├── .devcontainer └── devcontainer.json ├── .gitattributes ├── .github ├── ISSUE_TEMPLATE │ ├── bug_report.md │ └── feature_request.md └── SECURITY.md ├── .gitignore ├── BUGS-AND-FEATURE-REQUESTS.md ├── CODEOWNERS ├── CONTRIBUTING.md ├── GUIDELINES.md ├── LICENSE ├── Makefile ├── Makefile.core.mk ├── Makefile.overrides.mk ├── README.md ├── SUPPORT.md ├── analysis └── v1alpha1 │ ├── message.pb.go │ ├── message.pb.html │ ├── message.proto │ ├── message_deepcopy.gen.go │ └── message_json.gen.go ├── annotation ├── annotations.gen.go ├── annotations.pb.html └── annotations.yaml ├── buf.gen-golang.yaml ├── buf.gen-noncrd.yaml ├── buf.gen.yaml ├── buf.yaml ├── clean.sh ├── common-protos ├── .commonfiles.sha ├── google │ ├── api │ │ ├── annotations.proto │ │ ├── auth.proto │ │ ├── backend.proto │ │ ├── billing.proto │ │ ├── client.proto │ │ ├── config_change.proto │ │ ├── consumer.proto │ │ ├── context.proto │ │ ├── control.proto │ │ ├── distribution.proto │ │ ├── documentation.proto │ │ ├── endpoint.proto │ │ ├── expr │ │ │ ├── v1alpha1 │ │ │ │ ├── cel_service.proto │ │ │ │ ├── checked.proto │ │ │ │ ├── conformance_service.proto │ │ │ │ ├── eval.proto │ │ │ │ ├── explain.proto │ │ │ │ ├── syntax.proto │ │ │ │ └── value.proto │ │ │ └── v1beta1 │ │ │ │ ├── decl.proto │ │ │ │ ├── eval.proto │ │ │ │ ├── expr.proto │ │ │ │ ├── source.proto │ │ │ │ └── value.proto │ │ ├── field_behavior.proto │ │ ├── http.proto │ │ ├── httpbody.proto │ │ ├── label.proto │ │ ├── launch_stage.proto │ │ ├── log.proto │ │ ├── logging.proto │ │ ├── metric.proto │ │ ├── monitored_resource.proto │ │ ├── monitoring.proto │ │ ├── quota.proto │ │ ├── resource.proto │ │ ├── service.proto │ │ ├── servicecontrol │ │ │ └── v1 │ │ │ │ ├── check_error.proto │ │ │ │ ├── distribution.proto │ │ │ │ ├── log_entry.proto │ │ │ │ ├── metric_value.proto │ │ │ │ ├── operation.proto │ │ │ │ ├── quota_controller.proto │ │ │ │ └── service_controller.proto │ │ ├── servicemanagement │ │ │ └── v1 │ │ │ │ ├── resources.proto │ │ │ │ └── servicemanager.proto │ │ ├── source_info.proto │ │ ├── system_parameter.proto │ │ └── usage.proto │ ├── protobuf │ │ ├── any.proto │ │ ├── api.proto │ │ ├── compiler │ │ │ └── plugin.proto │ │ ├── descriptor.proto │ │ ├── duration.proto │ │ ├── empty.proto │ │ ├── field_mask.proto │ │ ├── source_context.proto │ │ ├── struct.proto │ │ ├── timestamp.proto │ │ ├── type.proto │ │ ├── util │ │ │ ├── json_format.proto │ │ │ └── json_format_proto3.proto │ │ └── wrappers.proto │ ├── rpc │ │ ├── code.proto │ │ ├── error_details.proto │ │ └── status.proto │ └── type │ │ ├── calendar_period.proto │ │ ├── color.proto │ │ ├── date.proto │ │ ├── dayofweek.proto │ │ ├── expr.proto │ │ ├── fraction.proto │ │ ├── latlng.proto │ │ ├── money.proto │ │ ├── postal_address.proto │ │ ├── quaternion.proto │ │ └── timeofday.proto └── istio.io │ └── extensions │ └── field_rules.proto ├── common ├── .commonfiles.sha ├── Makefile.common.mk ├── config │ ├── .golangci.yml │ ├── .hadolint.yml │ ├── .yamllint.yml │ ├── license-lint.yml │ ├── mdl.rb │ ├── sass-lint.yml │ └── tslint.json └── scripts │ ├── check_clean_repo.sh │ ├── copyright-banner-go.txt │ ├── fix_copyright_banner.sh │ ├── format_go.sh │ ├── gobuild.sh │ ├── kind_provisioner.sh │ ├── lint_copyright_banner.sh │ ├── lint_go.sh │ ├── metallb-native.yaml │ ├── report_build_info.sh │ ├── run.sh │ ├── setup_env.sh │ └── tracing.sh ├── dictionaries ├── custom.txt ├── en-US.aff └── en-US.dic ├── envoy ├── README.md ├── config │ └── filter │ │ ├── http │ │ ├── alpn │ │ │ └── v2alpha1 │ │ │ │ ├── config.pb.go │ │ │ │ └── config.proto │ │ └── jwt_auth │ │ │ └── v2alpha1 │ │ │ ├── config.pb.go │ │ │ └── config.proto │ │ └── network │ │ ├── metadata_exchange │ │ ├── metadata_exchange.pb.go │ │ └── metadata_exchange.proto │ │ └── tcp_cluster_rewrite │ │ └── v2alpha1 │ │ ├── config.pb.go │ │ └── config.proto └── extensions │ ├── stackdriver │ └── config │ │ └── v1alpha1 │ │ ├── config.pb.go │ │ └── config.proto │ └── stats │ ├── config.pb.go │ └── config.proto ├── extensions └── v1alpha1 │ ├── wasm.pb.go │ ├── wasm.pb.html │ ├── wasm.proto │ ├── wasm_deepcopy.gen.go │ └── wasm_json.gen.go ├── gen.sh ├── go.mod ├── go.sum ├── google ├── header.go.txt ├── istio.io ├── kubernetes └── customresourcedefinitions.gen.yaml ├── label ├── labels.gen.go ├── labels.pb.html └── labels.yaml ├── licenses ├── github.com │ └── golang │ │ └── protobuf │ │ └── LICENSE ├── golang.org │ └── x │ │ ├── net │ │ └── LICENSE │ │ ├── sys │ │ └── LICENSE │ │ └── text │ │ └── LICENSE └── google.golang.org │ ├── genproto │ └── googleapis │ │ ├── api │ │ └── LICENSE │ │ └── rpc │ │ └── LICENSE │ ├── grpc │ └── LICENSE │ └── protobuf │ └── LICENSE ├── mcp ├── Readme.md └── v1alpha1 │ ├── metadata.pb.go │ ├── metadata.proto │ ├── metadata_json.gen.go │ ├── resource.pb.go │ ├── resource.proto │ └── resource_json.gen.go ├── mesh └── v1alpha1 │ ├── config.pb.go │ ├── config.proto │ ├── config_json.gen.go │ ├── istio.mesh.v1alpha1.pb.html │ ├── network.pb.go │ ├── network.proto │ ├── network_json.gen.go │ ├── proxy.pb.go │ ├── proxy.proto │ └── proxy_json.gen.go ├── meta └── v1alpha1 │ ├── status.pb.go │ ├── status.pb.html │ ├── status.proto │ ├── status_deepcopy.gen.go │ └── status_json.gen.go ├── networking ├── v1 │ ├── destination_rule_alias.gen.go │ ├── gateway_alias.gen.go │ ├── service_entry_alias.gen.go │ ├── sidecar_alias.gen.go │ ├── virtual_service_alias.gen.go │ ├── workload_entry_alias.gen.go │ └── workload_group_alias.gen.go ├── v1alpha3 │ ├── destination_rule.pb.go │ ├── destination_rule.pb.html │ ├── destination_rule.proto │ ├── destination_rule_deepcopy.gen.go │ ├── destination_rule_json.gen.go │ ├── envoy_filter.pb.go │ ├── envoy_filter.pb.html │ ├── envoy_filter.proto │ ├── envoy_filter_deepcopy.gen.go │ ├── envoy_filter_json.gen.go │ ├── gateway.pb.go │ ├── gateway.pb.html │ ├── gateway.proto │ ├── gateway_deepcopy.gen.go │ ├── gateway_json.gen.go │ ├── service_entry.pb.go │ ├── service_entry.pb.html │ ├── service_entry.proto │ ├── service_entry_deepcopy.gen.go │ ├── service_entry_json.gen.go │ ├── sidecar.pb.go │ ├── sidecar.pb.html │ ├── sidecar.proto │ ├── sidecar_deepcopy.gen.go │ ├── sidecar_json.gen.go │ ├── virtual_service.pb.go │ ├── virtual_service.pb.html │ ├── virtual_service.proto │ ├── virtual_service_deepcopy.gen.go │ ├── virtual_service_json.gen.go │ ├── workload_entry.pb.go │ ├── workload_entry.pb.html │ ├── workload_entry.proto │ ├── workload_entry_deepcopy.gen.go │ ├── workload_entry_json.gen.go │ ├── workload_group.pb.go │ ├── workload_group.pb.html │ ├── workload_group.proto │ ├── workload_group_deepcopy.gen.go │ └── workload_group_json.gen.go └── v1beta1 │ ├── destination_rule_alias.gen.go │ ├── gateway_alias.gen.go │ ├── proxy_config.pb.go │ ├── proxy_config.pb.html │ ├── proxy_config.proto │ ├── proxy_config_deepcopy.gen.go │ ├── proxy_config_json.gen.go │ ├── service_entry_alias.gen.go │ ├── sidecar_alias.gen.go │ ├── virtual_service_alias.gen.go │ ├── workload_entry_alias.gen.go │ └── workload_group_alias.gen.go ├── releasenotes ├── README.md └── notes │ ├── 1878.yaml │ ├── 2174.yaml │ ├── 2261.yaml │ ├── 2266.yaml │ ├── 2285.yaml │ ├── 2374.yaml │ ├── 2405.yaml │ ├── 2565.yaml │ ├── 25652.yaml │ ├── 2570.yaml │ ├── 2635.yaml │ ├── 2871.yaml │ ├── 29973.yaml │ ├── 31248.yaml │ ├── 3134.yaml │ ├── 32645.yaml │ ├── 3279.yaml │ ├── 3361.yaml │ ├── 3362.yaml │ ├── 3412.yaml │ ├── 39157.yaml │ ├── 53331.yaml │ ├── add-access-logging-filter.yaml │ ├── add-experimental-telemetry-api-for-metrics-logging.yaml │ ├── add-experimental-telemetry-api-for-tracing.yaml │ ├── add-idle-timeout-to-destination-rule-tcp-settings.yaml │ ├── add-tunneling-settings-to-destination-rule.yaml │ ├── add-wasm-extensions-api.yaml │ ├── add-workload-group-grpc-probe.yaml │ ├── authz-shortname.yaml │ ├── bds-removal.yaml │ ├── cipher_suites.yaml │ ├── default-http-retry-policy.yaml │ ├── default-revision.yaml │ ├── delegate-vs-regex.yaml │ ├── deprecate-addon.yaml │ ├── deprecate-autoscaling-v2beta1.yaml │ ├── deprecate-meshconfig-certificates.yaml │ ├── deprecated-extrastattags.yaml │ ├── destination-rule-default-values.yaml │ ├── destinationrule-workload-selector.yaml │ ├── drop-protos.yaml │ ├── ecdh_support.yaml │ ├── fix-destinationrule-doc.yaml │ ├── fix-telemetry-doc.yaml │ ├── gateway-bind.yaml │ ├── hybrid_sidecar_mode.yaml │ ├── lb-algorithm-enum-change.yaml │ ├── max-concurrent-streams.yaml │ ├── mesh-config-discovery-selectors.yaml │ ├── mesh-network-internal-addr-config.yaml │ ├── native-sidecar-annotation.yaml │ ├── open-telemetry-provider.yaml │ ├── otel-tracing-provider-http-exporter.yaml │ ├── otel-tracing-provider-resource-detectors.yaml │ ├── preserve-header-case.yaml │ ├── private-key-provider-fallback.yaml │ ├── promote-networking-apis-v1.yaml │ ├── promote-peer-auth-v1.yaml │ ├── promote-telemetry-v1.yaml │ ├── proxy-config.yaml │ ├── proxy-protocol.yaml │ ├── release-channels.yaml │ ├── root-config.yaml │ ├── service-scope-config.yaml │ ├── sidecar-connectionpool.yaml │ ├── skip_request_id_sampling.yaml │ ├── skywalking-support.yaml │ ├── slow-start-aggression-minimum-percent-parameters.yaml │ ├── slow-start.yaml │ ├── storage-version.yaml │ ├── support-logical-dns-connection-type.yaml │ ├── target-ref.yaml │ ├── url-normalization.yaml │ ├── virtual-service-direct-response.yaml │ └── workloadgroup-v1beta1.yaml ├── scripts ├── breaking.sh ├── check-imports.sh ├── check-operator-proto.sh ├── validate.sh └── validate_crds.py ├── security ├── v1 │ ├── authorization_policy_alias.gen.go │ ├── peer_authentication_alias.gen.go │ └── request_authentication_alias.gen.go ├── v1alpha1 │ ├── ca.pb.go │ ├── ca.pb.html │ ├── ca.proto │ ├── ca_deepcopy.gen.go │ ├── ca_grpc.pb.go │ └── ca_json.gen.go └── v1beta1 │ ├── authorization_policy.pb.go │ ├── authorization_policy.pb.html │ ├── authorization_policy.proto │ ├── authorization_policy_deepcopy.gen.go │ ├── authorization_policy_json.gen.go │ ├── peer_authentication.pb.go │ ├── peer_authentication.pb.html │ ├── peer_authentication.proto │ ├── peer_authentication_deepcopy.gen.go │ ├── peer_authentication_json.gen.go │ ├── request_authentication.pb.go │ ├── request_authentication.pb.html │ ├── request_authentication.proto │ ├── request_authentication_deepcopy.gen.go │ └── request_authentication_json.gen.go ├── stability └── level.proto ├── telemetry ├── v1 │ └── telemetry_alias.gen.go └── v1alpha1 │ ├── telemetry.pb.go │ ├── telemetry.pb.html │ ├── telemetry.proto │ ├── telemetry_deepcopy.gen.go │ └── telemetry_json.gen.go ├── tests ├── go.mod ├── go.sum ├── testdata │ ├── authz-invalid.yaml │ ├── authz-valid.yaml │ ├── destinationrule-invalid.yaml │ ├── destinationrule-valid.yaml │ ├── peerauth-invalid.yaml │ ├── peerauth-valid.yaml │ ├── proxyconfig-invalid.yaml │ ├── proxyconfig-valid.yaml │ ├── reqauth-invalid.yaml │ ├── reqauth-valid.yaml │ ├── serviceentry-invalid.yaml │ ├── serviceentry-valid.yaml │ ├── telemetry-invalid.yaml │ ├── telemetry-valid.yaml │ ├── wasm-invalid.yaml │ ├── wasm-valid.yaml │ ├── workloadentry-invalid.yaml │ ├── workloadentry-valid.yaml │ ├── workloadgroup-invalid.yaml │ └── workloadgroup-valid.yaml ├── validation_test.go └── validator.go └── type └── v1beta1 ├── selector.pb.go ├── selector.pb.html ├── selector.proto ├── selector_deepcopy.gen.go └── selector_json.gen.go /.devcontainer/devcontainer.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "istio build-tools", 3 | "image": "gcr.io/istio-testing/build-tools:master-ba21e6d776cfed929785ccdc157d496fbd6567c4", 4 | "privileged": true, 5 | "remoteEnv": { 6 | "USE_GKE_GCLOUD_AUTH_PLUGIN": "True", 7 | "BUILD_WITH_CONTAINER": "0", 8 | "CARGO_HOME": "/home/.cargo", 9 | "RUSTUP_HOME": "/home/.rustup" 10 | }, 11 | "features": { 12 | "ghcr.io/devcontainers/features/docker-outside-of-docker:1": {}, 13 | "ghcr.io/mpriscella/features/kind:1": {} 14 | }, 15 | "customizations": { 16 | "vscode": { 17 | "extensions": [ 18 | "golang.go", 19 | "rust-lang.rust-analyzer", 20 | "eamodio.gitlens", 21 | "zxh404.vscode-proto3", 22 | "ms-azuretools.vscode-docker", 23 | "redhat.vscode-yaml", 24 | "IBM.output-colorizer" 25 | ], 26 | "settings": { 27 | "files.eol": "\n", 28 | "go.useLanguageServer": true, 29 | "go.lintTool": "golangci-lint" 30 | } 31 | } 32 | } 33 | } 34 | -------------------------------------------------------------------------------- /.gitattributes: -------------------------------------------------------------------------------- 1 | *.descriptor linguist-generated=true 2 | *.descriptor -diff -merge 3 | *.descriptor_set linguist-generated=true 4 | *.descriptor_set -diff -merge 5 | *.pb.html linguist-generated=true 6 | *.pb.go linguist-generated=true 7 | *.gen.go linguist-generated=true 8 | *.gen.yaml linguist-generated=true 9 | *.gen.json linguist-generated=true 10 | *_pb2.py linguist-generated=true 11 | manifests/charts/**/profile*.yaml linguist-generated=true 12 | go.sum merge=union 13 | vendor/** linguist-vendored 14 | common/** linguist-vendored 15 | archive/** linquist-vendored 16 | **/vmlinux.h linquist-vendored 17 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Report a bug to help us improve Istio 4 | --- 5 | (NOTE: This is used to report product bugs: 6 | To report a security vulnerability, please visit 7 | To ask questions about how to use Istio, please visit 8 | ) 9 | 10 | **Bug description** 11 | 12 | **Affected product area (please put an X in all that apply)** 13 | 14 | [ ] Configuration Infrastructure 15 | [ ] Docs 16 | [ ] Installation 17 | [ ] Networking 18 | [ ] Performance and Scalability 19 | [ ] Policies and Telemetry 20 | [ ] Security 21 | [ ] Test and Release 22 | [ ] User Experience 23 | 24 | **Expected behavior** 25 | 26 | **Steps to reproduce the bug** 27 | 28 | **Version (include the output of `istioctl version --remote` and `kubectl version`)** 29 | 30 | **How was Istio installed?** 31 | 32 | **Environment where bug was observed (cloud vendor, OS, etc)** 33 | 34 | Additionally, please consider attaching a [cluster state archive](http://istio.io/help/bugs/#generating-a-cluster-state-archive) by attaching 35 | the dump file to this issue. 36 | 37 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea to improve Istio 4 | 5 | --- 6 | (This is used to request new product features, please visit for questions on using Istio) 7 | 8 | **Describe the feature request** 9 | 10 | **Describe alternatives you've considered** 11 | 12 | **Affected product area (please put an X in all that apply)** 13 | 14 | [ ] Configuration Infrastructure 15 | [ ] Docs 16 | [ ] Installation 17 | [ ] Networking 18 | [ ] Performance and Scalability 19 | [ ] Policies and Telemetry 20 | [ ] Security 21 | [ ] Test and Release 22 | [ ] User Experience 23 | 24 | **Additional context** 25 | -------------------------------------------------------------------------------- /.github/SECURITY.md: -------------------------------------------------------------------------------- 1 | Refer to [Istio Security Overview](https://github.com/istio/istio/blob/master/.github/SECURITY.md) for more details. 2 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Compiled Object files 2 | *.slo 3 | *.lo 4 | *.o 5 | *.obj 6 | 7 | # Precompiled Headers 8 | *.gch 9 | *.pch 10 | 11 | # Compiled Dynamic libraries 12 | *.so 13 | *.dylib 14 | *.dll 15 | 16 | # Compiled Static libraries 17 | *.lai 18 | *.la 19 | *.a 20 | *.lib 21 | 22 | # Executables 23 | *.exe 24 | *.out 25 | *.app 26 | 27 | .idea/ 28 | .project 29 | 30 | # Bazel 31 | /bazel-* 32 | 33 | # protoc 34 | /protoc-tmp 35 | genbin/ 36 | 37 | /vendor 38 | 39 | .htmlproofer 40 | 41 | # Contains the built artifacts 42 | out/ 43 | -------------------------------------------------------------------------------- /BUGS-AND-FEATURE-REQUESTS.md: -------------------------------------------------------------------------------- 1 | # Bugs and Feature Requests 2 | 3 | You can report bugs and feature requests to the Istio team in one of three places: 4 | 5 | - [Product Bugs and Feature Requests](https://github.com/istio/istio/issues) 6 | - [Documentation Bugs and Feature Requests](https://github.com/istio/istio.io/issues) 7 | - [Community and Governance Issues](https://github.com/istio/community/issues) 8 | 9 | For security vulnerabilities, please don't report a bug (which is public) and instead follow 10 | [these procedures](https://istio.io/about/security-vulnerabilities/). 11 | -------------------------------------------------------------------------------- /CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @istio/technical-oversight-committee 2 | /Makefile* @istio/wg-test-and-release-maintainers 3 | /*.md @istio/wg-test-and-release-maintainers 4 | /common/ @istio/wg-test-and-release-maintainers 5 | /common-protos/ @istio/wg-test-and-release-maintainers 6 | /scripts/ @istio/wg-test-and-release-maintainers 7 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contribution guidelines 2 | 3 | So you want to hack on Istio? Yay! Please refer to Istio's overall 4 | [contribution guidelines](https://github.com/istio/community/blob/master/CONTRIBUTING.md) 5 | to find out how you can help. 6 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 2 | # 3 | # The original version of this file is located in the https://github.com/istio/common-files repo. 4 | # If you're looking at this file in a different repo and want to make a change, please go to the 5 | # common-files repo, make the change there and check it in. Then come back to this repo and run 6 | # "make update-common". 7 | 8 | # Copyright Istio Authors 9 | # 10 | # Licensed under the Apache License, Version 2.0 (the "License"); 11 | # you may not use this file except in compliance with the License. 12 | # You may obtain a copy of the License at 13 | # 14 | # http://www.apache.org/licenses/LICENSE-2.0 15 | # 16 | # Unless required by applicable law or agreed to in writing, software 17 | # distributed under the License is distributed on an "AS IS" BASIS, 18 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 | # See the License for the specific language governing permissions and 20 | # limitations under the License. 21 | 22 | SHELL := /usr/bin/env bash 23 | 24 | # allow optional per-repo overrides 25 | -include Makefile.overrides.mk 26 | 27 | # Set the environment variable BUILD_WITH_CONTAINER to use a container 28 | # to build the repo. The only dependencies in this mode are to have make and 29 | # docker. If you'd rather build with a local tool chain instead, you'll need to 30 | # figure out all the tools you need in your environment to make that work. 31 | export BUILD_WITH_CONTAINER ?= 0 32 | 33 | ifeq ($(BUILD_WITH_CONTAINER),1) 34 | 35 | # An export free of arguments in a Makefile places all variables in the Makefile into the 36 | # environment. This is needed to allow overrides from Makefile.overrides.mk. 37 | export 38 | 39 | RUN = ./common/scripts/run.sh 40 | 41 | MAKE_DOCKER = $(RUN) make --no-print-directory -e -f Makefile.core.mk 42 | 43 | %: 44 | @$(MAKE_DOCKER) $@ 45 | 46 | default: 47 | @$(MAKE_DOCKER) 48 | 49 | shell: 50 | @$(RUN) /bin/bash 51 | 52 | .PHONY: default shell 53 | 54 | else 55 | 56 | # If we are not in build container, we need a workaround to get environment properly set 57 | # Write to file, then include 58 | $(shell mkdir -p out) 59 | $(shell $(shell pwd)/common/scripts/setup_env.sh envfile > out/.env) 60 | include out/.env 61 | # An export free of arguments in a Makefile places all variables in the Makefile into the 62 | # environment. This behavior may be surprising to many that use shell often, which simply 63 | # displays the existing environment 64 | export 65 | 66 | export GOBIN ?= $(GOPATH)/bin 67 | include Makefile.core.mk 68 | 69 | endif 70 | -------------------------------------------------------------------------------- /Makefile.overrides.mk: -------------------------------------------------------------------------------- 1 | # Copyright 2019 Istio Authors 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # this repo is on the container plan by default 16 | BUILD_WITH_CONTAINER ?= 1 17 | 18 | 19 | # if enabled, will verify that schema definitions match between versions (ie. v1alpha3 & v1beta1). 20 | # only works with apiextensions.k8s.io/v1 kubernetes api (not with v1beta1) 21 | VERIFY_CRDS_SCHEMA ?= 0 22 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Istio APIs and Common Configuration Definitions 2 | 3 | This repository defines component-level APIs and common configuration formats for the Istio 4 | platform. These definitions are specified using the [protobuf](https://github.com/google/protobuf) 5 | syntax. 6 | 7 | This repository depends only on the [tools](https://github.com/istio/tools) repository for tools used during build. This repository *will not* depend on any 8 | other repositories. Except for tools, all other Istio repositories can take a dependency on the api repository. 9 | 10 | ## API Guidelines 11 | 12 | When making changes to the protos in this repository, your changes **must** comply with the [API guidelines](./GUIDELINES.md). 13 | 14 | ## Updating 15 | 16 | After the [protobuf](https://github.com/google/protobuf) definitions 17 | are updated, the corresponding `*pb.go`, `_pb2.py`, `*.json` and 18 | Kubernetes Custom Resource Definition files must be 19 | generated by running `make gen` and submitted as 20 | part of the same PR as the updated definitions. Also `make 21 | gen` will update the proto.lock file with new changes. 22 | 23 | ## Backwards Incompatible Changes 24 | 25 | If a PR tries to make backwards incompatible changes, it will be blocked by `buf breaking`. 26 | If there are legitimate reasons to make these breaking changes forever, the configuration in [`buf.yaml`](buf.yaml) can be changed. 27 | If it is a one-off case, the PR can be force approved skipping the test. 28 | -------------------------------------------------------------------------------- /SUPPORT.md: -------------------------------------------------------------------------------- 1 | # Support 2 | 3 | Here are some resources to help you understand and use Istio: 4 | 5 | - For in-depth information about how to use Istio, visit [istio.io](https://istio.io) 6 | - To ask questions and get assistance from our community, visit [GitHub Discussions](https://github.com/istio/istio/discussions) 7 | - To learn how to participate in our overall community, visit [our community page](https://istio.io/latest/get-involved/) 8 | -------------------------------------------------------------------------------- /buf.gen-golang.yaml: -------------------------------------------------------------------------------- 1 | # buf.gen.yaml sets up the generation configuration for all of our plugins. 2 | # Note: buf does not allow multi roots that are within each other; as a result, the common-protos folders are 3 | # symlinked into the top level directory. 4 | version: v1 5 | plugins: 6 | - name: go 7 | out: . 8 | opt: paths=source_relative -------------------------------------------------------------------------------- /buf.gen-noncrd.yaml: -------------------------------------------------------------------------------- 1 | version: v1 2 | plugins: 3 | - name: go 4 | out: . 5 | opt: paths=source_relative 6 | - name: go-grpc 7 | out: . 8 | opt: paths=source_relative 9 | - name: docs 10 | out: . 11 | opt: warnings=false,dictionary=./dictionaries/en-US,custom_word_list=./dictionaries/custom.txt,per_file=true,mode=html_fragment_with_front_matter 12 | - name: golang-jsonshim 13 | out: . 14 | opt: paths=source_relative -------------------------------------------------------------------------------- /buf.gen.yaml: -------------------------------------------------------------------------------- 1 | # buf.gen.yaml sets up the generation configuration for all of our plugins. 2 | # Note: buf does not allow multi roots that are within each other; as a result, the common-protos folders are 3 | # symlinked into the top level directory. 4 | version: v1 5 | plugins: 6 | - name: go 7 | out: . 8 | opt: paths=source_relative 9 | - name: go-grpc 10 | out: . 11 | opt: paths=source_relative 12 | - name: golang-deepcopy 13 | out: . 14 | opt: paths=source_relative 15 | - name: crd 16 | out: . 17 | strategy: all 18 | - name: golang-jsonshim 19 | out: . 20 | opt: paths=source_relative 21 | - name: alias 22 | out: . 23 | opt: paths=source_relative 24 | - name: docs 25 | out: . 26 | opt: warnings=false,dictionary=./dictionaries/en-US,custom_word_list=./dictionaries/custom.txt,per_file=true,mode=html_fragment_with_front_matter 27 | -------------------------------------------------------------------------------- /buf.yaml: -------------------------------------------------------------------------------- 1 | version: v1 2 | build: 3 | excludes: 4 | - common-protos 5 | breaking: 6 | use: 7 | - WIRE_JSON 8 | lint: 9 | use: 10 | - BASIC 11 | except: 12 | - FIELD_LOWER_SNAKE_CASE 13 | - PACKAGE_DIRECTORY_MATCH 14 | allow_comment_ignores: true 15 | -------------------------------------------------------------------------------- /clean.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eu 18 | 19 | PATTERNS="_deepcopy.gen.go .gen.json .pb.go .pb.html _json.gen.go customresourcedefinitions.gen.yaml" 20 | shopt -s globstar 21 | 22 | for p in $PATTERNS; do 23 | rm -f ./**/*"${p}" 24 | done 25 | -------------------------------------------------------------------------------- /common-protos/.commonfiles.sha: -------------------------------------------------------------------------------- 1 | d309fa11788426a813280dc0ab06e160893d0dad 2 | -------------------------------------------------------------------------------- /common-protos/google/api/annotations.proto: -------------------------------------------------------------------------------- 1 | // Copyright (c) 2015, Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package google.api; 18 | 19 | import "google/api/http.proto"; 20 | import "google/protobuf/descriptor.proto"; 21 | 22 | option go_package = "google.golang.org/genproto/googleapis/api/annotations;annotations"; 23 | option java_multiple_files = true; 24 | option java_outer_classname = "AnnotationsProto"; 25 | option java_package = "com.google.api"; 26 | option objc_class_prefix = "GAPI"; 27 | 28 | extend google.protobuf.MethodOptions { 29 | // See `HttpRule`. 30 | HttpRule http = 72295728; 31 | } 32 | -------------------------------------------------------------------------------- /common-protos/google/api/billing.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api; 19 | 20 | import "google/api/metric.proto"; 21 | 22 | option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig"; 23 | option java_multiple_files = true; 24 | option java_outer_classname = "BillingProto"; 25 | option java_package = "com.google.api"; 26 | option objc_class_prefix = "GAPI"; 27 | 28 | // Billing related configuration of the service. 29 | // 30 | // The following example shows how to configure monitored resources and metrics 31 | // for billing: 32 | // 33 | // monitored_resources: 34 | // - type: library.googleapis.com/branch 35 | // labels: 36 | // - key: /city 37 | // description: The city where the library branch is located in. 38 | // - key: /name 39 | // description: The name of the branch. 40 | // metrics: 41 | // - name: library.googleapis.com/book/borrowed_count 42 | // metric_kind: DELTA 43 | // value_type: INT64 44 | // billing: 45 | // consumer_destinations: 46 | // - monitored_resource: library.googleapis.com/branch 47 | // metrics: 48 | // - library.googleapis.com/book/borrowed_count 49 | message Billing { 50 | // Configuration of a specific billing destination (Currently only support 51 | // bill against consumer project). 52 | message BillingDestination { 53 | // The monitored resource type. The type must be defined in 54 | // [Service.monitored_resources][google.api.Service.monitored_resources] section. 55 | string monitored_resource = 1; 56 | 57 | // Names of the metrics to report to this billing destination. 58 | // Each name must be defined in [Service.metrics][google.api.Service.metrics] section. 59 | repeated string metrics = 2; 60 | } 61 | 62 | // Billing configurations for sending metrics to the consumer project. 63 | // There can be multiple consumer destinations per service, each one must have 64 | // a different monitored resource type. A metric can be used in at most 65 | // one consumer destination. 66 | repeated BillingDestination consumer_destinations = 8; 67 | } 68 | -------------------------------------------------------------------------------- /common-protos/google/api/consumer.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2016 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package google.api; 18 | 19 | option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig"; 20 | option java_multiple_files = true; 21 | option java_outer_classname = "ConsumerProto"; 22 | option java_package = "com.google.api"; 23 | 24 | // A descriptor for defining project properties for a service. One service may 25 | // have many consumer projects, and the service may want to behave differently 26 | // depending on some properties on the project. For example, a project may be 27 | // associated with a school, or a business, or a government agency, a business 28 | // type property on the project may affect how a service responds to the client. 29 | // This descriptor defines which properties are allowed to be set on a project. 30 | // 31 | // Example: 32 | // 33 | // project_properties: 34 | // properties: 35 | // - name: NO_WATERMARK 36 | // type: BOOL 37 | // description: Allows usage of the API without watermarks. 38 | // - name: EXTENDED_TILE_CACHE_PERIOD 39 | // type: INT64 40 | message ProjectProperties { 41 | // List of per consumer project-specific properties. 42 | repeated Property properties = 1; 43 | } 44 | 45 | // Defines project properties. 46 | // 47 | // API services can define properties that can be assigned to consumer projects 48 | // so that backends can perform response customization without having to make 49 | // additional calls or maintain additional storage. For example, Maps API 50 | // defines properties that controls map tile cache period, or whether to embed a 51 | // watermark in a result. 52 | // 53 | // These values can be set via API producer console. Only API providers can 54 | // define and set these properties. 55 | message Property { 56 | // Supported data type of the property values 57 | enum PropertyType { 58 | // The type is unspecified, and will result in an error. 59 | UNSPECIFIED = 0; 60 | 61 | // The type is `int64`. 62 | INT64 = 1; 63 | 64 | // The type is `bool`. 65 | BOOL = 2; 66 | 67 | // The type is `string`. 68 | STRING = 3; 69 | 70 | // The type is 'double'. 71 | DOUBLE = 4; 72 | } 73 | 74 | // The name of the property (a.k.a key). 75 | string name = 1; 76 | 77 | // The type of this property. 78 | PropertyType type = 2; 79 | 80 | // The description of the property 81 | string description = 3; 82 | } 83 | -------------------------------------------------------------------------------- /common-protos/google/api/control.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api; 19 | 20 | option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig"; 21 | option java_multiple_files = true; 22 | option java_outer_classname = "ControlProto"; 23 | option java_package = "com.google.api"; 24 | option objc_class_prefix = "GAPI"; 25 | 26 | // Selects and configures the service controller used by the service. The 27 | // service controller handles features like abuse, quota, billing, logging, 28 | // monitoring, etc. 29 | message Control { 30 | // The service control environment to use. If empty, no control plane 31 | // feature (like quota and billing) will be enabled. 32 | string environment = 1; 33 | } 34 | -------------------------------------------------------------------------------- /common-protos/google/api/expr/v1alpha1/cel_service.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api.expr.v1alpha1; 19 | 20 | import "google/api/expr/v1alpha1/conformance_service.proto"; 21 | 22 | option cc_enable_arenas = true; 23 | option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr"; 24 | option java_multiple_files = true; 25 | option java_outer_classname = "CelServiceProto"; 26 | option java_package = "com.google.api.expr.v1alpha1"; 27 | 28 | // Access a CEL implementation from another process or machine. 29 | // A CEL implementation is decomposed as a parser, a static checker, 30 | // and an evaluator. Every CEL implementation is expected to provide 31 | // a server for this API. The API will be used for conformance testing, 32 | // utilities, and execution as a service. 33 | service CelService { 34 | // Transforms CEL source text into a parsed representation. 35 | rpc Parse(ParseRequest) returns (ParseResponse) {} 36 | 37 | // Runs static checks on a parsed CEL representation and return 38 | // an annotated representation, or a set of issues. 39 | rpc Check(CheckRequest) returns (CheckResponse) {} 40 | 41 | // Evaluates a parsed or annotation CEL representation given 42 | // values of external bindings. 43 | rpc Eval(EvalRequest) returns (EvalResponse) {} 44 | } 45 | -------------------------------------------------------------------------------- /common-protos/google/api/expr/v1alpha1/explain.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api.expr.v1alpha1; 19 | 20 | import "google/api/expr/v1alpha1/value.proto"; 21 | 22 | option cc_enable_arenas = true; 23 | option go_package = "google.golang.org/genproto/googleapis/api/expr/v1alpha1;expr"; 24 | option java_multiple_files = true; 25 | option java_outer_classname = "ExplainProto"; 26 | option java_package = "com.google.api.expr.v1alpha1"; 27 | 28 | // Values of intermediate expressions produced when evaluating expression. 29 | // Deprecated, use `EvalState` instead. 30 | message Explain { 31 | option deprecated = true; 32 | 33 | // ID and value index of one step. 34 | message ExprStep { 35 | // ID of corresponding Expr node. 36 | int64 id = 1; 37 | 38 | // Index of the value in the values list. 39 | int32 value_index = 2; 40 | } 41 | 42 | // All of the observed values. 43 | // 44 | // The field value_index is an index in the values list. 45 | // Separating values from steps is needed to remove redundant values. 46 | repeated Value values = 1; 47 | 48 | // List of steps. 49 | // 50 | // Repeated evaluations of the same expression generate new ExprStep 51 | // instances. The order of such ExprStep instances matches the order of 52 | // elements returned by Comprehension.iter_range. 53 | repeated ExprStep expr_steps = 2; 54 | } 55 | -------------------------------------------------------------------------------- /common-protos/google/api/expr/v1beta1/decl.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api.expr.v1beta1; 19 | 20 | import "google/api/expr/v1beta1/expr.proto"; 21 | 22 | option cc_enable_arenas = true; 23 | option go_package = "google.golang.org/genproto/googleapis/api/expr/v1beta1;expr"; 24 | option java_multiple_files = true; 25 | option java_outer_classname = "DeclProto"; 26 | option java_package = "com.google.api.expr.v1beta1"; 27 | 28 | // A declaration. 29 | message Decl { 30 | // The id of the declaration. 31 | int32 id = 1; 32 | 33 | // The name of the declaration. 34 | string name = 2; 35 | 36 | // The documentation string for the declaration. 37 | string doc = 3; 38 | 39 | // The kind of declaration. 40 | oneof kind { 41 | // An identifier declaration. 42 | IdentDecl ident = 4; 43 | 44 | // A function declaration. 45 | FunctionDecl function = 5; 46 | } 47 | } 48 | 49 | // The declared type of a variable. 50 | // 51 | // Extends runtime type values with extra information used for type checking 52 | // and dispatching. 53 | message DeclType { 54 | // The expression id of the declared type, if applicable. 55 | int32 id = 1; 56 | 57 | // The type name, e.g. 'int', 'my.type.Type' or 'T' 58 | string type = 2; 59 | 60 | // An ordered list of type parameters, e.g. ``. 61 | // Only applies to a subset of types, e.g. `map`, `list`. 62 | repeated DeclType type_params = 4; 63 | } 64 | 65 | // An identifier declaration. 66 | message IdentDecl { 67 | // Optional type of the identifier. 68 | DeclType type = 3; 69 | 70 | // Optional value of the identifier. 71 | Expr value = 4; 72 | } 73 | 74 | // A function declaration. 75 | message FunctionDecl { 76 | // The function arguments. 77 | repeated IdentDecl args = 1; 78 | 79 | // Optional declared return type. 80 | DeclType return_type = 2; 81 | 82 | // If the first argument of the function is the receiver. 83 | bool receiver_function = 3; 84 | } 85 | -------------------------------------------------------------------------------- /common-protos/google/api/expr/v1beta1/source.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api.expr.v1beta1; 19 | 20 | option cc_enable_arenas = true; 21 | option go_package = "google.golang.org/genproto/googleapis/api/expr/v1beta1;expr"; 22 | option java_multiple_files = true; 23 | option java_outer_classname = "SourceProto"; 24 | option java_package = "com.google.api.expr.v1beta1"; 25 | 26 | // Source information collected at parse time. 27 | message SourceInfo { 28 | // The location name. All position information attached to an expression is 29 | // relative to this location. 30 | // 31 | // The location could be a file, UI element, or similar. For example, 32 | // `acme/app/AnvilPolicy.cel`. 33 | string location = 2; 34 | 35 | // Monotonically increasing list of character offsets where newlines appear. 36 | // 37 | // The line number of a given position is the index `i` where for a given 38 | // `id` the `line_offsets[i] < id_positions[id] < line_offsets[i+1]`. The 39 | // column may be derivd from `id_positions[id] - line_offsets[i]`. 40 | repeated int32 line_offsets = 3; 41 | 42 | // A map from the parse node id (e.g. `Expr.id`) to the character offset 43 | // within source. 44 | map positions = 4; 45 | } 46 | 47 | // A specific position in source. 48 | message SourcePosition { 49 | // The soucre location name (e.g. file name). 50 | string location = 1; 51 | 52 | // The character offset. 53 | int32 offset = 2; 54 | 55 | // The 1-based index of the starting line in the source text 56 | // where the issue occurs, or 0 if unknown. 57 | int32 line = 3; 58 | 59 | // The 0-based index of the starting position within the line of source text 60 | // where the issue occurs. Only meaningful if line is nonzer.. 61 | int32 column = 4; 62 | } 63 | -------------------------------------------------------------------------------- /common-protos/google/api/httpbody.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api; 19 | 20 | import "google/protobuf/any.proto"; 21 | 22 | option cc_enable_arenas = true; 23 | option go_package = "google.golang.org/genproto/googleapis/api/httpbody;httpbody"; 24 | option java_multiple_files = true; 25 | option java_outer_classname = "HttpBodyProto"; 26 | option java_package = "com.google.api"; 27 | option objc_class_prefix = "GAPI"; 28 | 29 | // Message that represents an arbitrary HTTP body. It should only be used for 30 | // payload formats that can't be represented as JSON, such as raw binary or 31 | // an HTML page. 32 | // 33 | // 34 | // This message can be used both in streaming and non-streaming API methods in 35 | // the request as well as the response. 36 | // 37 | // It can be used as a top-level request field, which is convenient if one 38 | // wants to extract parameters from either the URL or HTTP template into the 39 | // request fields and also want access to the raw HTTP body. 40 | // 41 | // Example: 42 | // 43 | // message GetResourceRequest { 44 | // // A unique request id. 45 | // string request_id = 1; 46 | // 47 | // // The raw HTTP body is bound to this field. 48 | // google.api.HttpBody http_body = 2; 49 | // } 50 | // 51 | // service ResourceService { 52 | // rpc GetResource(GetResourceRequest) returns (google.api.HttpBody); 53 | // rpc UpdateResource(google.api.HttpBody) returns 54 | // (google.protobuf.Empty); 55 | // } 56 | // 57 | // Example with streaming methods: 58 | // 59 | // service CaldavService { 60 | // rpc GetCalendar(stream google.api.HttpBody) 61 | // returns (stream google.api.HttpBody); 62 | // rpc UpdateCalendar(stream google.api.HttpBody) 63 | // returns (stream google.api.HttpBody); 64 | // } 65 | // 66 | // Use of this type only changes how the request and response bodies are 67 | // handled, all other features will continue to work unchanged. 68 | message HttpBody { 69 | // The HTTP Content-Type header value specifying the content type of the body. 70 | string content_type = 1; 71 | 72 | // The HTTP request/response body as raw binary. 73 | bytes data = 2; 74 | 75 | // Application specific response metadata. Must be set in the first response 76 | // for streaming APIs. 77 | repeated google.protobuf.Any extensions = 3; 78 | } 79 | -------------------------------------------------------------------------------- /common-protos/google/api/label.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api; 19 | 20 | option cc_enable_arenas = true; 21 | option go_package = "google.golang.org/genproto/googleapis/api/label;label"; 22 | option java_multiple_files = true; 23 | option java_outer_classname = "LabelProto"; 24 | option java_package = "com.google.api"; 25 | option objc_class_prefix = "GAPI"; 26 | 27 | // A description of a label. 28 | message LabelDescriptor { 29 | // Value types that can be used as label values. 30 | enum ValueType { 31 | // A variable-length string. This is the default. 32 | STRING = 0; 33 | 34 | // Boolean; true or false. 35 | BOOL = 1; 36 | 37 | // A 64-bit signed integer. 38 | INT64 = 2; 39 | } 40 | 41 | // The label key. 42 | string key = 1; 43 | 44 | // The type of data that can be assigned to the label. 45 | ValueType value_type = 2; 46 | 47 | // A human-readable description for the label. 48 | string description = 3; 49 | } 50 | -------------------------------------------------------------------------------- /common-protos/google/api/log.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api; 19 | 20 | import "google/api/label.proto"; 21 | 22 | option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig"; 23 | option java_multiple_files = true; 24 | option java_outer_classname = "LogProto"; 25 | option java_package = "com.google.api"; 26 | option objc_class_prefix = "GAPI"; 27 | 28 | // A description of a log type. Example in YAML format: 29 | // 30 | // - name: library.googleapis.com/activity_history 31 | // description: The history of borrowing and returning library items. 32 | // display_name: Activity 33 | // labels: 34 | // - key: /customer_id 35 | // description: Identifier of a library customer 36 | message LogDescriptor { 37 | // The name of the log. It must be less than 512 characters long and can 38 | // include the following characters: upper- and lower-case alphanumeric 39 | // characters [A-Za-z0-9], and punctuation characters including 40 | // slash, underscore, hyphen, period [/_-.]. 41 | string name = 1; 42 | 43 | // The set of labels that are available to describe a specific log entry. 44 | // Runtime requests that contain labels not specified here are 45 | // considered invalid. 46 | repeated LabelDescriptor labels = 2; 47 | 48 | // A human-readable description of this log. This information appears in 49 | // the documentation and can contain details. 50 | string description = 3; 51 | 52 | // The human-readable name for this log. This information appears on 53 | // the user interface and should be concise. 54 | string display_name = 4; 55 | } 56 | -------------------------------------------------------------------------------- /common-protos/google/api/servicecontrol/v1/log_entry.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package google.api.servicecontrol.v1; 18 | 19 | import "google/api/annotations.proto"; 20 | import "google/logging/type/log_severity.proto"; 21 | import "google/protobuf/any.proto"; 22 | import "google/protobuf/struct.proto"; 23 | import "google/protobuf/timestamp.proto"; 24 | 25 | option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol"; 26 | option java_multiple_files = true; 27 | option java_outer_classname = "LogEntryProto"; 28 | option java_package = "com.google.api.servicecontrol.v1"; 29 | 30 | // An individual log entry. 31 | message LogEntry { 32 | // Required. The log to which this log entry belongs. Examples: `"syslog"`, 33 | // `"book_log"`. 34 | string name = 10; 35 | 36 | // The time the event described by the log entry occurred. If 37 | // omitted, defaults to operation start time. 38 | google.protobuf.Timestamp timestamp = 11; 39 | 40 | // The severity of the log entry. The default value is 41 | // `LogSeverity.DEFAULT`. 42 | google.logging.type.LogSeverity severity = 12; 43 | 44 | // A unique ID for the log entry used for deduplication. If omitted, 45 | // the implementation will generate one based on operation_id. 46 | string insert_id = 4; 47 | 48 | // A set of user-defined (key, value) data that provides additional 49 | // information about the log entry. 50 | map labels = 13; 51 | 52 | // The log entry payload, which can be one of multiple types. 53 | oneof payload { 54 | // The log entry payload, represented as a protocol buffer that is 55 | // expressed as a JSON object. The only accepted type currently is 56 | // [AuditLog][google.cloud.audit.AuditLog]. 57 | google.protobuf.Any proto_payload = 2; 58 | 59 | // The log entry payload, represented as a Unicode string (UTF-8). 60 | string text_payload = 3; 61 | 62 | // The log entry payload, represented as a structure that 63 | // is expressed as a JSON object. 64 | google.protobuf.Struct struct_payload = 6; 65 | } 66 | } 67 | -------------------------------------------------------------------------------- /common-protos/google/api/servicecontrol/v1/metric_value.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2017 Google Inc. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package google.api.servicecontrol.v1; 18 | 19 | import "google/api/annotations.proto"; 20 | import "google/api/servicecontrol/v1/distribution.proto"; 21 | import "google/protobuf/timestamp.proto"; 22 | import "google/type/money.proto"; 23 | 24 | option cc_enable_arenas = true; 25 | option go_package = "google.golang.org/genproto/googleapis/api/servicecontrol/v1;servicecontrol"; 26 | option java_multiple_files = true; 27 | option java_outer_classname = "MetricValueSetProto"; 28 | option java_package = "com.google.api.servicecontrol.v1"; 29 | 30 | // Represents a single metric value. 31 | message MetricValue { 32 | // The labels describing the metric value. 33 | // See comments on 34 | // [google.api.servicecontrol.v1.Operation.labels][google.api.servicecontrol.v1.Operation.labels] 35 | // for the overriding relationship. 36 | map labels = 1; 37 | 38 | // The start of the time period over which this metric value's measurement 39 | // applies. The time period has different semantics for different metric 40 | // types (cumulative, delta, and gauge). See the metric definition 41 | // documentation in the service configuration for details. 42 | google.protobuf.Timestamp start_time = 2; 43 | 44 | // The end of the time period over which this metric value's measurement 45 | // applies. 46 | google.protobuf.Timestamp end_time = 3; 47 | 48 | // The value. The type of value used in the request must 49 | // agree with the metric definition in the service configuration, otherwise 50 | // the MetricValue is rejected. 51 | oneof value { 52 | // A boolean value. 53 | bool bool_value = 4; 54 | 55 | // A signed 64-bit integer value. 56 | int64 int64_value = 5; 57 | 58 | // A double precision floating point value. 59 | double double_value = 6; 60 | 61 | // A text string value. 62 | string string_value = 7; 63 | 64 | // A distribution value. 65 | Distribution distribution_value = 8; 66 | } 67 | } 68 | 69 | // Represents a set of metric values in the same metric. 70 | // Each metric value in the set should have a unique combination of start time, 71 | // end time, and label values. 72 | message MetricValueSet { 73 | // The metric name defined in the service configuration. 74 | string metric_name = 1; 75 | 76 | // The values in this metric. 77 | repeated MetricValue metric_values = 2; 78 | } 79 | -------------------------------------------------------------------------------- /common-protos/google/api/source_info.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.api; 19 | 20 | import "google/protobuf/any.proto"; 21 | 22 | option go_package = "google.golang.org/genproto/googleapis/api/serviceconfig;serviceconfig"; 23 | option java_multiple_files = true; 24 | option java_outer_classname = "SourceInfoProto"; 25 | option java_package = "com.google.api"; 26 | option objc_class_prefix = "GAPI"; 27 | 28 | // Source information used to create a Service Config 29 | message SourceInfo { 30 | // All files used during config generation. 31 | repeated google.protobuf.Any source_files = 1; 32 | } 33 | -------------------------------------------------------------------------------- /common-protos/google/protobuf/empty.proto: -------------------------------------------------------------------------------- 1 | // Protocol Buffers - Google's data interchange format 2 | // Copyright 2008 Google Inc. All rights reserved. 3 | // https://developers.google.com/protocol-buffers/ 4 | // 5 | // Redistribution and use in source and binary forms, with or without 6 | // modification, are permitted provided that the following conditions are 7 | // met: 8 | // 9 | // * Redistributions of source code must retain the above copyright 10 | // notice, this list of conditions and the following disclaimer. 11 | // * Redistributions in binary form must reproduce the above 12 | // copyright notice, this list of conditions and the following disclaimer 13 | // in the documentation and/or other materials provided with the 14 | // distribution. 15 | // * Neither the name of Google Inc. nor the names of its 16 | // contributors may be used to endorse or promote products derived from 17 | // this software without specific prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | 31 | syntax = "proto3"; 32 | 33 | package google.protobuf; 34 | 35 | option csharp_namespace = "Google.Protobuf.WellKnownTypes"; 36 | option go_package = "github.com/golang/protobuf/ptypes/empty"; 37 | option java_package = "com.google.protobuf"; 38 | option java_outer_classname = "EmptyProto"; 39 | option java_multiple_files = true; 40 | option objc_class_prefix = "GPB"; 41 | option cc_enable_arenas = true; 42 | 43 | // A generic empty message that you can re-use to avoid defining duplicated 44 | // empty messages in your APIs. A typical example is to use it as the request 45 | // or the response type of an API method. For instance: 46 | // 47 | // service Foo { 48 | // rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 49 | // } 50 | // 51 | // The JSON representation for `Empty` is empty JSON object `{}`. 52 | message Empty {} 53 | -------------------------------------------------------------------------------- /common-protos/google/protobuf/source_context.proto: -------------------------------------------------------------------------------- 1 | // Protocol Buffers - Google's data interchange format 2 | // Copyright 2008 Google Inc. All rights reserved. 3 | // https://developers.google.com/protocol-buffers/ 4 | // 5 | // Redistribution and use in source and binary forms, with or without 6 | // modification, are permitted provided that the following conditions are 7 | // met: 8 | // 9 | // * Redistributions of source code must retain the above copyright 10 | // notice, this list of conditions and the following disclaimer. 11 | // * Redistributions in binary form must reproduce the above 12 | // copyright notice, this list of conditions and the following disclaimer 13 | // in the documentation and/or other materials provided with the 14 | // distribution. 15 | // * Neither the name of Google Inc. nor the names of its 16 | // contributors may be used to endorse or promote products derived from 17 | // this software without specific prior written permission. 18 | // 19 | // THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 20 | // "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 21 | // LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 22 | // A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 23 | // OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 24 | // SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 25 | // LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 26 | // DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 27 | // THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 28 | // (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 29 | // OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 30 | 31 | syntax = "proto3"; 32 | 33 | package google.protobuf; 34 | 35 | option csharp_namespace = "Google.Protobuf.WellKnownTypes"; 36 | option java_package = "com.google.protobuf"; 37 | option java_outer_classname = "SourceContextProto"; 38 | option java_multiple_files = true; 39 | option objc_class_prefix = "GPB"; 40 | option go_package = "google.golang.org/genproto/protobuf/source_context;source_context"; 41 | 42 | // `SourceContext` represents information about the source of a 43 | // protobuf element, like the file in which it is defined. 44 | message SourceContext { 45 | // The path-qualified name of the .proto file that contained the associated 46 | // protobuf element. For example: `"google/protobuf/source_context.proto"`. 47 | string file_name = 1; 48 | } 49 | -------------------------------------------------------------------------------- /common-protos/google/type/calendar_period.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.type; 19 | 20 | option go_package = "google.golang.org/genproto/googleapis/type/calendarperiod;calendarperiod"; 21 | option java_multiple_files = true; 22 | option java_outer_classname = "CalendarPeriodProto"; 23 | option java_package = "com.google.type"; 24 | option objc_class_prefix = "GTP"; 25 | 26 | 27 | // A `CalendarPeriod` represents the abstract concept of a time period that has 28 | // a canonical start. Grammatically, "the start of the current 29 | // `CalendarPeriod`." All calendar times begin at midnight UTC. 30 | enum CalendarPeriod { 31 | // Undefined period, raises an error. 32 | CALENDAR_PERIOD_UNSPECIFIED = 0; 33 | 34 | // A day. 35 | DAY = 1; 36 | 37 | // A week. Weeks begin on Monday, following 38 | // [ISO 8601](https://en.wikipedia.org/wiki/ISO_week_date). 39 | WEEK = 2; 40 | 41 | // A fortnight. The first calendar fortnight of the year begins at the start 42 | // of week 1 according to 43 | // [ISO 8601](https://en.wikipedia.org/wiki/ISO_week_date). 44 | FORTNIGHT = 3; 45 | 46 | // A month. 47 | MONTH = 4; 48 | 49 | // A quarter. Quarters start on dates 1-Jan, 1-Apr, 1-Jul, and 1-Oct of each 50 | // year. 51 | QUARTER = 5; 52 | 53 | // A half-year. Half-years start on dates 1-Jan and 1-Jul. 54 | HALF = 6; 55 | 56 | // A year. 57 | YEAR = 7; 58 | } 59 | -------------------------------------------------------------------------------- /common-protos/google/type/date.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.type; 19 | 20 | option cc_enable_arenas = true; 21 | option go_package = "google.golang.org/genproto/googleapis/type/date;date"; 22 | option java_multiple_files = true; 23 | option java_outer_classname = "DateProto"; 24 | option java_package = "com.google.type"; 25 | option objc_class_prefix = "GTP"; 26 | 27 | 28 | // Represents a whole or partial calendar date, e.g. a birthday. The time of day 29 | // and time zone are either specified elsewhere or are not significant. The date 30 | // is relative to the Proleptic Gregorian Calendar. This can represent: 31 | // 32 | // * A full date, with non-zero year, month and day values 33 | // * A month and day value, with a zero year, e.g. an anniversary 34 | // * A year on its own, with zero month and day values 35 | // * A year and month value, with a zero day, e.g. a credit card expiration date 36 | // 37 | // Related types are [google.type.TimeOfDay][google.type.TimeOfDay] and `google.protobuf.Timestamp`. 38 | message Date { 39 | // Year of date. Must be from 1 to 9999, or 0 if specifying a date without 40 | // a year. 41 | int32 year = 1; 42 | 43 | // Month of year. Must be from 1 to 12, or 0 if specifying a year without a 44 | // month and day. 45 | int32 month = 2; 46 | 47 | // Day of month. Must be from 1 to 31 and valid for the year and month, or 0 48 | // if specifying a year by itself or a year and month where the day is not 49 | // significant. 50 | int32 day = 3; 51 | } 52 | -------------------------------------------------------------------------------- /common-protos/google/type/dayofweek.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.type; 19 | 20 | option go_package = "google.golang.org/genproto/googleapis/type/dayofweek;dayofweek"; 21 | option java_multiple_files = true; 22 | option java_outer_classname = "DayOfWeekProto"; 23 | option java_package = "com.google.type"; 24 | option objc_class_prefix = "GTP"; 25 | 26 | 27 | // Represents a day of week. 28 | enum DayOfWeek { 29 | // The unspecified day-of-week. 30 | DAY_OF_WEEK_UNSPECIFIED = 0; 31 | 32 | // The day-of-week of Monday. 33 | MONDAY = 1; 34 | 35 | // The day-of-week of Tuesday. 36 | TUESDAY = 2; 37 | 38 | // The day-of-week of Wednesday. 39 | WEDNESDAY = 3; 40 | 41 | // The day-of-week of Thursday. 42 | THURSDAY = 4; 43 | 44 | // The day-of-week of Friday. 45 | FRIDAY = 5; 46 | 47 | // The day-of-week of Saturday. 48 | SATURDAY = 6; 49 | 50 | // The day-of-week of Sunday. 51 | SUNDAY = 7; 52 | } 53 | -------------------------------------------------------------------------------- /common-protos/google/type/expr.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.type; 19 | 20 | option go_package = "google.golang.org/genproto/googleapis/type/expr;expr"; 21 | option java_multiple_files = true; 22 | option java_outer_classname = "ExprProto"; 23 | option java_package = "com.google.type"; 24 | option objc_class_prefix = "GTP"; 25 | 26 | 27 | // Represents an expression text. Example: 28 | // 29 | // title: "User account presence" 30 | // description: "Determines whether the request has a user account" 31 | // expression: "size(request.user) > 0" 32 | message Expr { 33 | // Textual representation of an expression in 34 | // Common Expression Language syntax. 35 | // 36 | // The application context of the containing message determines which 37 | // well-known feature set of CEL is supported. 38 | string expression = 1; 39 | 40 | // An optional title for the expression, i.e. a short string describing 41 | // its purpose. This can be used e.g. in UIs which allow to enter the 42 | // expression. 43 | string title = 2; 44 | 45 | // An optional description of the expression. This is a longer text which 46 | // describes the expression, e.g. when hovered over it in a UI. 47 | string description = 3; 48 | 49 | // An optional string indicating the location of the expression for error 50 | // reporting, e.g. a file name and a position in the file. 51 | string location = 4; 52 | } 53 | -------------------------------------------------------------------------------- /common-protos/google/type/fraction.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.type; 19 | 20 | option go_package = "google.golang.org/genproto/googleapis/type/fraction;fraction"; 21 | option java_multiple_files = true; 22 | option java_outer_classname = "FractionProto"; 23 | option java_package = "com.google.type"; 24 | option objc_class_prefix = "GTP"; 25 | 26 | 27 | // Represents a fraction in terms of a numerator divided by a denominator. 28 | message Fraction { 29 | // The portion of the denominator in the faction, e.g. 2 in 2/3. 30 | int64 numerator = 1; 31 | 32 | // The value by which the numerator is divided, e.g. 3 in 2/3. Must be 33 | // positive. 34 | int64 denominator = 2; 35 | } 36 | -------------------------------------------------------------------------------- /common-protos/google/type/latlng.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.type; 19 | 20 | option cc_enable_arenas = true; 21 | option go_package = "google.golang.org/genproto/googleapis/type/latlng;latlng"; 22 | option java_multiple_files = true; 23 | option java_outer_classname = "LatLngProto"; 24 | option java_package = "com.google.type"; 25 | option objc_class_prefix = "GTP"; 26 | 27 | 28 | // An object representing a latitude/longitude pair. This is expressed as a pair 29 | // of doubles representing degrees latitude and degrees longitude. Unless 30 | // specified otherwise, this must conform to the 31 | // WGS84 32 | // standard. Values must be within normalized ranges. 33 | message LatLng { 34 | // The latitude in degrees. It must be in the range [-90.0, +90.0]. 35 | double latitude = 1; 36 | 37 | // The longitude in degrees. It must be in the range [-180.0, +180.0]. 38 | double longitude = 2; 39 | } 40 | -------------------------------------------------------------------------------- /common-protos/google/type/money.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.type; 19 | 20 | option cc_enable_arenas = true; 21 | option go_package = "google.golang.org/genproto/googleapis/type/money;money"; 22 | option java_multiple_files = true; 23 | option java_outer_classname = "MoneyProto"; 24 | option java_package = "com.google.type"; 25 | option objc_class_prefix = "GTP"; 26 | 27 | 28 | // Represents an amount of money with its currency type. 29 | message Money { 30 | // The 3-letter currency code defined in ISO 4217. 31 | string currency_code = 1; 32 | 33 | // The whole units of the amount. 34 | // For example if `currencyCode` is `"USD"`, then 1 unit is one US dollar. 35 | int64 units = 2; 36 | 37 | // Number of nano (10^-9) units of the amount. 38 | // The value must be between -999,999,999 and +999,999,999 inclusive. 39 | // If `units` is positive, `nanos` must be positive or zero. 40 | // If `units` is zero, `nanos` can be positive, zero, or negative. 41 | // If `units` is negative, `nanos` must be negative or zero. 42 | // For example $-1.75 is represented as `units`=-1 and `nanos`=-750,000,000. 43 | int32 nanos = 3; 44 | } 45 | -------------------------------------------------------------------------------- /common-protos/google/type/timeofday.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Google LLC. 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | // 15 | 16 | syntax = "proto3"; 17 | 18 | package google.type; 19 | 20 | option cc_enable_arenas = true; 21 | option go_package = "google.golang.org/genproto/googleapis/type/timeofday;timeofday"; 22 | option java_multiple_files = true; 23 | option java_outer_classname = "TimeOfDayProto"; 24 | option java_package = "com.google.type"; 25 | option objc_class_prefix = "GTP"; 26 | 27 | 28 | // Represents a time of day. The date and time zone are either not significant 29 | // or are specified elsewhere. An API may choose to allow leap seconds. Related 30 | // types are [google.type.Date][google.type.Date] and `google.protobuf.Timestamp`. 31 | message TimeOfDay { 32 | // Hours of day in 24 hour format. Should be from 0 to 23. An API may choose 33 | // to allow the value "24:00:00" for scenarios like business closing time. 34 | int32 hours = 1; 35 | 36 | // Minutes of hour of day. Must be from 0 to 59. 37 | int32 minutes = 2; 38 | 39 | // Seconds of minutes of the time. Must normally be from 0 to 59. An API may 40 | // allow the value 60 if it allows leap-seconds. 41 | int32 seconds = 3; 42 | 43 | // Fractions of seconds in nanoseconds. Must be from 0 to 999,999,999. 44 | int32 nanos = 4; 45 | } 46 | -------------------------------------------------------------------------------- /common-protos/istio.io/extensions/field_rules.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2019 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.extensions; 18 | 19 | option go_package="istio.io/api/extensions"; 20 | 21 | import "google/protobuf/descriptor.proto"; 22 | 23 | // Values applied at the field level. 24 | extend google.protobuf.FieldOptions { 25 | FieldRules rules = 1200; 26 | } 27 | 28 | // Field rules for a particular type. 29 | // Currently only primitive types of OpenAPI schemas are included. (https://swagger.io/docs/specification/data-models/data-types) 30 | message FieldRules { 31 | oneof type { 32 | FloatRules float = 1; 33 | DoubleRules double = 2; 34 | StringRules string = 3; 35 | BoolRules bool = 4; 36 | Int32Rules int32 = 5; 37 | Int64Rules int64 = 6; 38 | } 39 | } 40 | 41 | // FloatRules describe the rules for the float type. 42 | message FloatRules { 43 | float default = 1; 44 | } 45 | 46 | // DoubleRules describe the rules for the double type. 47 | message DoubleRules { 48 | double default = 1; 49 | } 50 | 51 | // StringRules describe the rules for the string type. 52 | message StringRules { 53 | string default = 1; 54 | // The regular expression the field must match against (RE2 syntax). 55 | string pattern = 2; 56 | } 57 | 58 | // BoolRules describe the rules for the bool type. 59 | message BoolRules { 60 | bool default = 1; 61 | } 62 | 63 | // Int32Rules describe the rules for the int32 type. 64 | message Int32Rules { 65 | int32 default = 1; 66 | } 67 | 68 | // Int64Rules describe the rules for the int64 type. 69 | message Int64Rules { 70 | int64 default = 1; 71 | } -------------------------------------------------------------------------------- /common/.commonfiles.sha: -------------------------------------------------------------------------------- 1 | faca3263a4574b824f67ac60e1c777a40ce45a20 2 | -------------------------------------------------------------------------------- /common/config/.hadolint.yml: -------------------------------------------------------------------------------- 1 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 2 | # 3 | # The original version of this file is located in the https://github.com/istio/common-files repo. 4 | # If you're looking at this file in a different repo and want to make a change, please go to the 5 | # common-files repo, make the change there and check it in. Then come back to this repo and run 6 | # "make update-common". 7 | 8 | ignored: 9 | - DL3008 10 | - DL3059 11 | 12 | trustedRegistries: 13 | - gcr.io 14 | - docker.io 15 | - quay.io 16 | - "*.pkg.dev" 17 | - "cgr.dev" 18 | -------------------------------------------------------------------------------- /common/config/.yamllint.yml: -------------------------------------------------------------------------------- 1 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 2 | # 3 | # The original version of this file is located in the https://github.com/istio/common-files repo. 4 | # If you're looking at this file in a different repo and want to make a change, please go to the 5 | # common-files repo, make the change there and check it in. Then come back to this repo and run 6 | # "make update-common". 7 | 8 | rules: 9 | braces: disable 10 | brackets: disable 11 | colons: enable 12 | commas: disable 13 | comments: disable 14 | comments-indentation: disable 15 | document-end: disable 16 | document-start: disable 17 | empty-lines: disable 18 | empty-values: disable 19 | hyphens: enable 20 | indentation: disable 21 | key-duplicates: enable 22 | key-ordering: disable 23 | line-length: disable 24 | new-line-at-end-of-file: disable 25 | new-lines: enable 26 | octal-values: disable 27 | quoted-strings: disable 28 | trailing-spaces: disable 29 | truthy: disable 30 | -------------------------------------------------------------------------------- /common/config/mdl.rb: -------------------------------------------------------------------------------- 1 | all 2 | rule 'MD002', :level => 1 3 | rule 'MD007', :indent => 4 4 | rule 'MD013', :line_length => 160, :code_blocks => false, :tables => false 5 | rule 'MD026', :punctuation => ".,;:!" 6 | exclude_rule 'MD013' 7 | exclude_rule 'MD014' 8 | exclude_rule 'MD030' 9 | exclude_rule 'MD032' 10 | exclude_rule 'MD033' 11 | exclude_rule 'MD041' 12 | exclude_rule 'MD046' 13 | -------------------------------------------------------------------------------- /common/config/sass-lint.yml: -------------------------------------------------------------------------------- 1 | ######################### 2 | ## Config for sass-lint 3 | ######################### 4 | # Linter Options 5 | options: 6 | # Don't merge default rules 7 | merge-default-rules: false 8 | # Raise an error if more than 50 warnings are generated 9 | max-warnings: 500 10 | # Rule Configuration 11 | rules: 12 | attribute-quotes: 13 | - 2 14 | - 15 | include: false 16 | bem-depth: 2 17 | border-zero: 2 18 | brace-style: 2 19 | class-name-format: 2 20 | clean-import-paths: 2 21 | declarations-before-nesting: 2 22 | empty-args: 2 23 | empty-line-between-blocks: 2 24 | extends-before-declarations: 2 25 | extends-before-mixins: 2 26 | final-newline: 2 27 | force-attribute-nesting: 0 28 | force-element-nesting: 0 29 | force-pseudo-nesting: 0 30 | function-name-format: 2 31 | hex-length: 0 32 | hex-notation: 2 33 | id-name-format: 2 34 | indentation: 35 | - 2 36 | - 37 | size: 4 38 | leading-zero: 39 | - 2 40 | - 41 | include: false 42 | max-file-line-count: 0 43 | max-file-length: 0 44 | mixins-before-declarations: 2 45 | no-attribute-selectors: 0 46 | no-color-hex: 0 47 | no-color-keywords: 0 48 | no-color-literals: 0 49 | no-combinators: 0 50 | no-css-comments: 2 51 | no-debug: 2 52 | no-disallowed-properties: 2 53 | no-duplicate-properties: 2 54 | no-empty-rulesets: 2 55 | no-extends: 2 56 | no-ids: 0 57 | no-invalid-hex: 2 58 | no-important: 0 59 | no-mergeable-selectors: 2 60 | no-misspelled-properties: 2 61 | no-qualifying-elements: 0 62 | no-trailing-whitespace: 2 63 | no-trailing-zero: 2 64 | no-transition-all: 0 65 | no-url-domains: 2 66 | no-url-protocols: 2 67 | no-warn: 2 68 | one-declaration-per-line: 2 69 | placeholder-in-extend: 2 70 | placeholder-name-format: 2 71 | property-sort-order: 0 72 | property-units: 2 73 | pseudo-element: 2 74 | quotes: 75 | - 2 76 | - 77 | style: double 78 | shorthand-values: 2 79 | single-line-per-selector: 0 80 | space-after-bang: 2 81 | space-after-colon: 2 82 | space-after-comma: 2 83 | space-around-operator: 2 84 | space-before-bang: 2 85 | space-before-brace: 2 86 | space-before-colon: 2 87 | space-between-parens: 2 88 | trailing-semicolon: 2 89 | url-quotes: 2 90 | variable-for-property: 91 | - 0 92 | - 93 | properties: 94 | - color 95 | - background-color 96 | - fill 97 | variable-name-format: 0 98 | zero-unit: 2 99 | -------------------------------------------------------------------------------- /common/config/tslint.json: -------------------------------------------------------------------------------- 1 | { 2 | "defaultSeverity": "error", 3 | "extends": [ 4 | "tslint:recommended" 5 | ], 6 | "rules": { 7 | "max-line-length": { 8 | "options": [160] 9 | }, 10 | "arrow-parens": false, 11 | "new-parens": true, 12 | "no-arg": true, 13 | "no-bitwise": true, 14 | "no-conditional-assignment": true, 15 | "no-consecutive-blank-lines": true, 16 | "no-console": { 17 | "severity": "warning", 18 | "options": ["debug", "info", "log", "time", "timeEnd", "trace"] 19 | }, 20 | "no-shadowed-variable": false, 21 | "eofline": false 22 | }, 23 | "jsRules": {}, 24 | "rulesDirectory": [] 25 | } -------------------------------------------------------------------------------- /common/scripts/check_clean_repo.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | function write_patch_file() { 18 | if [ -z "${ARTIFACTS}" ]; then 19 | return 0 20 | fi 21 | 22 | PATCH_NAME="check-clean-repo-diff.patch" 23 | PATCH_OUT="${ARTIFACTS}/${PATCH_NAME}" 24 | git diff > "${PATCH_OUT}" 25 | 26 | [ -n "${JOB_NAME}" ] && [ -n "${BUILD_ID}" ] 27 | # shellcheck disable=SC2319 28 | IN_PROW="$?" 29 | 30 | # Don't persist large diffs (30M+) on CI 31 | LARGE_FILE="$(find "${ARTIFACTS}" -name "${PATCH_NAME}" -type 'f' -size +30M)" 32 | if [ "${IN_PROW}" -eq 0 ] && [ -n "${LARGE_FILE}" ]; then 33 | rm "${PATCH_OUT}" 34 | echo "WARNING: patch file was too large to persist ($(du -h "${PATCH_OUT}"))" 35 | return 0 36 | fi 37 | outName="artifacts/${PATCH_OUT#"${ARTIFACTS}"/}" 38 | patchFile="${PROW_ARTIFACTS_BASE:-https://gcsweb.istio.io/gcs/istio-prow}/pr-logs/pull/${REPO_OWNER}_${REPO_NAME}/${PULL_NUMBER}/${JOB_NAME}/${BUILD_ID}/${outName}" 39 | echo "You can also try applying the patch file from the build artifacts: 40 | 41 | git apply <(curl -sL \"${patchFile}\") 42 | " 43 | } 44 | 45 | if [[ -n $(git status --porcelain) ]]; then 46 | git status 47 | git diff 48 | echo "ERROR: Some files need to be updated, please run 'make gen' and include any changed files in your PR" 49 | write_patch_file 50 | exit 1 51 | fi 52 | -------------------------------------------------------------------------------- /common/scripts/copyright-banner-go.txt: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | -------------------------------------------------------------------------------- /common/scripts/fix_copyright_banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | set -e 25 | 26 | WD=$(dirname "$0") 27 | WD=$(cd "$WD"; pwd) 28 | 29 | for fn in "$@"; do 30 | if ! grep -L -q -e "Apache License, Version 2" -e "Copyright" "${fn}"; then 31 | if [[ "${fn}" == *.go || "${fn}" == *.rs ]]; then 32 | newfile=$(cat "${WD}/copyright-banner-go.txt" "${fn}") 33 | echo "${newfile}" > "${fn}" 34 | echo "Fixing license: ${fn}" 35 | else 36 | echo "Cannot fix license: ${fn}. Unknown file type" 37 | fi 38 | fi 39 | done 40 | -------------------------------------------------------------------------------- /common/scripts/format_go.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | golangci-lint run --fix -c ./common/config/.golangci.yml 25 | -------------------------------------------------------------------------------- /common/scripts/gobuild.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors. All Rights Reserved. 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | # This script builds and version stamps the output 25 | 26 | VERBOSE=${VERBOSE:-"0"} 27 | V="" 28 | if [[ "${VERBOSE}" == "1" ]];then 29 | V="-x" 30 | set -x 31 | fi 32 | 33 | SCRIPTPATH="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )" 34 | 35 | OUT=${1:?"output path"} 36 | shift 37 | 38 | set -e 39 | 40 | export BUILD_GOOS=${GOOS:-linux} 41 | export BUILD_GOARCH=${GOARCH:-amd64} 42 | GOBINARY=${GOBINARY:-go} 43 | GOPKG="$GOPATH/pkg" 44 | BUILDINFO=${BUILDINFO:-""} 45 | STATIC=${STATIC:-1} 46 | LDFLAGS=${LDFLAGS:--extldflags -static} 47 | GOBUILDFLAGS=${GOBUILDFLAGS:-""} 48 | # Split GOBUILDFLAGS by spaces into an array called GOBUILDFLAGS_ARRAY. 49 | IFS=' ' read -r -a GOBUILDFLAGS_ARRAY <<< "$GOBUILDFLAGS" 50 | 51 | GCFLAGS=${GCFLAGS:-} 52 | export CGO_ENABLED=${CGO_ENABLED:-0} 53 | 54 | if [[ "${STATIC}" != "1" ]];then 55 | LDFLAGS="" 56 | fi 57 | 58 | # gather buildinfo if not already provided 59 | # For a release build BUILDINFO should be produced 60 | # at the beginning of the build and used throughout 61 | if [[ -z ${BUILDINFO} ]];then 62 | BUILDINFO=$(mktemp) 63 | "${SCRIPTPATH}/report_build_info.sh" > "${BUILDINFO}" 64 | fi 65 | 66 | # BUILD LD_EXTRAFLAGS 67 | LD_EXTRAFLAGS="" 68 | 69 | while read -r line; do 70 | LD_EXTRAFLAGS="${LD_EXTRAFLAGS} -X ${line}" 71 | done < "${BUILDINFO}" 72 | 73 | OPTIMIZATION_FLAGS=(-trimpath) 74 | if [ "${DEBUG}" == "1" ]; then 75 | OPTIMIZATION_FLAGS=() 76 | fi 77 | 78 | time GOOS=${BUILD_GOOS} GOARCH=${BUILD_GOARCH} ${GOBINARY} build \ 79 | ${V} "${GOBUILDFLAGS_ARRAY[@]}" ${GCFLAGS:+-gcflags "${GCFLAGS}"} \ 80 | -o "${OUT}" \ 81 | "${OPTIMIZATION_FLAGS[@]}" \ 82 | -pkgdir="${GOPKG}/${BUILD_GOOS}_${BUILD_GOARCH}" \ 83 | -ldflags "${LDFLAGS} ${LD_EXTRAFLAGS}" "${@}" 84 | -------------------------------------------------------------------------------- /common/scripts/lint_copyright_banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | set -e 25 | 26 | ec=0 27 | for fn in "$@"; do 28 | if ! grep -L -q -e "Apache License, Version 2" "${fn}"; then 29 | echo "Missing license: ${fn}" 30 | ec=1 31 | fi 32 | 33 | if ! grep -L -q -e "Copyright" "${fn}"; then 34 | echo "Missing copyright: ${fn}" 35 | ec=1 36 | fi 37 | done 38 | 39 | exit $ec 40 | -------------------------------------------------------------------------------- /common/scripts/lint_go.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | GOLANGCILINT_RUN_ARGS=(--output.text.path stdout --output.junit-xml.path "${ARTIFACTS}"/junit-lint.xml) 25 | 26 | if [[ "${ARTIFACTS}" != "" ]]; then 27 | golangci-lint run -v -c ./common/config/.golangci.yml "${GOLANGCILINT_RUN_ARGS[@]}" 28 | else 29 | golangci-lint run -v -c ./common/config/.golangci.yml 30 | fi 31 | -------------------------------------------------------------------------------- /common/scripts/report_build_info.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | if BUILD_GIT_REVISION=$(git rev-parse HEAD 2> /dev/null); then 25 | if [[ -z "${IGNORE_DIRTY_TREE}" ]] && [[ -n "$(git status --porcelain 2>/dev/null)" ]]; then 26 | BUILD_GIT_REVISION=${BUILD_GIT_REVISION}"-dirty" 27 | fi 28 | else 29 | BUILD_GIT_REVISION=unknown 30 | fi 31 | 32 | # Check for local changes 33 | tree_status="Clean" 34 | if [[ -z "${IGNORE_DIRTY_TREE}" ]] && ! git diff-index --quiet HEAD --; then 35 | tree_status="Modified" 36 | fi 37 | 38 | GIT_DESCRIBE_TAG=$(git describe --tags --always) 39 | HUB=${HUB:-"docker.io/istio"} 40 | 41 | # used by common/scripts/gobuild.sh 42 | echo "istio.io/istio/pkg/version.buildVersion=${VERSION:-$BUILD_GIT_REVISION}" 43 | echo "istio.io/istio/pkg/version.buildGitRevision=${BUILD_GIT_REVISION}" 44 | echo "istio.io/istio/pkg/version.buildStatus=${tree_status}" 45 | echo "istio.io/istio/pkg/version.buildTag=${GIT_DESCRIBE_TAG}" 46 | echo "istio.io/istio/pkg/version.buildHub=${HUB}" 47 | echo "istio.io/istio/pkg/version.buildOS=${BUILD_GOOS}" 48 | echo "istio.io/istio/pkg/version.buildArch=${BUILD_GOARCH}" 49 | -------------------------------------------------------------------------------- /common/scripts/run.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | 3 | # WARNING: DO NOT EDIT, THIS FILE IS PROBABLY A COPY 4 | # 5 | # The original version of this file is located in the https://github.com/istio/common-files repo. 6 | # If you're looking at this file in a different repo and want to make a change, please go to the 7 | # common-files repo, make the change there and check it in. Then come back to this repo and run 8 | # "make update-common". 9 | 10 | # Copyright Istio Authors 11 | # 12 | # Licensed under the Apache License, Version 2.0 (the "License"); 13 | # you may not use this file except in compliance with the License. 14 | # You may obtain a copy of the License at 15 | # 16 | # http://www.apache.org/licenses/LICENSE-2.0 17 | # 18 | # Unless required by applicable law or agreed to in writing, software 19 | # distributed under the License is distributed on an "AS IS" BASIS, 20 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 21 | # See the License for the specific language governing permissions and 22 | # limitations under the License. 23 | 24 | set -e 25 | 26 | WD=$(dirname "$0") 27 | WD=$(cd "$WD"; pwd) 28 | 29 | export FOR_BUILD_CONTAINER=1 30 | # shellcheck disable=SC1090,SC1091 31 | source "${WD}/setup_env.sh" 32 | 33 | 34 | MOUNT_SOURCE="${MOUNT_SOURCE:-${PWD}}" 35 | MOUNT_DEST="${MOUNT_DEST:-/work}" 36 | 37 | read -ra DOCKER_RUN_OPTIONS <<< "${DOCKER_RUN_OPTIONS:-}" 38 | 39 | [[ -t 0 ]] && DOCKER_RUN_OPTIONS+=("-it") 40 | [[ ${UID} -ne 0 ]] && DOCKER_RUN_OPTIONS+=(-u "${UID}:${DOCKER_GID}") 41 | 42 | # $CONTAINER_OPTIONS becomes an empty arg when quoted, so SC2086 is disabled for the 43 | # following command only 44 | # shellcheck disable=SC2086 45 | "${CONTAINER_CLI}" run \ 46 | --rm \ 47 | "${DOCKER_RUN_OPTIONS[@]}" \ 48 | --init \ 49 | --sig-proxy=true \ 50 | --cap-add=SYS_ADMIN \ 51 | ${DOCKER_SOCKET_MOUNT:--v /var/run/docker.sock:/var/run/docker.sock} \ 52 | -e DOCKER_HOST=${DOCKER_SOCKET_HOST:-unix:///var/run/docker.sock} \ 53 | $CONTAINER_OPTIONS \ 54 | --env-file <(env | grep -v ${ENV_BLOCKLIST}) \ 55 | -e IN_BUILD_CONTAINER=1 \ 56 | -e TZ="${TIMEZONE:-$TZ}" \ 57 | --mount "type=bind,source=${MOUNT_SOURCE},destination=/work" \ 58 | --mount "type=volume,source=go,destination=/go" \ 59 | --mount "type=volume,source=gocache,destination=/gocache" \ 60 | --mount "type=volume,source=cache,destination=/home/.cache" \ 61 | --mount "type=volume,source=crates,destination=/home/.cargo/registry" \ 62 | --mount "type=volume,source=git-crates,destination=/home/.cargo/git" \ 63 | ${CONDITIONAL_HOST_MOUNTS} \ 64 | -w "${MOUNT_DEST}" "${IMG}" "$@" 65 | -------------------------------------------------------------------------------- /dictionaries/custom.txt: -------------------------------------------------------------------------------- 1 | ACK 2 | backend 3 | balancer 4 | Bookinfo 5 | CIDR 6 | Datadog 7 | DNS 8 | FQDN 9 | Grafana 10 | HTTP 11 | HTTP2 12 | Istio 13 | jitter 14 | JSON 15 | JWT 16 | Kubernetes 17 | Lightstep 18 | MCP 19 | multicluster 20 | NACK 21 | namespace 22 | namespaces 23 | OIDC 24 | programmatically 25 | RBAC 26 | RPC 27 | runtime 28 | scalability 29 | SDS 30 | SNI 31 | SPIFFE 32 | subnet 33 | TCP 34 | TLS 35 | UDP 36 | undiscriminated 37 | unmanaged 38 | unterminated 39 | URI 40 | URL 41 | VM 42 | Zipkin 43 | -------------------------------------------------------------------------------- /envoy/README.md: -------------------------------------------------------------------------------- 1 | # Envoy Configuration APIs 2 | 3 | This folder contains API definitions for istio/proxy Envoy extensions. Unlike other 4 | APIs in this repo, these APIs are not subject to the rules in [GUIDELINES.md](../GUIDELINES.md) 5 | and are treated as internal implementation details. 6 | 7 | These API definitions are centralized in this repository to provide a single source of truth 8 | with a small dependency footprint for ease of importing. 9 | -------------------------------------------------------------------------------- /envoy/config/filter/http/alpn/v2alpha1/config.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | // $title: ALPN filter for overriding ALPN for upstream TLS connections. 18 | 19 | package istio.envoy.config.filter.http.alpn.v2alpha1; 20 | 21 | option go_package = "istio.io/api/envoy/config/filter/http/alpn/v2alpha1"; 22 | 23 | // FilterConfig is the config for Istio-specific filter. 24 | message FilterConfig { 25 | // Upstream protocols 26 | enum Protocol { 27 | HTTP10 = 0; 28 | HTTP11 = 1; 29 | HTTP2 = 2; 30 | } 31 | 32 | message AlpnOverride { 33 | // Upstream protocol 34 | Protocol upstream_protocol = 1; 35 | // A list of ALPN that will override the ALPN for upstream TLS connections. 36 | repeated string alpn_override = 2; 37 | } 38 | 39 | // Map from upstream protocol to list of ALPN 40 | repeated AlpnOverride alpn_override = 1; 41 | } 42 | -------------------------------------------------------------------------------- /envoy/config/filter/network/metadata_exchange/metadata_exchange.proto: -------------------------------------------------------------------------------- 1 | /* Copyright 2019 Istio Authors. All Rights Reserved. 2 | * 3 | * Licensed under the Apache License, Version 2.0 (the "License"); 4 | * you may not use this file except in compliance with the License. 5 | * You may obtain a copy of the License at 6 | * 7 | * http://www.apache.org/licenses/LICENSE-2.0 8 | * 9 | * Unless required by applicable law or agreed to in writing, software 10 | * distributed under the License is distributed on an "AS IS" BASIS, 11 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | * See the License for the specific language governing permissions and 13 | * limitations under the License. 14 | */ 15 | 16 | syntax = "proto3"; 17 | 18 | package envoy.tcp.metadataexchange.config; 19 | 20 | option java_outer_classname = "MetadataExchangeProto"; 21 | option java_multiple_files = true; 22 | option java_package = "io.envoyproxy.envoy.tcp.metadataexchange.config"; 23 | option go_package = "istio.io/api/envoy/config/filter/network/metadata_exchange"; 24 | 25 | // [#protodoc-title: MetadataExchange protocol match and data transfer] 26 | // MetadataExchange protocol match and data transfer 27 | message MetadataExchange { 28 | // Protocol that Alpn should support on the server. 29 | // [#comment:TODO(GargNupur): Make it a list.] 30 | string protocol = 1; 31 | 32 | // If true, will attempt to use WDS in case the prefix peer metadata is not available. 33 | bool enable_discovery = 2; 34 | } 35 | -------------------------------------------------------------------------------- /envoy/config/filter/network/tcp_cluster_rewrite/v2alpha1/config.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | // $title: TCP cluster rewrite filter configuration for Envoy. 18 | 19 | package istio.envoy.config.filter.network.tcp_cluster_rewrite.v2alpha1; 20 | 21 | option go_package = "istio.io/api/envoy/config/filter/network/tcp_cluster_rewrite/v2alpha1"; 22 | 23 | // TcpClusterRewrite is the config for the TCP cluster rewrite filter. 24 | message TcpClusterRewrite { 25 | // Specifies the regex pattern to be matched in the cluster name. 26 | string cluster_pattern = 1; 27 | // Specifies the replacement for the matched cluster pattern. 28 | string cluster_replacement = 2; 29 | } 30 | -------------------------------------------------------------------------------- /extensions/v1alpha1/wasm_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for WasmPlugin 10 | func (this *WasmPlugin) MarshalJSON() ([]byte, error) { 11 | str, err := WasmMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for WasmPlugin 16 | func (this *WasmPlugin) UnmarshalJSON(b []byte) error { 17 | return WasmUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for WasmPlugin_TrafficSelector 21 | func (this *WasmPlugin_TrafficSelector) MarshalJSON() ([]byte, error) { 22 | str, err := WasmMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for WasmPlugin_TrafficSelector 27 | func (this *WasmPlugin_TrafficSelector) UnmarshalJSON(b []byte) error { 28 | return WasmUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for VmConfig 32 | func (this *VmConfig) MarshalJSON() ([]byte, error) { 33 | str, err := WasmMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for VmConfig 38 | func (this *VmConfig) UnmarshalJSON(b []byte) error { 39 | return WasmUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | // MarshalJSON is a custom marshaler for EnvVar 43 | func (this *EnvVar) MarshalJSON() ([]byte, error) { 44 | str, err := WasmMarshaler.MarshalToString(this) 45 | return []byte(str), err 46 | } 47 | 48 | // UnmarshalJSON is a custom unmarshaler for EnvVar 49 | func (this *EnvVar) UnmarshalJSON(b []byte) error { 50 | return WasmUnmarshaler.Unmarshal(bytes.NewReader(b), this) 51 | } 52 | 53 | var ( 54 | WasmMarshaler = &jsonpb.Marshaler{} 55 | WasmUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 56 | ) 57 | -------------------------------------------------------------------------------- /gen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright Istio Authors 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | set -eu 18 | 19 | # Generate all protos 20 | buf generate \ 21 | --path networking \ 22 | --path security \ 23 | --path type \ 24 | --path analysis \ 25 | --path authentication \ 26 | --path meta \ 27 | --path telemetry \ 28 | --path extensions 29 | 30 | # These folders do not have the full plugins used, as they are not full CRDs. 31 | # We pass them a custom configuration to exclude the non-required files 32 | buf generate --template buf.gen-noncrd.yaml \ 33 | --path mcp \ 34 | --path mesh 35 | 36 | # These plugins are sent to Envoy, which uses golang/protobuf, so do not use gogo 37 | buf generate --template buf.gen-golang.yaml \ 38 | --path envoy 39 | -------------------------------------------------------------------------------- /go.mod: -------------------------------------------------------------------------------- 1 | module istio.io/api 2 | 3 | go 1.23.0 4 | 5 | toolchain go1.23.7 6 | 7 | require ( 8 | github.com/golang/protobuf v1.5.4 9 | google.golang.org/genproto/googleapis/api v0.0.0-20250324211829-b45e905df463 10 | google.golang.org/grpc v1.71.0 11 | google.golang.org/protobuf v1.36.6 12 | ) 13 | 14 | require ( 15 | golang.org/x/net v0.38.0 // indirect 16 | golang.org/x/sys v0.31.0 // indirect 17 | golang.org/x/text v0.23.0 // indirect 18 | google.golang.org/genproto/googleapis/rpc v0.0.0-20250324211829-b45e905df463 // indirect 19 | ) 20 | -------------------------------------------------------------------------------- /google: -------------------------------------------------------------------------------- 1 | common-protos/google -------------------------------------------------------------------------------- /header.go.txt: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/istio/api/840d4bf8e37d5f4b59c7d8b8f38969c95d3748cd/header.go.txt -------------------------------------------------------------------------------- /istio.io: -------------------------------------------------------------------------------- 1 | common-protos/istio.io -------------------------------------------------------------------------------- /licenses/github.com/golang/protobuf/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2010 The Go Authors. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | 29 | -------------------------------------------------------------------------------- /licenses/golang.org/x/net/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2009 The Go Authors. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google LLC nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /licenses/golang.org/x/sys/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2009 The Go Authors. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google LLC nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /licenses/golang.org/x/text/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright 2009 The Go Authors. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google LLC nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /licenses/google.golang.org/protobuf/LICENSE: -------------------------------------------------------------------------------- 1 | Copyright (c) 2018 The Go Authors. All rights reserved. 2 | 3 | Redistribution and use in source and binary forms, with or without 4 | modification, are permitted provided that the following conditions are 5 | met: 6 | 7 | * Redistributions of source code must retain the above copyright 8 | notice, this list of conditions and the following disclaimer. 9 | * Redistributions in binary form must reproduce the above 10 | copyright notice, this list of conditions and the following disclaimer 11 | in the documentation and/or other materials provided with the 12 | distribution. 13 | * Neither the name of Google Inc. nor the names of its 14 | contributors may be used to endorse or promote products derived from 15 | this software without specific prior written permission. 16 | 17 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 18 | "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 19 | LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 20 | A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 21 | OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 22 | SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 23 | LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 24 | DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 25 | THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 26 | (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 27 | OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 28 | -------------------------------------------------------------------------------- /mcp/Readme.md: -------------------------------------------------------------------------------- 1 | # Mesh Configuration Protocol (MCP) 2 | 3 | MCP represents a now-deprecated configuration subscription API. 4 | [XDS](https://www.envoyproxy.io/docs/envoy/latest/api-docs/xds_protocol) is now used. 5 | 6 | A few stubs of MCP remain in usage for backwards compatibility. 7 | -------------------------------------------------------------------------------- /mcp/v1alpha1/metadata_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for Metadata 10 | func (this *Metadata) MarshalJSON() ([]byte, error) { 11 | str, err := MetadataMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for Metadata 16 | func (this *Metadata) UnmarshalJSON(b []byte) error { 17 | return MetadataUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | var ( 21 | MetadataMarshaler = &jsonpb.Marshaler{} 22 | MetadataUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 23 | ) 24 | -------------------------------------------------------------------------------- /mcp/v1alpha1/resource.proto: -------------------------------------------------------------------------------- 1 | // Copyright 2018 Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | // $mode: none 18 | 19 | // This package defines the common, core types used by the Mesh Configuration Protocol. 20 | package istio.mcp.v1alpha1; 21 | 22 | import "google/protobuf/any.proto"; 23 | import "mcp/v1alpha1/metadata.proto"; 24 | 25 | option go_package="istio.io/api/mcp/v1alpha1"; 26 | 27 | // Resource as transferred via the Mesh Configuration Protocol. Each 28 | // resource is made up of common metadata, and a type-specific resource payload. 29 | message Resource { 30 | // Common metadata describing the resource. 31 | istio.mcp.v1alpha1.Metadata metadata = 1; 32 | 33 | // The primary payload for the resource. 34 | google.protobuf.Any body = 2; 35 | } 36 | -------------------------------------------------------------------------------- /mcp/v1alpha1/resource_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for Resource 10 | func (this *Resource) MarshalJSON() ([]byte, error) { 11 | str, err := ResourceMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for Resource 16 | func (this *Resource) UnmarshalJSON(b []byte) error { 17 | return ResourceUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | var ( 21 | ResourceMarshaler = &jsonpb.Marshaler{} 22 | ResourceUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 23 | ) 24 | -------------------------------------------------------------------------------- /mesh/v1alpha1/network_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for Network 10 | func (this *Network) MarshalJSON() ([]byte, error) { 11 | str, err := NetworkMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for Network 16 | func (this *Network) UnmarshalJSON(b []byte) error { 17 | return NetworkUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for Network_NetworkEndpoints 21 | func (this *Network_NetworkEndpoints) MarshalJSON() ([]byte, error) { 22 | str, err := NetworkMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for Network_NetworkEndpoints 27 | func (this *Network_NetworkEndpoints) UnmarshalJSON(b []byte) error { 28 | return NetworkUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for Network_IstioNetworkGateway 32 | func (this *Network_IstioNetworkGateway) MarshalJSON() ([]byte, error) { 33 | str, err := NetworkMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for Network_IstioNetworkGateway 38 | func (this *Network_IstioNetworkGateway) UnmarshalJSON(b []byte) error { 39 | return NetworkUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | // MarshalJSON is a custom marshaler for MeshNetworks 43 | func (this *MeshNetworks) MarshalJSON() ([]byte, error) { 44 | str, err := NetworkMarshaler.MarshalToString(this) 45 | return []byte(str), err 46 | } 47 | 48 | // UnmarshalJSON is a custom unmarshaler for MeshNetworks 49 | func (this *MeshNetworks) UnmarshalJSON(b []byte) error { 50 | return NetworkUnmarshaler.Unmarshal(bytes.NewReader(b), this) 51 | } 52 | 53 | var ( 54 | NetworkMarshaler = &jsonpb.Marshaler{} 55 | NetworkUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 56 | ) 57 | -------------------------------------------------------------------------------- /meta/v1alpha1/status_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using IstioStatus within kubernetes types, where deepcopy-gen is used. 9 | func (in *IstioStatus) DeepCopyInto(out *IstioStatus) { 10 | p := proto.Clone(in).(*IstioStatus) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioStatus. Required by controller-gen. 15 | func (in *IstioStatus) DeepCopy() *IstioStatus { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(IstioStatus) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioStatus. Required by controller-gen. 25 | func (in *IstioStatus) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | 29 | // DeepCopyInto supports using IstioCondition within kubernetes types, where deepcopy-gen is used. 30 | func (in *IstioCondition) DeepCopyInto(out *IstioCondition) { 31 | p := proto.Clone(in).(*IstioCondition) 32 | *out = *p 33 | } 34 | 35 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCondition. Required by controller-gen. 36 | func (in *IstioCondition) DeepCopy() *IstioCondition { 37 | if in == nil { 38 | return nil 39 | } 40 | out := new(IstioCondition) 41 | in.DeepCopyInto(out) 42 | return out 43 | } 44 | 45 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioCondition. Required by controller-gen. 46 | func (in *IstioCondition) DeepCopyInterface() interface{} { 47 | return in.DeepCopy() 48 | } 49 | -------------------------------------------------------------------------------- /meta/v1alpha1/status_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for IstioStatus 10 | func (this *IstioStatus) MarshalJSON() ([]byte, error) { 11 | str, err := StatusMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for IstioStatus 16 | func (this *IstioStatus) UnmarshalJSON(b []byte) error { 17 | return StatusUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for IstioCondition 21 | func (this *IstioCondition) MarshalJSON() ([]byte, error) { 22 | str, err := StatusMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for IstioCondition 27 | func (this *IstioCondition) UnmarshalJSON(b []byte) error { 28 | return StatusUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | var ( 32 | StatusMarshaler = &jsonpb.Marshaler{} 33 | StatusUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 34 | ) 35 | -------------------------------------------------------------------------------- /networking/v1/workload_entry_alias.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-alias. DO NOT EDIT. 2 | package v1 3 | 4 | import "istio.io/api/networking/v1alpha3" 5 | 6 | // WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. 7 | // 8 | // 24 | // 25 | // 31 | // +kubebuilder:validation:XValidation:message="Address is required",rule="has(self.address) || has(self.network)" 32 | // +kubebuilder:validation:XValidation:message="UDS may not include ports",rule="(default(self.address, "").startsWith('unix://')) ? !has(self.ports) : true" 33 | type WorkloadEntry = v1alpha3.WorkloadEntry 34 | -------------------------------------------------------------------------------- /networking/v1alpha3/gateway_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha3 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for Gateway 10 | func (this *Gateway) MarshalJSON() ([]byte, error) { 11 | str, err := GatewayMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for Gateway 16 | func (this *Gateway) UnmarshalJSON(b []byte) error { 17 | return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for Server 21 | func (this *Server) MarshalJSON() ([]byte, error) { 22 | str, err := GatewayMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for Server 27 | func (this *Server) UnmarshalJSON(b []byte) error { 28 | return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for Port 32 | func (this *Port) MarshalJSON() ([]byte, error) { 33 | str, err := GatewayMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for Port 38 | func (this *Port) UnmarshalJSON(b []byte) error { 39 | return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | // MarshalJSON is a custom marshaler for ServerTLSSettings 43 | func (this *ServerTLSSettings) MarshalJSON() ([]byte, error) { 44 | str, err := GatewayMarshaler.MarshalToString(this) 45 | return []byte(str), err 46 | } 47 | 48 | // UnmarshalJSON is a custom unmarshaler for ServerTLSSettings 49 | func (this *ServerTLSSettings) UnmarshalJSON(b []byte) error { 50 | return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) 51 | } 52 | 53 | // MarshalJSON is a custom marshaler for ServerTLSSettings_TLSCertificate 54 | func (this *ServerTLSSettings_TLSCertificate) MarshalJSON() ([]byte, error) { 55 | str, err := GatewayMarshaler.MarshalToString(this) 56 | return []byte(str), err 57 | } 58 | 59 | // UnmarshalJSON is a custom unmarshaler for ServerTLSSettings_TLSCertificate 60 | func (this *ServerTLSSettings_TLSCertificate) UnmarshalJSON(b []byte) error { 61 | return GatewayUnmarshaler.Unmarshal(bytes.NewReader(b), this) 62 | } 63 | 64 | var ( 65 | GatewayMarshaler = &jsonpb.Marshaler{} 66 | GatewayUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 67 | ) 68 | -------------------------------------------------------------------------------- /networking/v1alpha3/service_entry_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha3 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for ServiceEntry 10 | func (this *ServiceEntry) MarshalJSON() ([]byte, error) { 11 | str, err := ServiceEntryMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for ServiceEntry 16 | func (this *ServiceEntry) UnmarshalJSON(b []byte) error { 17 | return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for ServicePort 21 | func (this *ServicePort) MarshalJSON() ([]byte, error) { 22 | str, err := ServiceEntryMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for ServicePort 27 | func (this *ServicePort) UnmarshalJSON(b []byte) error { 28 | return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for ServiceEntryStatus 32 | func (this *ServiceEntryStatus) MarshalJSON() ([]byte, error) { 33 | str, err := ServiceEntryMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for ServiceEntryStatus 38 | func (this *ServiceEntryStatus) UnmarshalJSON(b []byte) error { 39 | return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | // MarshalJSON is a custom marshaler for ServiceEntryAddress 43 | func (this *ServiceEntryAddress) MarshalJSON() ([]byte, error) { 44 | str, err := ServiceEntryMarshaler.MarshalToString(this) 45 | return []byte(str), err 46 | } 47 | 48 | // UnmarshalJSON is a custom unmarshaler for ServiceEntryAddress 49 | func (this *ServiceEntryAddress) UnmarshalJSON(b []byte) error { 50 | return ServiceEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) 51 | } 52 | 53 | var ( 54 | ServiceEntryMarshaler = &jsonpb.Marshaler{} 55 | ServiceEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 56 | ) 57 | -------------------------------------------------------------------------------- /networking/v1alpha3/sidecar_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha3 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for Sidecar 10 | func (this *Sidecar) MarshalJSON() ([]byte, error) { 11 | str, err := SidecarMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for Sidecar 16 | func (this *Sidecar) UnmarshalJSON(b []byte) error { 17 | return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for IstioIngressListener 21 | func (this *IstioIngressListener) MarshalJSON() ([]byte, error) { 22 | str, err := SidecarMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for IstioIngressListener 27 | func (this *IstioIngressListener) UnmarshalJSON(b []byte) error { 28 | return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for IstioEgressListener 32 | func (this *IstioEgressListener) MarshalJSON() ([]byte, error) { 33 | str, err := SidecarMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for IstioEgressListener 38 | func (this *IstioEgressListener) UnmarshalJSON(b []byte) error { 39 | return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | // MarshalJSON is a custom marshaler for WorkloadSelector 43 | func (this *WorkloadSelector) MarshalJSON() ([]byte, error) { 44 | str, err := SidecarMarshaler.MarshalToString(this) 45 | return []byte(str), err 46 | } 47 | 48 | // UnmarshalJSON is a custom unmarshaler for WorkloadSelector 49 | func (this *WorkloadSelector) UnmarshalJSON(b []byte) error { 50 | return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) 51 | } 52 | 53 | // MarshalJSON is a custom marshaler for OutboundTrafficPolicy 54 | func (this *OutboundTrafficPolicy) MarshalJSON() ([]byte, error) { 55 | str, err := SidecarMarshaler.MarshalToString(this) 56 | return []byte(str), err 57 | } 58 | 59 | // UnmarshalJSON is a custom unmarshaler for OutboundTrafficPolicy 60 | func (this *OutboundTrafficPolicy) UnmarshalJSON(b []byte) error { 61 | return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) 62 | } 63 | 64 | // MarshalJSON is a custom marshaler for SidecarPort 65 | func (this *SidecarPort) MarshalJSON() ([]byte, error) { 66 | str, err := SidecarMarshaler.MarshalToString(this) 67 | return []byte(str), err 68 | } 69 | 70 | // UnmarshalJSON is a custom unmarshaler for SidecarPort 71 | func (this *SidecarPort) UnmarshalJSON(b []byte) error { 72 | return SidecarUnmarshaler.Unmarshal(bytes.NewReader(b), this) 73 | } 74 | 75 | var ( 76 | SidecarMarshaler = &jsonpb.Marshaler{} 77 | SidecarUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 78 | ) 79 | -------------------------------------------------------------------------------- /networking/v1alpha3/workload_entry_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package v1alpha3 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using WorkloadEntry within kubernetes types, where deepcopy-gen is used. 9 | func (in *WorkloadEntry) DeepCopyInto(out *WorkloadEntry) { 10 | p := proto.Clone(in).(*WorkloadEntry) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen. 15 | func (in *WorkloadEntry) DeepCopy() *WorkloadEntry { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(WorkloadEntry) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadEntry. Required by controller-gen. 25 | func (in *WorkloadEntry) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | -------------------------------------------------------------------------------- /networking/v1alpha3/workload_entry_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha3 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for WorkloadEntry 10 | func (this *WorkloadEntry) MarshalJSON() ([]byte, error) { 11 | str, err := WorkloadEntryMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for WorkloadEntry 16 | func (this *WorkloadEntry) UnmarshalJSON(b []byte) error { 17 | return WorkloadEntryUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | var ( 21 | WorkloadEntryMarshaler = &jsonpb.Marshaler{} 22 | WorkloadEntryUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 23 | ) 24 | -------------------------------------------------------------------------------- /networking/v1beta1/proxy_config_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package v1beta1 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using ProxyConfig within kubernetes types, where deepcopy-gen is used. 9 | func (in *ProxyConfig) DeepCopyInto(out *ProxyConfig) { 10 | p := proto.Clone(in).(*ProxyConfig) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfig. Required by controller-gen. 15 | func (in *ProxyConfig) DeepCopy() *ProxyConfig { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(ProxyConfig) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ProxyConfig. Required by controller-gen. 25 | func (in *ProxyConfig) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | 29 | // DeepCopyInto supports using ProxyImage within kubernetes types, where deepcopy-gen is used. 30 | func (in *ProxyImage) DeepCopyInto(out *ProxyImage) { 31 | p := proto.Clone(in).(*ProxyImage) 32 | *out = *p 33 | } 34 | 35 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ProxyImage. Required by controller-gen. 36 | func (in *ProxyImage) DeepCopy() *ProxyImage { 37 | if in == nil { 38 | return nil 39 | } 40 | out := new(ProxyImage) 41 | in.DeepCopyInto(out) 42 | return out 43 | } 44 | 45 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new ProxyImage. Required by controller-gen. 46 | func (in *ProxyImage) DeepCopyInterface() interface{} { 47 | return in.DeepCopy() 48 | } 49 | -------------------------------------------------------------------------------- /networking/v1beta1/proxy_config_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1beta1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for ProxyConfig 10 | func (this *ProxyConfig) MarshalJSON() ([]byte, error) { 11 | str, err := ProxyConfigMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for ProxyConfig 16 | func (this *ProxyConfig) UnmarshalJSON(b []byte) error { 17 | return ProxyConfigUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for ProxyImage 21 | func (this *ProxyImage) MarshalJSON() ([]byte, error) { 22 | str, err := ProxyConfigMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for ProxyImage 27 | func (this *ProxyImage) UnmarshalJSON(b []byte) error { 28 | return ProxyConfigUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | var ( 32 | ProxyConfigMarshaler = &jsonpb.Marshaler{} 33 | ProxyConfigUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 34 | ) 35 | -------------------------------------------------------------------------------- /networking/v1beta1/workload_entry_alias.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-alias. DO NOT EDIT. 2 | package v1beta1 3 | 4 | import "istio.io/api/networking/v1alpha3" 5 | 6 | // WorkloadEntry enables specifying the properties of a single non-Kubernetes workload such a VM or a bare metal services that can be referred to by service entries. 7 | // 8 | // 24 | // 25 | // 31 | // +kubebuilder:validation:XValidation:message="Address is required",rule="has(self.address) || has(self.network)" 32 | // +kubebuilder:validation:XValidation:message="UDS may not include ports",rule="(default(self.address, "").startsWith('unix://')) ? !has(self.ports) : true" 33 | type WorkloadEntry = v1alpha3.WorkloadEntry 34 | -------------------------------------------------------------------------------- /releasenotes/README.md: -------------------------------------------------------------------------------- 1 | This directory contains the release notes, upgrade notes, and security notes for Istio. Notes should be created as part of the pull request for any user facing changes. Before a release, the release notes utility will be run in order to generate a release notes file which will be reviewed by the release managers and documentation team. 2 | 3 | For more information about the release notes tooling, please reference the 4 | documentation in [Istio](https://github.com/istio/istio/tree/master/releasenotes) 5 | 6 | Release notes should be created according to the [release notes template](https://github.com/istio/istio/blob/master/releasenotes/template.yaml) 7 | -------------------------------------------------------------------------------- /releasenotes/notes/1878.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | issue: 5 | - 1878 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** fix istio gateway reference documents error 10 | -------------------------------------------------------------------------------- /releasenotes/notes/2174.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 36162 6 | - 12644 7 | 8 | releaseNotes: 9 | - | 10 | **Added** configuration for selecting service name generation scheme in Envoy-generated trace spans. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/2261.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | 5 | releaseNotes: 6 | - | 7 | **Added** configuration for selecting private key provider for gateways and sidecars. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/2266.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: telemetry 5 | issue: 6 | - 37665 7 | 8 | releaseNotes: 9 | - | 10 | **Added** controls for matching based on WorkloadMode to logging and tracing 11 | configuration to the Telemetry API. 12 | 13 | # docs is a list of related docs to the change. 14 | docs: 15 | - https://docs.google.com/document/d/1pTFVzGii7sB4uALMsrUN4ALFc0J7vI2UyBnJpP_bsgU/edit 16 | -------------------------------------------------------------------------------- /releasenotes/notes/2285.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | 5 | releaseNotes: 6 | - | 7 | **Added** TLS configuration for Istio workloads. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/2374.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: documentation 4 | issue: 5 | - https://github.com/istio/istio/pull/34832 6 | releaseNotes: 7 | - | 8 | **Added** sidecar `traffic.sidecar.istio.io/excludeInterfaces` annotation documentation. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/2405.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support for configuring route specific stat prefix in Virtual Service API. -------------------------------------------------------------------------------- /releasenotes/notes/2565.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | 5 | releaseNotes: 6 | - | 7 | **Added** configuration for selecting QAT private key provider for gateways and sidecars. 8 | -------------------------------------------------------------------------------- /releasenotes/notes/25652.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 25652 6 | 7 | releaseNotes: 8 | - | 9 | **Added** InsecureSkipVerify to DestinationRule. Users can opt-out of validating server certificates on a per-host basis if certificate validation is enabled. 10 | **Modified** VerifyCertificateAtClient is now deprecated in meshConfig. This feature was not implemented, and will be removed in a future release. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/2570.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 39724 6 | 7 | releaseNotes: 8 | - | 9 | **Added** Copy JWT claims to HTTP request headers 10 | -------------------------------------------------------------------------------- /releasenotes/notes/2635.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: telemetry 5 | issue: 6 | - https://github.com/istio/istio/issues/40027 7 | 8 | releaseNotes: 9 | - | 10 | **Deprecated** Lightstep provider, please use OpenTelemetry provider instead. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/2871.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: telemetry 5 | issue: [] 6 | 7 | releaseNotes: 8 | - | 9 | **Deprecated** more details can be found at https://opentelemetry.io/blog/2023/sunsetting-opencensus/, 10 | users should forward to OpenTelemetry provider. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/29973.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 29973 6 | 7 | releaseNotes: 8 | - | 9 | **Added** volume and volumeMount to the k8s settings of IstioOperator API. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/31248.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | issue: 5 | - 31248 6 | 7 | releaseNotes: 8 | - | 9 | **Added** add `sidecar.istio.io/agentLogLevel` to known annotations. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/3134.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - 50001 6 | releaseNotes: 7 | - | 8 | **Added** allow configuring Dynatrace Sampler in the OpenTelemetryTracingProvider -------------------------------------------------------------------------------- /releasenotes/notes/32645.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 32645 6 | 7 | releaseNotes: 8 | - | 9 | **Added** support for splitting local origin errors in outlier detection of Destination Rule API. -------------------------------------------------------------------------------- /releasenotes/notes/3279.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Fixed** ServiceEntryStatus Addresses field could not easily support assigning IPs to each host which lead to an undesired divergence in behavior between the new and old implementations for automatic allocation of IP addresses for SericeEntry. Added a "Host" field to the Address in order to support mapping allocated IP to a host. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/3361.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 49829 6 | releaseNotes: 7 | - | 8 | **Added** `ambient.istio.io/dns-capture` annotation. When specified on a `Pod` enrolled in ambient mesh, DNS traffic (TCP and UDP on port 53) will not be captured or proxied. This will break some Istio features, such as ServiceEntries and egress waypoints, but may be desirable for workloads that interact poorly with DNS proxies. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/3362.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 49829 6 | releaseNotes: 7 | - | 8 | **Added** `istio.io/reroute-virtual-interfaces` annotation, a comma separated list of virtual interfaces whose inbound traffic will be unconditionally treated as outbound. This allows workloads using virtualized networking (kubeVirt, VMs, docker-in-docker, etc) to function correctly with both sidecar and ambient mesh traffic capture. 9 | **Deprecated** `traffic.sidecar.istio.io/kubevirtInterfaces`, in favor of `istio.io/reroute-virtual-interfaces` 10 | -------------------------------------------------------------------------------- /releasenotes/notes/3412.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/istio/issues/54696 6 | releaseNotes: 7 | - | 8 | **Removed** CEL validation of group/kind for PolicyTargetReference to enable vendor extensions 9 | -------------------------------------------------------------------------------- /releasenotes/notes/39157.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - https://github.com/istio/istio/issues/39257 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `topology.istio.io/controlPlaneClusters` namespace annotation to configure remote cluster leaders. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/53331.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 53331 6 | releaseNotes: 7 | - | 8 | **Added** Added ObservedGeneration to IstioCondition type. 9 | **Deprecated** Deprecated ObservedGeneration from IstioStatus type. -------------------------------------------------------------------------------- /releasenotes/notes/add-access-logging-filter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: telemetry 5 | issue: [] 6 | 7 | releaseNotes: 8 | - | 9 | **Added** access logging providers and controls for access log filtering to 10 | the Telemetry API. 11 | 12 | # docs is a list of related docs to the change. 13 | docs: 14 | - https://docs.google.com/document/d/1pTFVzGii7sB4uALMsrUN4ALFc0J7vI2UyBnJpP_bsgU/edit 15 | - https://docs.google.com/document/d/15xBb4aVboX1oWyWQRUYYjrN_vCTGS_zIWy90kYmNiGo/edit# 16 | -------------------------------------------------------------------------------- /releasenotes/notes/add-experimental-telemetry-api-for-metrics-logging.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: telemetry 5 | issue: 6 | - 24284 7 | 8 | releaseNotes: 9 | - | 10 | **Added** experimental Telemetry API for workload-level specification of metrics generation 11 | and access logging behavior. The new metrics functionality allows customization of metrics behavior, 12 | including adding and removing metrics tags. The access logging behavior is restricted to enablement 13 | in this release. 14 | 15 | # docs is a list of related docs to the change. 16 | docs: 17 | - https://docs.google.com/document/d/1pTFVzGii7sB4uALMsrUN4ALFc0J7vI2UyBnJpP_bsgU/edit 18 | - https://docs.google.com/document/d/1ICP1yt2JKVpISdaaFXJp1YokSu2YbV4FIU3RxXt86Ps/edit 19 | -------------------------------------------------------------------------------- /releasenotes/notes/add-experimental-telemetry-api-for-tracing.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: telemetry 5 | issue: 6 | 7 | releaseNotes: 8 | - | 9 | **Added** experimental Telemetry API with support for workload-level specification of tracing behavior. 10 | 11 | # docs is a list of related docs to the change. 12 | docs: 13 | - https://docs.google.com/document/d/1pTFVzGii7sB4uALMsrUN4ALFc0J7vI2UyBnJpP_bsgU/edit 14 | -------------------------------------------------------------------------------- /releasenotes/notes/add-idle-timeout-to-destination-rule-tcp-settings.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: [] 5 | 6 | releaseNotes: 7 | - | 8 | **Added** idle_timeout to the TCP settings in the `DestinationRule` API to enable configuring idle timeout per TcpProxy filter. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/add-tunneling-settings-to-destination-rule.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: traffic-management 5 | issue: [] 6 | 7 | releaseNotes: 8 | - | 9 | **Added** settings for tunneling to DestinationRule API. 10 | 11 | docs: 12 | - https://docs.google.com/document/d/1QbjsBwM0QyQxJIs2LJBUvITap2QeqOKmsHQrGFK9lWQ 13 | -------------------------------------------------------------------------------- /releasenotes/notes/add-wasm-extensions-api.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: extensibility 5 | issue: [] 6 | 7 | releaseNotes: 8 | - | 9 | **Added** experimental WasmPlugin API to support extending proxy functionality with custom WebAssembly filters. 10 | 11 | # docs is a list of related docs to the change. 12 | docs: 13 | - https://docs.google.com/document/d/15GQnhOpLfvgyOZ8VDF5KD-q2cjXEMLdTQMm0YPswIu0 14 | # TODO link to istio.io docs when they are available 15 | -------------------------------------------------------------------------------- /releasenotes/notes/add-workload-group-grpc-probe.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 53085 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `GrpcHealthCheckConfig` type for `HealthCheckMethod` option in `ReadinessProbe` to enable 10 | configuring GRPC health probes for `WorkloadGroup`. -------------------------------------------------------------------------------- /releasenotes/notes/authz-shortname.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | 5 | releaseNotes: 6 | - | 7 | **Added** short name `ap` for AuthorizationPolicie 8 | -------------------------------------------------------------------------------- /releasenotes/notes/bds-removal.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | releaseNotes: 5 | - | 6 | **Removed** using BOOTSTRAP_XDS_AGENT experimental feature to apply BOOTSTRAP EnvoyFilter patches at the startup. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/cipher_suites.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - https://github.com/istio/istio/issues/28996 6 | releaseNotes: 7 | - | 8 | **Added** cipher_suites support for mesh-internal traffic through MeshConfig API. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/default-http-retry-policy.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 6861 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `defaultHttpRetryPolicy` option in `MeshConfig` to enable 10 | configuring default HTTP retry policy. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/default-revision.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 27501 6 | 7 | releaseNotes: 8 | - | 9 | **Added** `defaultRevision` field to the `IstioOperator` to allow users to specify which control plane revision 10 | should handle validation and default injection. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/delegate-vs-regex.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | 5 | # issue is a list of GitHub issues resolved in this note. 6 | issue: 7 | - 2527 8 | 9 | docs: 10 | - '[usage] https://istio.io/latest/docs/reference/config/networking/virtual-service/' 11 | 12 | releaseNotes: 13 | - | 14 | **Removed** comment about not supporting regex for delegate VirtualService 15 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-addon.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: removal 3 | area: installation 4 | issue: 5 | - 25701 6 | 7 | releaseNotes: 8 | - | 9 | **Deprecated** IstioOperator API `addons` in favor of user managed addons installation or the samples/addons/ for demo deployment -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-autoscaling-v2beta1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | issue: 5 | - 32005 6 | 7 | releaseNotes: 8 | - | 9 | **Deprecated** Kubernetes Autoscaling v2beta1 API mirrored in IstioOperator API 10 | **Added** Kubernetes Autoscaling v2beta2/v2 API mirrored in IstioOperator API -------------------------------------------------------------------------------- /releasenotes/notes/deprecate-meshconfig-certificates.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 36231 6 | releaseNotes: 7 | - | 8 | **Deprecated** certificates in MeshConfig. This field will be removed in a future release. 9 | 10 | -------------------------------------------------------------------------------- /releasenotes/notes/deprecated-extrastattags.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Deprecated** extraStatTags in MeshConfig and annotations. This field will be removed in a future release. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/destination-rule-default-values.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | issue: 5 | - https://github.com/istio/istio.io/issues/13491 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** Fixed default values in description for connection pool settings in destination rule 10 | 11 | -------------------------------------------------------------------------------- /releasenotes/notes/destinationrule-workload-selector.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** Support for WorkloadSelector in DestinationRule. 7 | docs: 8 | - https://docs.google.com/document/d/1UXpT3rZpE2uFeMh5KffAZAPAoZBLNSHc/ 9 | -------------------------------------------------------------------------------- /releasenotes/notes/drop-protos.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: extensibility 4 | 5 | # issue is a list of GitHub issues resolved in this note. 6 | issue: 7 | - https://github.com/istio/api/issues/3127 8 | 9 | releaseNotes: 10 | - | 11 | **Removed** internal multi-version protobuf files from the API. 12 | This is an internal change for most users. 13 | If you directly consume Istio APIs as protobufs, read the upgrade notes. 14 | 15 | upgradeNotes: 16 | - title: Internal API protobuf changes 17 | content: | 18 | If you do not use Istio APIs from Go (via `istio.io/api` or `istio.io/client-go`) or Protobuf (from `istio.io/api`), this change does not impact you. 19 | 20 | In prior versions, Istio APIs had identical contents replicated across multiple versions. 21 | For example, the same `VirtualService` protobuf message is defined 3 times (`v1alpha3`, `v1beta1`, and `v1`). 22 | These schemas are identical except in the package they reside in. 23 | 24 | In this version of Istio, these have been consolidated down to a single version. 25 | For resources that had multiple versions, the oldest version is retained. 26 | 27 | * If you use Istio APIs only via Kubernetes (YAML), there is no impact at all. 28 | * If you use Istio APIs by Go types, there is essentially no impact. 29 | Each removed version has been replaced with type aliases to the remaining version, ensuring backwards compatibility. 30 | However, niche use cases (reflection, etc) may have some impact. 31 | * If you use Istio APIs directly by Protobuf, and use newer versions, these will no longer be included as part of the API. 32 | Please reach out to the team if you are impacted. 33 | -------------------------------------------------------------------------------- /releasenotes/notes/ecdh_support.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - https://github.com/istio/istio/issues/41645 6 | releaseNotes: 7 | - | 8 | **Added** ecdh_curves support for mesh-external traffic through MeshConfig API. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-destinationrule-doc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | issue: [] 5 | 6 | releaseNotes: 7 | - | 8 | **Fixed** incorrect pilot-discovery environment variable name. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/fix-telemetry-doc.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | issue: [] 5 | 6 | releaseNotes: 7 | - | 8 | **Fixed** formatting of the telemetry configuration reference page. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/gateway-bind.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: networking 4 | issue: 5 | - 31419 6 | 7 | releaseNotes: 8 | - | 9 | **Added** Support for specifying bind to IP or Unix domain socket in gateway server definition. -------------------------------------------------------------------------------- /releasenotes/notes/hybrid_sidecar_mode.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - https://github.com/istio/istio/issues/35111 6 | releaseNotes: 7 | - | 8 | **Added** TLS settings to the sidecar API which enables TLS/mTLS from outside of the mesh. 9 | docs: 10 | - https://docs.google.com/document/d/15Qhr7errbylXEzxxCK7ij_oUpn4E5SFU2uDdl_n2GIc/edit#heading=h.h3lxcxfhqndp 11 | securityNotes: 12 | - | 13 | This feature extends the IstioIngressListener on SideCar API to allow TLS/mTLS for 14 | requests originating from outside of the mesh. 15 | -------------------------------------------------------------------------------- /releasenotes/notes/lb-algorithm-enum-change.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/istio/issues/35111 6 | releaseNotes: 7 | - | 8 | **Updated** Using a new default value for the load balancing algorithm. The 9 | new zero-value will be interpreted as UNSPECIFIED, where Istio will select 10 | an appropriate default algorithm. ROUND_ROBIN is still supported, but is now 11 | assigned a new integer value. 12 | 13 | In addition, the value LEAST_CONN is now deprecated in favor of a new value 14 | LEAST_REQUEST. It was previously poorly named and only remains for backward 15 | compatibility. 16 | -------------------------------------------------------------------------------- /releasenotes/notes/max-concurrent-streams.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/istio/issues/47166 6 | 7 | releaseNotes: 8 | - | 9 | **Added** max_concurrent_streams definition to DestinationRule for HTTP/2 connections. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/mesh-config-discovery-selectors.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/istio/issues/26679 6 | 7 | releaseNotes: 8 | - | 9 | **Added** Add discovery selectors to mesh config, a list of Kubernetes selectors used to limit the namespaces that istiod processes for reducing computational load. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/mesh-network-internal-addr-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: bug-fix 3 | area: documentation 4 | issue: 5 | - https://github.com/istio/istio/issues/53402 6 | 7 | releaseNotes: 8 | - | 9 | **Fixed** documentation for using MeshNetworks to configure envoy internal address configuration 10 | when ENABLE_HCM_INTERNAL_NETWORKS is set to true. As of Envoy 1.33, the default value for 11 | internalAddressConfig is set to an empty set. Previously, the default value was the set of all 12 | private IPs. To preserve Envoy headers, you must explicitly configure MeshNetworks 13 | or revert to Envoy's prior behavior by setting envoy.reloadable_features.explicit_internal_address_config 14 | to false. Setting MeshNetworks to all private IPs or reverting to Envoy's previous behavior will leave 15 | users with an Istio Ingress Gateway potentially vulnerable to x-envoy header manipulation by external 16 | sources. More information about this vulnerability can be found here: https://github.com/envoyproxy/envoy/security/advisories/GHSA-ffhv-fvxq-r6mf 17 | -------------------------------------------------------------------------------- /releasenotes/notes/native-sidecar-annotation.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: installation 5 | issue: 6 | - https://github.com/istio/istio/issues/53452 7 | releaseNotes: 8 | - | 9 | **Added** sidecar.istio.io/nativeSidecar annotation. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/open-telemetry-provider.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: telemetry 5 | issue: [] 6 | 7 | releaseNotes: 8 | - | 9 | **Added** OpenTelemetry access logging providers. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/otel-tracing-provider-http-exporter.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - https://github.com/istio/istio/issues/47835 6 | releaseNotes: 7 | - | 8 | **Added** new configuration options to `OpenTelemetryTracingProvider` in `MeshConfig` to allow exporting OpenTelemetry traces via HTTP. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/otel-tracing-provider-resource-detectors.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | issue: 5 | - https://github.com/istio/istio/issues/48885 6 | releaseNotes: 7 | - | 8 | **Added** new configuration options to `OpenTelemetryTracingProvider` in `MeshConfig` to allow configuring Resource Detectors. 9 | -------------------------------------------------------------------------------- /releasenotes/notes/preserve-header-case.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/istio/issues/53680 6 | releaseNotes: 7 | - | 8 | **Added** a ProxyConfig field to preserve the original case of HTTP/1.x headers. -------------------------------------------------------------------------------- /releasenotes/notes/private-key-provider-fallback.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Added** an `fallback` field for PrivateKeyProvider to support fallback to the BoringSSL default implementation if the private key provider isn’t available. -------------------------------------------------------------------------------- /releasenotes/notes/promote-networking-apis-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Promoted** Networking APIs (DestinationRule, Gateway, ServiceEntry, Sidecar, VirtualService, WorkloadEntry, WorkloadGroup) to v1. -------------------------------------------------------------------------------- /releasenotes/notes/promote-peer-auth-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Promoted** PeerAuthentication API to v1. -------------------------------------------------------------------------------- /releasenotes/notes/promote-telemetry-v1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Promoted** Telemetry API to v1. All Telemetry fields excepting `metrics.reportingInterval` and `accessLogging.filter` are now stable and will not change in a backwards-incompatible way. -------------------------------------------------------------------------------- /releasenotes/notes/proxy-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** an API (CRD) for configuring `ProxyConfig` values containing a stable subset of the configuration from `MeshConfig.DefaultConfig`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/proxy-protocol.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | releaseNotes: 5 | - | 6 | **Added** support to enable [PROXY protocol](http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt) for downstream connections on gateways using `ProxyConfig`. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/release-channels.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: installation 4 | 5 | issue: 6 | - https://github.com/istio/enhancements/issues/173 7 | 8 | releaseNotes: 9 | - | 10 | **Added** the `releaseChannel:extended` flag to non-GA features and APIs. -------------------------------------------------------------------------------- /releasenotes/notes/root-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 30629 6 | 7 | releaseNotes: 8 | - | 9 | **Added** API to configure extra roots of trust for workload-to-workload communication. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/service-scope-config.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/istio/issues/54245 6 | 7 | releaseNotes: 8 | - | 9 | **Added** API to configure service scopes in the MeshConfig. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/sidecar-connectionpool.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: [] 5 | 6 | releaseNotes: 7 | - | 8 | **Added** Connection pool settings to the `Sidecar` API to enable configuring the inbound connection pool for sidecars in the mesh. Previously the `DestinationRule`'s connection pool settings applied to both clients' and server sidecars. Using the updated `Sidecar` API, it's now possible to configure the server's connection pool separately from clients' in the mesh. 9 | 10 | docs: 11 | - https://docs.google.com/document/d/1bIuwv0E98kyn8VZ_CDVGcZziIHyr3-ACiTmPqGgp5uY/edit# 12 | -------------------------------------------------------------------------------- /releasenotes/notes/skip_request_id_sampling.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Added** Add an option to set whether the Request ID generated by the sidecar should be used when determining the sampling strategy for tracing. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/skywalking-support.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: telemetry 4 | releaseNotes: 5 | - | 6 | **Added** Add Apache SkyWalking tracer support as telemetry extension. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/slow-start-aggression-minimum-percent-parameters.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: traffic-management 5 | issue: 6 | - 3215 7 | 8 | releaseNotes: 9 | - | 10 | **Added** aggression and minimum_percent parameters 11 | 12 | docs: 13 | - https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/load_balancing/slow_start -------------------------------------------------------------------------------- /releasenotes/notes/slow-start.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: traffic-management 5 | issue: 6 | - 21228 7 | 8 | releaseNotes: 9 | - | 10 | **Added** the ability for users to configure a service to specify warm duration. 11 | -------------------------------------------------------------------------------- /releasenotes/notes/storage-version.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - 55302 6 | 7 | releaseNotes: 8 | - | 9 | **Updated** storageVersion for networking APIs to v1. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/support-logical-dns-connection-type.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | 3 | kind: feature 4 | area: traffic-management 5 | issue: 6 | - 35475 7 | 8 | releaseNotes: 9 | - | 10 | **Added** the ability for users to specify Envoy's LOGICAL_DNS as a connection type for a cluster using 'DNS_ROUND_ROBIN' in ServiceEntry. 11 | 12 | -------------------------------------------------------------------------------- /releasenotes/notes/target-ref.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/api/issues/2885 6 | 7 | releaseNotes: 8 | - | 9 | **Added** PolicyTargetReference definition to be used in the RequestAuthentication, AuthorizationPolicy, Telemetry, and WasmPlugin CRDs to target k8s gateways. 10 | 11 | docs: 12 | - https://docs.google.com/document/d/1MaMdyIQdOwq7mGCVMYW56FED9HrkJa93Nd0S0zBwws4/edit?usp=sharing 13 | -------------------------------------------------------------------------------- /releasenotes/notes/url-normalization.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | releaseNotes: 5 | - | 6 | **Added** workload request URL path normalization configuration for sidecar proxies and gateways. 7 | -------------------------------------------------------------------------------- /releasenotes/notes/virtual-service-direct-response.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: traffic-management 4 | issue: 5 | - https://github.com/istio/istio/issues/29264 6 | 7 | releaseNotes: 8 | - | 9 | **Added** Direct Response support for VirtualServices. 10 | -------------------------------------------------------------------------------- /releasenotes/notes/workloadgroup-v1beta1.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: release-notes/v2 2 | kind: feature 3 | area: security 4 | issue: 5 | - 25652 6 | 7 | releaseNotes: 8 | - | 9 | **Promoted** WorkloadGroup to v1beta1. 10 | -------------------------------------------------------------------------------- /scripts/breaking.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright Istio Authors 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | set -eu 16 | 17 | branch="${1:?branch to compare against}" 18 | 19 | # buf breaking --against ".git#branch=${branch}" does not work due to https://github.com/bufbuild/buf/issues/1003. Workaround it. 20 | 21 | d="$(mktemp -d )" 22 | trap ' 23 | rm -rf "${d}" 24 | ' EXIT 25 | 26 | cwd="${PWD}" 27 | pushd "${d}" > /dev/null || exit 28 | git clone "${cwd}" -q -b "${branch}" api > /dev/null 29 | cd api 30 | buf build -o proto.bin 31 | popd > /dev/null|| exit 32 | 33 | buf breaking --against "${d}/api/proto.bin" 34 | -------------------------------------------------------------------------------- /scripts/check-imports.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # Copyright Istio Authors 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | set -eu 16 | # Everything but operator 17 | for api in networking security type analysis authentication meta telemetry extensions mesh mcp; do 18 | if go list -f '{{ join .Deps "\n" }}' ./"${api}"/... |grep '^k8s.io/'; then 19 | echo "${api} imports Kubernetes" 20 | exit 1 21 | fi 22 | done 23 | -------------------------------------------------------------------------------- /scripts/check-operator-proto.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # Copyright 2019 Istio Authors 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | buf build -o -#format=json | jq '.file[] | select(.name == "operator/v1alpha1/operator.proto").messageType[].field[].name' -r | grep _ --color=never && { 18 | echo "Found names with _ in operator; all names must be camelCase" 19 | exit 1 20 | } 21 | exit 0 22 | -------------------------------------------------------------------------------- /scripts/validate.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # shellcheck disable=SC2045,SC2016 3 | # Copyright Istio Authors 4 | 5 | # Licensed under the Apache License, Version 2.0 (the "License"); 6 | # you may not use this file except in compliance with the License. 7 | # You may obtain a copy of the License at 8 | # 9 | # http://www.apache.org/licenses/LICENSE-2.0 10 | # 11 | # Unless required by applicable law or agreed to in writing, software 12 | # distributed under the License is distributed on an "AS IS" BASIS, 13 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | # See the License for the specific language governing permissions and 15 | # limitations under the License. 16 | 17 | shopt -s globstar 18 | 19 | # validate.sh checks protos are valid. 20 | # This is not currently a part of presubmit as there is a circular dependency on istio/istio repo 21 | # for istioctl, which would prevent adding new fields (since they would fail the validation command). 22 | 23 | # Check if all examples are valid 24 | for proto in $(find . -name "*.proto" | grep -v ^./common-protos | grep -v ^./envoy); do 25 | echo "Checking ${proto}..." 26 | # For each proto, we will remove comments (`//` or `// ` at start of line), 27 | # then find texts between ```yaml and ```. We separate each by ---, strip any ... (some docs elide resources), 28 | # then pass to istioctl validate 29 | < "${proto}" \ 30 | sed 's/^\/\/ //g' | sed 's/^\/\///g' \ 31 | | sed -n '/^```yaml/,/^```/ p' | sed 's/^```yaml/\-\-\-/g' \ 32 | | grep -v '```' | grep -v '\.\.\.' \ 33 | | sh -c ' 34 | cfg="$(cat < /dev/stdin)" 35 | echo "${cfg}" | istioctl validate -f - || { echo -e "${cfg}\n\n" && exit 1; } 36 | ' || exit 1 37 | done 38 | 39 | # Check if schemas are identical 40 | # Note: once we migrate to v1 CRDs we can move to scripts/validate_crds.py 41 | # Note: this misses package wide documentation 42 | for file in $(ls networking/v1beta1/*.gen.json); do 43 | echo "Comparing $(basename "${file}")" 44 | if [[ ! -f "networking/v1alpha3/$(basename "${file}")" ]]; then 45 | continue 46 | fi 47 | diff <(< "${file}" jq --sort-keys) <(< "networking/v1alpha3/$(basename "${file}")" sed 's/v1alpha3/v1beta1/g' | jq --sort-keys) 48 | done 49 | -------------------------------------------------------------------------------- /security/v1/peer_authentication_alias.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-alias. DO NOT EDIT. 2 | package v1 3 | 4 | import "istio.io/api/security/v1beta1" 5 | 6 | // 22 | // 23 | // 29 | // +kubebuilder:validation:XValidation:message="portLevelMtls requires selector",rule="has(self.portLevelMtls) ? self.index({}, selector, matchLabels).size() > 0 : true" 30 | type PeerAuthentication = v1beta1.PeerAuthentication 31 | 32 | // Mutual TLS settings. 33 | type PeerAuthentication_MutualTLS = v1beta1.PeerAuthentication_MutualTLS 34 | type PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_Mode 35 | 36 | // Inherit from parent, if has one. Otherwise treated as `PERMISSIVE`. 37 | const PeerAuthentication_MutualTLS_UNSET PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_UNSET 38 | 39 | // Connection is not tunneled. 40 | const PeerAuthentication_MutualTLS_DISABLE PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_DISABLE 41 | 42 | // Connection can be either plaintext or mTLS tunnel. 43 | const PeerAuthentication_MutualTLS_PERMISSIVE PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_PERMISSIVE 44 | 45 | // Connection is an mTLS tunnel (TLS with client cert must be presented). 46 | const PeerAuthentication_MutualTLS_STRICT PeerAuthentication_MutualTLS_Mode = v1beta1.PeerAuthentication_MutualTLS_STRICT 47 | -------------------------------------------------------------------------------- /security/v1/request_authentication_alias.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-alias. DO NOT EDIT. 2 | package v1 3 | 4 | import "istio.io/api/security/v1beta1" 5 | 6 | // 17 | // 18 | // 24 | // +kubebuilder:validation:XValidation:message="only one of targetRefs or selector can be set",rule="oneof(self.selector, self.targetRef, self.targetRefs)" 25 | type RequestAuthentication = v1beta1.RequestAuthentication 26 | 27 | // JSON Web Token (JWT) token format for authentication as defined by 28 | // [RFC 7519](https://tools.ietf.org/html/rfc7519). See [OAuth 2.0](https://tools.ietf.org/html/rfc6749) and 29 | // [OIDC 1.0](http://openid.net/connect) for how this is used in the whole 30 | // authentication flow. 31 | // 32 | // Examples: 33 | // 34 | // Spec for a JWT that is issued by `https://example.com`, with the audience claims must be either 35 | // `bookstore_android.apps.example.com` or `bookstore_web.apps.example.com`. 36 | // The token should be presented at the `Authorization` header (default). The JSON Web Key Set (JWKS) 37 | // will be discovered following OpenID Connect protocol. 38 | // 39 | // ```yaml 40 | // issuer: https://example.com 41 | // audiences: 42 | // - bookstore_android.apps.example.com 43 | // bookstore_web.apps.example.com 44 | // 45 | // ``` 46 | // 47 | // This example specifies a token in a non-default location (`x-goog-iap-jwt-assertion` header). It also 48 | // defines the URI to fetch JWKS explicitly. 49 | // 50 | // ```yaml 51 | // issuer: https://example.com 52 | // jwksUri: https://example.com/.secret/jwks.json 53 | // fromHeaders: 54 | // - "x-goog-iap-jwt-assertion" 55 | // ``` 56 | // +kubebuilder:validation:XValidation:message="only one of jwks or jwksUri can be set",rule="oneof(self.jwksUri, self.jwks_uri, self.jwks)" 57 | type JWTRule = v1beta1.JWTRule 58 | 59 | // This message specifies a header location to extract JWT token. 60 | type JWTHeader = v1beta1.JWTHeader 61 | 62 | // This message specifies the detail for copying claim to header. 63 | type ClaimToHeader = v1beta1.ClaimToHeader 64 | -------------------------------------------------------------------------------- /security/v1alpha1/ca.pb.html: -------------------------------------------------------------------------------- 1 | --- 2 | title: istio.v1.auth 3 | layout: protoc-gen-docs 4 | generator: protoc-gen-docs 5 | number_of_entries: 3 6 | --- 7 |

Services

8 |

IstioCertificateService

9 |
10 |

Service for managing certificates issued by the CA.

11 | 12 | 
rpc CreateCertificate(IstioCertificateRequest) returns (IstioCertificateResponse)
13 |
14 |

Using provided CSR, returns a signed certificate.

15 | 16 |
17 |

Types

18 |

IstioCertificateRequest

19 |
20 |

Certificate request message. The authentication should be based on:

21 |
    22 |
  1. Bearer tokens carried in the side channel;
    2. 23 |
  2. Client-side certificate via Mutual TLS handshake. 24 | Note: the service implementation is REQUIRED to verify the authenticated caller is authorize to 25 | all SANs in the CSR. The server side may overwrite any requested certificate field based on its 26 | policies.
    3. 27 |
28 | 29 | 30 | 31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 | 41 | 47 | 48 | 49 | 52 | 56 | 57 | 58 |
FieldDescription
csr
39 |
string
40 |
42 |

PEM-encoded certificate request. 43 | The public key in the CSR is used to generate the certificate, 44 | and other fields in the generated certificate may be overwritten by the CA.

45 | 46 |
validityDuration
50 |
int64
51 |
53 |

requested certificate validity period, in seconds.

54 | 55 |
59 |
60 |

IstioCertificateResponse

61 |
62 |

Certificate response message.

63 | 64 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 76 | 81 | 82 | 83 |
FieldDescription
certChain
74 |
string[]
75 |
77 |

PEM-encoded certificate chain. 78 | The leaf cert is the first element, and the root cert is the last element.

79 | 80 |
84 |
85 | -------------------------------------------------------------------------------- /security/v1alpha1/ca.proto: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | import "google/protobuf/struct.proto"; 18 | 19 | // Keep this package for backward compatibility. 20 | package istio.v1.auth; 21 | 22 | option go_package="istio.io/api/security/v1alpha1"; 23 | 24 | // Certificate request message. The authentication should be based on: 25 | // 1. Bearer tokens carried in the side channel; 26 | // 2. Client-side certificate via Mutual TLS handshake. 27 | // Note: the service implementation is REQUIRED to verify the authenticated caller is authorize to 28 | // all SANs in the CSR. The server side may overwrite any requested certificate field based on its 29 | // policies. 30 | message IstioCertificateRequest { 31 | // PEM-encoded certificate request. 32 | // The public key in the CSR is used to generate the certificate, 33 | // and other fields in the generated certificate may be overwritten by the CA. 34 | string csr = 1; 35 | // Optional: requested certificate validity period, in seconds. 36 | int64 validity_duration = 3; 37 | 38 | // $hide_from_docs 39 | // Optional: Opaque metadata provided by the XDS node to Istio. 40 | // Supported metadata: WorkloadName, WorkloadIP, ClusterID 41 | google.protobuf.Struct metadata = 4; 42 | } 43 | 44 | // Certificate response message. 45 | message IstioCertificateResponse { 46 | // PEM-encoded certificate chain. 47 | // The leaf cert is the first element, and the root cert is the last element. 48 | repeated string cert_chain = 1; 49 | } 50 | 51 | // Service for managing certificates issued by the CA. 52 | service IstioCertificateService { 53 | // Using provided CSR, returns a signed certificate. 54 | rpc CreateCertificate(IstioCertificateRequest) 55 | returns (IstioCertificateResponse) { 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /security/v1alpha1/ca_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using IstioCertificateRequest within kubernetes types, where deepcopy-gen is used. 9 | func (in *IstioCertificateRequest) DeepCopyInto(out *IstioCertificateRequest) { 10 | p := proto.Clone(in).(*IstioCertificateRequest) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCertificateRequest. Required by controller-gen. 15 | func (in *IstioCertificateRequest) DeepCopy() *IstioCertificateRequest { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(IstioCertificateRequest) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioCertificateRequest. Required by controller-gen. 25 | func (in *IstioCertificateRequest) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | 29 | // DeepCopyInto supports using IstioCertificateResponse within kubernetes types, where deepcopy-gen is used. 30 | func (in *IstioCertificateResponse) DeepCopyInto(out *IstioCertificateResponse) { 31 | p := proto.Clone(in).(*IstioCertificateResponse) 32 | *out = *p 33 | } 34 | 35 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new IstioCertificateResponse. Required by controller-gen. 36 | func (in *IstioCertificateResponse) DeepCopy() *IstioCertificateResponse { 37 | if in == nil { 38 | return nil 39 | } 40 | out := new(IstioCertificateResponse) 41 | in.DeepCopyInto(out) 42 | return out 43 | } 44 | 45 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new IstioCertificateResponse. Required by controller-gen. 46 | func (in *IstioCertificateResponse) DeepCopyInterface() interface{} { 47 | return in.DeepCopy() 48 | } 49 | -------------------------------------------------------------------------------- /security/v1alpha1/ca_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1alpha1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for IstioCertificateRequest 10 | func (this *IstioCertificateRequest) MarshalJSON() ([]byte, error) { 11 | str, err := CaMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for IstioCertificateRequest 16 | func (this *IstioCertificateRequest) UnmarshalJSON(b []byte) error { 17 | return CaUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for IstioCertificateResponse 21 | func (this *IstioCertificateResponse) MarshalJSON() ([]byte, error) { 22 | str, err := CaMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for IstioCertificateResponse 27 | func (this *IstioCertificateResponse) UnmarshalJSON(b []byte) error { 28 | return CaUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | var ( 32 | CaMarshaler = &jsonpb.Marshaler{} 33 | CaUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 34 | ) 35 | -------------------------------------------------------------------------------- /security/v1beta1/peer_authentication_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package v1beta1 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using PeerAuthentication within kubernetes types, where deepcopy-gen is used. 9 | func (in *PeerAuthentication) DeepCopyInto(out *PeerAuthentication) { 10 | p := proto.Clone(in).(*PeerAuthentication) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication. Required by controller-gen. 15 | func (in *PeerAuthentication) DeepCopy() *PeerAuthentication { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(PeerAuthentication) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication. Required by controller-gen. 25 | func (in *PeerAuthentication) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | 29 | // DeepCopyInto supports using PeerAuthentication_MutualTLS within kubernetes types, where deepcopy-gen is used. 30 | func (in *PeerAuthentication_MutualTLS) DeepCopyInto(out *PeerAuthentication_MutualTLS) { 31 | p := proto.Clone(in).(*PeerAuthentication_MutualTLS) 32 | *out = *p 33 | } 34 | 35 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication_MutualTLS. Required by controller-gen. 36 | func (in *PeerAuthentication_MutualTLS) DeepCopy() *PeerAuthentication_MutualTLS { 37 | if in == nil { 38 | return nil 39 | } 40 | out := new(PeerAuthentication_MutualTLS) 41 | in.DeepCopyInto(out) 42 | return out 43 | } 44 | 45 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PeerAuthentication_MutualTLS. Required by controller-gen. 46 | func (in *PeerAuthentication_MutualTLS) DeepCopyInterface() interface{} { 47 | return in.DeepCopy() 48 | } 49 | -------------------------------------------------------------------------------- /security/v1beta1/peer_authentication_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1beta1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for PeerAuthentication 10 | func (this *PeerAuthentication) MarshalJSON() ([]byte, error) { 11 | str, err := PeerAuthenticationMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for PeerAuthentication 16 | func (this *PeerAuthentication) UnmarshalJSON(b []byte) error { 17 | return PeerAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for PeerAuthentication_MutualTLS 21 | func (this *PeerAuthentication_MutualTLS) MarshalJSON() ([]byte, error) { 22 | str, err := PeerAuthenticationMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for PeerAuthentication_MutualTLS 27 | func (this *PeerAuthentication_MutualTLS) UnmarshalJSON(b []byte) error { 28 | return PeerAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | var ( 32 | PeerAuthenticationMarshaler = &jsonpb.Marshaler{} 33 | PeerAuthenticationUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 34 | ) 35 | -------------------------------------------------------------------------------- /security/v1beta1/request_authentication_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1beta1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for RequestAuthentication 10 | func (this *RequestAuthentication) MarshalJSON() ([]byte, error) { 11 | str, err := RequestAuthenticationMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for RequestAuthentication 16 | func (this *RequestAuthentication) UnmarshalJSON(b []byte) error { 17 | return RequestAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for JWTRule 21 | func (this *JWTRule) MarshalJSON() ([]byte, error) { 22 | str, err := RequestAuthenticationMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for JWTRule 27 | func (this *JWTRule) UnmarshalJSON(b []byte) error { 28 | return RequestAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for JWTHeader 32 | func (this *JWTHeader) MarshalJSON() ([]byte, error) { 33 | str, err := RequestAuthenticationMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for JWTHeader 38 | func (this *JWTHeader) UnmarshalJSON(b []byte) error { 39 | return RequestAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | // MarshalJSON is a custom marshaler for ClaimToHeader 43 | func (this *ClaimToHeader) MarshalJSON() ([]byte, error) { 44 | str, err := RequestAuthenticationMarshaler.MarshalToString(this) 45 | return []byte(str), err 46 | } 47 | 48 | // UnmarshalJSON is a custom unmarshaler for ClaimToHeader 49 | func (this *ClaimToHeader) UnmarshalJSON(b []byte) error { 50 | return RequestAuthenticationUnmarshaler.Unmarshal(bytes.NewReader(b), this) 51 | } 52 | 53 | var ( 54 | RequestAuthenticationMarshaler = &jsonpb.Marshaler{} 55 | RequestAuthenticationUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 56 | ) 57 | -------------------------------------------------------------------------------- /stability/level.proto: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | syntax = "proto3"; 16 | 17 | package istio.stability; 18 | 19 | option go_package="istio.io/api/stability"; 20 | 21 | // Level defines the stability levels Istio uses. 22 | enum Level { 23 | EXPERIMENTAL = 0; 24 | ALPHA = 1; 25 | BETA = 2; 26 | STABLE = 3; 27 | } 28 | -------------------------------------------------------------------------------- /tests/testdata/authz-invalid.yaml: -------------------------------------------------------------------------------- 1 | _err: Cannot set serviceAccounts with namespaces or principals 2 | apiVersion: security.istio.io/v1 3 | kind: AuthorizationPolicy 4 | metadata: 5 | name: service-account-and-namespace 6 | spec: 7 | rules: 8 | - from: 9 | - source: 10 | serviceAccounts: ["bar/sa"] 11 | namespaces: ["bar"] 12 | --- 13 | _err: Cannot set serviceAccounts with namespaces or principals 14 | apiVersion: security.istio.io/v1 15 | kind: AuthorizationPolicy 16 | metadata: 17 | name: service-account-and-namespace-principal 18 | spec: 19 | rules: 20 | - from: 21 | - source: 22 | serviceAccounts: ["baz/sa"] 23 | principals: ["bar"] 24 | -------------------------------------------------------------------------------- /tests/testdata/destinationrule-invalid.yaml: -------------------------------------------------------------------------------- 1 | _err: 'spec.trafficPolicy.loadBalancer.warmup.minimumPercent: Invalid value' 2 | apiVersion: networking.istio.io/v1 3 | kind: DestinationRule 4 | metadata: 5 | name: bookinfo-ratings 6 | spec: 7 | host: ratings.prod.svc.cluster.local 8 | trafficPolicy: 9 | loadBalancer: 10 | warmup: 11 | duration: 300s 12 | minimumPercent: 150.0 13 | --- 14 | _err: 'spec.trafficPolicy.loadBalancer.warmup.duration: Required value' 15 | apiVersion: networking.istio.io/v1 16 | kind: DestinationRule 17 | metadata: 18 | name: bookinfo-ratings 19 | spec: 20 | host: ratings.prod.svc.cluster.local 21 | trafficPolicy: 22 | loadBalancer: 23 | warmup: 24 | minimumPercent: 5.0 25 | --- 26 | _err: 'spec.trafficPolicy.loadBalancer.warmup.aggression: Invalid value' 27 | apiVersion: networking.istio.io/v1 28 | kind: DestinationRule 29 | metadata: 30 | name: bookinfo-ratings 31 | spec: 32 | host: ratings.prod.svc.cluster.local 33 | trafficPolicy: 34 | loadBalancer: 35 | warmup: 36 | duration: 300s 37 | aggression: 0.3 -------------------------------------------------------------------------------- /tests/testdata/destinationrule-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1 2 | kind: DestinationRule 3 | metadata: 4 | name: bookinfo-ratings 5 | spec: 6 | host: ratings.prod.svc.cluster.local 7 | trafficPolicy: 8 | loadBalancer: 9 | warmup: 10 | duration: 300s 11 | --- 12 | apiVersion: networking.istio.io/v1 13 | kind: DestinationRule 14 | metadata: 15 | name: bookinfo-ratings 16 | spec: 17 | host: ratings.prod.svc.cluster.local 18 | trafficPolicy: 19 | loadBalancer: 20 | warmup: 21 | duration: 300s 22 | minimumPercent: 5.0 23 | --- 24 | apiVersion: networking.istio.io/v1 25 | kind: DestinationRule 26 | metadata: 27 | name: bookinfo-ratings 28 | spec: 29 | host: ratings.prod.svc.cluster.local 30 | trafficPolicy: 31 | loadBalancer: 32 | warmup: 33 | duration: 300s 34 | minimumPercent: 5.0 35 | aggression: 5.0 -------------------------------------------------------------------------------- /tests/testdata/peerauth-invalid.yaml: -------------------------------------------------------------------------------- 1 | _err: 'Unsupported value: "BLAH"' 2 | apiVersion: security.istio.io/v1 3 | kind: PeerAuthentication 4 | metadata: 5 | name: bad-mode 6 | spec: 7 | mtls: 8 | mode: BLAH 9 | --- 10 | _err: type conversion error from 11 | apiVersion: security.istio.io/v1 12 | kind: PeerAuthentication 13 | metadata: 14 | name: bad-port 15 | spec: 16 | selector: 17 | matchLabels: 18 | foo: bar 19 | portLevelMtls: 20 | "acd": 21 | mode: STRICT 22 | --- 23 | _err: portLevelMtls requires selector 24 | apiVersion: security.istio.io/v1 25 | kind: PeerAuthentication 26 | metadata: 27 | name: port-level-global 28 | spec: 29 | portLevelMtls: 30 | "80": 31 | mode: STRICT 32 | --- 33 | _err: spec.portLevelMtls in body should have at least 1 properties 34 | apiVersion: security.istio.io/v1 35 | kind: PeerAuthentication 36 | metadata: 37 | name: empty-port-level 38 | spec: 39 | selector: 40 | matchLabels: 41 | foo: bar 42 | portLevelMtls: {} 43 | --- 44 | _err: port must be between 1-65535 45 | apiVersion: security.istio.io/v1 46 | kind: PeerAuthentication 47 | metadata: 48 | name: zero-port 49 | spec: 50 | selector: 51 | matchLabels: 52 | foo: bar 53 | portLevelMtls: 54 | "0": 55 | mode: STRICT 56 | --- 57 | _err: port must be between 1-65535 58 | apiVersion: security.istio.io/v1 59 | kind: PeerAuthentication 60 | metadata: 61 | name: high-port 62 | spec: 63 | selector: 64 | matchLabels: 65 | foo: bar 66 | portLevelMtls: 67 | "42949672": 68 | mode: STRICT 69 | -------------------------------------------------------------------------------- /tests/testdata/peerauth-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1 2 | kind: PeerAuthentication 3 | metadata: 4 | name: full 5 | spec: 6 | selector: 7 | matchLabels: 8 | foo: bar 9 | mtls: 10 | mode: PERMISSIVE 11 | portLevelMtls: 12 | "80": 13 | mode: STRICT 14 | --- 15 | # Weird but valid 16 | apiVersion: security.istio.io/v1 17 | kind: PeerAuthentication 18 | metadata: 19 | name: partial-selector 20 | spec: 21 | selector: {} -------------------------------------------------------------------------------- /tests/testdata/proxyconfig-invalid.yaml: -------------------------------------------------------------------------------- 1 | _err: spec.concurrency in body should be greater than or equal to 0 2 | apiVersion: networking.istio.io/v1beta1 3 | kind: ProxyConfig 4 | metadata: 5 | name: bad-concurrency 6 | spec: 7 | concurrency: -1 8 | --- 9 | _err: key must not be empty 10 | apiVersion: networking.istio.io/v1beta1 11 | kind: ProxyConfig 12 | metadata: 13 | name: empty-key-selector 14 | spec: 15 | selector: 16 | matchLabels: 17 | "": bar 18 | -------------------------------------------------------------------------------- /tests/testdata/proxyconfig-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1beta1 2 | kind: ProxyConfig 3 | metadata: 4 | name: full 5 | spec: 6 | concurrency: 1 7 | selector: 8 | matchLabels: 9 | foo: bar 10 | image: 11 | imageType: foo 12 | environmentVariables: 13 | foo: baz 14 | --- 15 | # Silly but valid 16 | apiVersion: networking.istio.io/v1beta1 17 | kind: ProxyConfig 18 | metadata: 19 | name: empty-selector 20 | spec: 21 | selector: 22 | matchLabels: {} -------------------------------------------------------------------------------- /tests/testdata/reqauth-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: security.istio.io/v1 2 | kind: RequestAuthentication 3 | metadata: 4 | name: full 5 | spec: 6 | targetRefs: 7 | - group: "" 8 | kind: Service 9 | name: foo 10 | jwtRules: 11 | - issuer: "example.com" 12 | jwksUri: https://example.com/.well-known/jwks.json 13 | forwardOriginalToken: true 14 | fromCookies: [foo] 15 | fromHeaders: 16 | - name: foo 17 | prefix: baz 18 | outputClaimToHeaders: 19 | - claim: abc 20 | header: def 21 | timeout: 5s 22 | outputPayloadToHeader: header 23 | -------------------------------------------------------------------------------- /tests/testdata/serviceentry-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1 2 | kind: ServiceEntry 3 | metadata: 4 | name: full 5 | namespace: default 6 | spec: 7 | hosts: ["example.com"] 8 | workloadSelector: 9 | labels: 10 | foo: bar 11 | addresses: [1.2.3.4, 001:db8::] 12 | exportTo: [foo, .] 13 | location: MESH_EXTERNAL 14 | ports: 15 | - name: foo 16 | protocol: HTTP 17 | number: 1234 18 | targetPort: 2345 19 | subjectAltNames: [sa] 20 | resolution: DNS 21 | --- 22 | apiVersion: networking.istio.io/v1 23 | kind: ServiceEntry 24 | metadata: 25 | name: static-endpoints 26 | spec: 27 | hosts: ["example.com"] 28 | endpoints: 29 | - address: "sub.example.com" 30 | ports: 31 | - name: foo 32 | protocol: HTTP 33 | number: 1234 34 | targetPort: 2345 35 | resolution: DNS 36 | --- 37 | # Weird case but we allow it 38 | apiVersion: networking.istio.io/v1alpha3 39 | kind: ServiceEntry 40 | metadata: 41 | name: empty-selector 42 | spec: 43 | workloadSelector: {} 44 | hosts: ["example.com"] 45 | --- 46 | # Weird case but we allow it 47 | apiVersion: networking.istio.io/v1alpha3 48 | kind: ServiceEntry 49 | metadata: 50 | name: partial-wildcard 51 | spec: 52 | hosts: ["*x"] 53 | --- 54 | # Weird case but we allow it 55 | apiVersion: networking.istio.io/v1alpha3 56 | kind: ServiceEntry 57 | metadata: 58 | name: none-cidr 59 | spec: 60 | hosts: ["example.com"] 61 | addresses: 62 | - 1.1.1.1/32 63 | -------------------------------------------------------------------------------- /tests/testdata/telemetry-invalid.yaml: -------------------------------------------------------------------------------- 1 | _err: "name in body should be at least 1 chars long" 2 | apiVersion: telemetry.istio.io/v1alpha1 3 | kind: Telemetry 4 | metadata: 5 | name: bad-provider 6 | spec: 7 | metrics: 8 | - providers: 9 | - name: "" 10 | --- 11 | _err: "customMetric in body should be at least 1 chars lon" 12 | apiVersion: telemetry.istio.io/v1alpha1 13 | kind: Telemetry 14 | metadata: 15 | name: bad-custom-metric 16 | spec: 17 | metrics: 18 | - overrides: 19 | - match: 20 | customMetric: "" 21 | --- 22 | _err: "value must be set when operation is UPSERT" 23 | apiVersion: telemetry.istio.io/v1alpha1 24 | kind: Telemetry 25 | metadata: 26 | name: bad-tag-upsert 27 | spec: 28 | metrics: 29 | - overrides: 30 | - tagOverrides: 31 | foo: 32 | operation: UPSERT 33 | --- 34 | _err: "value must not be set when operation is REMOVE" 35 | apiVersion: telemetry.istio.io/v1alpha1 36 | kind: Telemetry 37 | metadata: 38 | name: bad-tag-remove 39 | spec: 40 | metrics: 41 | - overrides: 42 | - tagOverrides: 43 | foo: 44 | operation: REMOVE 45 | value: oops 46 | --- -------------------------------------------------------------------------------- /tests/testdata/telemetry-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: telemetry.istio.io/v1alpha1 2 | kind: Telemetry 3 | metadata: 4 | name: full 5 | spec: 6 | metrics: 7 | - providers: 8 | - name: prometheus 9 | reportingInterval: 5s 10 | overrides: 11 | - tagOverrides: 12 | request_method: 13 | value: "request.method" 14 | request_host: 15 | value: "request.host" 16 | match: 17 | customMetric: "foo" 18 | disabled: false 19 | - match: 20 | metric: GRPC_REQUEST_MESSAGES 21 | disabled: true 22 | accessLogging: 23 | - disabled: false 24 | filter: 25 | expression: 'true' 26 | match: 27 | mode: CLIENT 28 | providers: 29 | - name: stdout 30 | tracing: 31 | - providers: 32 | - name: otlp 33 | match: 34 | mode: CLIENT_AND_SERVER 35 | randomSamplingPercentage: 54.54 36 | useRequestIdForTraceSampling: true 37 | disableSpanReporting: false 38 | customTags: 39 | env: 40 | environment: 41 | name: "NAME" 42 | defaultValue: "default" 43 | header: 44 | header: 45 | name: "x-name" 46 | defaultValue: "default name" 47 | literal: 48 | literal: 49 | value: "default literal" 50 | --- 51 | apiVersion: telemetry.istio.io/v1alpha1 52 | kind: Telemetry 53 | metadata: 54 | name: tag-upsert 55 | spec: 56 | metrics: 57 | - overrides: 58 | - tagOverrides: 59 | foo: 60 | operation: UPSERT 61 | value: add 62 | --- 63 | apiVersion: telemetry.istio.io/v1alpha1 64 | kind: Telemetry 65 | metadata: 66 | name: tag-remove 67 | spec: 68 | metrics: 69 | - overrides: 70 | - tagOverrides: 71 | foo: 72 | operation: REMOVE -------------------------------------------------------------------------------- /tests/testdata/wasm-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: extensions.istio.io/v1alpha1 2 | kind: WasmPlugin 3 | metadata: 4 | name: full 5 | spec: 6 | selector: 7 | matchLabels: 8 | istio: ingressgateway 9 | url: file:///opt/filters/openid.wasm 10 | sha256: 1ef0c9a92b0420cf25f7fe5d481b231464bc88f486ca3b9c83ed5cc21d2f6210 11 | phase: AUTHN 12 | pluginConfig: 13 | openid_server: authn 14 | openid_realm: ingress 15 | --- 16 | apiVersion: extensions.istio.io/v1alpha1 17 | kind: WasmPlugin 18 | metadata: 19 | name: sha256-empty 20 | spec: 21 | url: "http://test" 22 | --- 23 | apiVersion: extensions.istio.io/v1alpha1 24 | kind: WasmPlugin 25 | metadata: 26 | name: url-without-schema 27 | spec: 28 | url: "test" 29 | --- 30 | apiVersion: extensions.istio.io/v1alpha1 31 | kind: WasmPlugin 32 | metadata: 33 | name: env 34 | spec: 35 | url: "http://test" 36 | vmConfig: 37 | env: 38 | - name: "test" 39 | valueFrom: HOST 40 | - name: "test2" 41 | valueFrom: INLINE 42 | value: "test" 43 | - name: "test3" 44 | value: "test" -------------------------------------------------------------------------------- /tests/testdata/workloadentry-invalid.yaml: -------------------------------------------------------------------------------- 1 | _err: 'spec: Required value' 2 | apiVersion: networking.istio.io/v1alpha3 3 | kind: WorkloadEntry 4 | metadata: 5 | name: no-spec 6 | --- 7 | _err: Address is required 8 | apiVersion: networking.istio.io/v1alpha3 9 | kind: WorkloadEntry 10 | metadata: 11 | name: missing-address 12 | spec: {} 13 | --- 14 | _err: UDS may not be a dir 15 | apiVersion: networking.istio.io/v1alpha3 16 | kind: WorkloadEntry 17 | metadata: 18 | name: bad-uds-dir 19 | spec: 20 | address: unix:///dir/ 21 | --- 22 | _err: UDS must be an absolute path or abstract socket 23 | apiVersion: networking.istio.io/v1alpha3 24 | kind: WorkloadEntry 25 | metadata: 26 | name: bad-uds-relative 27 | spec: 28 | address: unix://relative 29 | --- 30 | _err: UDS may not include ports 31 | apiVersion: networking.istio.io/v1alpha3 32 | kind: WorkloadEntry 33 | metadata: 34 | name: uds-with-ports 35 | spec: 36 | address: unix://@foo 37 | ports: 38 | "http": 80 39 | --- 40 | _err: port must be between 1-65535 41 | apiVersion: networking.istio.io/v1alpha3 42 | kind: WorkloadEntry 43 | metadata: 44 | name: high-port 45 | spec: 46 | address: 1.1.1.1 47 | ports: 48 | "http": 99999 49 | --- 50 | _err: 'spec.ports: Invalid value' 51 | apiVersion: networking.istio.io/v1alpha3 52 | kind: WorkloadEntry 53 | metadata: 54 | name: bad-port-name 55 | spec: 56 | address: 1.1.1.1 57 | ports: 58 | "@": 80 59 | # TODO: 60 | # if its not an IP it must be a valid fqdn (0..255, ValidateDNS1123Labels) 61 | # validate labels (k8s) 62 | -------------------------------------------------------------------------------- /tests/testdata/workloadentry-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: WorkloadEntry 3 | metadata: 4 | name: full 5 | spec: 6 | address: 1.2.3.4 7 | serviceAccount: sa 8 | network: net 9 | labels: 10 | app: app 11 | ports: 12 | "http": 1 13 | weight: 2 14 | locality: foo/bar/baz 15 | --- 16 | apiVersion: networking.istio.io/v1alpha3 17 | kind: WorkloadEntry 18 | metadata: 19 | name: missing-address-network-set 20 | spec: 21 | network: net 22 | --- 23 | apiVersion: networking.istio.io/v1alpha3 24 | kind: WorkloadEntry 25 | metadata: 26 | name: uds-abstract 27 | spec: 28 | address: unix://@foo 29 | --- 30 | apiVersion: networking.istio.io/v1alpha3 31 | kind: WorkloadEntry 32 | metadata: 33 | name: uds-path 34 | spec: 35 | address: unix:///foo/bar 36 | --- 37 | apiVersion: networking.istio.io/v1alpha3 38 | kind: WorkloadEntry 39 | metadata: 40 | name: fqdn 41 | spec: 42 | address: example.com 43 | -------------------------------------------------------------------------------- /tests/testdata/workloadgroup-invalid.yaml: -------------------------------------------------------------------------------- 1 | _err: 'spec: Required value' 2 | apiVersion: networking.istio.io/v1 3 | kind: WorkloadGroup 4 | metadata: 5 | name: no-spec 6 | --- 7 | _err: port must be between 1-65535 8 | apiVersion: networking.istio.io/v1alpha3 9 | kind: WorkloadGroup 10 | metadata: 11 | name: tcp-probe-invalid 12 | spec: 13 | probe: 14 | tcpSocket: 15 | port: 65536 16 | template: 17 | serviceAccount: sa 18 | network: net 19 | --- 20 | _err: 'spec.probe.httpGet.httpHeaders[0].name in body should match' 21 | apiVersion: networking.istio.io/v1alpha3 22 | kind: WorkloadGroup 23 | metadata: 24 | name: http-probe-invalid 25 | spec: 26 | probe: 27 | httpGet: 28 | httpHeaders: 29 | - name: "**" 30 | port: 80 31 | template: {} 32 | -------------------------------------------------------------------------------- /tests/testdata/workloadgroup-valid.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: networking.istio.io/v1alpha3 2 | kind: WorkloadGroup 3 | metadata: 4 | name: full 5 | spec: 6 | metadata: 7 | labels: 8 | foo: bar 9 | annotations: 10 | foo: bar 11 | probe: 12 | failureThreshold: 2 13 | initialDelaySeconds: 1 14 | periodSeconds: 1 15 | successThreshold: 1 16 | timeoutSeconds: 1 17 | httpGet: 18 | port: 8080 19 | host: "bar" 20 | scheme: HTTPS 21 | path: /bar 22 | httpHeaders: 23 | - name: foo 24 | value: bar 25 | template: 26 | serviceAccount: sa 27 | network: net 28 | labels: 29 | app: app 30 | ports: 31 | "http": 1 32 | weight: 2 33 | locality: foo/bar/baz 34 | --- 35 | apiVersion: networking.istio.io/v1alpha3 36 | kind: WorkloadGroup 37 | metadata: 38 | name: tcp-probe 39 | spec: 40 | probe: 41 | tcpSocket: 42 | port: 8080 43 | template: 44 | serviceAccount: sa 45 | network: net -------------------------------------------------------------------------------- /tests/validation_test.go: -------------------------------------------------------------------------------- 1 | // Copyright Istio Authors 2 | // 3 | // Licensed under the Apache License, Version 2.0 (the "License"); 4 | // you may not use this file except in compliance with the License. 5 | // You may obtain a copy of the License at 6 | // 7 | // http://www.apache.org/licenses/LICENSE-2.0 8 | // 9 | // Unless required by applicable law or agreed to in writing, software 10 | // distributed under the License is distributed on an "AS IS" BASIS, 11 | // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | // See the License for the specific language governing permissions and 13 | // limitations under the License. 14 | 15 | package crd 16 | 17 | import ( 18 | "os" 19 | "path/filepath" 20 | "strings" 21 | "testing" 22 | 23 | "k8s.io/apimachinery/pkg/apis/meta/v1/unstructured" 24 | "sigs.k8s.io/yaml" 25 | ) 26 | 27 | type TestExpectation struct { 28 | WantErr string `json:"_err,omitempty"` 29 | } 30 | 31 | func TestCRDs(t *testing.T) { 32 | v := NewIstioValidator(t) 33 | d, err := os.ReadDir("testdata") 34 | if err != nil { 35 | t.Fatal(err) 36 | } 37 | for _, f := range d { 38 | t.Run(f.Name(), func(t *testing.T) { 39 | f, err := os.ReadFile(filepath.Join("testdata", f.Name())) 40 | if err != nil { 41 | t.Fatal(err) 42 | } 43 | for _, item := range SplitString(string(f)) { 44 | obj := &unstructured.Unstructured{} 45 | if err := yaml.Unmarshal([]byte(item), obj); err != nil { 46 | t.Fatal(err) 47 | } 48 | delete(obj.Object, "_err") 49 | t.Run(obj.GetName(), func(t *testing.T) { 50 | want := TestExpectation{} 51 | if err := yaml.Unmarshal([]byte(item), &want); err != nil { 52 | t.Fatal(err) 53 | } 54 | res := v.ValidateCustomResource(obj) 55 | if want.WantErr == "" { 56 | // Want no error 57 | if res != nil { 58 | t.Fatalf("configuration was invalid: %v", res) 59 | } 60 | } else { 61 | if res == nil { 62 | t.Fatalf("wanted error like %q, got none", want.WantErr) 63 | } 64 | if !strings.Contains(res.Error(), want.WantErr) { 65 | t.Fatalf("wanted error like %q, got %q", want.WantErr, res) 66 | } 67 | } 68 | }) 69 | } 70 | }) 71 | } 72 | } 73 | -------------------------------------------------------------------------------- /type/v1beta1/selector_deepcopy.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-deepcopy. DO NOT EDIT. 2 | package v1beta1 3 | 4 | import ( 5 | proto "google.golang.org/protobuf/proto" 6 | ) 7 | 8 | // DeepCopyInto supports using WorkloadSelector within kubernetes types, where deepcopy-gen is used. 9 | func (in *WorkloadSelector) DeepCopyInto(out *WorkloadSelector) { 10 | p := proto.Clone(in).(*WorkloadSelector) 11 | *out = *p 12 | } 13 | 14 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. 15 | func (in *WorkloadSelector) DeepCopy() *WorkloadSelector { 16 | if in == nil { 17 | return nil 18 | } 19 | out := new(WorkloadSelector) 20 | in.DeepCopyInto(out) 21 | return out 22 | } 23 | 24 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new WorkloadSelector. Required by controller-gen. 25 | func (in *WorkloadSelector) DeepCopyInterface() interface{} { 26 | return in.DeepCopy() 27 | } 28 | 29 | // DeepCopyInto supports using PortSelector within kubernetes types, where deepcopy-gen is used. 30 | func (in *PortSelector) DeepCopyInto(out *PortSelector) { 31 | p := proto.Clone(in).(*PortSelector) 32 | *out = *p 33 | } 34 | 35 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen. 36 | func (in *PortSelector) DeepCopy() *PortSelector { 37 | if in == nil { 38 | return nil 39 | } 40 | out := new(PortSelector) 41 | in.DeepCopyInto(out) 42 | return out 43 | } 44 | 45 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PortSelector. Required by controller-gen. 46 | func (in *PortSelector) DeepCopyInterface() interface{} { 47 | return in.DeepCopy() 48 | } 49 | 50 | // DeepCopyInto supports using PolicyTargetReference within kubernetes types, where deepcopy-gen is used. 51 | func (in *PolicyTargetReference) DeepCopyInto(out *PolicyTargetReference) { 52 | p := proto.Clone(in).(*PolicyTargetReference) 53 | *out = *p 54 | } 55 | 56 | // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen. 57 | func (in *PolicyTargetReference) DeepCopy() *PolicyTargetReference { 58 | if in == nil { 59 | return nil 60 | } 61 | out := new(PolicyTargetReference) 62 | in.DeepCopyInto(out) 63 | return out 64 | } 65 | 66 | // DeepCopyInterface is an autogenerated deepcopy function, copying the receiver, creating a new PolicyTargetReference. Required by controller-gen. 67 | func (in *PolicyTargetReference) DeepCopyInterface() interface{} { 68 | return in.DeepCopy() 69 | } 70 | -------------------------------------------------------------------------------- /type/v1beta1/selector_json.gen.go: -------------------------------------------------------------------------------- 1 | // Code generated by protoc-gen-jsonshim. DO NOT EDIT. 2 | package v1beta1 3 | 4 | import ( 5 | bytes "bytes" 6 | jsonpb "github.com/golang/protobuf/jsonpb" 7 | ) 8 | 9 | // MarshalJSON is a custom marshaler for WorkloadSelector 10 | func (this *WorkloadSelector) MarshalJSON() ([]byte, error) { 11 | str, err := SelectorMarshaler.MarshalToString(this) 12 | return []byte(str), err 13 | } 14 | 15 | // UnmarshalJSON is a custom unmarshaler for WorkloadSelector 16 | func (this *WorkloadSelector) UnmarshalJSON(b []byte) error { 17 | return SelectorUnmarshaler.Unmarshal(bytes.NewReader(b), this) 18 | } 19 | 20 | // MarshalJSON is a custom marshaler for PortSelector 21 | func (this *PortSelector) MarshalJSON() ([]byte, error) { 22 | str, err := SelectorMarshaler.MarshalToString(this) 23 | return []byte(str), err 24 | } 25 | 26 | // UnmarshalJSON is a custom unmarshaler for PortSelector 27 | func (this *PortSelector) UnmarshalJSON(b []byte) error { 28 | return SelectorUnmarshaler.Unmarshal(bytes.NewReader(b), this) 29 | } 30 | 31 | // MarshalJSON is a custom marshaler for PolicyTargetReference 32 | func (this *PolicyTargetReference) MarshalJSON() ([]byte, error) { 33 | str, err := SelectorMarshaler.MarshalToString(this) 34 | return []byte(str), err 35 | } 36 | 37 | // UnmarshalJSON is a custom unmarshaler for PolicyTargetReference 38 | func (this *PolicyTargetReference) UnmarshalJSON(b []byte) error { 39 | return SelectorUnmarshaler.Unmarshal(bytes.NewReader(b), this) 40 | } 41 | 42 | var ( 43 | SelectorMarshaler = &jsonpb.Marshaler{} 44 | SelectorUnmarshaler = &jsonpb.Unmarshaler{AllowUnknownFields: true} 45 | ) 46 | --------------------------------------------------------------------------------