Feature/control plane v0.10.3 (#75)

* control-plane v0.10.3
* routev3 Route renames
* replace deprecated functions

go.mod

@@ -2,18 +2,18 @@ module github.com/in4it/roxprox
 
 go 1.16
 
+replace github.com/golang/mock v1.4.3 => github.com/golang/mock v1.4.4
+
 require (
 	github.com/aws/aws-sdk-go v1.38.69
-	github.com/envoyproxy/go-control-plane v0.10.1
+	github.com/envoyproxy/go-control-plane v0.10.3
 	github.com/gogo/protobuf v1.3.2
 	github.com/golang/protobuf v1.5.2
-	github.com/google/go-cmp v0.5.6
+	github.com/google/go-cmp v0.5.7
 	github.com/google/uuid v1.2.0
 	github.com/juju/loggo v0.0.0-20200526014432-9ce3a2e09b5e
 	golang.org/x/crypto v0.0.0-20210616213533-5ff15b29337e
-	golang.org/x/text v0.3.6 // indirect
-	google.golang.org/genproto v0.0.0-20210629200056-84d6f6074151 // indirect
-	google.golang.org/grpc v1.39.0
-	google.golang.org/protobuf v1.27.1
+	google.golang.org/grpc v1.45.0
+	google.golang.org/protobuf v1.28.0
 	gopkg.in/yaml.v2 v2.4.0
 )

pkg/envoy/accesslogserver.go

@@ -2,12 +2,12 @@ package envoy
 
 import (
 	core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
+	"google.golang.org/protobuf/types/known/anypb"
 
 	alf "github.com/envoyproxy/go-control-plane/envoy/config/accesslog/v3"
 	api "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	als "github.com/envoyproxy/go-control-plane/envoy/extensions/access_loggers/grpc/v3"
 	"github.com/envoyproxy/go-control-plane/pkg/wellknown"
-	"github.com/golang/protobuf/ptypes"
 )
 
 type AccessLogServer struct{}
@@ -36,7 +36,7 @@ func (c *AccessLogServer) updateListenersWithAccessLogServer(cache *WorkQueueCac
 					manager.AccessLog = accessLogConfig
 
 					// update manager in cache
-					pbst, err := ptypes.MarshalAny(manager)
+					pbst, err := anypb.New(manager)
 					if err != nil {
 						return err
 					}
@@ -68,7 +68,7 @@ func (c *AccessLogServer) getAccessLoggerConfig(params AccessLogServerParams) ([
 			AdditionalRequestHeadersToLog:  params.AdditionalRequestHeadersToLog,
 			AdditionalResponseHeadersToLog: params.AdditionalResponseHeadersToLog,
 		}
-		alsConfigPbst, err := ptypes.MarshalAny(alsConfig)
+		alsConfigPbst, err := anypb.New(alsConfig)
 		if err != nil {
 			return nil, err
 		}

pkg/envoy/authzfilter.go

@@ -6,8 +6,9 @@ import (
 	core "github.com/envoyproxy/go-control-plane/envoy/config/core/v3"
 	api "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	extAuthz "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/ext_authz/v3"
-	"github.com/golang/protobuf/ptypes"
 	any "github.com/golang/protobuf/ptypes/any"
+	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/durationpb"
 )
 
 type AuthzFilter struct{}
@@ -39,7 +40,7 @@ func (a *AuthzFilter) updateListenersWithAuthzFilter(cache *WorkQueueCache, para
 					updateHTTPFilterWithConfig(&manager.HttpFilters, "envoy.ext_authz", authzConfigEncoded)
 
 					// update manager in cache
-					pbst, err := ptypes.MarshalAny(manager)
+					pbst, err := anypb.New(manager)
 					if err != nil {
 						return err
 					}
@@ -60,7 +61,7 @@ func (a *AuthzFilter) getAuthzFilterEncoded(params ListenerParams) (*any.Any, er
 	if err != nil {
 		return nil, err
 	}
-	authzConfigEncoded, err := ptypes.MarshalAny(authzConfig)
+	authzConfigEncoded, err := anypb.New(authzConfig)
 	if err != nil {
 		return nil, err
 	}
@@ -77,7 +78,7 @@ func (a *AuthzFilter) getAuthzFilter(params ListenerParams) (*extAuthz.ExtAuthz,
 		FailureModeAllow:    params.Authz.FailureModeAllow,
 		Services: &extAuthz.ExtAuthz_GrpcService{
 			GrpcService: &core.GrpcService{
-				Timeout: ptypes.DurationProto(timeout),
+				Timeout: durationpb.New(timeout),
 				TargetSpecifier: &core.GrpcService_EnvoyGrpc_{
 					EnvoyGrpc: &core.GrpcService_EnvoyGrpc{
 						ClusterName: params.Name,

pkg/envoy/compression.go

@@ -5,8 +5,8 @@ import (
 	api "github.com/envoyproxy/go-control-plane/envoy/config/listener/v3"
 	gzip "github.com/envoyproxy/go-control-plane/envoy/extensions/compression/gzip/compressor/v3"
 	compressor "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/compressor/v3"
-	"github.com/golang/protobuf/ptypes"
 	any "github.com/golang/protobuf/ptypes/any"
+	"google.golang.org/protobuf/types/known/anypb"
 )
 
 type Compression struct{}
@@ -38,7 +38,7 @@ func (c *Compression) updateListenersWithCompression(cache *WorkQueueCache, para
 					updateHTTPFilterWithConfig(&manager.HttpFilters, "envoy.filters.http.compressor", compressorConfigEncoded)
 
 					// update manager in cache
-					pbst, err := ptypes.MarshalAny(manager)
+					pbst, err := anypb.New(manager)
 					if err != nil {
 						return err
 					}
@@ -57,10 +57,13 @@ func (c *Compression) updateListenersWithCompression(cache *WorkQueueCache, para
 
 func (c *Compression) getCompressionFilterEncoded(params CompressionParams) (*any.Any, error) {
 	compressionFilter, err := c.getCompressionFilter(params)
+	if err != nil {
+		return nil, err
+	}
 	if compressionFilter == nil {
 		return nil, nil
 	}
-	compressionFilterEncoded, err := ptypes.MarshalAny(compressionFilter)
+	compressionFilterEncoded, err := anypb.New(compressionFilter)
 	if err != nil {
 		return nil, err
 	}
@@ -74,7 +77,7 @@ func (c *Compression) getCompressionFilter(compression CompressionParams) (*comp
 			CompressionLevel:    gzip.Gzip_DEFAULT_COMPRESSION,
 			CompressionStrategy: gzip.Gzip_DEFAULT_STRATEGY,
 		}
-		gzipEncoded, err := ptypes.MarshalAny(&gzip)
+		gzipEncoded, err := anypb.New(&gzip)
 		if err != nil {
 			return nil, err
 		}

pkg/envoy/jwtprovider.go

@@ -11,7 +11,8 @@ import (
 	jwtAuth "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/http/jwt_authn/v3"
 	hcm "github.com/envoyproxy/go-control-plane/envoy/extensions/filters/network/http_connection_manager/v3"
 	matcher "github.com/envoyproxy/go-control-plane/envoy/type/matcher/v3"
-	"github.com/golang/protobuf/ptypes"
+	"google.golang.org/protobuf/types/known/anypb"
+	"google.golang.org/protobuf/types/known/durationpb"
 )
 
 type JwtProvider struct{}
@@ -174,7 +175,7 @@ func (j *JwtProvider) getJwtConfig(auth Auth) *jwtAuth.JwtAuthentication {
 					RemoteJwks: &jwtAuth.RemoteJwks{
 						HttpUri: &core.HttpUri{
 							Uri:     auth.RemoteJwks,
-							Timeout: ptypes.DurationProto(30 * time.Second),
+							Timeout: durationpb.New(30 * time.Second),
 							HttpUpstreamType: &core.HttpUri_Cluster{
 								Cluster: "jwtProvider_" + auth.JwtProvider,
 							},
@@ -208,14 +209,14 @@ func (j *JwtProvider) updateListenerWithJwtProvider(cache *WorkQueueCache, param
 			jwtConfig.Providers[params.Auth.JwtProvider] = jwtNewConfig.Providers[params.Auth.JwtProvider]
 			logger.Debugf("Adding/updating %s to jwt config (listener: %s)", params.Auth.JwtProvider, ll.GetName())
 
-			jwtConfigEncoded, err := ptypes.MarshalAny(jwtConfig)
+			jwtConfigEncoded, err := anypb.New(jwtConfig)
 			if err != nil {
 				panic(err)
 			}
 
 			updateHTTPFilterWithConfig(&manager.HttpFilters, "envoy.filters.http.jwt_authn", jwtConfigEncoded)
 
-			pbst, err := ptypes.MarshalAny(manager)
+			pbst, err := anypb.New(manager)
 			if err != nil {
 				panic(err)
 			}
@@ -297,14 +298,14 @@ func (j *JwtProvider) UpdateJwtRule(cache *WorkQueueCache, params ListenerParams
 			jwtConfig.Rules = append(jwtConfig.Rules, newJwtRule)
 		}
 	}
-	jwtConfigEncoded, err := ptypes.MarshalAny(jwtConfig)
+	jwtConfigEncoded, err := anypb.New(jwtConfig)
 	if err != nil {
 		panic(err)
 	}
 
 	updateHTTPFilterWithConfig(&manager.HttpFilters, "envoy.filters.http.jwt_authn", jwtConfigEncoded)
 
-	pbst, err := ptypes.MarshalAny(manager)
+	pbst, err := anypb.New(manager)
 	if err != nil {
 		panic(err)
 	}
@@ -374,7 +375,7 @@ func (j *JwtProvider) DeleteJwtRule(cache *WorkQueueCache, params ListenerParams
 			index := j.requirementRuleIndex(jwtConfig.Rules, rule)
 			jwtConfig.Rules = append(jwtConfig.Rules[:index], jwtConfig.Rules[index+1:]...)
 		}
-		jwtConfigEncoded, err := ptypes.MarshalAny(jwtConfig)
+		jwtConfigEncoded, err := anypb.New(jwtConfig)
 		if err != nil {
 			panic(err)
 		}
@@ -384,7 +385,7 @@ func (j *JwtProvider) DeleteJwtRule(cache *WorkQueueCache, params ListenerParams
 		logger.Debugf("Couldn't find jwt provider %s during deleteRoute", params.Auth.JwtProvider)
 	}
 
-	pbst, err := ptypes.MarshalAny(manager)
+	pbst, err := anypb.New(manager)
 	if err != nil {
 		panic(err)
 	}

pkg/envoy/listener.go

@@ -17,7 +17,6 @@ import (
 	envoyType "github.com/envoyproxy/go-control-plane/envoy/type/v3"
 	cacheTypes "github.com/envoyproxy/go-control-plane/pkg/cache/types"
 	"github.com/envoyproxy/go-control-plane/pkg/wellknown"
-	"github.com/golang/protobuf/ptypes"
 	any "github.com/golang/protobuf/ptypes/any"
 	"github.com/golang/protobuf/ptypes/wrappers"
 	"google.golang.org/protobuf/types/known/anypb"
@@ -61,7 +60,7 @@ func newListener() *Listener {
 }
 
 func (l *Listener) newTLSFilterChain(params TLSParams) *api.FilterChain {
-	tlsContext, err := ptypes.MarshalAny(&tls.DownstreamTlsContext{
+	tlsContext, err := anypb.New(&tls.DownstreamTlsContext{
 		CommonTlsContext: &tls.CommonTlsContext{
 			TlsCertificates: []*tls.TlsCertificate{
 				{
@@ -167,7 +166,7 @@ func (l *Listener) updateListenerWithChallenge(cache *WorkQueueCache, challenge
 				})
 			}
 			manager.RouteSpecifier = routeSpecifier
-			pbst, err := ptypes.MarshalAny(manager)
+			pbst, err := anypb.New(manager)
 			if err != nil {
 				panic(err)
 			}
@@ -353,7 +352,7 @@ func (l *Listener) newTLSFilter(params ListenerParams, paramsTLS TLSParams, list
 		Routes:  []*route.Route{},
 	}
 	manager := l.newManager(listenerName, strings.Replace(listenerName, "l_", "r_", 1), []*route.VirtualHost{newEmptyVirtualHost}, httpFilters, false)
-	pbst, err := ptypes.MarshalAny(manager)
+	pbst, err := anypb.New(manager)
 	if err != nil {
 		panic(err)
 	}
@@ -454,7 +453,7 @@ func (l *Listener) updateListener(cache *WorkQueueCache, params ListenerParams,
 	}
 
 	manager.RouteSpecifier = routeSpecifier
-	pbst, err := ptypes.MarshalAny(manager)
+	pbst, err := anypb.New(manager)
 	if err != nil {
 		panic(err)
 	}
@@ -535,7 +534,7 @@ func (l *Listener) createListener(params ListenerParams, paramsTLS TLSParams) *a
 	httpFilters := l.newHTTPRouterFilter(listenerName)
 	manager := l.newManager(listenerName, strings.Replace(listenerName, "l_", "r_", 1), []*route.VirtualHost{}, httpFilters, params.Listener.StripAnyHostPort)
 
-	pbst, err := ptypes.MarshalAny(manager)
+	pbst, err := anypb.New(manager)
 	if err != nil {
 		panic(err)
 	}
@@ -576,7 +575,7 @@ func (l *Listener) createListener(params ListenerParams, paramsTLS TLSParams) *a
 			ServerNames: []string{params.Conditions.Hostname},
 		}
 		// add cert and key to tls listener
-		tlsContext, err := ptypes.MarshalAny(&tls.DownstreamTlsContext{
+		tlsContext, err := anypb.New(&tls.DownstreamTlsContext{
 			CommonTlsContext: &tls.CommonTlsContext{
 				TlsCertificates: []*tls.TlsCertificate{
 					{
@@ -693,7 +692,7 @@ func (l *Listener) DeleteRoute(cache *WorkQueueCache, params ListenerParams, par
 	}
 
 	manager.RouteSpecifier = routeSpecifier
-	pbst, err := ptypes.MarshalAny(manager)
+	pbst, err := anypb.New(manager)
 	if err != nil {
 		panic(err)
 	}
@@ -729,7 +728,7 @@ func (l *Listener) validateListeners(listeners []cacheTypes.Resource, clusterNam
 			for _, virtualHostRoute := range virtualHost.Routes {
 				if virtualHostRoute.Action != nil {
 					switch reflect.TypeOf(virtualHostRoute.Action).String() {
-					case "*envoy_config_route_v3.Route_Route":
+					case "*routev3.Route_Route":
 						clusterFound := false
 						virtualHostRouteClusterName := virtualHostRoute.Action.(*route.Route_Route).Route.ClusterSpecifier.(*route.RouteAction_Cluster).Cluster
 						for _, clusterName := range clusterNames {
@@ -740,7 +739,7 @@ func (l *Listener) validateListeners(listeners []cacheTypes.Resource, clusterNam
 						if !clusterFound {
 							return false, fmt.Errorf("Cluster not found: %s", virtualHostRouteClusterName)
 						}
-					case "*envoy_config_route_v3.Route_DirectResponse":
+					case "*routev3.Route_DirectResponse":
 						logger.Debugf("Validation: DirectResponse, no cluster validation necessary")
 						// no validation necessary
 					default:
@@ -764,7 +763,7 @@ func (l *Listener) updateDefaultTracingSetting(tracing TracingParams) {
 		CollectorCluster: tracing.CollectorCluster,
 		ServiceName:      "envoy",
 	}
-	tracingConfigEncoded, err := ptypes.MarshalAny(tracingConfig)
+	tracingConfigEncoded, err := anypb.New(tracingConfig)
 	if err != nil {
 		panic(err)
 	}
@@ -911,9 +910,9 @@ func (l *Listener) printListener(cache *WorkQueueCache) (string, error) {
 				}
 				if virtualHostRoute.Action != nil {
 					switch reflect.TypeOf(virtualHostRoute.Action).String() {
-					case "*envoy_config_route_v3.Route_Route":
+					case "*routev3.Route_Route":
 						res += "Route action (cluster): " + virtualHostRoute.Action.(*route.Route_Route).Route.ClusterSpecifier.(*route.RouteAction_Cluster).Cluster + "\n"
-					case "*envoy_config_route_v3.Route_DirectResponse":
+					case "*routev3.Route_DirectResponse":
 						res += "Route action (directResponse): "
 						res += fmt.Sprint(virtualHostRoute.Action.(*route.Route_DirectResponse).DirectResponse.GetStatus()) + " "
 						res += virtualHostRoute.Action.(*route.Route_DirectResponse).DirectResponse.Body.GetInlineString() + "\n"

pkg/envoy/listener_test.go

@@ -751,15 +751,15 @@ func validateAttributes(manager *hcm.HttpConnectionManager, params ListenerParam
 				domainFound = true
 				for _, r := range virtualhost.Routes {
 					switch reflect.TypeOf(r.Match.PathSpecifier).String() {
-					case "*envoy_config_route_v3.RouteMatch_Prefix":
+					case "*routev3.RouteMatch_Prefix":
 						if r.Match.PathSpecifier.(*route.RouteMatch_Prefix).Prefix == params.Conditions.Prefix {
 							prefixFound = true
 						}
-					case "*envoy_config_route_v3.RouteMatch_Path":
+					case "*routev3.RouteMatch_Path":
 						if r.Match.PathSpecifier.(*route.RouteMatch_Path).Path == params.Conditions.Path {
 							pathFound = true
 						}
-					case "*envoy_config_route_v3.RouteMatch_SafeRegex":
+					case "*routev3.RouteMatch_SafeRegex":
 						if r.Match.PathSpecifier.(*route.RouteMatch_SafeRegex).SafeRegex.GetRegex() == params.Conditions.Regex {
 							regexFound = true
 						}
@@ -776,9 +776,9 @@ func validateAttributes(manager *hcm.HttpConnectionManager, params ListenerParam
 						}
 					}
 					switch reflect.TypeOf(r.Action).String() {
-					case "*envoy_config_route_v3.Route_Route":
+					case "*routev3.Route_Route":
 						// do nothing here
-					case "*envoy_config_route_v3.Route_DirectResponse":
+					case "*routev3.Route_DirectResponse":
 						d := r.Action.(*route.Route_DirectResponse).DirectResponse
 						if params.DirectResponse.Status == d.GetStatus() && params.DirectResponse.Body == d.GetBody().GetInlineString() {
 							directResponseFound = true
@@ -937,15 +937,15 @@ func validateJWT(manager *hcm.HttpConnectionManager, params ListenerParams) erro
 		matchedEntries := 0
 		for _, rule := range jwtConfig.Rules {
 			switch reflect.TypeOf(rule.Match.PathSpecifier).String() {
-			case "*envoy_config_route_v3.RouteMatch_Prefix":
+			case "*routev3.RouteMatch_Prefix":
 				if rule.Match.PathSpecifier.(*route.RouteMatch_Prefix).Prefix == params.Conditions.Prefix {
 					prefixFound = true
 				}
-			case "*envoy_config_route_v3.RouteMatch_Path":
+			case "*routev3.RouteMatch_Path":
 				if rule.Match.PathSpecifier.(*route.RouteMatch_Path).Path == params.Conditions.Path {
 					pathFound = true
 				}
-			case "*envoy_config_route_v3.RouteMatch_SafeRegex":
+			case "*routev3.RouteMatch_SafeRegex":
 				if rule.Match.PathSpecifier.(*route.RouteMatch_SafeRegex).SafeRegex.GetRegex() == params.Conditions.Regex {
 					regexFound = true
 				}

pkg/envoy/listener_utils.go

@@ -324,7 +324,7 @@ func cmpRoutePrefix(a, b *route.Route) bool {
 		return false
 	}
 	switch reflect.TypeOf(a.Action).String() {
-	case "*envoy_config_route_v3.Route_Route":
+	case "*routev3.Route_Route":
 		route1 := a.Action.(*route.Route_Route).Route
 		route2 := b.Action.(*route.Route_Route).Route
 
@@ -365,15 +365,15 @@ func routeActionEqual(a, b *route.Route) bool {
 		return false
 	}
 	switch reflect.TypeOf(a.Action).String() {
-	case "*envoy_config_route_v3.Route_Route":
+	case "*routev3.Route_Route":
 		route1 := a.Action.(*route.Route_Route).Route
 		route2 := b.Action.(*route.Route_Route).Route
 		cluster1 := route1.ClusterSpecifier.(*route.RouteAction_Cluster).Cluster
 		cluster2 := route2.ClusterSpecifier.(*route.RouteAction_Cluster).Cluster
 		if cluster1 != cluster2 {
 			return false
 		}
-	case "*envoy_config_route_v3.Route_DirectResponse":
+	case "*routev3.Route_DirectResponse":
 		status1 := a.Action.(*route.Route_DirectResponse).DirectResponse.GetStatus()
 		status2 := b.Action.(*route.Route_DirectResponse).DirectResponse.GetStatus()
 		if status1 != status2 {