorf("report filename cannot be empty. specify a valid filename or use \"-\" for stdout")
+ if len(args.OutputPkg) == 0 {
+ return fmt.Errorf("--output-pkg must be specified")
}
- if len(genericArgs.OutputFileBaseName) == 0 {
- return fmt.Errorf("output file base name cannot be empty")
+ if len(args.OutputFile) == 0 {
+ return fmt.Errorf("--output-file must be specified")
}
- if len(genericArgs.OutputPackagePath) == 0 {
- return fmt.Errorf("output package cannot be empty")
+ if len(args.ReportFilename) == 0 {
+ return fmt.Errorf("--report-filename must be specified (use \"-\" for stdout)")
}
return nil
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/api_linter.go b/vendor/k8s.io/kube-openapi/pkg/generators/api_linter.go
index 2763cf884..5deff4d5a 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/api_linter.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/api_linter.go
@@ -25,8 +25,8 @@ import (
"k8s.io/kube-openapi/pkg/generators/rules"
- "k8s.io/gengo/generator"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2/generator"
+ "k8s.io/gengo/v2/types"
"k8s.io/klog/v2"
)
@@ -94,7 +94,7 @@ func newAPIViolationGen() *apiViolationGen {
}
type apiViolationGen struct {
- generator.DefaultGen
+ generator.GoGenerator
linter *apiLinter
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/config.go b/vendor/k8s.io/kube-openapi/pkg/generators/config.go
index d728f2a32..1fbd77598 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/config.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/config.go
@@ -17,16 +17,14 @@ limitations under the License.
package generators
import (
- "fmt"
- "path/filepath"
+ "path"
- "k8s.io/gengo/args"
- "k8s.io/gengo/generator"
- "k8s.io/gengo/namer"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2"
+ "k8s.io/gengo/v2/generator"
+ "k8s.io/gengo/v2/namer"
+ "k8s.io/gengo/v2/types"
"k8s.io/klog/v2"
-
- generatorargs "k8s.io/kube-openapi/cmd/openapi-gen/args"
+ "k8s.io/kube-openapi/cmd/openapi-gen/args"
)
type identityNamer struct{}
@@ -51,36 +49,31 @@ func DefaultNameSystem() string {
return "sorting_namer"
}
-func Packages(context *generator.Context, arguments *args.GeneratorArgs) generator.Packages {
- boilerplate, err := arguments.LoadGoBoilerplate()
+func GetTargets(context *generator.Context, args *args.Args) []generator.Target {
+ boilerplate, err := gengo.GoBoilerplate(args.GoHeaderFile, gengo.StdBuildTag, gengo.StdGeneratedBy)
if err != nil {
klog.Fatalf("Failed loading boilerplate: %v", err)
}
- header := append([]byte(fmt.Sprintf("// +build !%s\n\n", arguments.GeneratedBuildTag)), boilerplate...)
- header = append(header, []byte(
- `
-// This file was autogenerated by openapi-gen. Do not edit it manually!
-
-`)...)
reportPath := "-"
- if customArgs, ok := arguments.CustomArgs.(*generatorargs.CustomArgs); ok {
- reportPath = customArgs.ReportFilename
+ if args.ReportFilename != "" {
+ reportPath = args.ReportFilename
}
context.FileTypes[apiViolationFileType] = apiViolationFile{
unmangledPath: reportPath,
}
- return generator.Packages{
- &generator.DefaultPackage{
- PackageName: filepath.Base(arguments.OutputPackagePath),
- PackagePath: arguments.OutputPackagePath,
- HeaderText: header,
- GeneratorFunc: func(c *generator.Context) (generators []generator.Generator) {
+ return []generator.Target{
+ &generator.SimpleTarget{
+ PkgName: path.Base(args.OutputPkg), // `path` vs. `filepath` because packages use '/'
+ PkgPath: args.OutputPkg,
+ PkgDir: args.OutputDir,
+ HeaderComment: boilerplate,
+ GeneratorsFunc: func(c *generator.Context) (generators []generator.Generator) {
return []generator.Generator{
newOpenAPIGen(
- arguments.OutputFileBaseName,
- arguments.OutputPackagePath,
+ args.OutputFile,
+ args.OutputPkg,
),
newAPIViolationGen(),
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/enum.go b/vendor/k8s.io/kube-openapi/pkg/generators/enum.go
index 292a3c762..3db034d6c 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/enum.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/enum.go
@@ -22,8 +22,9 @@ import (
"sort"
"strings"
- "k8s.io/gengo/generator"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2"
+ "k8s.io/gengo/v2/generator"
+ "k8s.io/gengo/v2/types"
)
const tagEnumType = "enum"
@@ -121,7 +122,7 @@ func parseEnums(c *generator.Context) enumMap {
Value: *c.ConstValue,
Comment: strings.Join(c.CommentLines, " "),
}
- enumTypes[enumType.Name].appendValue(value)
+ enumTypes[enumType.Name].addIfNotPresent(value)
}
}
}
@@ -129,7 +130,21 @@ func parseEnums(c *generator.Context) enumMap {
return enumTypes
}
-func (et *enumType) appendValue(value *enumValue) {
+func (et *enumType) addIfNotPresent(value *enumValue) {
+ // If we already have an enum case with the same value, then ignore this new
+ // one. This can happen if an enum aliases one from another package and
+ // re-exports the cases.
+ for i, existing := range et.Values {
+ if existing.Value == value.Value {
+
+ // Take the value of the longer comment (or some other deterministic tie breaker)
+ if len(existing.Comment) < len(value.Comment) || (len(existing.Comment) == len(value.Comment) && existing.Comment > value.Comment) {
+ et.Values[i] = value
+ }
+
+ return
+ }
+ }
et.Values = append(et.Values, value)
}
@@ -155,7 +170,7 @@ func isEnumType(stringType *types.Type, t *types.Type) bool {
}
func hasEnumTag(t *types.Type) bool {
- return types.ExtractCommentTags("+", t.CommentLines)[tagEnumType] != nil
+ return gengo.ExtractCommentTags("+", t.CommentLines)[tagEnumType] != nil
}
// whitespaceRegex is the regex for consecutive whitespaces.
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/extension.go b/vendor/k8s.io/kube-openapi/pkg/generators/extension.go
index e37d93ef7..42d385416 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/extension.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/extension.go
@@ -21,8 +21,9 @@ import (
"sort"
"strings"
- "k8s.io/gengo/examples/set-gen/sets"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2"
+ "k8s.io/gengo/v2/types"
+ "k8s.io/kube-openapi/pkg/util/sets"
)
const extensionPrefix = "x-kubernetes-"
@@ -171,7 +172,7 @@ func parseExtensions(comments []string) ([]extension, []error) {
}
}
// Next, generate extensions from "idlTags" (e.g. +listType)
- tagValues := types.ExtractCommentTags("+", comments)
+ tagValues := gengo.ExtractCommentTags("+", comments)
for _, idlTag := range sortedMapKeys(tagValues) {
xAttrs, exists := tagToExtension[idlTag]
if !exists {
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/markers.go b/vendor/k8s.io/kube-openapi/pkg/generators/markers.go
index 9294728ce..7f0fe985a 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/markers.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/markers.go
@@ -24,23 +24,92 @@ import (
"strconv"
"strings"
- defaultergen "k8s.io/gengo/examples/defaulter-gen/generators"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2/types"
openapi "k8s.io/kube-openapi/pkg/common"
"k8s.io/kube-openapi/pkg/validation/spec"
)
-// CommentTags represents the parsed comment tags for a given type. These types are then used to generate schema validations.
-type CommentTags struct {
+type CELTag struct {
+ Rule string `json:"rule,omitempty"`
+ Message string `json:"message,omitempty"`
+ MessageExpression string `json:"messageExpression,omitempty"`
+ OptionalOldSelf *bool `json:"optionalOldSelf,omitempty"`
+ Reason string `json:"reason,omitempty"`
+ FieldPath string `json:"fieldPath,omitempty"`
+}
+
+func (c *CELTag) Validate() error {
+ if c == nil || *c == (CELTag{}) {
+ return fmt.Errorf("empty CEL tag is not allowed")
+ }
+
+ var errs []error
+ if c.Rule == "" {
+ errs = append(errs, fmt.Errorf("rule cannot be empty"))
+ }
+ if c.Message == "" && c.MessageExpression == "" {
+ errs = append(errs, fmt.Errorf("message or messageExpression must be set"))
+ }
+ if c.Message != "" && c.MessageExpression != "" {
+ errs = append(errs, fmt.Errorf("message and messageExpression cannot be set at the same time"))
+ }
+
+ if len(errs) > 0 {
+ return errors.Join(errs...)
+ }
+
+ return nil
+}
+
+// commentTags represents the parsed comment tags for a given type. These types are then used to generate schema validations.
+// These only include the newer prefixed tags. The older tags are still supported,
+// but are not included in this struct. Comment Tags are transformed into a
+// *spec.Schema, which is then combined with the older marker comments to produce
+// the generated OpenAPI spec.
+//
+// List of tags not included in this struct:
+//
+// - +optional
+// - +default
+// - +listType
+// - +listMapKeys
+// - +mapType
+type commentTags struct {
spec.SchemaProps
+ CEL []CELTag `json:"cel,omitempty"`
+
// Future markers can all be parsed into this centralized struct...
// Optional bool `json:"optional,omitempty"`
// Default any `json:"default,omitempty"`
}
+// Returns the schema for the given CommentTags instance.
+// This is the final authoritative schema for the comment tags
+func (c commentTags) ValidationSchema() (*spec.Schema, error) {
+ res := spec.Schema{
+ SchemaProps: c.SchemaProps,
+ }
+
+ if len(c.CEL) > 0 {
+ // Convert the CELTag to a map[string]interface{} via JSON
+ celTagJSON, err := json.Marshal(c.CEL)
+ if err != nil {
+ return nil, fmt.Errorf("failed to marshal CEL tag: %w", err)
+ }
+ var celTagMap []interface{}
+ if err := json.Unmarshal(celTagJSON, &celTagMap); err != nil {
+ return nil, fmt.Errorf("failed to unmarshal CEL tag: %w", err)
+ }
+
+ res.VendorExtensible.AddExtension("x-kubernetes-validations", celTagMap)
+ }
+
+ return &res, nil
+}
+
// validates the parameters in a CommentTags instance. Returns any errors encountered.
-func (c CommentTags) Validate() error {
+func (c commentTags) Validate() error {
var err error
@@ -87,64 +156,75 @@ func (c CommentTags) Validate() error {
err = errors.Join(err, fmt.Errorf("multipleOf cannot be 0"))
}
+ for i, celTag := range c.CEL {
+ celError := celTag.Validate()
+ if celError == nil {
+ continue
+ }
+ err = errors.Join(err, fmt.Errorf("invalid CEL tag at index %d: %w", i, celError))
+ }
+
return err
}
// Performs type-specific validation for CommentTags porameters. Accepts a Type instance and returns any errors encountered during validation.
-func (c CommentTags) ValidateType(t *types.Type) error {
+func (c commentTags) ValidateType(t *types.Type) error {
var err error
resolvedType := resolveAliasAndPtrType(t)
typeString, _ := openapi.OpenAPITypeFormat(resolvedType.String()) // will be empty for complicated types
- isNoValidate := resolvedType.Kind == types.Interface || resolvedType.Kind == types.Struct
- if !isNoValidate {
+ // Structs and interfaces may dynamically be any type, so we cant validate them
+ // easily. We may be able to if we check that they don't implement all the
+ // override functions, but for now we just skip them.
+ if resolvedType.Kind == types.Interface || resolvedType.Kind == types.Struct {
+ return nil
+ }
- isArray := resolvedType.Kind == types.Slice || resolvedType.Kind == types.Array
- isMap := resolvedType.Kind == types.Map
- isString := typeString == "string"
- isInt := typeString == "integer"
- isFloat := typeString == "number"
+ isArray := resolvedType.Kind == types.Slice || resolvedType.Kind == types.Array
+ isMap := resolvedType.Kind == types.Map
+ isString := typeString == "string"
+ isInt := typeString == "integer"
+ isFloat := typeString == "number"
- if c.MaxItems != nil && !isArray {
- err = errors.Join(err, fmt.Errorf("maxItems can only be used on array types"))
- }
- if c.MinItems != nil && !isArray {
- err = errors.Join(err, fmt.Errorf("minItems can only be used on array types"))
- }
- if c.UniqueItems && !isArray {
- err = errors.Join(err, fmt.Errorf("uniqueItems can only be used on array types"))
- }
- if c.MaxProperties != nil && !isMap {
- err = errors.Join(err, fmt.Errorf("maxProperties can only be used on map types"))
- }
- if c.MinProperties != nil && !isMap {
- err = errors.Join(err, fmt.Errorf("minProperties can only be used on map types"))
- }
- if c.MinLength != nil && !isString {
- err = errors.Join(err, fmt.Errorf("minLength can only be used on string types"))
- }
- if c.MaxLength != nil && !isString {
- err = errors.Join(err, fmt.Errorf("maxLength can only be used on string types"))
- }
- if c.Pattern != "" && !isString {
- err = errors.Join(err, fmt.Errorf("pattern can only be used on string types"))
- }
- if c.Minimum != nil && !isInt && !isFloat {
- err = errors.Join(err, fmt.Errorf("minimum can only be used on numeric types"))
- }
- if c.Maximum != nil && !isInt && !isFloat {
- err = errors.Join(err, fmt.Errorf("maximum can only be used on numeric types"))
- }
- if c.MultipleOf != nil && !isInt && !isFloat {
- err = errors.Join(err, fmt.Errorf("multipleOf can only be used on numeric types"))
- }
- if c.ExclusiveMinimum && !isInt && !isFloat {
- err = errors.Join(err, fmt.Errorf("exclusiveMinimum can only be used on numeric types"))
- }
- if c.ExclusiveMaximum && !isInt && !isFloat {
- err = errors.Join(err, fmt.Errorf("exclusiveMaximum can only be used on numeric types"))
- }
+ if c.MaxItems != nil && !isArray {
+ err = errors.Join(err, fmt.Errorf("maxItems can only be used on array types"))
+ }
+ if c.MinItems != nil && !isArray {
+ err = errors.Join(err, fmt.Errorf("minItems can only be used on array types"))
+ }
+ if c.UniqueItems && !isArray {
+ err = errors.Join(err, fmt.Errorf("uniqueItems can only be used on array types"))
+ }
+ if c.MaxProperties != nil && !isMap {
+ err = errors.Join(err, fmt.Errorf("maxProperties can only be used on map types"))
+ }
+ if c.MinProperties != nil && !isMap {
+ err = errors.Join(err, fmt.Errorf("minProperties can only be used on map types"))
+ }
+ if c.MinLength != nil && !isString {
+ err = errors.Join(err, fmt.Errorf("minLength can only be used on string types"))
+ }
+ if c.MaxLength != nil && !isString {
+ err = errors.Join(err, fmt.Errorf("maxLength can only be used on string types"))
+ }
+ if c.Pattern != "" && !isString {
+ err = errors.Join(err, fmt.Errorf("pattern can only be used on string types"))
+ }
+ if c.Minimum != nil && !isInt && !isFloat {
+ err = errors.Join(err, fmt.Errorf("minimum can only be used on numeric types"))
+ }
+ if c.Maximum != nil && !isInt && !isFloat {
+ err = errors.Join(err, fmt.Errorf("maximum can only be used on numeric types"))
+ }
+ if c.MultipleOf != nil && !isInt && !isFloat {
+ err = errors.Join(err, fmt.Errorf("multipleOf can only be used on numeric types"))
+ }
+ if c.ExclusiveMinimum && !isInt && !isFloat {
+ err = errors.Join(err, fmt.Errorf("exclusiveMinimum can only be used on numeric types"))
+ }
+ if c.ExclusiveMaximum && !isInt && !isFloat {
+ err = errors.Join(err, fmt.Errorf("exclusiveMaximum can only be used on numeric types"))
}
return err
@@ -154,27 +234,27 @@ func (c CommentTags) ValidateType(t *types.Type) error {
// Accepts an optional type to validate against, and a prefix to filter out markers not related to validation.
// Accepts a prefix to filter out markers not related to validation.
// Returns any errors encountered while parsing or validating the comment tags.
-func ParseCommentTags(t *types.Type, comments []string, prefix string) (CommentTags, error) {
+func ParseCommentTags(t *types.Type, comments []string, prefix string) (*spec.Schema, error) {
markers, err := parseMarkers(comments, prefix)
if err != nil {
- return CommentTags{}, fmt.Errorf("failed to parse marker comments: %w", err)
+ return nil, fmt.Errorf("failed to parse marker comments: %w", err)
}
nested, err := nestMarkers(markers)
if err != nil {
- return CommentTags{}, fmt.Errorf("invalid marker comments: %w", err)
+ return nil, fmt.Errorf("invalid marker comments: %w", err)
}
// Parse the map into a CommentTags type by marshalling and unmarshalling
// as JSON in leiu of an unstructured converter.
out, err := json.Marshal(nested)
if err != nil {
- return CommentTags{}, fmt.Errorf("failed to marshal marker comments: %w", err)
+ return nil, fmt.Errorf("failed to marshal marker comments: %w", err)
}
- var commentTags CommentTags
+ var commentTags commentTags
if err = json.Unmarshal(out, &commentTags); err != nil {
- return CommentTags{}, fmt.Errorf("failed to unmarshal marker comments: %w", err)
+ return nil, fmt.Errorf("failed to unmarshal marker comments: %w", err)
}
// Validate the parsed comment tags
@@ -185,59 +265,208 @@ func ParseCommentTags(t *types.Type, comments []string, prefix string) (CommentT
}
if validationErrors != nil {
- return CommentTags{}, fmt.Errorf("invalid marker comments: %w", validationErrors)
+ return nil, fmt.Errorf("invalid marker comments: %w", validationErrors)
}
- return commentTags, nil
+ return commentTags.ValidationSchema()
}
-// Extracts and parses the given marker comments into a map of key -> value.
-// Accepts a prefix to filter out markers not related to validation.
-// The prefix is removed from the key in the returned map.
-// Empty keys and invalid values will return errors, refs are currently unsupported and will be skipped.
-func parseMarkers(markerComments []string, prefix string) (map[string]any, error) {
- markers := types.ExtractCommentTags("+", markerComments)
+var (
+ allowedKeyCharacterSet = `[:_a-zA-Z0-9\[\]\-]`
+ valueEmpty = regexp.MustCompile(fmt.Sprintf(`^(%s*)$`, allowedKeyCharacterSet))
+ valueAssign = regexp.MustCompile(fmt.Sprintf(`^(%s*)=(.*)$`, allowedKeyCharacterSet))
+ valueRawString = regexp.MustCompile(fmt.Sprintf(`^(%s*)>(.*)$`, allowedKeyCharacterSet))
+)
- // Parse the values as JSON
- result := map[string]any{}
- for key, value := range markers {
- if !strings.HasPrefix(key, prefix) {
- // we only care about validation markers for now
+// extractCommentTags parses comments for lines of the form:
+//
+// 'marker' + "key=value"
+//
+// or to specify truthy boolean keys:
+//
+// 'marker' + "key"
+//
+// Values are optional; "" is the default. A tag can be specified more than
+// one time and all values are returned. Returns a map with an entry for
+// for each key and a value.
+//
+// Similar to version from gengo, but this version support only allows one
+// value per key (preferring explicit array indices), supports raw strings
+// with concatenation, and limits the usable characters allowed in a key
+// (for simpler parsing).
+//
+// Assignments and empty values have the same syntax as from gengo. Raw strings
+// have the syntax:
+//
+// 'marker' + "key>value"
+// 'marker' + "key>value"
+//
+// Successive usages of the same raw string key results in concatenating each
+// line with `\n` in between. It is an error to use `=` to assing to a previously
+// assigned key
+// (in contrast to types.ExtractCommentTags which allows array-typed
+// values to be specified using `=`).
+func extractCommentTags(marker string, lines []string) (map[string]string, error) {
+ out := map[string]string{}
+
+ // Used to track the the line immediately prior to the one being iterated.
+ // If there was an invalid or ignored line, these values get reset.
+ lastKey := ""
+ lastIndex := -1
+ lastArrayKey := ""
+
+ var lintErrors []error
+
+ for _, line := range lines {
+ line = strings.Trim(line, " ")
+
+ // Track the current value of the last vars to use in this loop iteration
+ // before they are reset for the next iteration.
+ previousKey := lastKey
+ previousArrayKey := lastArrayKey
+ previousIndex := lastIndex
+
+ // Make sure last vars gets reset if we `continue`
+ lastIndex = -1
+ lastArrayKey = ""
+ lastKey = ""
+
+ if len(line) == 0 {
+ continue
+ } else if !strings.HasPrefix(line, marker) {
continue
}
- newKey := strings.TrimPrefix(key, prefix)
+ line = strings.TrimPrefix(line, marker)
+
+ key := ""
+ value := ""
+
+ if matches := valueAssign.FindStringSubmatch(line); matches != nil {
+ key = matches[1]
+ value = matches[2]
+
+ // If key exists, throw error.
+ // Some of the old kube open-api gen marker comments like
+ // `+listMapKeys` allowed a list to be specified by writing key=value
+ // multiple times.
+ //
+ // This is not longer supported for the prefixed marker comments.
+ // This is to prevent confusion with the new array syntax which
+ // supports lists of objects.
+ //
+ // The old marker comments like +listMapKeys will remain functional,
+ // but new markers will not support it.
+ if _, ok := out[key]; ok {
+ return nil, fmt.Errorf("cannot have multiple values for key '%v'", key)
+ }
- // Skip ref markers
- if len(value) == 1 {
- _, ok := defaultergen.ParseSymbolReference(value[0], "")
- if ok {
- continue
+ } else if matches := valueEmpty.FindStringSubmatch(line); matches != nil {
+ key = matches[1]
+ value = ""
+
+ } else if matches := valueRawString.FindStringSubmatch(line); matches != nil {
+ toAdd := strings.Trim(string(matches[2]), " ")
+
+ key = matches[1]
+
+ // First usage as a raw string.
+ if existing, exists := out[key]; !exists {
+
+ // Encode the raw string as JSON to ensure that it is properly escaped.
+ valueBytes, err := json.Marshal(toAdd)
+ if err != nil {
+ return nil, fmt.Errorf("invalid value for key %v: %w", key, err)
+ }
+
+ value = string(valueBytes)
+ } else if key != previousKey {
+ // Successive usages of the same key of a raw string must be
+ // consecutive
+ return nil, fmt.Errorf("concatenations to key '%s' must be consecutive with its assignment", key)
+ } else {
+ // If it is a consecutive repeat usage, concatenate to the
+ // existing value.
+ //
+ // Decode JSON string, append to it, re-encode JSON string.
+ // Kinda janky but this is a code-generator...
+ var unmarshalled string
+ if err := json.Unmarshal([]byte(existing), &unmarshalled); err != nil {
+ return nil, fmt.Errorf("invalid value for key %v: %w", key, err)
+ } else {
+ unmarshalled += "\n" + toAdd
+ valueBytes, err := json.Marshal(unmarshalled)
+ if err != nil {
+ return nil, fmt.Errorf("invalid value for key %v: %w", key, err)
+ }
+
+ value = string(valueBytes)
+ }
}
- }
- if len(newKey) == 0 {
- return nil, fmt.Errorf("cannot have empty key for marker comment")
- } else if len(value) == 0 || (len(value) == 1 && len(value[0]) == 0) {
- // Empty value means key is implicitly a bool
- result[newKey] = true
- continue
+ } else {
+ // Comment has the correct prefix, but incorrect syntax, so it is an
+ // error
+ return nil, fmt.Errorf("invalid marker comment does not match expected `+key=` pattern: %v", line)
}
- newVal := []any{}
- for _, v := range value {
- var unmarshalled interface{}
- err := json.Unmarshal([]byte(v), &unmarshalled)
+ out[key] = value
+ lastKey = key
+
+ // Lint the array subscript for common mistakes. This only lints the last
+ // array index used, (since we do not have a need for nested arrays yet
+ // in markers)
+ if arrayPath, index, hasSubscript, err := extractArraySubscript(key); hasSubscript {
+ // If index is non-zero, check that that previous line was for the same
+ // key and either the same or previous index
if err != nil {
- return nil, fmt.Errorf("invalid value for key %v: %w", key, err)
+ lintErrors = append(lintErrors, fmt.Errorf("error parsing %v: expected integer index in key '%v'", line, key))
+ } else if previousArrayKey != arrayPath && index != 0 {
+ lintErrors = append(lintErrors, fmt.Errorf("error parsing %v: non-consecutive index %v for key '%v'", line, index, arrayPath))
+ } else if index != previousIndex+1 && index != previousIndex {
+ lintErrors = append(lintErrors, fmt.Errorf("error parsing %v: non-consecutive index %v for key '%v'", line, index, arrayPath))
}
- newVal = append(newVal, unmarshalled)
+ lastIndex = index
+ lastArrayKey = arrayPath
}
+ }
+
+ if len(lintErrors) > 0 {
+ return nil, errors.Join(lintErrors...)
+ }
- if len(newVal) == 1 {
- result[newKey] = newVal[0]
+ return out, nil
+}
+
+// Extracts and parses the given marker comments into a map of key -> value.
+// Accepts a prefix to filter out markers not related to validation.
+// The prefix is removed from the key in the returned map.
+// Empty keys and invalid values will return errors, refs are currently unsupported and will be skipped.
+func parseMarkers(markerComments []string, prefix string) (map[string]any, error) {
+ markers, err := extractCommentTags(prefix, markerComments)
+ if err != nil {
+ return nil, err
+ }
+
+ // Parse the values as JSON
+ result := map[string]any{}
+ for key, value := range markers {
+ var unmarshalled interface{}
+
+ if len(key) == 0 {
+ return nil, fmt.Errorf("cannot have empty key for marker comment")
+ } else if _, ok := parseSymbolReference(value, ""); ok {
+ // Skip ref markers
+ continue
+ } else if len(value) == 0 {
+ // Empty value means key is implicitly a bool
+ result[key] = true
+ } else if err := json.Unmarshal([]byte(value), &unmarshalled); err != nil {
+ // Not valid JSON, throw error
+ return nil, fmt.Errorf("failed to parse value for key %v as JSON: %w", key, err)
} else {
- result[newKey] = newVal
+ // Is is valid JSON, use as a JSON value
+ result[key] = unmarshalled
}
}
return result, nil
@@ -270,8 +499,8 @@ func nestMarkers(markers map[string]any) (map[string]any, error) {
for key, value := range markers {
var err error
keys := strings.Split(key, ":")
- nested, err = putNestedValue(nested, keys, value)
- if err != nil {
+
+ if err = putNestedValue(nested, keys, value); err != nil {
errs = append(errs, err)
}
}
@@ -286,49 +515,59 @@ func nestMarkers(markers map[string]any) (map[string]any, error) {
// Recursively puts a value into the given keypath, creating intermediate maps
// and slices as needed. If a key is of the form `foo[bar]`, then bar will be
// treated as an index into the array foo. If bar is not a valid integer, putNestedValue returns an error.
-func putNestedValue(m map[string]any, k []string, v any) (map[string]any, error) {
+func putNestedValue(m map[string]any, k []string, v any) error {
if len(k) == 0 {
- return m, nil
+ return nil
}
key := k[0]
rest := k[1:]
- if idxIdx := strings.Index(key, "["); idxIdx > -1 {
- key := key[:idxIdx]
- index, err := strconv.Atoi(strings.Split(key[idxIdx+1:], "]")[0])
- if err != nil {
- // Ignore key
- return nil, fmt.Errorf("expected integer index in key %v, got %v", key, key[idxIdx+1:])
- }
-
+ // Array case
+ if arrayKeyWithoutSubscript, index, hasSubscript, err := extractArraySubscript(key); err != nil {
+ return fmt.Errorf("error parsing subscript for key %v: %w", key, err)
+ } else if hasSubscript {
+ key = arrayKeyWithoutSubscript
var arrayDestination []any
if existing, ok := m[key]; !ok {
arrayDestination = make([]any, index+1)
- } else {
+ } else if existing, ok := existing.([]any); !ok {
+ // Error case. Existing isn't of correct type. Can happen if
+ // someone is subscripting a field that was previously not an array
+ return fmt.Errorf("expected []any at key %v, got %T", key, existing)
+ } else if index >= len(existing) {
// Ensure array is big enough
- arrayDestination = append(existing.([]any), make([]any, index-len(existing.([]any))+1)...)
+ arrayDestination = append(existing, make([]any, index-len(existing)+1)...)
+ } else {
+ arrayDestination = existing
}
m[key] = arrayDestination
if arrayDestination[index] == nil {
- // Doesn't exist case
+ // Doesn't exist case, create the destination.
+ // Assumes the destination is a map for now. Theoretically could be
+ // extended to support arrays of arrays, but that's not needed yet.
destination := make(map[string]any)
arrayDestination[index] = destination
- return putNestedValue(destination, rest, v)
+ if err = putNestedValue(destination, rest, v); err != nil {
+ return err
+ }
} else if dst, ok := arrayDestination[index].(map[string]any); ok {
// Already exists case, correct type
- return putNestedValue(dst, rest, v)
+ if putNestedValue(dst, rest, v); err != nil {
+ return err
+ }
+ } else {
+ // Already exists, incorrect type. Error
+ // This shouldn't be possible.
+ return fmt.Errorf("expected map at %v[%v], got %T", key, index, arrayDestination[index])
}
- // Already exists, incorrect type. Error
- // This can happen if you referred to this field without the [] in
- // a past comment
- return m, nil
+ return nil
} else if len(rest) == 0 {
// Base case. Single key. Just set into destination
m[key] = v
- return m, nil
+ return nil
}
if existing, ok := m[key]; !ok {
@@ -340,6 +579,35 @@ func putNestedValue(m map[string]any, k []string, v any) (map[string]any, error)
} else {
// Error case. Existing isn't of correct type. Can happen if prior comment
// referred to value as an error
- return nil, fmt.Errorf("expected map[string]any at key %v, got %T", key, existing)
+ return fmt.Errorf("expected map[string]any at key %v, got %T", key, existing)
}
}
+
+// extractArraySubscript extracts the left array subscript from a key of
+// the form `foo[bar][baz]` -> "bar".
+// Returns the key without the subscript, the index, and a bool indicating if
+// the key had a subscript.
+// If the key has a subscript, but the subscript is not a valid integer, returns an error.
+//
+// This can be adapted to support multidimensional subscripts probably fairly
+// easily by retuning a list of ints
+func extractArraySubscript(str string) (string, int, bool, error) {
+ subscriptIdx := strings.Index(str, "[")
+ if subscriptIdx == -1 {
+ return "", -1, false, nil
+ }
+
+ subscript := strings.Split(str[subscriptIdx+1:], "]")[0]
+ if len(subscript) == 0 {
+ return "", -1, false, fmt.Errorf("empty subscript not allowed")
+ }
+
+ index, err := strconv.Atoi(subscript)
+ if err != nil {
+ return "", -1, false, fmt.Errorf("expected integer index in key %v", str)
+ } else if index < 0 {
+ return "", -1, false, fmt.Errorf("subscript '%v' is invalid. index must be positive", subscript)
+ }
+
+ return str[:subscriptIdx], index, true, nil
+}
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/openapi.go b/vendor/k8s.io/kube-openapi/pkg/generators/openapi.go
index 9980a15d4..1ffcf9094 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/openapi.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/openapi.go
@@ -21,15 +21,16 @@ import (
"encoding/json"
"fmt"
"io"
- "path/filepath"
+ "path"
"reflect"
+ "regexp"
"sort"
"strings"
- defaultergen "k8s.io/gengo/examples/defaulter-gen/generators"
- "k8s.io/gengo/generator"
- "k8s.io/gengo/namer"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2"
+ "k8s.io/gengo/v2/generator"
+ "k8s.io/gengo/v2/namer"
+ "k8s.io/gengo/v2/types"
openapi "k8s.io/kube-openapi/pkg/common"
"k8s.io/kube-openapi/pkg/validation/spec"
@@ -38,8 +39,9 @@ import (
// This is the comment tag that carries parameters for open API generation.
const tagName = "k8s:openapi-gen"
-const markerPrefix = "k8s:validation:"
+const markerPrefix = "+k8s:validation:"
const tagOptional = "optional"
+const tagRequired = "required"
const tagDefault = "default"
// Known values for the tag.
@@ -56,11 +58,11 @@ var tempPatchTags = [...]string{
}
func getOpenAPITagValue(comments []string) []string {
- return types.ExtractCommentTags("+", comments)[tagName]
+ return gengo.ExtractCommentTags("+", comments)[tagName]
}
func getSingleTagsValue(comments []string, tag string) (string, error) {
- tags, ok := types.ExtractCommentTags("+", comments)[tag]
+ tags, ok := gengo.ExtractCommentTags("+", comments)[tag]
if !ok || len(tags) == 0 {
return "", nil
}
@@ -80,14 +82,25 @@ func hasOpenAPITagValue(comments []string, value string) bool {
return false
}
-// hasOptionalTag returns true if the member has +optional in its comments or
-// omitempty in its json tags.
-func hasOptionalTag(m *types.Member) bool {
- hasOptionalCommentTag := types.ExtractCommentTags(
+// isOptional returns error if the member has +optional and +required in
+// its comments. If +optional is present it returns true. If +required is present
+// it returns false. Otherwise, it returns true if `omitempty` JSON tag is present
+func isOptional(m *types.Member) (bool, error) {
+ hasOptionalCommentTag := gengo.ExtractCommentTags(
"+", m.CommentLines)[tagOptional] != nil
- hasOptionalJsonTag := strings.Contains(
- reflect.StructTag(m.Tags).Get("json"), "omitempty")
- return hasOptionalCommentTag || hasOptionalJsonTag
+ hasRequiredCommentTag := gengo.ExtractCommentTags(
+ "+", m.CommentLines)[tagRequired] != nil
+ if hasOptionalCommentTag && hasRequiredCommentTag {
+ return false, fmt.Errorf("member %s cannot be both optional and required", m.Name)
+ } else if hasRequiredCommentTag {
+ return false, nil
+ } else if hasOptionalCommentTag {
+ return true, nil
+ }
+
+ // If neither +optional nor +required is present in the comments,
+ // infer optional from the json tags.
+ return strings.Contains(reflect.StructTag(m.Tags).Get("json"), "omitempty"), nil
}
func apiTypeFilterFunc(c *generator.Context, t *types.Type) bool {
@@ -112,16 +125,16 @@ const (
// openApiGen produces a file with auto-generated OpenAPI functions.
type openAPIGen struct {
- generator.DefaultGen
+ generator.GoGenerator
// TargetPackage is the package that will get GetOpenAPIDefinitions function returns all open API definitions.
targetPackage string
imports namer.ImportTracker
}
-func newOpenAPIGen(sanitizedName string, targetPackage string) generator.Generator {
+func newOpenAPIGen(outputFilename string, targetPackage string) generator.Generator {
return &openAPIGen{
- DefaultGen: generator.DefaultGen{
- OptionalName: sanitizedName,
+ GoGenerator: generator.GoGenerator{
+ OutputFilename: outputFilename,
},
imports: generator.NewImportTrackerForPackage(targetPackage),
targetPackage: targetPackage,
@@ -143,16 +156,6 @@ func (g *openAPIGen) Namers(c *generator.Context) namer.NameSystems {
}
}
-func (g *openAPIGen) isOtherPackage(pkg string) bool {
- if pkg == g.targetPackage {
- return false
- }
- if strings.HasSuffix(pkg, "\""+g.targetPackage+"\"") {
- return false
- }
- return true
-}
-
func (g *openAPIGen) Imports(c *generator.Context) []string {
importLines := []string{}
for _, singleImport := range g.imports.ImportLines() {
@@ -294,7 +297,8 @@ func hasOpenAPIV3OneOfMethod(t *types.Type) bool {
// typeShortName returns short package name (e.g. the name x appears in package x definition) dot type name.
func typeShortName(t *types.Type) string {
- return filepath.Base(t.Name.Package) + "." + t.Name.Name
+ // `path` vs. `filepath` because packages use '/'
+ return path.Base(t.Name.Package) + "." + t.Name.Name
}
func (g openAPITypeWriter) generateMembers(t *types.Type, required []string) ([]string, error) {
@@ -317,7 +321,10 @@ func (g openAPITypeWriter) generateMembers(t *types.Type, required []string) ([]
if name == "" {
continue
}
- if !hasOptionalTag(&m) {
+ if isOptional, err := isOptional(&m); err != nil {
+ klog.Errorf("Error when generating: %v, %v\n", name, m)
+ return required, err
+ } else if !isOptional {
required = append(required, name)
}
if err = g.generateProperty(&m, t); err != nil {
@@ -412,6 +419,7 @@ func (g openAPITypeWriter) generateValueValidations(vs *spec.SchemaProps) error
if vs.UniqueItems {
g.Do("UniqueItems: true,\n", nil)
}
+
return nil
}
@@ -419,7 +427,7 @@ func (g openAPITypeWriter) generate(t *types.Type) error {
// Only generate for struct type and ignore the rest
switch t.Kind {
case types.Struct:
- overrides, err := ParseCommentTags(t, t.CommentLines, markerPrefix)
+ validationSchema, err := ParseCommentTags(t, t.CommentLines, markerPrefix)
if err != nil {
return err
}
@@ -444,13 +452,16 @@ func (g openAPITypeWriter) generate(t *types.Type) error {
g.generateDescription(t.CommentLines)
g.Do("Type:$.type|raw${}.OpenAPISchemaType(),\n"+
"Format:$.type|raw${}.OpenAPISchemaFormat(),\n", args)
- err = g.generateValueValidations(&overrides.SchemaProps)
+ err = g.generateValueValidations(&validationSchema.SchemaProps)
if err != nil {
return err
}
- g.Do("},\n"+
- "},\n"+
- "})\n}\n\n", args)
+ g.Do("},\n", nil)
+ if err := g.generateStructExtensions(t, validationSchema.Extensions); err != nil {
+ return err
+ }
+ g.Do("},\n", nil)
+ g.Do("})\n}\n\n", args)
return nil
case hasV2DefinitionTypeAndFormat && hasV3OneOfTypes:
// generate v3 def.
@@ -460,14 +471,16 @@ func (g openAPITypeWriter) generate(t *types.Type) error {
g.generateDescription(t.CommentLines)
g.Do("OneOf:common.GenerateOpenAPIV3OneOfSchema($.type|raw${}.OpenAPIV3OneOfTypes()),\n"+
"Format:$.type|raw${}.OpenAPISchemaFormat(),\n", args)
- err = g.generateValueValidations(&overrides.SchemaProps)
+ err = g.generateValueValidations(&validationSchema.SchemaProps)
if err != nil {
return err
}
- g.Do(
- "},\n"+
- "},\n"+
- "},", args)
+ g.Do("},\n", nil)
+ if err := g.generateStructExtensions(t, validationSchema.Extensions); err != nil {
+ return err
+ }
+ g.Do("},\n", nil)
+ g.Do("},", args)
// generate v2 def.
g.Do("$.OpenAPIDefinition|raw${\n"+
"Schema: spec.Schema{\n"+
@@ -475,13 +488,16 @@ func (g openAPITypeWriter) generate(t *types.Type) error {
g.generateDescription(t.CommentLines)
g.Do("Type:$.type|raw${}.OpenAPISchemaType(),\n"+
"Format:$.type|raw${}.OpenAPISchemaFormat(),\n", args)
- err = g.generateValueValidations(&overrides.SchemaProps)
+ err = g.generateValueValidations(&validationSchema.SchemaProps)
if err != nil {
return err
}
- g.Do("},\n"+
- "},\n"+
- "})\n}\n\n", args)
+ g.Do("},\n", nil)
+ if err := g.generateStructExtensions(t, validationSchema.Extensions); err != nil {
+ return err
+ }
+ g.Do("},\n", nil)
+ g.Do("})\n}\n\n", args)
return nil
case hasV2DefinitionTypeAndFormat:
g.Do("return $.OpenAPIDefinition|raw${\n"+
@@ -490,13 +506,16 @@ func (g openAPITypeWriter) generate(t *types.Type) error {
g.generateDescription(t.CommentLines)
g.Do("Type:$.type|raw${}.OpenAPISchemaType(),\n"+
"Format:$.type|raw${}.OpenAPISchemaFormat(),\n", args)
- err = g.generateValueValidations(&overrides.SchemaProps)
+ err = g.generateValueValidations(&validationSchema.SchemaProps)
if err != nil {
return err
}
- g.Do("},\n"+
- "},\n"+
- "}\n}\n\n", args)
+ g.Do("},\n", nil)
+ if err := g.generateStructExtensions(t, validationSchema.Extensions); err != nil {
+ return err
+ }
+ g.Do("},\n", nil)
+ g.Do("}\n}\n\n", args)
return nil
case hasV3OneOfTypes:
// having v3 oneOf types without custom v2 type or format does not make sense.
@@ -506,7 +525,7 @@ func (g openAPITypeWriter) generate(t *types.Type) error {
g.Do("return $.OpenAPIDefinition|raw${\nSchema: spec.Schema{\nSchemaProps: spec.SchemaProps{\n", args)
g.generateDescription(t.CommentLines)
g.Do("Type: []string{\"object\"},\n", nil)
- err = g.generateValueValidations(&overrides.SchemaProps)
+ err = g.generateValueValidations(&validationSchema.SchemaProps)
if err != nil {
return err
}
@@ -530,7 +549,7 @@ func (g openAPITypeWriter) generate(t *types.Type) error {
g.Do("Required: []string{\"$.$\"},\n", strings.Join(required, "\",\""))
}
g.Do("},\n", nil)
- if err := g.generateStructExtensions(t); err != nil {
+ if err := g.generateStructExtensions(t, validationSchema.Extensions); err != nil {
return err
}
g.Do("},\n", nil)
@@ -563,7 +582,7 @@ func (g openAPITypeWriter) generate(t *types.Type) error {
return nil
}
-func (g openAPITypeWriter) generateStructExtensions(t *types.Type) error {
+func (g openAPITypeWriter) generateStructExtensions(t *types.Type, otherExtensions map[string]interface{}) error {
extensions, errors := parseExtensions(t.CommentLines)
// Initially, we will only log struct extension errors.
if len(errors) > 0 {
@@ -579,11 +598,11 @@ func (g openAPITypeWriter) generateStructExtensions(t *types.Type) error {
}
// TODO(seans3): Validate struct extensions here.
- g.emitExtensions(extensions, unions)
+ g.emitExtensions(extensions, unions, otherExtensions)
return nil
}
-func (g openAPITypeWriter) generateMemberExtensions(m *types.Member, parent *types.Type) error {
+func (g openAPITypeWriter) generateMemberExtensions(m *types.Member, parent *types.Type, otherExtensions map[string]interface{}) error {
extensions, parseErrors := parseExtensions(m.CommentLines)
validationErrors := validateMemberExtensions(extensions, m)
errors := append(parseErrors, validationErrors...)
@@ -594,13 +613,13 @@ func (g openAPITypeWriter) generateMemberExtensions(m *types.Member, parent *typ
klog.V(2).Infof("%s %s\n", errorPrefix, e)
}
}
- g.emitExtensions(extensions, nil)
+ g.emitExtensions(extensions, nil, otherExtensions)
return nil
}
-func (g openAPITypeWriter) emitExtensions(extensions []extension, unions []union) {
+func (g openAPITypeWriter) emitExtensions(extensions []extension, unions []union, otherExtensions map[string]interface{}) {
// If any extensions exist, then emit code to create them.
- if len(extensions) == 0 && len(unions) == 0 {
+ if len(extensions) == 0 && len(unions) == 0 && len(otherExtensions) == 0 {
return
}
g.Do("VendorExtensible: spec.VendorExtensible{\nExtensions: spec.Extensions{\n", nil)
@@ -623,6 +642,16 @@ func (g openAPITypeWriter) emitExtensions(extensions []extension, unions []union
}
g.Do("},\n", nil)
}
+
+ if len(otherExtensions) > 0 {
+ for k, v := range otherExtensions {
+ g.Do("$.key$: $.value$,\n", map[string]interface{}{
+ "key": fmt.Sprintf("%#v", k),
+ "value": fmt.Sprintf("%#v", v),
+ })
+ }
+ }
+
g.Do("},\n},\n", nil)
}
@@ -674,8 +703,8 @@ func defaultFromComments(comments []string, commentPath string, t *types.Type) (
}
var i interface{}
- if id, ok := defaultergen.ParseSymbolReference(tag, commentPath); ok {
- klog.Errorf("%v, %v", id, commentPath)
+ if id, ok := parseSymbolReference(tag, commentPath); ok {
+ klog.V(5).Infof("%v, %v", id, commentPath)
return nil, &id, nil
} else if err := json.Unmarshal([]byte(tag), &i); err != nil {
return nil, nil, fmt.Errorf("failed to unmarshal default: %v", err)
@@ -683,6 +712,31 @@ func defaultFromComments(comments []string, commentPath string, t *types.Type) (
return i, nil, nil
}
+var refRE = regexp.MustCompile(`^ref\((?P[^"]+)\)$`)
+var refREIdentIndex = refRE.SubexpIndex("reference")
+
+// parseSymbolReference looks for strings that match one of the following:
+// - ref(Ident)
+// - ref(pkgpath.Ident)
+// If the input string matches either of these, it will return the (optional)
+// pkgpath, the Ident, and true. Otherwise it will return empty strings and
+// false.
+//
+// This is borrowed from k8s.io/code-generator.
+func parseSymbolReference(s, sourcePackage string) (types.Name, bool) {
+ matches := refRE.FindStringSubmatch(s)
+ if len(matches) < refREIdentIndex || matches[refREIdentIndex] == "" {
+ return types.Name{}, false
+ }
+
+ contents := matches[refREIdentIndex]
+ name := types.ParseFullyQualifiedName(contents)
+ if len(name.Package) == 0 {
+ name.Package = sourcePackage
+ }
+ return name, true
+}
+
func implementsCustomUnmarshalling(t *types.Type) bool {
switch t.Kind {
case types.Pointer:
@@ -790,15 +844,9 @@ func (g openAPITypeWriter) generateDescription(CommentLines []string) {
}
}
- postDoc := strings.TrimLeft(buffer.String(), "\n")
- postDoc = strings.TrimRight(postDoc, "\n")
- postDoc = strings.Replace(postDoc, "\\\"", "\"", -1) // replace user's \" to "
- postDoc = strings.Replace(postDoc, "\"", "\\\"", -1) // Escape "
- postDoc = strings.Replace(postDoc, "\n", "\\n", -1)
- postDoc = strings.Replace(postDoc, "\t", "\\t", -1)
- postDoc = strings.Trim(postDoc, " ")
- if postDoc != "" {
- g.Do("Description: \"$.$\",\n", postDoc)
+ postDoc := strings.TrimSpace(buffer.String())
+ if len(postDoc) > 0 {
+ g.Do("Description: $.$,\n", fmt.Sprintf("%#v", postDoc))
}
}
@@ -807,11 +855,15 @@ func (g openAPITypeWriter) generateProperty(m *types.Member, parent *types.Type)
if name == "" {
return nil
}
+ validationSchema, err := ParseCommentTags(m.Type, m.CommentLines, markerPrefix)
+ if err != nil {
+ return err
+ }
if err := g.validatePatchTags(m, parent); err != nil {
return err
}
g.Do("\"$.$\": {\n", name)
- if err := g.generateMemberExtensions(m, parent); err != nil {
+ if err := g.generateMemberExtensions(m, parent, validationSchema.Extensions); err != nil {
return err
}
g.Do("SchemaProps: spec.SchemaProps{\n", nil)
@@ -830,11 +882,7 @@ func (g openAPITypeWriter) generateProperty(m *types.Member, parent *types.Type)
if err := g.generateDefault(m.CommentLines, m.Type, omitEmpty, parent); err != nil {
return fmt.Errorf("failed to generate default in %v: %v: %v", parent, m.Name, err)
}
- overrides, err := ParseCommentTags(m.Type, m.CommentLines, markerPrefix)
- if err != nil {
- return err
- }
- err = g.generateValueValidations(&overrides.SchemaProps)
+ err = g.generateValueValidations(&validationSchema.SchemaProps)
if err != nil {
return err
}
@@ -911,6 +959,10 @@ func (g openAPITypeWriter) generateMapProperty(t *types.Type) error {
typeString, format := openapi.OpenAPITypeFormat(elemType.String())
if typeString != "" {
g.generateSimpleProperty(typeString, format)
+ if enumType, isEnum := g.enumContext.EnumType(t.Elem); isEnum {
+ // original type is an enum, add "Enum: " and the values
+ g.Do("Enum: []interface{}{$.$},\n", strings.Join(enumType.ValueStrings(), ", "))
+ }
g.Do("},\n},\n},\n", nil)
return nil
}
@@ -944,6 +996,10 @@ func (g openAPITypeWriter) generateSliceProperty(t *types.Type) error {
typeString, format := openapi.OpenAPITypeFormat(elemType.String())
if typeString != "" {
g.generateSimpleProperty(typeString, format)
+ if enumType, isEnum := g.enumContext.EnumType(t.Elem); isEnum {
+ // original type is an enum, add "Enum: " and the values
+ g.Do("Enum: []interface{}{$.$},\n", strings.Join(enumType.ValueStrings(), ", "))
+ }
g.Do("},\n},\n},\n", nil)
return nil
}
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/rules/idl_tag.go b/vendor/k8s.io/kube-openapi/pkg/generators/rules/idl_tag.go
index 0abe0aa07..e4b0f7cd3 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/rules/idl_tag.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/rules/idl_tag.go
@@ -1,7 +1,8 @@
package rules
import (
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2"
+ "k8s.io/gengo/v2/types"
)
const ListTypeIDLTag = "listType"
@@ -24,7 +25,7 @@ func (l *ListTypeMissing) Validate(t *types.Type) ([]string, error) {
switch t.Kind {
case types.Struct:
for _, m := range t.Members {
- hasListType := types.ExtractCommentTags("+", m.CommentLines)[ListTypeIDLTag] != nil
+ hasListType := gengo.ExtractCommentTags("+", m.CommentLines)[ListTypeIDLTag] != nil
if m.Name == "Items" && m.Type.Kind == types.Slice && hasNamedMember(t, "ListMeta") {
if hasListType {
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/rules/names_match.go b/vendor/k8s.io/kube-openapi/pkg/generators/rules/names_match.go
index 53e870c1a..af30edc5e 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/rules/names_match.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/rules/names_match.go
@@ -22,7 +22,7 @@ import (
"k8s.io/kube-openapi/pkg/util/sets"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2/types"
)
var (
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/rules/omitempty_match_case.go b/vendor/k8s.io/kube-openapi/pkg/generators/rules/omitempty_match_case.go
index dd37ad8a5..d83875964 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/rules/omitempty_match_case.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/rules/omitempty_match_case.go
@@ -20,7 +20,7 @@ import (
"reflect"
"strings"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2/types"
)
// OmitEmptyMatchCase implements APIRule interface.
diff --git a/vendor/k8s.io/kube-openapi/pkg/generators/union.go b/vendor/k8s.io/kube-openapi/pkg/generators/union.go
index a0281fe47..bfcba1ad7 100644
--- a/vendor/k8s.io/kube-openapi/pkg/generators/union.go
+++ b/vendor/k8s.io/kube-openapi/pkg/generators/union.go
@@ -20,7 +20,8 @@ import (
"fmt"
"sort"
- "k8s.io/gengo/types"
+ "k8s.io/gengo/v2"
+ "k8s.io/gengo/v2/types"
)
const tagUnionMember = "union"
@@ -141,7 +142,7 @@ func parseEmbeddedUnion(t *types.Type) ([]union, []error) {
// embedded types.
func parseUnionStruct(t *types.Type) (*union, []error) {
errors := []error{}
- if types.ExtractCommentTags("+", t.CommentLines)[tagUnionMember] == nil {
+ if gengo.ExtractCommentTags("+", t.CommentLines)[tagUnionMember] == nil {
return nil, nil
}
@@ -156,14 +157,14 @@ func parseUnionStruct(t *types.Type) (*union, []error) {
errors = append(errors, fmt.Errorf("union structures can't have embedded fields: %v.%v", t.Name, m.Name))
continue
}
- if types.ExtractCommentTags("+", m.CommentLines)[tagUnionDeprecated] != nil {
+ if gengo.ExtractCommentTags("+", m.CommentLines)[tagUnionDeprecated] != nil {
errors = append(errors, fmt.Errorf("union struct can't have unionDeprecated members: %v.%v", t.Name, m.Name))
continue
}
- if types.ExtractCommentTags("+", m.CommentLines)[tagUnionDiscriminator] != nil {
+ if gengo.ExtractCommentTags("+", m.CommentLines)[tagUnionDiscriminator] != nil {
errors = append(errors, u.setDiscriminator(jsonName)...)
} else {
- if !hasOptionalTag(&m) {
+ if optional, err := isOptional(&m); !optional || err != nil {
errors = append(errors, fmt.Errorf("union members must be optional: %v.%v", t.Name, m.Name))
}
u.addMember(jsonName, m.Name)
@@ -186,15 +187,15 @@ func parseUnionMembers(t *types.Type) (*union, []error) {
if shouldInlineMembers(&m) {
continue
}
- if types.ExtractCommentTags("+", m.CommentLines)[tagUnionDiscriminator] != nil {
+ if gengo.ExtractCommentTags("+", m.CommentLines)[tagUnionDiscriminator] != nil {
errors = append(errors, u.setDiscriminator(jsonName)...)
}
- if types.ExtractCommentTags("+", m.CommentLines)[tagUnionMember] != nil {
+ if gengo.ExtractCommentTags("+", m.CommentLines)[tagUnionMember] != nil {
errors = append(errors, fmt.Errorf("union tag is not accepted on struct members: %v.%v", t.Name, m.Name))
continue
}
- if types.ExtractCommentTags("+", m.CommentLines)[tagUnionDeprecated] != nil {
- if !hasOptionalTag(&m) {
+ if gengo.ExtractCommentTags("+", m.CommentLines)[tagUnionDeprecated] != nil {
+ if optional, err := isOptional(&m); !optional || err != nil {
errors = append(errors, fmt.Errorf("union members must be optional: %v.%v", t.Name, m.Name))
}
u.addMember(jsonName, m.Name)
diff --git a/vendor/k8s.io/utils/trace/trace.go b/vendor/k8s.io/utils/trace/trace.go
index 187eb5d8c..559aebb59 100644
--- a/vendor/k8s.io/utils/trace/trace.go
+++ b/vendor/k8s.io/utils/trace/trace.go
@@ -192,7 +192,7 @@ func (t *Trace) Log() {
t.endTime = &endTime
t.lock.Unlock()
// an explicit logging request should dump all the steps out at the higher level
- if t.parentTrace == nil { // We don't start logging until Log or LogIfLong is called on the root trace
+ if t.parentTrace == nil && klogV(2) { // We don't start logging until Log or LogIfLong is called on the root trace
t.logTrace()
}
}
diff --git a/vendor/modules.txt b/vendor/modules.txt
index 0407e7b83..c391337d1 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -27,7 +27,7 @@ github.com/cespare/xxhash/v2
# github.com/davecgh/go-spew v1.1.1
## explicit
github.com/davecgh/go-spew/spew
-# github.com/emicklei/go-restful/v3 v3.11.2
+# github.com/emicklei/go-restful/v3 v3.12.0
## explicit; go 1.13
github.com/emicklei/go-restful/v3
github.com/emicklei/go-restful/v3/log
@@ -48,15 +48,15 @@ github.com/go-logfmt/logfmt
# github.com/go-logr/logr v1.4.1
## explicit; go 1.18
github.com/go-logr/logr
-# github.com/go-openapi/jsonpointer v0.20.2
-## explicit; go 1.19
+# github.com/go-openapi/jsonpointer v0.21.0
+## explicit; go 1.20
github.com/go-openapi/jsonpointer
-# github.com/go-openapi/jsonreference v0.20.4
-## explicit; go 1.19
+# github.com/go-openapi/jsonreference v0.21.0
+## explicit; go 1.20
github.com/go-openapi/jsonreference
github.com/go-openapi/jsonreference/internal
-# github.com/go-openapi/swag v0.22.7
-## explicit; go 1.19
+# github.com/go-openapi/swag v0.23.0
+## explicit; go 1.20
github.com/go-openapi/swag
# github.com/gogo/protobuf v1.3.2
## explicit; go 1.15
@@ -257,15 +257,26 @@ golang.org/x/time/rate
# golang.org/x/tools v0.21.0
## explicit; go 1.19
golang.org/x/tools/go/ast/astutil
+golang.org/x/tools/go/gcexportdata
+golang.org/x/tools/go/internal/packagesdriver
+golang.org/x/tools/go/packages
+golang.org/x/tools/go/types/objectpath
golang.org/x/tools/imports
+golang.org/x/tools/internal/aliases
golang.org/x/tools/internal/event
golang.org/x/tools/internal/event/core
golang.org/x/tools/internal/event/keys
golang.org/x/tools/internal/event/label
+golang.org/x/tools/internal/gcimporter
golang.org/x/tools/internal/gocommand
golang.org/x/tools/internal/gopathwalk
golang.org/x/tools/internal/imports
+golang.org/x/tools/internal/packagesinternal
+golang.org/x/tools/internal/pkgbits
golang.org/x/tools/internal/stdlib
+golang.org/x/tools/internal/tokeninternal
+golang.org/x/tools/internal/typesinternal
+golang.org/x/tools/internal/versions
# gomodules.xyz/jsonpatch/v2 v2.4.0
## explicit; go 1.20
gomodules.xyz/jsonpatch/v2
@@ -383,7 +394,7 @@ gopkg.in/yaml.v2
# gopkg.in/yaml.v3 v3.0.1
## explicit
gopkg.in/yaml.v3
-# k8s.io/api v0.29.3
+# k8s.io/api v0.30.0 => k8s.io/api v0.29.5
## explicit; go 1.21
k8s.io/api/admission/v1
k8s.io/api/admissionregistration/v1
@@ -438,11 +449,11 @@ k8s.io/api/scheduling/v1beta1
k8s.io/api/storage/v1
k8s.io/api/storage/v1alpha1
k8s.io/api/storage/v1beta1
-# k8s.io/apiextensions-apiserver v0.29.3
-## explicit; go 1.21
+# k8s.io/apiextensions-apiserver v0.30.0
+## explicit; go 1.22.0
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions
k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1
-# k8s.io/apimachinery v0.29.3
+# k8s.io/apimachinery v0.30.0 => k8s.io/apimachinery v0.29.5
## explicit; go 1.21
k8s.io/apimachinery/pkg/api/equality
k8s.io/apimachinery/pkg/api/errors
@@ -492,7 +503,7 @@ k8s.io/apimachinery/pkg/version
k8s.io/apimachinery/pkg/watch
k8s.io/apimachinery/third_party/forked/golang/json
k8s.io/apimachinery/third_party/forked/golang/reflect
-# k8s.io/client-go v0.29.3
+# k8s.io/client-go v0.30.0 => k8s.io/client-go v0.29.5
## explicit; go 1.21
k8s.io/client-go/applyconfigurations/admissionregistration/v1
k8s.io/client-go/applyconfigurations/admissionregistration/v1alpha1
@@ -799,7 +810,7 @@ k8s.io/client-go/util/homedir
k8s.io/client-go/util/keyutil
k8s.io/client-go/util/retry
k8s.io/client-go/util/workqueue
-# k8s.io/code-generator v0.29.3
+# k8s.io/code-generator v0.30.0 => k8s.io/code-generator v0.29.5
## explicit; go 1.21
k8s.io/code-generator
k8s.io/code-generator/cmd/applyconfiguration-gen
@@ -844,11 +855,17 @@ k8s.io/gengo/examples/deepcopy-gen/generators
k8s.io/gengo/examples/defaulter-gen/generators
k8s.io/gengo/examples/import-boss/generators
k8s.io/gengo/examples/set-gen/generators
-k8s.io/gengo/examples/set-gen/sets
k8s.io/gengo/generator
k8s.io/gengo/namer
k8s.io/gengo/parser
k8s.io/gengo/types
+# k8s.io/gengo/v2 v2.0.0-20240228010128-51d4e06bde70
+## explicit; go 1.20
+k8s.io/gengo/v2
+k8s.io/gengo/v2/generator
+k8s.io/gengo/v2/namer
+k8s.io/gengo/v2/parser
+k8s.io/gengo/v2/types
# k8s.io/klog/v2 v2.120.1
## explicit; go 1.18
k8s.io/klog/v2
@@ -858,8 +875,8 @@ k8s.io/klog/v2/internal/dbg
k8s.io/klog/v2/internal/serialize
k8s.io/klog/v2/internal/severity
k8s.io/klog/v2/internal/sloghandler
-# k8s.io/kube-openapi v0.0.0-20240105020646-a37d4de58910
-## explicit; go 1.21
+# k8s.io/kube-openapi v0.0.0-20240423202451-8948a665c108
+## explicit; go 1.20
k8s.io/kube-openapi/cmd/openapi-gen/args
k8s.io/kube-openapi/pkg/cached
k8s.io/kube-openapi/pkg/common
@@ -873,7 +890,7 @@ k8s.io/kube-openapi/pkg/spec3
k8s.io/kube-openapi/pkg/util/proto
k8s.io/kube-openapi/pkg/util/sets
k8s.io/kube-openapi/pkg/validation/spec
-# k8s.io/utils v0.0.0-20240102154912-e7106e64919e
+# k8s.io/utils v0.0.0-20240423183400-0849a56e8f22
## explicit; go 1.18
k8s.io/utils/buffer
k8s.io/utils/clock
@@ -1004,8 +1021,8 @@ knative.dev/pkg/webhook
knative.dev/pkg/webhook/certificates
knative.dev/pkg/webhook/certificates/resources
knative.dev/pkg/webhook/configmaps
-# sigs.k8s.io/gateway-api v1.0.1-0.20240422224228-29e68bffffb9
-## explicit; go 1.21
+# sigs.k8s.io/gateway-api v1.1.0
+## explicit; go 1.22.0
sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1
sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2
sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha3
@@ -1053,3 +1070,7 @@ sigs.k8s.io/structured-merge-diff/v4/value
## explicit; go 1.12
sigs.k8s.io/yaml
sigs.k8s.io/yaml/goyaml.v2
+# k8s.io/api => k8s.io/api v0.29.5
+# k8s.io/apimachinery => k8s.io/apimachinery v0.29.5
+# k8s.io/client-go => k8s.io/client-go v0.29.5
+# k8s.io/code-generator => k8s.io/code-generator v0.29.5
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gateway.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gateway.go
index 0c0d3a5d4..befe0daff 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gateway.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gateway.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
gatewayapiapisv1 "sigs.k8s.io/gateway-api/apis/v1"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewayclass.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewayclass.go
index 37b057948..63ff9600e 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewayclass.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewayclass.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
gatewayapiapisv1 "sigs.k8s.io/gateway-api/apis/v1"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewayclassstatus.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewayclassstatus.go
index b9248fbd5..ba5a58317 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewayclassstatus.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewayclassstatus.go
@@ -19,15 +19,15 @@ limitations under the License.
package v1
import (
- v1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ v1 "k8s.io/client-go/applyconfigurations/meta/v1"
apisv1 "sigs.k8s.io/gateway-api/apis/v1"
)
// GatewayClassStatusApplyConfiguration represents an declarative configuration of the GatewayClassStatus type for use
// with apply.
type GatewayClassStatusApplyConfiguration struct {
- Conditions []v1.Condition `json:"conditions,omitempty"`
- SupportedFeatures []apisv1.SupportedFeature `json:"supportedFeatures,omitempty"`
+ Conditions []v1.ConditionApplyConfiguration `json:"conditions,omitempty"`
+ SupportedFeatures []apisv1.SupportedFeature `json:"supportedFeatures,omitempty"`
}
// GatewayClassStatusApplyConfiguration constructs an declarative configuration of the GatewayClassStatus type for use with
@@ -39,9 +39,12 @@ func GatewayClassStatus() *GatewayClassStatusApplyConfiguration {
// WithConditions adds the given value to the Conditions field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *GatewayClassStatusApplyConfiguration) WithConditions(values ...v1.Condition) *GatewayClassStatusApplyConfiguration {
+func (b *GatewayClassStatusApplyConfiguration) WithConditions(values ...*v1.ConditionApplyConfiguration) *GatewayClassStatusApplyConfiguration {
for i := range values {
- b.Conditions = append(b.Conditions, values[i])
+ if values[i] == nil {
+ panic("nil value passed to WithConditions")
+ }
+ b.Conditions = append(b.Conditions, *values[i])
}
return b
}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewaystatus.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewaystatus.go
index 94732086a..3bb277d60 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewaystatus.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/gatewaystatus.go
@@ -19,14 +19,14 @@ limitations under the License.
package v1
import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ metav1 "k8s.io/client-go/applyconfigurations/meta/v1"
)
// GatewayStatusApplyConfiguration represents an declarative configuration of the GatewayStatus type for use
// with apply.
type GatewayStatusApplyConfiguration struct {
Addresses []GatewayStatusAddressApplyConfiguration `json:"addresses,omitempty"`
- Conditions []metav1.Condition `json:"conditions,omitempty"`
+ Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"`
Listeners []ListenerStatusApplyConfiguration `json:"listeners,omitempty"`
}
@@ -52,9 +52,12 @@ func (b *GatewayStatusApplyConfiguration) WithAddresses(values ...*GatewayStatus
// WithConditions adds the given value to the Conditions field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *GatewayStatusApplyConfiguration) WithConditions(values ...metav1.Condition) *GatewayStatusApplyConfiguration {
+func (b *GatewayStatusApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *GatewayStatusApplyConfiguration {
for i := range values {
- b.Conditions = append(b.Conditions, values[i])
+ if values[i] == nil {
+ panic("nil value passed to WithConditions")
+ }
+ b.Conditions = append(b.Conditions, *values[i])
}
return b
}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/grpcroute.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/grpcroute.go
index 288b8d3e2..f44879a85 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/grpcroute.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/grpcroute.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
gatewayapiapisv1 "sigs.k8s.io/gateway-api/apis/v1"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/httproute.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/httproute.go
index 6d0729a8a..26d94544a 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/httproute.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/httproute.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
gatewayapiapisv1 "sigs.k8s.io/gateway-api/apis/v1"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/listenerstatus.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/listenerstatus.go
index 25e7e5cef..4e4054ec9 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/listenerstatus.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/listenerstatus.go
@@ -19,17 +19,18 @@ limitations under the License.
package v1
import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ metav1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
v1 "sigs.k8s.io/gateway-api/apis/v1"
)
// ListenerStatusApplyConfiguration represents an declarative configuration of the ListenerStatus type for use
// with apply.
type ListenerStatusApplyConfiguration struct {
- Name *v1.SectionName `json:"name,omitempty"`
- SupportedKinds []RouteGroupKindApplyConfiguration `json:"supportedKinds,omitempty"`
- AttachedRoutes *int32 `json:"attachedRoutes,omitempty"`
- Conditions []metav1.Condition `json:"conditions,omitempty"`
+ Name *v1.SectionName `json:"name,omitempty"`
+ SupportedKinds []RouteGroupKindApplyConfiguration `json:"supportedKinds,omitempty"`
+ AttachedRoutes *int32 `json:"attachedRoutes,omitempty"`
+ Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"`
}
// ListenerStatusApplyConfiguration constructs an declarative configuration of the ListenerStatus type for use with
@@ -70,9 +71,12 @@ func (b *ListenerStatusApplyConfiguration) WithAttachedRoutes(value int32) *List
// WithConditions adds the given value to the Conditions field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *ListenerStatusApplyConfiguration) WithConditions(values ...metav1.Condition) *ListenerStatusApplyConfiguration {
+func (b *ListenerStatusApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *ListenerStatusApplyConfiguration {
for i := range values {
- b.Conditions = append(b.Conditions, values[i])
+ if values[i] == nil {
+ panic("nil value passed to WithConditions")
+ }
+ b.Conditions = append(b.Conditions, *values[i])
}
return b
}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/routenamespaces.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/routenamespaces.go
index 9c3b6eb65..9b60a5613 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/routenamespaces.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/routenamespaces.go
@@ -19,15 +19,15 @@ limitations under the License.
package v1
import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ metav1 "k8s.io/client-go/applyconfigurations/meta/v1"
v1 "sigs.k8s.io/gateway-api/apis/v1"
)
// RouteNamespacesApplyConfiguration represents an declarative configuration of the RouteNamespaces type for use
// with apply.
type RouteNamespacesApplyConfiguration struct {
- From *v1.FromNamespaces `json:"from,omitempty"`
- Selector *metav1.LabelSelector `json:"selector,omitempty"`
+ From *v1.FromNamespaces `json:"from,omitempty"`
+ Selector *metav1.LabelSelectorApplyConfiguration `json:"selector,omitempty"`
}
// RouteNamespacesApplyConfiguration constructs an declarative configuration of the RouteNamespaces type for use with
@@ -47,7 +47,7 @@ func (b *RouteNamespacesApplyConfiguration) WithFrom(value v1.FromNamespaces) *R
// WithSelector sets the Selector field in the declarative configuration to the given value
// and returns the receiver, so that objects can be built by chaining "With" function invocations.
// If called multiple times, the Selector field is set to the value of the last call.
-func (b *RouteNamespacesApplyConfiguration) WithSelector(value metav1.LabelSelector) *RouteNamespacesApplyConfiguration {
- b.Selector = &value
+func (b *RouteNamespacesApplyConfiguration) WithSelector(value *metav1.LabelSelectorApplyConfiguration) *RouteNamespacesApplyConfiguration {
+ b.Selector = value
return b
}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/routeparentstatus.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/routeparentstatus.go
index 38a4e3832..123713354 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/routeparentstatus.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1/routeparentstatus.go
@@ -19,16 +19,17 @@ limitations under the License.
package v1
import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ metav1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
apisv1 "sigs.k8s.io/gateway-api/apis/v1"
)
// RouteParentStatusApplyConfiguration represents an declarative configuration of the RouteParentStatus type for use
// with apply.
type RouteParentStatusApplyConfiguration struct {
- ParentRef *ParentReferenceApplyConfiguration `json:"parentRef,omitempty"`
- ControllerName *apisv1.GatewayController `json:"controllerName,omitempty"`
- Conditions []metav1.Condition `json:"conditions,omitempty"`
+ ParentRef *ParentReferenceApplyConfiguration `json:"parentRef,omitempty"`
+ ControllerName *apisv1.GatewayController `json:"controllerName,omitempty"`
+ Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"`
}
// RouteParentStatusApplyConfiguration constructs an declarative configuration of the RouteParentStatus type for use with
@@ -56,9 +57,12 @@ func (b *RouteParentStatusApplyConfiguration) WithControllerName(value apisv1.Ga
// WithConditions adds the given value to the Conditions field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *RouteParentStatusApplyConfiguration) WithConditions(values ...metav1.Condition) *RouteParentStatusApplyConfiguration {
+func (b *RouteParentStatusApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *RouteParentStatusApplyConfiguration {
for i := range values {
- b.Conditions = append(b.Conditions, values[i])
+ if values[i] == nil {
+ panic("nil value passed to WithConditions")
+ }
+ b.Conditions = append(b.Conditions, *values[i])
}
return b
}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/backendlbpolicy.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/backendlbpolicy.go
index fd340bd01..835bf3c9d 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/backendlbpolicy.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/backendlbpolicy.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
apisv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policyancestorstatus.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policyancestorstatus.go
index 7757e8b3e..f43e15e4b 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policyancestorstatus.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policyancestorstatus.go
@@ -19,7 +19,7 @@ limitations under the License.
package v1alpha2
import (
- metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+ metav1 "k8s.io/client-go/applyconfigurations/meta/v1"
v1 "sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1"
apisv1 "sigs.k8s.io/gateway-api/apis/v1"
)
@@ -29,7 +29,7 @@ import (
type PolicyAncestorStatusApplyConfiguration struct {
AncestorRef *v1.ParentReferenceApplyConfiguration `json:"ancestorRef,omitempty"`
ControllerName *apisv1.GatewayController `json:"controllerName,omitempty"`
- Conditions []metav1.Condition `json:"conditions,omitempty"`
+ Conditions []metav1.ConditionApplyConfiguration `json:"conditions,omitempty"`
}
// PolicyAncestorStatusApplyConfiguration constructs an declarative configuration of the PolicyAncestorStatus type for use with
@@ -57,9 +57,12 @@ func (b *PolicyAncestorStatusApplyConfiguration) WithControllerName(value apisv1
// WithConditions adds the given value to the Conditions field in the declarative configuration
// and returns the receiver, so that objects can be build by chaining "With" function invocations.
// If called multiple times, values provided by each call will be appended to the Conditions field.
-func (b *PolicyAncestorStatusApplyConfiguration) WithConditions(values ...metav1.Condition) *PolicyAncestorStatusApplyConfiguration {
+func (b *PolicyAncestorStatusApplyConfiguration) WithConditions(values ...*metav1.ConditionApplyConfiguration) *PolicyAncestorStatusApplyConfiguration {
for i := range values {
- b.Conditions = append(b.Conditions, values[i])
+ if values[i] == nil {
+ panic("nil value passed to WithConditions")
+ }
+ b.Conditions = append(b.Conditions, *values[i])
}
return b
}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policytargetreference.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policytargetreference.go
deleted file mode 100644
index 2c3f53999..000000000
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policytargetreference.go
+++ /dev/null
@@ -1,70 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1alpha2
-
-import (
- v1 "sigs.k8s.io/gateway-api/apis/v1"
-)
-
-// PolicyTargetReferenceApplyConfiguration represents an declarative configuration of the PolicyTargetReference type for use
-// with apply.
-type PolicyTargetReferenceApplyConfiguration struct {
- Group *v1.Group `json:"group,omitempty"`
- Kind *v1.Kind `json:"kind,omitempty"`
- Name *v1.ObjectName `json:"name,omitempty"`
- Namespace *v1.Namespace `json:"namespace,omitempty"`
-}
-
-// PolicyTargetReferenceApplyConfiguration constructs an declarative configuration of the PolicyTargetReference type for use with
-// apply.
-func PolicyTargetReference() *PolicyTargetReferenceApplyConfiguration {
- return &PolicyTargetReferenceApplyConfiguration{}
-}
-
-// WithGroup sets the Group field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Group field is set to the value of the last call.
-func (b *PolicyTargetReferenceApplyConfiguration) WithGroup(value v1.Group) *PolicyTargetReferenceApplyConfiguration {
- b.Group = &value
- return b
-}
-
-// WithKind sets the Kind field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Kind field is set to the value of the last call.
-func (b *PolicyTargetReferenceApplyConfiguration) WithKind(value v1.Kind) *PolicyTargetReferenceApplyConfiguration {
- b.Kind = &value
- return b
-}
-
-// WithName sets the Name field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Name field is set to the value of the last call.
-func (b *PolicyTargetReferenceApplyConfiguration) WithName(value v1.ObjectName) *PolicyTargetReferenceApplyConfiguration {
- b.Name = &value
- return b
-}
-
-// WithNamespace sets the Namespace field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Namespace field is set to the value of the last call.
-func (b *PolicyTargetReferenceApplyConfiguration) WithNamespace(value v1.Namespace) *PolicyTargetReferenceApplyConfiguration {
- b.Namespace = &value
- return b
-}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policytargetreferencewithsectionname.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policytargetreferencewithsectionname.go
deleted file mode 100644
index 81b30045a..000000000
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/policytargetreferencewithsectionname.go
+++ /dev/null
@@ -1,76 +0,0 @@
-/*
-Copyright The Kubernetes Authors.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
- http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-*/
-
-// Code generated by applyconfiguration-gen. DO NOT EDIT.
-
-package v1alpha2
-
-import (
- v1 "sigs.k8s.io/gateway-api/apis/v1"
-)
-
-// PolicyTargetReferenceWithSectionNameApplyConfiguration represents an declarative configuration of the PolicyTargetReferenceWithSectionName type for use
-// with apply.
-type PolicyTargetReferenceWithSectionNameApplyConfiguration struct {
- PolicyTargetReferenceApplyConfiguration `json:",inline"`
- SectionName *v1.SectionName `json:"sectionName,omitempty"`
-}
-
-// PolicyTargetReferenceWithSectionNameApplyConfiguration constructs an declarative configuration of the PolicyTargetReferenceWithSectionName type for use with
-// apply.
-func PolicyTargetReferenceWithSectionName() *PolicyTargetReferenceWithSectionNameApplyConfiguration {
- return &PolicyTargetReferenceWithSectionNameApplyConfiguration{}
-}
-
-// WithGroup sets the Group field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Group field is set to the value of the last call.
-func (b *PolicyTargetReferenceWithSectionNameApplyConfiguration) WithGroup(value v1.Group) *PolicyTargetReferenceWithSectionNameApplyConfiguration {
- b.Group = &value
- return b
-}
-
-// WithKind sets the Kind field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Kind field is set to the value of the last call.
-func (b *PolicyTargetReferenceWithSectionNameApplyConfiguration) WithKind(value v1.Kind) *PolicyTargetReferenceWithSectionNameApplyConfiguration {
- b.Kind = &value
- return b
-}
-
-// WithName sets the Name field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Name field is set to the value of the last call.
-func (b *PolicyTargetReferenceWithSectionNameApplyConfiguration) WithName(value v1.ObjectName) *PolicyTargetReferenceWithSectionNameApplyConfiguration {
- b.Name = &value
- return b
-}
-
-// WithNamespace sets the Namespace field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the Namespace field is set to the value of the last call.
-func (b *PolicyTargetReferenceWithSectionNameApplyConfiguration) WithNamespace(value v1.Namespace) *PolicyTargetReferenceWithSectionNameApplyConfiguration {
- b.Namespace = &value
- return b
-}
-
-// WithSectionName sets the SectionName field in the declarative configuration to the given value
-// and returns the receiver, so that objects can be built by chaining "With" function invocations.
-// If called multiple times, the SectionName field is set to the value of the last call.
-func (b *PolicyTargetReferenceWithSectionNameApplyConfiguration) WithSectionName(value v1.SectionName) *PolicyTargetReferenceWithSectionNameApplyConfiguration {
- b.SectionName = &value
- return b
-}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tcproute.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tcproute.go
index 97556f798..ed6cfbfd4 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tcproute.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tcproute.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
apisv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tlsroute.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tlsroute.go
index fba887c1e..8a22aa8d6 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tlsroute.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tlsroute.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
apisv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tlsroutespec.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tlsroutespec.go
index 0f0eb1bbe..0de333f9f 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tlsroutespec.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/tlsroutespec.go
@@ -20,6 +20,7 @@ package v1alpha2
import (
v1 "sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1"
+
apisv1 "sigs.k8s.io/gateway-api/apis/v1"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/udproute.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/udproute.go
index 0c8f046c5..ba4d21f60 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/udproute.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2/udproute.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
apisv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha3/backendtlspolicy.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha3/backendtlspolicy.go
index 9ba8b1f04..5d8f6dfa6 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha3/backendtlspolicy.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha3/backendtlspolicy.go
@@ -24,6 +24,7 @@ import (
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
v1alpha2 "sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1alpha2"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
apisv1alpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1beta1/referencegrant.go b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1beta1/referencegrant.go
index 12b09aee5..4c0c7dc51 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1beta1/referencegrant.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/applyconfiguration/apis/v1beta1/referencegrant.go
@@ -23,6 +23,7 @@ import (
types "k8s.io/apimachinery/pkg/types"
managedfields "k8s.io/apimachinery/pkg/util/managedfields"
v1 "k8s.io/client-go/applyconfigurations/meta/v1"
+
internal "sigs.k8s.io/gateway-api/apis/applyconfiguration/internal"
apisv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1/grpcroute_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1/grpcroute_types.go
index f67bc4cd7..91a8a3d26 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1/grpcroute_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1/grpcroute_types.go
@@ -275,7 +275,7 @@ type GRPCRouteRule struct {
//
// +optional
//
- SessionPersistence *SessionPersistence `json:"sessionPersistence"`
+ SessionPersistence *SessionPersistence `json:"sessionPersistence,omitempty"`
}
// GRPCRouteMatch defines the predicate used to match requests to a given
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1/httproute_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1/httproute_types.go
index 0f2092c04..736e80982 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1/httproute_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1/httproute_types.go
@@ -290,12 +290,11 @@ type HTTPRouteRule struct {
//
// +optional
//
- SessionPersistence *SessionPersistence `json:"sessionPersistence"`
+ SessionPersistence *SessionPersistence `json:"sessionPersistence,omitempty"`
}
// HTTPRouteTimeouts defines timeouts that can be configured for an HTTPRoute.
// Timeout values are represented with Gateway API Duration formatting.
-// Specifying a zero value such as "0s" is interpreted as no timeout.
//
// +kubebuilder:validation:XValidation:message="backendRequest timeout cannot be longer than request timeout",rule="!(has(self.request) && has(self.backendRequest) && duration(self.request) != duration('0s') && duration(self.backendRequest) > duration(self.request))"
type HTTPRouteTimeouts struct {
@@ -307,6 +306,11 @@ type HTTPRouteTimeouts struct {
// `HTTPRoute` will cause a timeout if a client request is taking longer than 10 seconds
// to complete.
//
+ // Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout
+ // completely. Implementations that cannot completely disable the timeout MUST
+ // instead interpret the zero duration as the longest possible value to which
+ // the timeout can be set.
+ //
// This timeout is intended to cover as close to the whole request-response transaction
// as possible although an implementation MAY choose to start the timeout after the entire
// request stream has been received instead of immediately after the transaction is
@@ -323,6 +327,11 @@ type HTTPRouteTimeouts struct {
// to a backend. This covers the time from when the request first starts being
// sent from the gateway to when the full response has been received from the backend.
//
+ // Setting a timeout to the zero duration (e.g. "0s") SHOULD disable the timeout
+ // completely. Implementations that cannot completely disable the timeout MUST
+ // instead interpret the zero duration as the longest possible value to which
+ // the timeout can be set.
+ //
// An entire client HTTP transaction with a gateway, covered by the Request timeout,
// may result in more than one call from the gateway to the destination backend,
// for example, if automatic retries are supported.
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/gateway-api/apis/v1/zz_generated.deepcopy.go
index 1d919fa38..ddb9bb9d4 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1/zz_generated.deepcopy.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1/zz_generated.deepcopy.go
@@ -22,7 +22,7 @@ package v1
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
+ runtime "k8s.io/apimachinery/pkg/runtime"
)
// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1/zz_generated.register.go b/vendor/sigs.k8s.io/gateway-api/apis/v1/zz_generated.register.go
index 763dbcc12..9c8db216a 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1/zz_generated.register.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1/zz_generated.register.go
@@ -1,3 +1,6 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
/*
Copyright The Kubernetes Authors.
@@ -43,7 +46,7 @@ var (
// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
- // Depreciated: use Install instead
+ // Deprecated: use Install instead
AddToScheme = localSchemeBuilder.AddToScheme
Install = localSchemeBuilder.AddToScheme
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/backendlbpolicy_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/backendlbpolicy_types.go
index 5063f0f4e..f6cc9741e 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/backendlbpolicy_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/backendlbpolicy_types.go
@@ -70,5 +70,5 @@ type BackendLBPolicySpec struct {
// Support: Extended
//
// +optional
- SessionPersistence *SessionPersistence `json:"sessionPersistence"`
+ SessionPersistence *SessionPersistence `json:"sessionPersistence,omitempty"`
}
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/zz_generated.deepcopy.go
index 805d34c60..3bf9f0fbe 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/zz_generated.deepcopy.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/zz_generated.deepcopy.go
@@ -22,7 +22,7 @@ package v1alpha2
import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
- "k8s.io/apimachinery/pkg/runtime"
+ runtime "k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/gateway-api/apis/v1"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/zz_generated.register.go b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/zz_generated.register.go
index 2fff9ce2c..bb133e5dc 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/zz_generated.register.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha2/zz_generated.register.go
@@ -1,3 +1,6 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
/*
Copyright The Kubernetes Authors.
@@ -43,7 +46,7 @@ var (
// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
- // Depreciated: use Install instead
+ // Deprecated: use Install instead
AddToScheme = localSchemeBuilder.AddToScheme
Install = localSchemeBuilder.AddToScheme
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/backendtlspolicy_types.go b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/backendtlspolicy_types.go
index 3c20b4442..cafd1a7ff 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/backendtlspolicy_types.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/backendtlspolicy_types.go
@@ -133,8 +133,8 @@ type BackendTLSPolicyValidation struct {
Hostname v1.PreciseHostname `json:"hostname"`
}
-// WellKnownCACertificatesType is the type of CA certificate that will be used when
-// the TLS.caCertRefs is unspecified.
+// WellKnownCACertificatesType is the type of CA certificate that will be used
+// when the caCertificateRefs field is unspecified.
// +kubebuilder:validation:Enum=System
type WellKnownCACertificatesType string
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/zz_generated.deepcopy.go
index 416f6bebe..5339c534c 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/zz_generated.deepcopy.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/zz_generated.deepcopy.go
@@ -21,7 +21,7 @@ limitations under the License.
package v1alpha3
import (
- "k8s.io/apimachinery/pkg/runtime"
+ runtime "k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/gateway-api/apis/v1"
"sigs.k8s.io/gateway-api/apis/v1alpha2"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/zz_generated.register.go b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/zz_generated.register.go
index a7f649c7c..eaa37ed47 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/zz_generated.register.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1alpha3/zz_generated.register.go
@@ -1,3 +1,6 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
/*
Copyright The Kubernetes Authors.
@@ -43,7 +46,7 @@ var (
// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
- // Depreciated: use Install instead
+ // Deprecated: use Install instead
AddToScheme = localSchemeBuilder.AddToScheme
Install = localSchemeBuilder.AddToScheme
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go
index 53dd02b67..5f266543b 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.deepcopy.go
@@ -21,7 +21,7 @@ limitations under the License.
package v1beta1
import (
- "k8s.io/apimachinery/pkg/runtime"
+ runtime "k8s.io/apimachinery/pkg/runtime"
"sigs.k8s.io/gateway-api/apis/v1"
)
diff --git a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go
index 05d7898b3..b20c2acc5 100644
--- a/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go
+++ b/vendor/sigs.k8s.io/gateway-api/apis/v1beta1/zz_generated.register.go
@@ -1,3 +1,6 @@
+//go:build !ignore_autogenerated
+// +build !ignore_autogenerated
+
/*
Copyright The Kubernetes Authors.
@@ -43,7 +46,7 @@ var (
// localSchemeBuilder and AddToScheme will stay in k8s.io/kubernetes.
SchemeBuilder runtime.SchemeBuilder
localSchemeBuilder = &SchemeBuilder
- // Depreciated: use Install instead
+ // Deprecated: use Install instead
AddToScheme = localSchemeBuilder.AddToScheme
Install = localSchemeBuilder.AddToScheme
)
diff --git a/vendor/sigs.k8s.io/gateway-api/pkg/client/informers/externalversions/apis/interface.go b/vendor/sigs.k8s.io/gateway-api/pkg/client/informers/externalversions/apis/interface.go
index ec6d9155d..7a38bef9a 100644
--- a/vendor/sigs.k8s.io/gateway-api/pkg/client/informers/externalversions/apis/interface.go
+++ b/vendor/sigs.k8s.io/gateway-api/pkg/client/informers/externalversions/apis/interface.go
@@ -28,14 +28,14 @@ import (
// Interface provides access to each of this group's versions.
type Interface interface {
+ // V1 provides access to shared informers for resources in V1.
+ V1() v1.Interface
// V1alpha2 provides access to shared informers for resources in V1alpha2.
V1alpha2() v1alpha2.Interface
// V1alpha3 provides access to shared informers for resources in V1alpha3.
V1alpha3() v1alpha3.Interface
// V1beta1 provides access to shared informers for resources in V1beta1.
V1beta1() v1beta1.Interface
- // V1 provides access to shared informers for resources in V1.
- V1() v1.Interface
}
type group struct {
@@ -49,6 +49,11 @@ func New(f internalinterfaces.SharedInformerFactory, namespace string, tweakList
return &group{factory: f, namespace: namespace, tweakListOptions: tweakListOptions}
}
+// V1 returns a new v1.Interface.
+func (g *group) V1() v1.Interface {
+ return v1.New(g.factory, g.namespace, g.tweakListOptions)
+}
+
// V1alpha2 returns a new v1alpha2.Interface.
func (g *group) V1alpha2() v1alpha2.Interface {
return v1alpha2.New(g.factory, g.namespace, g.tweakListOptions)
@@ -63,8 +68,3 @@ func (g *group) V1alpha3() v1alpha3.Interface {
func (g *group) V1beta1() v1beta1.Interface {
return v1beta1.New(g.factory, g.namespace, g.tweakListOptions)
}
-
-// V1 returns a new v1.Interface.
-func (g *group) V1() v1.Interface {
- return v1.New(g.factory, g.namespace, g.tweakListOptions)
-}
diff --git a/vendor/sigs.k8s.io/gateway-api/pkg/features/features.go b/vendor/sigs.k8s.io/gateway-api/pkg/features/features.go
index fcb6d2801..14ff93eba 100644
--- a/vendor/sigs.k8s.io/gateway-api/pkg/features/features.go
+++ b/vendor/sigs.k8s.io/gateway-api/pkg/features/features.go
@@ -54,6 +54,10 @@ const (
// of allocating pre-determined addresses, rather than dynamically having
// addresses allocated for it.
SupportGatewayStaticAddresses SupportedFeature = "GatewayStaticAddresses"
+
+ // SupportGatewayHTTPListenerIsolation option indicates support for the isolation
+ // of HTTP listeners.
+ SupportGatewayHTTPListenerIsolation SupportedFeature = "GatewayHTTPListenerIsolation"
)
// GatewayExtendedFeatures are extra generic features that implementations may
@@ -61,6 +65,7 @@ const (
var GatewayExtendedFeatures = sets.New(
SupportGatewayPort8080,
SupportGatewayStaticAddresses,
+ SupportGatewayHTTPListenerIsolation,
)
// -----------------------------------------------------------------------------
@@ -222,6 +227,10 @@ var UDPRouteFeatures = sets.New(
const (
// This option indicates general support for service mesh
SupportMesh SupportedFeature = "Mesh"
+ // This option indicates support for matching Service traffic specifically by Cluster IP rather than other mechanisms.
+ SupportMeshClusterIPMatching SupportedFeature = "MeshClusterIPMatching"
+ // This option indicates support for "consumer" routes, where a namespace creates a route for a service in another namespace.
+ SupportMeshConsumerRoute SupportedFeature = "MeshConsumerRoute"
)
// MeshCoreFeatures includes all the supported features for the service mesh at
@@ -230,6 +239,13 @@ var MeshCoreFeatures = sets.New(
SupportMesh,
)
+// MeshExtendedFeatures includes all the supported features for the service mesh at
+// an Extended level of support.
+var MeshExtendedFeatures = sets.New(
+ SupportMeshClusterIPMatching,
+ SupportMeshConsumerRoute,
+)
+
// -----------------------------------------------------------------------------
// Features - GRPCRoute Conformance
// -----------------------------------------------------------------------------
@@ -262,4 +278,5 @@ var AllFeatures = sets.New[SupportedFeature]().
Insert(HTTPRouteExperimentalFeatures.UnsortedList()...).
Insert(TLSRouteCoreFeatures.UnsortedList()...).
Insert(MeshCoreFeatures.UnsortedList()...).
+ Insert(MeshExtendedFeatures.UnsortedList()...).
Insert(GRPCRouteCoreFeatures.UnsortedList()...)