This is an automated email from the ASF dual-hosted git repository. albumenj pushed a commit to branch refactor-with-go in repository https://gitbox.apache.org/repos/asf/dubbo-admin.git
commit e9b9266cabf2eb56f9f96cf1d3225a3b10eab60f Author: Albumen Kevin <[email protected]> AuthorDate: Thu Mar 2 17:23:15 2023 +0800 Add pa informer --- ca/deploy/crd.yaml | 225 ++++++++++----------- ca/deploy/example-peerauthentication.yaml | 15 +- ca/go.mod | 34 +--- ca/go.sum | 100 +-------- ca/pkg/apis/dubbo.apache.org/v1beta1/register.go | 22 +- .../v1beta1/zz_generated.deepcopy.go | 78 +++++-- .../v1beta1/peerauthenticationspec.go | 30 ++- .../dubbo.apache.org/v1beta1/rule.go | 34 ++-- .../dubbo.apache.org/v1beta1/target.go | 101 +++++++++ ca/pkg/generated/applyconfiguration/utils.go | 2 + ca/pkg/k8s/client.go | 25 ++- ca/pkg/k8s/controller.go | 171 ++++++++++++++++ ca/pkg/k8s/controller_test.go | 37 ++++ ca/pkg/rule/authentication/definition.go | 44 ++++ ca/pkg/rule/authentication/handler.go | 31 +++ 15 files changed, 654 insertions(+), 295 deletions(-) diff --git a/ca/deploy/crd.yaml b/ca/deploy/crd.yaml index 3e25633..1e51ee8 100644 --- a/ca/deploy/crd.yaml +++ b/ca/deploy/crd.yaml @@ -22,143 +22,130 @@ spec: - NONE - CLIENT_AUTH - SERVER_AUTH - rule: + rules: type: array items: type: object properties: from: - type: array + type: object description: "The source of the traffic to be matched." - items: - type: object - properties: - source: + properties: + namespaces: + type: array + description: "The namespaces to match of the source workload." + items: + type: string + notNamespaces: + type: array + description: "The namespaces not to match of the source workload." + items: + type: string + ipBlocks: + type: array + description: "The IP addresses to match of the source workload." + items: + type: string + notIpBlocks: + type: array + description: "The IP addresses not to match of the source workload." + items: + type: string + principals: + type: array + description: "The identities(from spiffe) to match of the source workload." + items: + type: string + notPrincipals: + type: array + description: "The identities(from spiffe) not to match of the source workload." + items: + type: string + extends: + type: array + description: "The extended identities(from Dubbo Auth) to match of the source workload." + items: type: object properties: - namespaces: - type: array - description: "The namespaces to match of the source workload." - items: - type: string - notNamespaces: - type: array - description: "The namespaces not to match of the source workload." - items: - type: string - ipBlocks: - type: array - description: "The IP addresses to match of the source workload." - items: - type: string - notIpBlocks: - type: array - description: "The IP addresses not to match of the source workload." - items: - type: string - principals: - type: array - description: "The identities(from spiffe) to match of the source workload." - items: - type: string - notPrincipals: - type: array - description: "The identities(from spiffe) not to match of the source workload." - items: - type: string - extends: - type: array - description: "The extended identities(from Dubbo Auth) to match of the source workload." - items: - type: object - properties: - key: - type: string - description: "The key of the extended identity." - value: - type: string - description: "The value of the extended identity." - notExtends: - type: array - description: "The extended identities(from Dubbo Auth) not to match of the source workload." - items: - type: object - properties: - key: - type: string - description: "The key of the extended identity." - value: - type: string - description: "The value of the extended identity." + key: + type: string + description: "The key of the extended identity." + value: + type: string + description: "The value of the extended identity." + notExtends: + type: array + description: "The extended identities(from Dubbo Auth) not to match of the source workload." + items: + type: object + properties: + key: + type: string + description: "The key of the extended identity." + value: + type: string + description: "The value of the extended identity." to: - type: array + type: object description: "The destination of the traffic to be matched." - items: - type: object - properties: - source: + properties: + ipBlocks: + type: array + description: "The IP addresses to match of the destination workload." + items: + type: string + notIpBlocks: + type: array + description: "The IP addresses not to match of the destination workload." + items: + type: string + principals: + type: array + description: "The identities(from spiffe) to match of the destination workload." + items: + type: string + notPrincipals: + type: array + description: "The identities(from spiffe) not to match of the destination workload." + items: + type: string + extends: + type: array + description: "The extended identities(from Dubbo Auth) to match of the destination workload." + items: + type: object + properties: + key: + type: string + description: "The key of the extended identity." + value: + type: string + description: "The value of the extended identity." + notExtends: + type: array + description: "The extended identities(from Dubbo Auth) not to match of the destination workload." + items: type: object properties: - namespaces: - type: array - description: "The namespaces to match of the destination workload." - items: - type: string - notNamespaces: - type: array - description: "The namespaces not to match of the destination workload." - items: - type: string - ipBlocks: - type: array - description: "The IP addresses to match of the destination workload." - items: - type: string - notIpBlocks: - type: array - description: "The IP addresses not to match of the destination workload." - items: - type: string - principals: - type: array - description: "The identities(from spiffe) to match of the destination workload." - items: - type: string - notPrincipals: - type: array - description: "The identities(from spiffe) not to match of the destination workload." - items: - type: string - extends: - type: array - description: "The extended identities(from Dubbo Auth) to match of the destination workload." - items: - type: object - properties: - key: - type: string - description: "The key of the extended identity." - value: - type: string - description: "The value of the extended identity." - notExtends: - type: array - description: "The extended identities(from Dubbo Auth) not to match of the destination workload." - items: - type: object - properties: - key: - type: string - description: "The key of the extended identity." - value: - type: string - description: "The value of the extended identity." + key: + type: string + description: "The key of the extended identity." + value: + type: string + description: "The value of the extended identity." order: type: integer description: "The order of the rule. The rule with the highest precedence is matched first." minimum: -2147483648 default: 0 maximum: 2147483647 + matchType: + type: string + description: "The match type of the rules." + enum: + - anyMatch + - allMatch + default: anyMatch required: - action scope: Namespaced diff --git a/ca/deploy/example-peerauthentication.yaml b/ca/deploy/example-peerauthentication.yaml index 1d8560b..718ac6b 100644 --- a/ca/deploy/example-peerauthentication.yaml +++ b/ca/deploy/example-peerauthentication.yaml @@ -5,15 +5,10 @@ metadata: namespace: default spec: action: CLIENT_AUTH - rule: + rules: - from: - - source: - principals: ["cluster.local/ns/default/sa/sleep"] - - source: - namespaces: ["test"] - - to: - - source: - principals: ["cluster.local/ns/default/sa/sleep"] - - source: - namespaces: ["demo"] + principals: ["cluster.local/ns/default/sa/sleep"] + namespaces: ["test"] + to: + principals: ["cluster.local/ns/default/sa/sleep"] order: 0 \ No newline at end of file diff --git a/ca/go.mod b/ca/go.mod index f66c566..928e18b 100644 --- a/ca/go.mod +++ b/ca/go.mod @@ -20,31 +20,27 @@ go 1.19 require ( github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 + github.com/mattbaird/jsonpatch v0.0.0-20200820163806-098863c1fc24 go.uber.org/zap v1.24.0 + golang.org/x/net v0.7.0 google.golang.org/grpc v1.53.0 google.golang.org/protobuf v1.28.1 k8s.io/api v0.26.1 k8s.io/apimachinery v0.26.1 k8s.io/client-go v0.26.1 + sigs.k8s.io/structured-merge-diff/v4 v4.2.3 ) require ( - github.com/bytedance/sonic v1.8.2 // indirect - github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.9.0 // indirect - github.com/gin-contrib/sse v0.1.0 // indirect - github.com/gin-contrib/zap v0.1.0 // indirect - github.com/gin-gonic/gin v1.9.0 // indirect + github.com/evanphx/json-patch v4.12.0+incompatible // indirect github.com/go-logr/logr v1.2.3 // indirect github.com/go-openapi/jsonpointer v0.19.5 // indirect github.com/go-openapi/jsonreference v0.20.0 // indirect github.com/go-openapi/swag v0.19.14 // indirect - github.com/go-playground/locales v0.14.1 // indirect - github.com/go-playground/universal-translator v0.18.1 // indirect - github.com/go-playground/validator/v10 v10.11.2 // indirect - github.com/goccy/go-json v0.10.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect + github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect github.com/golang/protobuf v1.5.2 // indirect github.com/google/gnostic v0.5.7-v3refs // indirect github.com/google/go-cmp v0.5.9 // indirect @@ -52,27 +48,17 @@ require ( github.com/imdario/mergo v0.3.6 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/cpuid/v2 v2.2.4 // indirect - github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect - github.com/leodido/go-urn v1.2.2 // indirect + github.com/kr/pretty v0.3.0 // indirect github.com/mailru/easyjson v0.7.6 // indirect - github.com/mattbaird/jsonpatch v0.0.0-20200820163806-098863c1fc24 // indirect - github.com/mattn/go-isatty v0.0.17 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect - github.com/pelletier/go-toml/v2 v2.0.6 // indirect - github.com/sirupsen/logrus v1.4.2 // indirect + github.com/pkg/errors v0.9.1 // indirect + github.com/rogpeppe/go-internal v1.8.0 // indirect github.com/spf13/pflag v1.0.5 // indirect - github.com/twitchyliquid64/golang-asm v0.15.1 // indirect - github.com/ugorji/go/codec v1.2.10 // indirect - go.opentelemetry.io/otel v1.10.0 // indirect - go.opentelemetry.io/otel/trace v1.10.0 // indirect + github.com/stretchr/testify v1.8.2 // indirect go.uber.org/atomic v1.10.0 // indirect go.uber.org/multierr v1.9.0 // indirect - golang.org/x/arch v0.2.0 // indirect - golang.org/x/crypto v0.6.0 // indirect - golang.org/x/net v0.7.0 // indirect golang.org/x/oauth2 v0.4.0 // indirect golang.org/x/sys v0.5.0 // indirect golang.org/x/term v0.5.0 // indirect @@ -80,6 +66,7 @@ require ( golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 // indirect google.golang.org/appengine v1.6.7 // indirect google.golang.org/genproto v0.0.0-20230221151758-ace64dc21148 // indirect + gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect @@ -87,6 +74,5 @@ require ( k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 // indirect k8s.io/utils v0.0.0-20221107191617-1a15be271d1d // indirect sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 // indirect - sigs.k8s.io/structured-merge-diff/v4 v4.2.3 // indirect sigs.k8s.io/yaml v1.3.0 // indirect ) diff --git a/ca/go.sum b/ca/go.sum index 1f0de72..3522048 100644 --- a/ca/go.sum +++ b/ca/go.sum @@ -1,14 +1,7 @@ cloud.google.com/go v0.26.0/go.mod h1:aQUYkXzVsufM+DwF1aE+0xfcU+56JwCaLick0ClmMTw= github.com/BurntSushi/toml v0.3.1/go.mod h1:xHWCNGjB5oqiDr8zfno3MHue2Ht5sIBksp03qcyfWMU= github.com/benbjohnson/clock v1.1.0 h1:Q92kusRqC1XV2MjkWETPvjJVqKetz1OzxZB7mHJLju8= -github.com/benbjohnson/clock v1.1.0/go.mod h1:J11/hYXuz8f4ySSvYwY0FKfm+ezbsZBKZxNJlLklBHA= -github.com/bytedance/sonic v1.5.0/go.mod h1:ED5hyg4y6t3/9Ku1R6dU/4KyJ48DZ4jPhfY1O2AihPM= -github.com/bytedance/sonic v1.8.2 h1:Eq1oE3xWIBE3tj2ZtJFK1rDAx7+uA4bRytozVhXMHKY= -github.com/bytedance/sonic v1.8.2/go.mod h1:i736AoUSYt75HyZLoJW9ERYxcy6eaN6h4BZXU064P/U= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= -github.com/chenzhuoyu/base64x v0.0.0-20211019084208-fb5309c8db06/go.mod h1:DH46F32mSOjUmXrMHnKwZdA8wcEefY7UVqBKYGjpdQY= -github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 h1:qSGYFH7+jGhDF8vLC+iwCD4WpbV1EBDSzWkJODFLams= -github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311/go.mod h1:b583jCggY9gE99b6G5LEC39OIiVsWj+R97kbl5odCEk= github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/cncf/udpa/go v0.0.0-20191209042840-269d4d468f6f/go.mod h1:M8M6+tZqaGXZJjfX53e64911xZQV5JYwmTeXPW+k8Sc= github.com/creack/pty v1.1.9/go.mod h1:oKZEueFk5CKHvIhNR5MUki03XCEU+Q6VDXinZuGJ33E= @@ -22,20 +15,13 @@ github.com/envoyproxy/go-control-plane v0.9.0/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymF github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4= github.com/envoyproxy/go-control-plane v0.9.4/go.mod h1:6rpuAdCZL397s3pYoYcLgu1mIlRU8Am5FuJP05cCM98= github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c= -github.com/gin-contrib/sse v0.1.0 h1:Y/yl/+YNO8GZSjAhjMsSuLt29uWRFHdHYUb5lYOV9qE= -github.com/gin-contrib/sse v0.1.0/go.mod h1:RHrZQHXnP2xjPF+u1gW/2HnVO7nvIa9PG3Gm+fLHvGI= -github.com/gin-contrib/zap v0.1.0 h1:RMSFFJo34XZogV62OgOzvrlaMNmXrNxmJ3bFmMwl6Cc= -github.com/gin-contrib/zap v0.1.0/go.mod h1:hvnZaPs478H1PGvRP8w89ZZbyJUiyip4ddiI/53WG3o= -github.com/gin-gonic/gin v1.8.1/go.mod h1:ji8BvRH1azfM+SYow9zQ6SZMvR8qOMZHmsCuWR9tTTk= -github.com/gin-gonic/gin v1.9.0 h1:OjyFBKICoexlu99ctXNR2gg+c5pKrKMuyjgARg9qeY8= -github.com/gin-gonic/gin v1.9.0/go.mod h1:W1Me9+hsUSyj3CePGrd1/QrKJMSJ1Tu/0hFEH89961k= +github.com/evanphx/json-patch v4.12.0+incompatible h1:4onqiflcdA9EOZ4RxV643DvftH5pOlLGNtQ5lPWQu84= +github.com/evanphx/json-patch v4.12.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk= github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as= github.com/go-logfmt/logfmt v0.4.0/go.mod h1:3RMwSq7FuexP4Kalkev3ejPJsZTpXXBr9+V4qmtdjCk= github.com/go-logr/logr v1.2.0/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/logr v1.2.2/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= github.com/go-logr/logr v1.2.3 h1:2DntVwHkVopvECVRSlL5PSo9eG+cAkDCuckLubN+rq0= github.com/go-logr/logr v1.2.3/go.mod h1:jdQByPbusPIv2/zmleS9BjJVeZ6kBagPoEUsqbVz/1A= -github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-openapi/jsonpointer v0.19.3/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= github.com/go-openapi/jsonpointer v0.19.5 h1:gZr+CIYByUqjcgeLXnQu2gHYQC9o73G2XUeOFYEICuY= github.com/go-openapi/jsonpointer v0.19.5/go.mod h1:Pl9vOtqEWErmShwVjC8pYs9cog34VGT37dQOVbmoatg= @@ -44,23 +30,12 @@ github.com/go-openapi/jsonreference v0.20.0/go.mod h1:Ag74Ico3lPc+zR+qjn4XBUmXym github.com/go-openapi/swag v0.19.5/go.mod h1:POnQmlKehdgb5mhVOsnJFsivZCEZ/vjK9gh66Z9tfKk= github.com/go-openapi/swag v0.19.14 h1:gm3vOOXfiuw5i9p5N9xJvfjvuofpyvLA9Wr6QfK5Fng= github.com/go-openapi/swag v0.19.14/go.mod h1:QYRuS/SOXUCsnplDa677K7+DxSOj6IPNl/eQntq43wQ= -github.com/go-playground/assert/v2 v2.0.1/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4= -github.com/go-playground/locales v0.14.0/go.mod h1:sawfccIbzZTqEDETgFXqTho0QybSa7l++s0DH+LDiLs= -github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA= -github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY= -github.com/go-playground/universal-translator v0.18.0/go.mod h1:UvRDBj+xPUEGrFYl+lu/H90nyDXpg0fqeB/AQUGNTVA= -github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY= -github.com/go-playground/universal-translator v0.18.1/go.mod h1:xekY+UJKNuX9WP91TpwSH2VMlDf28Uj24BCp08ZFTUY= -github.com/go-playground/validator/v10 v10.10.0/go.mod h1:74x4gJWsvQexRdW8Pn3dXSGrTK4nAUsbPlLADvpJkos= -github.com/go-playground/validator/v10 v10.11.2 h1:q3SHpufmypg+erIExEKUmsgmhDTyhcJ38oeKGACXohU= -github.com/go-playground/validator/v10 v10.11.2/go.mod h1:NieE624vt4SCTJtD87arVLvdmjPAeV8BQlHtMnw9D7s= github.com/go-stack/stack v1.8.0/go.mod h1:v0f6uXyyMGvRgIKkXu+yp6POWl0qKG85gN/melR3HDY= -github.com/goccy/go-json v0.9.7/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= -github.com/goccy/go-json v0.10.0 h1:mXKd9Qw4NuzShiRlOXKews24ufknHO7gx30lsDyokKA= -github.com/goccy/go-json v0.10.0/go.mod h1:6MelG93GURQebXPDq3khkgXZkazVtN9CRI+MGFi0w8I= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b/go.mod h1:SBH7ygxi8pfUlaOkMMuAQtPIUF8ecWP5IEl/CR7VP2Q= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= +github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A= github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -82,12 +57,12 @@ github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMyw github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU= github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= github.com/google/go-cmp v0.5.5/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE= -github.com/google/go-cmp v0.5.8/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/go-cmp v0.5.9 h1:O2Tfq5qg4qc4AmwVlvv0oLiVAGB7enBSJ2x2DqQFi38= github.com/google/go-cmp v0.5.9/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.1.0 h1:Hsa8mG0dQ46ij8Sl2AYJDUv1oA9/d6Vk+3LG99Oe02g= github.com/google/gofuzz v1.1.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= +github.com/google/uuid v1.3.0 h1:t6JiXgmwXMjEs8VusXIJk2BXHsn+wx8BZdTaoZ5fu7I= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0 h1:+9834+KizmvFV7pXQGSXQTsaWhq2GjuNUt0aUU0YBYw= github.com/grpc-ecosystem/go-grpc-middleware v1.3.0/go.mod h1:z0ButlSOZa5vEBq9m2m2hlwIgKw+rp3sdCBRoJY+30Y= github.com/imdario/mergo v0.3.6 h1:xTNEAn+kxVO7dTZGu0CegyqKZmoWFI0rF8UxjlB2d28= @@ -98,33 +73,23 @@ github.com/json-iterator/go v1.1.12 h1:PV8peI4a0ysnczrg+LtxykD8LfKY9ML6u2jnxaEnr github.com/json-iterator/go v1.1.12/go.mod h1:e30LSqwooZae/UwlEbR2852Gd8hjQvJoHmT4TnhNGBo= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/cpuid/v2 v2.0.9/go.mod h1:FInQzS24/EEf25PyTYn52gqo7WaD8xa0213Md/qVLRg= -github.com/klauspost/cpuid/v2 v2.2.4 h1:acbojRNwl3o09bUq+yDCtZFc1aiwaAAxtcn8YkZXnvk= -github.com/klauspost/cpuid/v2 v2.2.4/go.mod h1:RVVoqg1df56z8g3pUjL/3lE5UfnlrJX8tyFgg4nqhuY= github.com/konsorten/go-windows-terminal-sequences v1.0.1/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= -github.com/konsorten/go-windows-terminal-sequences v1.0.3 h1:CE8S1cTafDpPvMhIxNJKvHsGVBgn1xWYf1NbHQhywc8= -github.com/konsorten/go-windows-terminal-sequences v1.0.3/go.mod h1:T0+1ngSBFLxvqU3pZ+m/2kptfBszLMUkC4ZK/EgS/cQ= github.com/kr/logfmt v0.0.0-20140226030751-b84e30acd515/go.mod h1:+0opPa2QZZtGFBFZlji/RkVcI2GknAs/DXo4wKdlNEc= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.2.0/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= github.com/kr/pretty v0.2.1/go.mod h1:ipq/a2n7PKx3OHsz4KJII5eveXtPO4qwEXGdVfWzfnI= +github.com/kr/pretty v0.3.0 h1:WgNl7dwNpEZ6jJ9k1snq4pZsg7DOEN8hP9Xw0Tsjwk0= github.com/kr/pretty v0.3.0/go.mod h1:640gp4NfQd8pI5XOwp5fnNeVWj67G7CFk/SaSQn7NBk= github.com/kr/pty v1.1.1/go.mod h1:pFQYn66WHrOpPYNljwOMqo10TkYh1fy3cYio2l3bCsQ= github.com/kr/text v0.1.0/go.mod h1:4Jbv+DJW3UT/LiOwJeYQe1efqtUx/iVham/4vfdArNI= github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= -github.com/leodido/go-urn v1.2.1/go.mod h1:zt4jvISO2HfUBqxjfIshjdMTYS56ZS/qv49ictyFfxY= -github.com/leodido/go-urn v1.2.2 h1:7z68G0FCGvDk646jz1AelTYNYWrTNm0bEcFAo147wt4= -github.com/leodido/go-urn v1.2.2/go.mod h1:kUaIbLZWttglzwNuG0pgsh5vuV6u2YcGBYz1hIPjtOQ= github.com/mailru/easyjson v0.0.0-20190614124828-94de47d64c63/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.0.0-20190626092158-b2ccc519800e/go.mod h1:C1wdFJiN94OJF2b5HbByQZoLdCWB1Yqtg26g4irojpc= github.com/mailru/easyjson v0.7.6 h1:8yTIVnZgCoiM1TgqoeTl+LfU5Jg6/xL3QhGQnimLYnA= github.com/mailru/easyjson v0.7.6/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= github.com/mattbaird/jsonpatch v0.0.0-20200820163806-098863c1fc24 h1:uYuGXJBAi1umT+ZS4oQJUgKtfXCAYTR+n9zw1ViT0vA= github.com/mattbaird/jsonpatch v0.0.0-20200820163806-098863c1fc24/go.mod h1:M1qoD/MqPgTZIk0EWKB38wE28ACRfVcn+cU08jyArI0= -github.com/mattn/go-isatty v0.0.14/go.mod h1:7GGIvUiUoEMVVmxf/4nioHXj79iQHKdU27kJ6hsGG94= -github.com/mattn/go-isatty v0.0.17 h1:BTarxUcIeDqL27Mc+vyvdWYSL28zpIhv3RoTdsLMPng= -github.com/mattn/go-isatty v0.0.17/go.mod h1:kYGgaQfpe5nmfYZH+SKPsOc2e4SrIfOl2e/yFXSvRLM= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -132,24 +97,20 @@ github.com/modern-go/reflect2 v1.0.2 h1:xBagoLtFs94CBntxluKeaWgTMpvLxC4ur3nMaC9G github.com/modern-go/reflect2 v1.0.2/go.mod h1:yWuevngMOJpCy52FWWMvUC8ws7m/LJsjYzDa0/r8luk= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq1c1nUAm88MOHcQC9l5mIlSMApZMrHA= github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= -github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e h1:fD57ERR4JtEqsWbfPhv4DMiApHyliiK5xCTNVSPiaAs= github.com/niemeyer/pretty v0.0.0-20200227124842-a10e7caefd8e/go.mod h1:zD1mROLANZcx1PVRCS0qkT7pwLkGfwJo4zjcN/Tysno= github.com/onsi/ginkgo/v2 v2.4.0 h1:+Ig9nvqgS5OBSACXNk15PLdp0U9XPYROt9CFzVdFGIs= github.com/onsi/gomega v1.23.0 h1:/oxKu9c2HVap+F3PfKort2Hw5DEU+HGlW8n+tguWsys= github.com/opentracing/opentracing-go v1.1.0/go.mod h1:UkNAQd3GIcIGf0SeVgPpRdFStlNbqXla1AfSYxPUl2o= -github.com/pelletier/go-toml/v2 v2.0.1/go.mod h1:r9LEWfGN8R5k0VXJ+0BkIe7MYkRdwZOjgMj2KwnJFUo= -github.com/pelletier/go-toml/v2 v2.0.6 h1:nrzqCb7j9cDFj2coyLNLaZuJTLjWjlaz6nvTvIwycIU= -github.com/pelletier/go-toml/v2 v2.0.6/go.mod h1:eumQOmlWiOPt5WriQQqoM5y18pDHwha2N+QD+EUNTek= github.com/pkg/diff v0.0.0-20210226163009-20ebb0f2a09e/go.mod h1:pJLUxLENpZxwdsKMEsNbx1VGcRFpLqf3715MtcvvzbA= github.com/pkg/errors v0.8.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= +github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4/go.mod h1:xMI15A0UPsDsEKsMN9yxemIoYk6Tm2C1GtYGdfGttqA= github.com/rogpeppe/go-internal v1.6.1/go.mod h1:xXDCJY+GAPziupqXw64V24skbSoqbTEfhy4qGm1nDQc= +github.com/rogpeppe/go-internal v1.8.0 h1:FCbCCtXNOY3UtUuHUYaghJg4y7Fd14rXifAYUAtL9R8= github.com/rogpeppe/go-internal v1.8.0/go.mod h1:WmiCO8CzOY8rg0OYDC4/i/2WRWAB6poM+XZ2dLUbcbE= -github.com/rwtodd/Go.Sed v0.0.0-20210816025313-55464686f9ef/go.mod h1:8AEUvGVi2uQ5b24BIhcr0GCcpd/RNAFWaN2CJFrWIIQ= -github.com/sirupsen/logrus v1.4.2 h1:SPIRibHv4MatM3XXNO2BJeFLZwZ2LvZgfQ5+UNI2im4= github.com/sirupsen/logrus v1.4.2/go.mod h1:tLMulIdttU9McNUspp0xgXVQah82FyeX6MwdIuYE2rE= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg= @@ -163,57 +124,31 @@ github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UV github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA= github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= -github.com/stretchr/testify v1.8.1/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8= github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4= -github.com/twitchyliquid64/golang-asm v0.15.1 h1:SU5vSMR7hnwNxj24w34ZyCi/FmDZTkS4MhqMhdFk5YI= -github.com/twitchyliquid64/golang-asm v0.15.1/go.mod h1:a1lVb/DtPvCB8fslRZhAngC2+aY1QWCk3Cedj/Gdt08= -github.com/ugorji/go v1.2.7/go.mod h1:nF9osbDWLy6bDVv/Rtoh6QgnvNDpmCalQV5urGCCS6M= -github.com/ugorji/go/codec v1.2.7/go.mod h1:WGN1fab3R1fzQlVQTkfxVtIBhWDRqOviHU95kRgeqEY= -github.com/ugorji/go/codec v1.2.10 h1:eimT6Lsr+2lzmSZxPhLFoOWFmQqwk0fllJJ5hEbTXtQ= -github.com/ugorji/go/codec v1.2.10/go.mod h1:UNopzCgEMSXjBc6AOMqYvWC1ktqTAfzJZUZgYf6w6lg= github.com/yuin/goldmark v1.1.27/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= github.com/yuin/goldmark v1.2.1/go.mod h1:3hX8gzYuyVAZsxl0MRgGTJEmQBFcNTphYh9decYSb74= -github.com/yuin/goldmark v1.3.5/go.mod h1:mwnBkeHKe2W/ZEtQ+71ViKU8L12m81fl3OWwC1Zlc8k= -go.opentelemetry.io/otel v1.10.0 h1:Y7DTJMR6zs1xkS/upamJYk0SxxN4C9AqRd77jmZnyY4= -go.opentelemetry.io/otel v1.10.0/go.mod h1:NbvWjCthWHKBEUMpf0/v8ZRZlni86PpGFEMA9pnQSnQ= -go.opentelemetry.io/otel/trace v1.10.0 h1:npQMbR8o7mum8uF95yFbOEJffhs1sbCOfDh8zAJiH5E= -go.opentelemetry.io/otel/trace v1.10.0/go.mod h1:Sij3YYczqAdz+EhmGhE6TpTxUO5/F/AzrK+kxfGqySM= go.uber.org/atomic v1.4.0/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE= -go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= go.uber.org/atomic v1.10.0 h1:9qC72Qh0+3MqyJbAn8YU5xVq1frD8bn3JtD2oXtafVQ= go.uber.org/atomic v1.10.0/go.mod h1:LUxbIzbOniOlMKjJjyPfpl4v+PKK2cNJn91OQbhoJI0= go.uber.org/goleak v1.1.11 h1:wy28qYRKZgnJTxGxvye5/wgWr1EKjmUDGYox5mGlRlI= -go.uber.org/goleak v1.1.11/go.mod h1:cwTWslyiVhfpKIDGSZEM2HlOvcqm+tG4zioyIeLoqMQ= go.uber.org/multierr v1.1.0/go.mod h1:wR5kodmAFQ0UK8QlbwjlSNy0Z68gJhDJUG5sjR94q/0= -go.uber.org/multierr v1.6.0/go.mod h1:cdWPpRnG4AhwMwsgIHip0KRBQjJy5kYEpYjJxpXp9iU= go.uber.org/multierr v1.9.0 h1:7fIwc/ZtS0q++VgcfqFDxSBZVv/Xo49/SYnDFupUwlI= go.uber.org/multierr v1.9.0/go.mod h1:X2jQV1h+kxSjClGpnseKVIxpmcjrj7MNnI0bnlfKTVQ= go.uber.org/zap v1.10.0/go.mod h1:vwi/ZaCAaUcBkycHslxD9B2zi4UTXhF60s6SWpuDF0Q= -go.uber.org/zap v1.23.0/go.mod h1:D+nX8jyLsMHMYrln8A0rJjFt/T/9/bGgIhAqxv5URuY= go.uber.org/zap v1.24.0 h1:FiJd5l1UOLj0wCgbSE0rwwXHzEdAZS6hiiSnxJN/D60= go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= -golang.org/x/arch v0.0.0-20210923205945-b76863e36670/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= -golang.org/x/arch v0.2.0 h1:W1sUEHXiJTfjaFJ5SLo0N6lZn+0eO5gWD1MFeTGqQEY= -golang.org/x/arch v0.2.0/go.mod h1:5om86z9Hs0C8fWVUuoMHwpExlXzs5Tkyp9hOrfG7pp8= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= -golang.org/x/crypto v0.0.0-20210711020723-a769d52b0f97/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= -golang.org/x/crypto v0.6.0 h1:qfktjS5LUO+fFKeJXZ+ikTRijMmljikvG68fpMMruSc= -golang.org/x/crypto v0.6.0/go.mod h1:OFC/31mSvZgRz0V1QTNCzfAI1aIRzbiufJtkMIlEp58= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU= golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= -golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= -golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190213061140-3a22650c66bd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -223,8 +158,6 @@ golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= -golang.org/x/net v0.0.0-20210226172049-e18ecbb05110/go.mod h1:m0MpNAwzfU5UDzcl9v0D8zg8gWTRqZa9RBIspLL5mdg= -golang.org/x/net v0.0.0-20210405180319-a5a99cb37ef4/go.mod h1:p54w0d4576C0XHj96bSt6lcn1PtDYWL6XObtHCRCNQM= golang.org/x/net v0.7.0 h1:rJrUqqhjsgNp7KqAIc25s9pZnjU7TUcSY7HcVZjdn1g= golang.org/x/net v0.7.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= @@ -235,29 +168,18 @@ golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.0.0-20210220032951-036812b2e83c/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20190422165155-953cdadca894/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20201119102817-f84b799fce68/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210330210617-4fbd30eecc44/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.0.0-20210510120138-977fb7262007/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20210806184541-e5e7981a1069/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220704084225-05e143d24a9e/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0 h1:MUK/U/4lj1t1oPg0HfuXDN/Z1wv31ZJ/YcPiGccS4DU= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.5.0 h1:n2a8QNdAb0sZNpU9R1ALUXBbY+w51fCQDN+7EdxNBsY= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.7.0 h1:4BRB4x83lYWy72KwLD/qYDuTu7q9PjSagHvijDw7cLo= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/time v0.0.0-20220210224613-90d013bbcef8 h1:vVKdlvoWBphwdxWKrFZEuM0kGgGLxUOYcY4U/2Vjg44= @@ -270,7 +192,6 @@ golang.org/x/tools v0.0.0-20190524140312-2c0ae7006135/go.mod h1:RgjU9mgBXZiqYHBn golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA= -golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -303,14 +224,13 @@ google.golang.org/protobuf v1.23.1-0.20200526195155-81db48ad09cc/go.mod h1:EGpAD google.golang.org/protobuf v1.24.0/go.mod h1:r/3tXBNzIEhYS9I1OUVjXDlt8tc493IdKGjtUeSXeh4= google.golang.org/protobuf v1.26.0-rc.1/go.mod h1:jlhhOSvTdKEhbULTjvd4ARK9grFBp09yW+WbY/TyQbw= google.golang.org/protobuf v1.26.0/go.mod h1:9q0QmTI4eRPtz6boOQmLYwt+qCgq0jsYwAQnmE0givc= -google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.28.1 h1:d0NfwRgPtno5B1Wa6L2DAG+KivqkdutMf1UhdNx175w= google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20190902080502-41f04d3bba15/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= -gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f h1:BLraFXnmrev5lT+xlilqcH8XK9/i0At2xKjWk4p6zsU= gopkg.in/check.v1 v1.0.0-20200227125254-8fa46927fb4f/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c/go.mod h1:JHkPIbrfpd72SG/EVd6muEfDQjcINNoR0C8j2r3qZ4Q= gopkg.in/errgo.v2 v2.1.0/go.mod h1:hNsd1EY+bozCKY1Ytp96fpM3vjJbqLJn88ws8XvfDNI= gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc= @@ -321,7 +241,6 @@ gopkg.in/yaml.v2 v2.4.0 h1:D8xgwECY7CYvx+Y2n4sBz93Jn9JRvxdiyyo8CTfuKaY= gopkg.in/yaml.v2 v2.4.0/go.mod h1:RDklbk79AGWmwhnvt/jBztapEOGDOx6ZbXqjP6csGnQ= gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= -gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4= @@ -338,7 +257,6 @@ k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280 h1:+70TFaan3hfJzs+7VK2o+O k8s.io/kube-openapi v0.0.0-20221012153701-172d655c2280/go.mod h1:+Axhij7bCpeqhklhUTe3xmOn6bWxolyZEeyaFpjGtl4= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d h1:0Smp/HP1OH4Rvhe+4B8nWGERtlqAGSftbSbbmm45oFs= k8s.io/utils v0.0.0-20221107191617-1a15be271d1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -rsc.io/pdf v0.1.1/go.mod h1:n8OzWcQ6Sp37PL01nO98y4iUCRdTGarVfzxY20ICaU4= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2 h1:iXTIw73aPyC+oRdyqqvVJuloN1p0AC/kzH07hu3NE+k= sigs.k8s.io/json v0.0.0-20220713155537-f223a00ba0e2/go.mod h1:B8JuhiUyNFVKdsE8h686QcCxMaH6HrOAZj4vswFpcB0= sigs.k8s.io/structured-merge-diff/v4 v4.2.3 h1:PRbqxJClWWYMNV1dhaG4NsibJbArud9kFxnAMREiWFE= diff --git a/ca/pkg/apis/dubbo.apache.org/v1beta1/register.go b/ca/pkg/apis/dubbo.apache.org/v1beta1/register.go index 7d35c56..3aae549 100644 --- a/ca/pkg/apis/dubbo.apache.org/v1beta1/register.go +++ b/ca/pkg/apis/dubbo.apache.org/v1beta1/register.go @@ -29,6 +29,8 @@ type PeerAuthentication struct { Spec PeerAuthenticationSpec `json:"spec"` } +// +k8s:deepcopy-gen:interfaces=k8s.io/apimachinery/pkg/runtime.Object + type PeerAuthenticationList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata"` @@ -37,14 +39,15 @@ type PeerAuthenticationList struct { } type PeerAuthenticationSpec struct { - Action string `json:"action,omitempty"` - Rule Rule `json:"rule,omitempty"` - Order int `json:"order,omitempty"` + Action string `json:"action,omitempty"` + Rules []Rule `json:"rules,omitempty"` + Order int `json:"order,omitempty"` + MatchType string `json:"matchType,omitempty"` } type Rule struct { - From []Source `json:"from,omitempty"` - To []Source `json:"to,omitempty"` + From Source `json:"from,omitempty"` + To Target `json:"to,omitempty"` } type Source struct { @@ -58,6 +61,15 @@ type Source struct { NotExtends []ExtendConfig `json:"notExtends,omitempty"` } +type Target struct { + IpBlocks []string `json:"ipBlocks,omitempty"` + NotIpBlocks []string `json:"notIpBlocks,omitempty"` + Principals []string `json:"principals,omitempty"` + NotPrincipals []string `json:"notPrincipals,omitempty"` + Extends []ExtendConfig `json:"extends,omitempty"` + NotExtends []ExtendConfig `json:"notExtends,omitempty"` +} + type ExtendConfig struct { Key string `json:"key,omitempty"` Value string `json:"value,omitempty"` diff --git a/ca/pkg/apis/dubbo.apache.org/v1beta1/zz_generated.deepcopy.go b/ca/pkg/apis/dubbo.apache.org/v1beta1/zz_generated.deepcopy.go index ede23df..c100b2c 100644 --- a/ca/pkg/apis/dubbo.apache.org/v1beta1/zz_generated.deepcopy.go +++ b/ca/pkg/apis/dubbo.apache.org/v1beta1/zz_generated.deepcopy.go @@ -92,10 +92,24 @@ func (in *PeerAuthenticationList) DeepCopy() *PeerAuthenticationList { return out } +// DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object. +func (in *PeerAuthenticationList) DeepCopyObject() runtime.Object { + if c := in.DeepCopy(); c != nil { + return c + } + return nil +} + // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *PeerAuthenticationSpec) DeepCopyInto(out *PeerAuthenticationSpec) { *out = *in - in.Rule.DeepCopyInto(&out.Rule) + if in.Rules != nil { + in, out := &in.Rules, &out.Rules + *out = make([]Rule, len(*in)) + for i := range *in { + (*in)[i].DeepCopyInto(&(*out)[i]) + } + } return } @@ -112,20 +126,8 @@ func (in *PeerAuthenticationSpec) DeepCopy() *PeerAuthenticationSpec { // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. func (in *Rule) DeepCopyInto(out *Rule) { *out = *in - if in.From != nil { - in, out := &in.From, &out.From - *out = make([]Source, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } - if in.To != nil { - in, out := &in.To, &out.To - *out = make([]Source, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } - } + in.From.DeepCopyInto(&out.From) + in.To.DeepCopyInto(&out.To) return } @@ -194,3 +196,49 @@ func (in *Source) DeepCopy() *Source { in.DeepCopyInto(out) return out } + +// DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. +func (in *Target) DeepCopyInto(out *Target) { + *out = *in + if in.IpBlocks != nil { + in, out := &in.IpBlocks, &out.IpBlocks + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.NotIpBlocks != nil { + in, out := &in.NotIpBlocks, &out.NotIpBlocks + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Principals != nil { + in, out := &in.Principals, &out.Principals + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.NotPrincipals != nil { + in, out := &in.NotPrincipals, &out.NotPrincipals + *out = make([]string, len(*in)) + copy(*out, *in) + } + if in.Extends != nil { + in, out := &in.Extends, &out.Extends + *out = make([]ExtendConfig, len(*in)) + copy(*out, *in) + } + if in.NotExtends != nil { + in, out := &in.NotExtends, &out.NotExtends + *out = make([]ExtendConfig, len(*in)) + copy(*out, *in) + } + return +} + +// DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new Target. +func (in *Target) DeepCopy() *Target { + if in == nil { + return nil + } + out := new(Target) + in.DeepCopyInto(out) + return out +} diff --git a/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/peerauthenticationspec.go b/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/peerauthenticationspec.go index 6e811ed..2cef730 100644 --- a/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/peerauthenticationspec.go +++ b/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/peerauthenticationspec.go @@ -20,9 +20,10 @@ package v1beta1 // PeerAuthenticationSpecApplyConfiguration represents an declarative configuration of the PeerAuthenticationSpec type for use // with apply. type PeerAuthenticationSpecApplyConfiguration struct { - Action *string `json:"action,omitempty"` - Rule *RuleApplyConfiguration `json:"rule,omitempty"` - Order *int `json:"order,omitempty"` + Action *string `json:"action,omitempty"` + Rules []RuleApplyConfiguration `json:"rules,omitempty"` + Order *int `json:"order,omitempty"` + MatchType *string `json:"matchType,omitempty"` } // PeerAuthenticationSpecApplyConfiguration constructs an declarative configuration of the PeerAuthenticationSpec type for use with @@ -39,11 +40,16 @@ func (b *PeerAuthenticationSpecApplyConfiguration) WithAction(value string) *Pee return b } -// WithRule sets the Rule field in the declarative configuration to the given value -// and returns the receiver, so that objects can be built by chaining "With" function invocations. -// If called multiple times, the Rule field is set to the value of the last call. -func (b *PeerAuthenticationSpecApplyConfiguration) WithRule(value *RuleApplyConfiguration) *PeerAuthenticationSpecApplyConfiguration { - b.Rule = value +// WithRules adds the given value to the Rules field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Rules field. +func (b *PeerAuthenticationSpecApplyConfiguration) WithRules(values ...*RuleApplyConfiguration) *PeerAuthenticationSpecApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithRules") + } + b.Rules = append(b.Rules, *values[i]) + } return b } @@ -54,3 +60,11 @@ func (b *PeerAuthenticationSpecApplyConfiguration) WithOrder(value int) *PeerAut b.Order = &value return b } + +// WithMatchType sets the MatchType field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the MatchType field is set to the value of the last call. +func (b *PeerAuthenticationSpecApplyConfiguration) WithMatchType(value string) *PeerAuthenticationSpecApplyConfiguration { + b.MatchType = &value + return b +} diff --git a/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/rule.go b/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/rule.go index c5365b0..ec122d4 100644 --- a/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/rule.go +++ b/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/rule.go @@ -20,8 +20,8 @@ package v1beta1 // RuleApplyConfiguration represents an declarative configuration of the Rule type for use // with apply. type RuleApplyConfiguration struct { - From []SourceApplyConfiguration `json:"from,omitempty"` - To []SourceApplyConfiguration `json:"to,omitempty"` + From *SourceApplyConfiguration `json:"from,omitempty"` + To *TargetApplyConfiguration `json:"to,omitempty"` } // RuleApplyConfiguration constructs an declarative configuration of the Rule type for use with @@ -30,28 +30,18 @@ func Rule() *RuleApplyConfiguration { return &RuleApplyConfiguration{} } -// WithFrom adds the given value to the From field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the From field. -func (b *RuleApplyConfiguration) WithFrom(values ...*SourceApplyConfiguration) *RuleApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithFrom") - } - b.From = append(b.From, *values[i]) - } +// WithFrom sets the From field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the From field is set to the value of the last call. +func (b *RuleApplyConfiguration) WithFrom(value *SourceApplyConfiguration) *RuleApplyConfiguration { + b.From = value return b } -// WithTo adds the given value to the To field in the declarative configuration -// and returns the receiver, so that objects can be build by chaining "With" function invocations. -// If called multiple times, values provided by each call will be appended to the To field. -func (b *RuleApplyConfiguration) WithTo(values ...*SourceApplyConfiguration) *RuleApplyConfiguration { - for i := range values { - if values[i] == nil { - panic("nil value passed to WithTo") - } - b.To = append(b.To, *values[i]) - } +// WithTo sets the To field in the declarative configuration to the given value +// and returns the receiver, so that objects can be built by chaining "With" function invocations. +// If called multiple times, the To field is set to the value of the last call. +func (b *RuleApplyConfiguration) WithTo(value *TargetApplyConfiguration) *RuleApplyConfiguration { + b.To = value return b } diff --git a/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/target.go b/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/target.go new file mode 100644 index 0000000..865bf12 --- /dev/null +++ b/ca/pkg/generated/applyconfiguration/dubbo.apache.org/v1beta1/target.go @@ -0,0 +1,101 @@ +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +// Code generated by applyconfiguration-gen. DO NOT EDIT. + +package v1beta1 + +// TargetApplyConfiguration represents an declarative configuration of the Target type for use +// with apply. +type TargetApplyConfiguration struct { + IpBlocks []string `json:"ipBlocks,omitempty"` + NotIpBlocks []string `json:"notIpBlocks,omitempty"` + Principals []string `json:"principals,omitempty"` + NotPrincipals []string `json:"notPrincipals,omitempty"` + Extends []ExtendConfigApplyConfiguration `json:"extends,omitempty"` + NotExtends []ExtendConfigApplyConfiguration `json:"notExtends,omitempty"` +} + +// TargetApplyConfiguration constructs an declarative configuration of the Target type for use with +// apply. +func Target() *TargetApplyConfiguration { + return &TargetApplyConfiguration{} +} + +// WithIpBlocks adds the given value to the IpBlocks field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the IpBlocks field. +func (b *TargetApplyConfiguration) WithIpBlocks(values ...string) *TargetApplyConfiguration { + for i := range values { + b.IpBlocks = append(b.IpBlocks, values[i]) + } + return b +} + +// WithNotIpBlocks adds the given value to the NotIpBlocks field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the NotIpBlocks field. +func (b *TargetApplyConfiguration) WithNotIpBlocks(values ...string) *TargetApplyConfiguration { + for i := range values { + b.NotIpBlocks = append(b.NotIpBlocks, values[i]) + } + return b +} + +// WithPrincipals adds the given value to the Principals field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Principals field. +func (b *TargetApplyConfiguration) WithPrincipals(values ...string) *TargetApplyConfiguration { + for i := range values { + b.Principals = append(b.Principals, values[i]) + } + return b +} + +// WithNotPrincipals adds the given value to the NotPrincipals field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the NotPrincipals field. +func (b *TargetApplyConfiguration) WithNotPrincipals(values ...string) *TargetApplyConfiguration { + for i := range values { + b.NotPrincipals = append(b.NotPrincipals, values[i]) + } + return b +} + +// WithExtends adds the given value to the Extends field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the Extends field. +func (b *TargetApplyConfiguration) WithExtends(values ...*ExtendConfigApplyConfiguration) *TargetApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithExtends") + } + b.Extends = append(b.Extends, *values[i]) + } + return b +} + +// WithNotExtends adds the given value to the NotExtends field in the declarative configuration +// and returns the receiver, so that objects can be build by chaining "With" function invocations. +// If called multiple times, values provided by each call will be appended to the NotExtends field. +func (b *TargetApplyConfiguration) WithNotExtends(values ...*ExtendConfigApplyConfiguration) *TargetApplyConfiguration { + for i := range values { + if values[i] == nil { + panic("nil value passed to WithNotExtends") + } + b.NotExtends = append(b.NotExtends, *values[i]) + } + return b +} diff --git a/ca/pkg/generated/applyconfiguration/utils.go b/ca/pkg/generated/applyconfiguration/utils.go index 5a73e45..9a0426c 100644 --- a/ca/pkg/generated/applyconfiguration/utils.go +++ b/ca/pkg/generated/applyconfiguration/utils.go @@ -38,6 +38,8 @@ func ForKind(kind schema.GroupVersionKind) interface{} { return &dubboapacheorgv1beta1.RuleApplyConfiguration{} case v1beta1.SchemeGroupVersion.WithKind("Source"): return &dubboapacheorgv1beta1.SourceApplyConfiguration{} + case v1beta1.SchemeGroupVersion.WithKind("Target"): + return &dubboapacheorgv1beta1.TargetApplyConfiguration{} } return nil diff --git a/ca/pkg/k8s/client.go b/ca/pkg/k8s/client.go index ac556e8..b03e945 100644 --- a/ca/pkg/k8s/client.go +++ b/ca/pkg/k8s/client.go @@ -21,10 +21,15 @@ import ( "github.com/apache/dubbo-admin/ca/pkg/cert" "github.com/apache/dubbo-admin/ca/pkg/config" "github.com/apache/dubbo-admin/ca/pkg/logger" + "github.com/apache/dubbo-admin/ca/pkg/rule/authentication" admissionregistrationV1 "k8s.io/api/admissionregistration/v1" k8sauth "k8s.io/api/authentication/v1" v1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "time" + + infoemerclient "github.com/apache/dubbo-admin/ca/pkg/generated/clientset/versioned" + informers "github.com/apache/dubbo-admin/ca/pkg/generated/informers/externalversions" "k8s.io/client-go/kubernetes" "k8s.io/client-go/rest" "k8s.io/client-go/tools/clientcmd" @@ -41,10 +46,12 @@ type Client interface { VerifyServiceAccount(token string) bool UpdateWebhookConfig(options *config.Options, storage cert.Storage) GetNamespaceLabels(namespace string) map[string]string + InitController(paHandler authentication.Handler) } type ClientImpl struct { - kubeClient *kubernetes.Clientset + kubeClient *kubernetes.Clientset + informerClient *infoemerclient.Clientset } func NewClient() Client { @@ -79,7 +86,13 @@ func (c *ClientImpl) Init(options *config.Options) bool { logger.Sugar.Warnf("Failed to create client to kubernetes. " + err.Error()) return false } + informerClient, err := infoemerclient.NewForConfig(config) + if err != nil { + logger.Sugar.Warnf("Failed to create client to kubernetes. " + err.Error()) + return false + } c.kubeClient = clientSet + c.informerClient = informerClient return true } @@ -274,3 +287,13 @@ func (c *ClientImpl) UpdateWebhookConfig(options *config.Options, storage cert.S logger.Sugar.Info("Update webhook config success.") } } + +func (c *ClientImpl) InitController(paHandler authentication.Handler) { + informerFactory := informers.NewSharedInformerFactory(c.informerClient, time.Second*30) + + stopCh := make(chan struct{}) + NewController(c.informerClient, + paHandler, + informerFactory.Dubbo().V1beta1().PeerAuthentications()) + informerFactory.Start(stopCh) +} diff --git a/ca/pkg/k8s/controller.go b/ca/pkg/k8s/controller.go new file mode 100644 index 0000000..113786e --- /dev/null +++ b/ca/pkg/k8s/controller.go @@ -0,0 +1,171 @@ +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package k8s + +import ( + "github.com/apache/dubbo-admin/ca/pkg/apis/dubbo.apache.org/v1beta1" + clientset "github.com/apache/dubbo-admin/ca/pkg/generated/clientset/versioned" + informers "github.com/apache/dubbo-admin/ca/pkg/generated/informers/externalversions/dubbo.apache.org/v1beta1" + listers "github.com/apache/dubbo-admin/ca/pkg/generated/listers/dubbo.apache.org/v1beta1" + "github.com/apache/dubbo-admin/ca/pkg/logger" + "github.com/apache/dubbo-admin/ca/pkg/rule/authentication" + "k8s.io/client-go/tools/cache" +) + +type NotificationType int + +const ( + // AddNotification is a notification type for add events. + AddNotification NotificationType = iota + // UpdateNotification is a notification type for update events. + UpdateNotification + // DeleteNotification is a notification type for delete events. + DeleteNotification +) + +// Controller is the controller implementation for Foo resources +type Controller struct { + // dubboClientSet is a clientset for our own API group + dubboClientSet clientset.Interface + + paListener listers.PeerAuthenticationLister + paSynced cache.InformerSynced + + paHandler authentication.Handler +} + +// NewController returns a new sample controller +func NewController( + clientSet clientset.Interface, + paHandler authentication.Handler, + paInformer informers.PeerAuthenticationInformer) *Controller { + + controller := &Controller{ + dubboClientSet: clientSet, + paListener: paInformer.Lister(), + paSynced: paInformer.Informer().HasSynced, + + //workQueue: workqueue.NewNamedRateLimitingQueue(workqueue.DefaultControllerRateLimiter(), "Dubbo-Authority"), + paHandler: paHandler, + } + + logger.Sugar.Info("Setting up event handlers") + // Set up an event handler for when Foo resources change + _, err := paInformer.Informer().AddEventHandler(cache.ResourceEventHandlerFuncs{ + AddFunc: func(obj interface{}) { + controller.handleEvent(obj, AddNotification) + }, + UpdateFunc: func(oldObj, newObj interface{}) { + controller.handleEvent(newObj, UpdateNotification) + }, + DeleteFunc: func(obj interface{}) { + controller.handleEvent(obj, DeleteNotification) + }, + }) + if err != nil { + return nil + } + + return controller +} + +func (c *Controller) handleEvent(obj interface{}, eventType NotificationType) { + key, err := cache.MetaNamespaceKeyFunc(obj) + if err != nil { + logger.Sugar.Errorf("error getting key for object: %v", err) + return + } + + pa, ok := obj.(*v1beta1.PeerAuthentication) + if !ok { + logger.Sugar.Errorf("unexpected object type: %v", obj) + return + } + + a := CopyToAuthentication(key, pa) + + switch eventType { + case AddNotification: + c.paHandler.Add(key, a) + case UpdateNotification: + c.paHandler.Update(key, a) + case DeleteNotification: + c.paHandler.Delete(key) + } +} + +func CopyToAuthentication(key string, pa *v1beta1.PeerAuthentication) *authentication.PeerAuthentication { + a := &authentication.PeerAuthentication{} + a.Name = key + a.Spec = &authentication.PeerAuthenticationSpec{} + a.Spec.Action = pa.Spec.Action + if pa.Spec.Rules != nil { + for _, rule := range pa.Spec.Rules { + r := &authentication.Rule{ + From: &authentication.Source{ + Namespaces: rule.From.Namespaces, + NotNamespaces: rule.From.NotNamespaces, + IpBlocks: rule.From.IpBlocks, + NotIpBlocks: rule.From.NotIpBlocks, + Principals: rule.From.Principals, + NotPrincipals: rule.From.NotPrincipals, + }, + To: &authentication.Target{ + IpBlocks: rule.To.IpBlocks, + NotIpBlocks: rule.To.NotIpBlocks, + Principals: rule.To.Principals, + NotPrincipals: rule.To.NotPrincipals, + }, + } + if rule.From.Extends != nil { + for _, extends := range rule.From.Extends { + r.From.Extends = append(r.From.Extends, &authentication.ExtendConfig{ + Key: extends.Key, + Value: extends.Value, + }) + } + } + if rule.From.NotExtends != nil { + for _, notExtend := range rule.From.NotExtends { + r.From.NotExtends = append(r.From.NotExtends, &authentication.ExtendConfig{ + Key: notExtend.Key, + Value: notExtend.Value, + }) + } + } + if rule.To.Extends != nil { + for _, extends := range rule.To.Extends { + r.To.Extends = append(r.To.Extends, &authentication.ExtendConfig{ + Key: extends.Key, + Value: extends.Value, + }) + } + } + if rule.To.NotExtends != nil { + for _, notExtend := range rule.To.NotExtends { + r.To.NotExtends = append(r.To.NotExtends, &authentication.ExtendConfig{ + Key: notExtend.Key, + Value: notExtend.Value, + }) + } + } + a.Spec.Rules = append(a.Spec.Rules, r) + } + } + a.Spec.Order = pa.Spec.Order + a.Spec.MatchType = pa.Spec.MatchType + return a +} diff --git a/ca/pkg/k8s/controller_test.go b/ca/pkg/k8s/controller_test.go new file mode 100644 index 0000000..4fd770b --- /dev/null +++ b/ca/pkg/k8s/controller_test.go @@ -0,0 +1,37 @@ +// Licensed to the Apache Software Foundation (ASF) under one or more +// contributor license agreements. See the NOTICE file distributed with +// this work for additional information regarding copyright ownership. +// The ASF licenses this file to You under the Apache License, Version 2.0 +// (the "License"); you may not use this file except in compliance with +// the License. You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package k8s + +import ( + "github.com/apache/dubbo-admin/ca/pkg/config" + "github.com/apache/dubbo-admin/ca/pkg/logger" + "github.com/apache/dubbo-admin/ca/pkg/rule/authentication" + "testing" +) + +func TestName(t *testing.T) { + logger.Init() + client := NewClient() + client.Init(&config.Options{}) + client.InitController(authentication.NewHandler()) + + ch := make(chan struct{}) + <-ch +} + +func TestName2(t *testing.T) { + +} diff --git a/ca/pkg/rule/authentication/definition.go b/ca/pkg/rule/authentication/definition.go new file mode 100644 index 0000000..914c20a --- /dev/null +++ b/ca/pkg/rule/authentication/definition.go @@ -0,0 +1,44 @@ +package authentication + +type PeerAuthentication struct { + Name string `json:"name,omitempty"` + + Spec *PeerAuthenticationSpec `json:"spec"` +} + +type PeerAuthenticationSpec struct { + Action string `json:"action,omitempty"` + Rules []*Rule `json:"rules,omitempty"` + Order int `json:"order,omitempty"` + MatchType string `json:"matchType,omitempty"` +} + +type Rule struct { + From *Source `json:"from,omitempty"` + To *Target `json:"to,omitempty"` +} + +type Source struct { + Namespaces []string `json:"namespaces,omitempty"` + NotNamespaces []string `json:"notNamespaces,omitempty"` + IpBlocks []string `json:"ipBlocks,omitempty"` + NotIpBlocks []string `json:"notIpBlocks,omitempty"` + Principals []string `json:"principals,omitempty"` + NotPrincipals []string `json:"notPrincipals,omitempty"` + Extends []*ExtendConfig `json:"extends,omitempty"` + NotExtends []*ExtendConfig `json:"notExtends,omitempty"` +} + +type Target struct { + IpBlocks []string `json:"ipBlocks,omitempty"` + NotIpBlocks []string `json:"notIpBlocks,omitempty"` + Principals []string `json:"principals,omitempty"` + NotPrincipals []string `json:"notPrincipals,omitempty"` + Extends []*ExtendConfig `json:"extends,omitempty"` + NotExtends []*ExtendConfig `json:"notExtends,omitempty"` +} + +type ExtendConfig struct { + Key string `json:"key,omitempty"` + Value string `json:"value,omitempty"` +} diff --git a/ca/pkg/rule/authentication/handler.go b/ca/pkg/rule/authentication/handler.go new file mode 100644 index 0000000..ee57539 --- /dev/null +++ b/ca/pkg/rule/authentication/handler.go @@ -0,0 +1,31 @@ +package authentication + +type Handler interface { + Add(key string, obj *PeerAuthentication) + Update(key string, newObj *PeerAuthentication) + Delete(key string) +} + +type Impl struct { + Handler + + cache map[string]*PeerAuthentication +} + +func NewHandler() Handler { + return &Impl{ + cache: map[string]*PeerAuthentication{}, + } +} + +func (i *Impl) Add(key string, obj *PeerAuthentication) { + i.cache[key] = obj +} + +func (i *Impl) Update(key string, newObj *PeerAuthentication) { + i.cache[key] = newObj +} + +func (i *Impl) Delete(key string) { + delete(i.cache, key) +}
