From 16ad1e7be2eaaf149bc115a942f3ca0e40dba0e4 Mon Sep 17 00:00:00 2001 From: Istio Automation Date: Thu, 3 Nov 2022 12:22:49 -0700 Subject: [PATCH] Automator: update common-files@master in istio/proxy@master (#4160) --- common/.commonfiles.sha | 2 +- common/scripts/setup_env.sh | 2 +- testdata/testdata.gen.go | 40 +++++++++++++++++++++++++++++++++++++ 3 files changed, 42 insertions(+), 2 deletions(-) diff --git a/common/.commonfiles.sha b/common/.commonfiles.sha index b20d34777..ba114e924 100644 --- a/common/.commonfiles.sha +++ b/common/.commonfiles.sha @@ -1 +1 @@ -1eec846bd9c3f3d65f851241a914c6157450e25d +462a77976912bd3d53142f2789a8405203807df2 diff --git a/common/scripts/setup_env.sh b/common/scripts/setup_env.sh index 9f06fa3e7..5986ef161 100755 --- a/common/scripts/setup_env.sh +++ b/common/scripts/setup_env.sh @@ -73,7 +73,7 @@ fi # Build image to use if [[ "${IMAGE_VERSION:-}" == "" ]]; then - IMAGE_VERSION=master-666a4e5bea9e23bb4a4149580cde51dbb0014f82 + IMAGE_VERSION=master-2ab700be8e1b55f4292fb2eda2539e0f9aa373a7 fi if [[ "${IMAGE_NAME:-}" == "" ]]; then IMAGE_NAME=build-tools diff --git a/testdata/testdata.gen.go b/testdata/testdata.gen.go index 749c336a1..9e9c77bca 100644 --- a/testdata/testdata.gen.go +++ b/testdata/testdata.gen.go @@ -599,19 +599,35 @@ func listenerTcp_serverYamlTmpl() (*asset, error) { var _listenerTerminate_connectYamlTmpl = []byte(`name: terminate_connect address: socket_address: +{{ if eq .Vars.quic "true" }} + protocol: UDP +{{ end }} address: 127.0.0.1 port_value: {{ .Ports.ServerTunnelPort }} +{{ if eq .Vars.quic "true" }} +udp_listener_config: + quic_options: {} + downstream_socket_config: + prefer_gro: true +{{ end }} filter_chains: - filters: # Capture SSL info for the internal listener passthrough +{{ if eq .Vars.quic "true" }} +# TODO: accessing uriSanPeerCertificates() triggers a crash in quiche version. +{{ else }} - name: capture_tls typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct type_url: istio.tls_passthrough.v1.CaptureTLS +{{ end }} - name: envoy.filters.network.http_connection_manager typed_config: "@type": type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager stat_prefix: terminate_connect +{{ if eq .Vars.quic "true" }} + codec_type: HTTP3 +{{ end }} route_config: name: local_route virtual_hosts: @@ -637,6 +653,29 @@ filter_chains: upgrade_configs: - upgrade_type: CONNECT transport_socket: +{{ if eq .Vars.quic "true" }} + name: quic + typed_config: + "@type": type.googleapis.com/udpa.type.v1.TypedStruct + type_url: type.googleapis.com/envoy.extensions.transport_sockets.quic.v3.QuicDownstreamTransport + value: + downstream_tls_context: + common_tls_context: + tls_certificate_sds_secret_configs: + name: server + sds_config: + api_config_source: + api_type: GRPC + grpc_services: + - envoy_grpc: + cluster_name: xds_cluster + set_node_on_first_message_only: true + transport_api_version: V3 + resource_api_version: V3 + validation_context: + trusted_ca: { filename: "testdata/certs/root.cert" } + require_client_certificate: true # XXX: This setting is ignored ATM per @danzh. +{{ else }} name: tls typed_config: "@type": type.googleapis.com/udpa.type.v1.TypedStruct @@ -657,6 +696,7 @@ filter_chains: validation_context: trusted_ca: { filename: "testdata/certs/root.cert" } require_client_certificate: true +{{ end }} `) func listenerTerminate_connectYamlTmplBytes() ([]byte, error) {