mirror/opencloud
1
0
Fork 0
mirror of https://github.com/opencloud-eu/opencloud.git synced 2026-01-06 12:19:37 -06:00
Code Issues Packages Projects Releases Wiki Activity

build(deps): bump github.com/open-policy-agent/opa from 0.61.0 to 0.62.1

Browse Source 
Bumps [github.com/open-policy-agent/opa](https://github.com/open-policy-agent/opa) from 0.61.0 to 0.62.1.
- [Release notes](https://github.com/open-policy-agent/opa/releases)
- [Changelog](https://github.com/open-policy-agent/opa/blob/main/CHANGELOG.md)
- [Commits](https://github.com/open-policy-agent/opa/compare/v0.61.0...v0.62.1)

---
updated-dependencies:
- dependency-name: github.com/open-policy-agent/opa
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
This commit is contained in:
dependabot[bot]
2024-03-14 06:57:18 +00:00
committed by Ralf Haferkamp
parent b72e5ceddf
commit 718010f51c
105 changed files with 14878 additions and 1026 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
vendor/github.com/hashicorp/consul/api/LICENSE generated vendored
View File

@@ -1,3 +1,5 @@
Copyright (c) 2013 HashiCorp, Inc.
Mozilla Public License, version 2.0
1. Definitions

56
vendor/github.com/hashicorp/consul/api/README.md generated vendored
View File

@@ -1,30 +1,36 @@
Consul API client
=================
# Consul API Client
This package provides the `api` package which attempts to
provide programmatic access to the full Consul API.
This package provides the `api` package which provides programmatic access to the full Consul API.
Currently, all of the Consul APIs included in version 0.6.0 are supported.
The full documentation is available on [Godoc](https://godoc.org/github.com/hashicorp/consul/api).
Documentation
=============
## Usage
The full documentation is available on [Godoc](https://godoc.org/github.com/hashicorp/consul/api)
Below is an example of using the Consul client. To run the example, you must first
[install Consul](https://developer.hashicorp.com/consul/downloads) and
[Go](https://go.dev/doc/install).
Usage
=====
To run the client API, create a new Go module.
Below is an example of using the Consul client:
```shell
go mod init consul-demo
```
Copy the example code into a file called `main.go` in the directory where the module is defined.
As seen in the example, the Consul API is often imported with the alias `capi`.
```go
package main
import "github.com/hashicorp/consul/api"
import "fmt"
import (
"fmt"
capi "github.com/hashicorp/consul/api"
)
func main() {
// Get a new client
client, err := api.NewClient(api.DefaultConfig())
client, err := capi.NewClient(capi.DefaultConfig())
if err != nil {
panic(err)
}
@@ -33,7 +39,7 @@ func main() {
kv := client.KV()
// PUT a new KV pair
p := &api.KVPair{Key: "REDIS_MAXCLIENTS", Value: []byte("1000")}
p := &capi.KVPair{Key: "REDIS_MAXCLIENTS", Value: []byte("1000")}
_, err = kv.Put(p, nil)
if err != nil {
panic(err)
@@ -48,19 +54,23 @@ func main() {
}
```
To run this example, start a Consul server:
Install the Consul API dependency with `go mod tidy`.
```bash
consul agent -dev
In a separate terminal window, start a local Consul server.
```shell
consul agent -dev -node machine
```
Copy the code above into a file such as `main.go`.
Run the example.
Install and run. You'll see a key (`REDIS_MAXCLIENTS`) and value (`1000`) printed.
```shell
go run .
```
```bash
$ go get
$ go run main.go
You should get the following result printed to the terminal.
```shell
KV: REDIS_MAXCLIENTS 1000
```

149
vendor/github.com/hashicorp/consul/api/acl.go generated vendored
View File

@@ -1,10 +1,12 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net/url"
"time"
@@ -46,8 +48,8 @@ type ACLToken struct {
Hash []byte `json:",omitempty"`
// DEPRECATED (ACL-Legacy-Compat)
// Rules will only be present for legacy tokens returned via the new APIs
Rules string `json:",omitempty"`
// Rules are an artifact of legacy tokens deprecated in Consul 1.4
Rules string `json:"-"`
// Namespace is the namespace the ACLToken is associated with.
// Namespaces are a Consul Enterprise feature.
@@ -91,7 +93,7 @@ type ACLTokenListEntry struct {
ExpirationTime *time.Time `json:",omitempty"`
CreateTime time.Time
Hash []byte
Legacy bool
Legacy bool `json:"-"` // DEPRECATED
// Namespace is the namespace the ACLTokenListEntry is associated with.
// Namespacing is a Consul Enterprise feature.
@@ -270,6 +272,13 @@ type ACLAuthMethod struct {
Partition string `json:",omitempty"`
}
type ACLTokenFilterOptions struct {
AuthMethod string `json:",omitempty"`
Policy string `json:",omitempty"`
Role string `json:",omitempty"`
ServiceName string `json:",omitempty"`
}
func (m *ACLAuthMethod) MarshalJSON() ([]byte, error) {
type Alias ACLAuthMethod
exported := &struct {
@@ -499,10 +508,25 @@ func (c *Client) ACL() *ACL {
return &ACL{c}
}
// BootstrapRequest is used for when operators provide an ACL Bootstrap Token
type BootstrapRequest struct {
BootstrapSecret string
}
// Bootstrap is used to perform a one-time ACL bootstrap operation on a cluster
// to get the first management token.
func (a *ACL) Bootstrap() (*ACLToken, *WriteMeta, error) {
return a.BootstrapWithToken("")
}
// BootstrapWithToken is used to get the initial bootstrap token or pass in the one that was provided in the API
func (a *ACL) BootstrapWithToken(btoken string) (*ACLToken, *WriteMeta, error) {
r := a.c.newRequest("PUT", "/v1/acl/bootstrap")
if btoken != "" {
r.obj = &BootstrapRequest{
BootstrapSecret: btoken,
}
}
rtt, resp, err := a.c.doRequest(r)
if err != nil {
return nil, nil, err
@@ -732,14 +756,14 @@ func (a *ACL) TokenUpdate(token *ACLToken, q *WriteOptions) (*ACLToken, *WriteMe
// TokenClone will create a new token with the same policies and locality as the original
// token but will have its own auto-generated AccessorID and SecretID as well having the
// description passed to this function. The tokenID parameter must be a valid Accessor ID
// description passed to this function. The accessorID parameter must be a valid Accessor ID
// of an existing token.
func (a *ACL) TokenClone(tokenID string, description string, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
if tokenID == "" {
return nil, nil, fmt.Errorf("Must specify a tokenID for Token Cloning")
func (a *ACL) TokenClone(accessorID string, description string, q *WriteOptions) (*ACLToken, *WriteMeta, error) {
if accessorID == "" {
return nil, nil, fmt.Errorf("Must specify a token AccessorID for Token Cloning")
}
r := a.c.newRequest("PUT", "/v1/acl/token/"+tokenID+"/clone")
r := a.c.newRequest("PUT", "/v1/acl/token/"+accessorID+"/clone")
r.setWriteOptions(q)
r.obj = struct{ Description string }{description}
rtt, resp, err := a.c.doRequest(r)
@@ -759,10 +783,10 @@ func (a *ACL) TokenClone(tokenID string, description string, q *WriteOptions) (*
return &out, wm, nil
}
// TokenDelete removes a single ACL token. The tokenID parameter must be a valid
// TokenDelete removes a single ACL token. The accessorID parameter must be a valid
// Accessor ID of an existing token.
func (a *ACL) TokenDelete(tokenID string, q *WriteOptions) (*WriteMeta, error) {
r := a.c.newRequest("DELETE", "/v1/acl/token/"+tokenID)
func (a *ACL) TokenDelete(accessorID string, q *WriteOptions) (*WriteMeta, error) {
r := a.c.newRequest("DELETE", "/v1/acl/token/"+accessorID)
r.setWriteOptions(q)
rtt, resp, err := a.c.doRequest(r)
if err != nil {
@@ -777,10 +801,10 @@ func (a *ACL) TokenDelete(tokenID string, q *WriteOptions) (*WriteMeta, error) {
return wm, nil
}
// TokenRead retrieves the full token details. The tokenID parameter must be a valid
// TokenRead retrieves the full token details. The accessorID parameter must be a valid
// Accessor ID of an existing token.
func (a *ACL) TokenRead(tokenID string, q *QueryOptions) (*ACLToken, *QueryMeta, error) {
r := a.c.newRequest("GET", "/v1/acl/token/"+tokenID)
func (a *ACL) TokenRead(accessorID string, q *QueryOptions) (*ACLToken, *QueryMeta, error) {
r := a.c.newRequest("GET", "/v1/acl/token/"+accessorID)
r.setQueryOptions(q)
rtt, resp, err := a.c.doRequest(r)
if err != nil {
@@ -803,9 +827,9 @@ func (a *ACL) TokenRead(tokenID string, q *QueryOptions) (*ACLToken, *QueryMeta,
}
// TokenReadExpanded retrieves the full token details, as well as the contents of any policies affecting the token.
// The tokenID parameter must be a valid Accessor ID of an existing token.
func (a *ACL) TokenReadExpanded(tokenID string, q *QueryOptions) (*ACLTokenExpanded, *QueryMeta, error) {
r := a.c.newRequest("GET", "/v1/acl/token/"+tokenID)
// The accessorID parameter must be a valid Accessor ID of an existing token.
func (a *ACL) TokenReadExpanded(accessorID string, q *QueryOptions) (*ACLTokenExpanded, *QueryMeta, error) {
r := a.c.newRequest("GET", "/v1/acl/token/"+accessorID)
r.setQueryOptions(q)
r.params.Set("expanded", "true")
rtt, resp, err := a.c.doRequest(r)
@@ -878,6 +902,44 @@ func (a *ACL) TokenList(q *QueryOptions) ([]*ACLTokenListEntry, *QueryMeta, erro
return entries, qm, nil
}
// TokenListFiltered lists all tokens that match the given filter options.
// The listing does not contain any SecretIDs as those may only be retrieved by a call to TokenRead.
func (a *ACL) TokenListFiltered(t ACLTokenFilterOptions, q *QueryOptions) ([]*ACLTokenListEntry, *QueryMeta, error) {
r := a.c.newRequest("GET", "/v1/acl/tokens")
r.setQueryOptions(q)
if t.AuthMethod != "" {
r.params.Set("authmethod", t.AuthMethod)
}
if t.Policy != "" {
r.params.Set("policy", t.Policy)
}
if t.Role != "" {
r.params.Set("role", t.Role)
}
if t.ServiceName != "" {
r.params.Set("servicename", t.ServiceName)
}
rtt, resp, err := a.c.doRequest(r)
if err != nil {
return nil, nil, err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return nil, nil, err
}
qm := &QueryMeta{}
parseQueryMeta(resp, qm)
qm.RequestTime = rtt
var entries []*ACLTokenListEntry
if err := decodeBody(resp, &entries); err != nil {
return nil, nil, err
}
return entries, qm, nil
}
// PolicyCreate will create a new policy. It is not allowed for the policy parameters
// ID field to be set as this will be generated by Consul while processing the request.
func (a *ACL) PolicyCreate(policy *ACLPolicy, q *WriteOptions) (*ACLPolicy, *WriteMeta, error) {
@@ -1028,58 +1090,19 @@ func (a *ACL) PolicyList(q *QueryOptions) ([]*ACLPolicyListEntry, *QueryMeta, er
// RulesTranslate translates the legacy rule syntax into the current syntax.
//
// Deprecated: Support for the legacy syntax translation will be removed
// when legacy ACL support is removed.
// Deprecated: Support for the legacy syntax translation has been removed.
// This function always returns an error.
func (a *ACL) RulesTranslate(rules io.Reader) (string, error) {
r := a.c.newRequest("POST", "/v1/acl/rules/translate")
r.body = rules
r.header.Set("Content-Type", "text/plain")
rtt, resp, err := a.c.doRequest(r)
if err != nil {
return "", err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return "", err
}
qm := &QueryMeta{}
parseQueryMeta(resp, qm)
qm.RequestTime = rtt
ruleBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", fmt.Errorf("Failed to read translated rule body: %v", err)
}
return string(ruleBytes), nil
return "", fmt.Errorf("Legacy ACL rules were deprecated in Consul 1.4")
}
// RulesTranslateToken translates the rules associated with the legacy syntax
// into the current syntax and returns the results.
//
// Deprecated: Support for the legacy syntax translation will be removed
// when legacy ACL support is removed.
// Deprecated: Support for the legacy syntax translation has been removed.
// This function always returns an error.
func (a *ACL) RulesTranslateToken(tokenID string) (string, error) {
r := a.c.newRequest("GET", "/v1/acl/rules/translate/"+tokenID)
rtt, resp, err := a.c.doRequest(r)
if err != nil {
return "", err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return "", err
}
qm := &QueryMeta{}
parseQueryMeta(resp, qm)
qm.RequestTime = rtt
ruleBytes, err := ioutil.ReadAll(resp.Body)
if err != nil {
return "", fmt.Errorf("Failed to read translated rule body: %v", err)
}
return string(ruleBytes), nil
return "", fmt.Errorf("Legacy ACL tokens and rules were deprecated in Consul 1.4")
}
// RoleCreate will create a new role. It is not allowed for the role parameters

78
vendor/github.com/hashicorp/consul/api/agent.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -37,6 +40,11 @@ const (
// This service will ingress connections based of configuration defined in
// the ingress-gateway config entry.
ServiceKindIngressGateway ServiceKind = "ingress-gateway"
// ServiceKindAPIGateway is an API Gateway for the Connect feature.
// This service will ingress connections based of configuration defined in
// the api-gateway config entry.
ServiceKindAPIGateway ServiceKind = "api-gateway"
)
// UpstreamDestType is the type of upstream discovery mechanism.
@@ -99,7 +107,8 @@ type AgentService struct {
Namespace string `json:",omitempty" bexpr:"-" hash:"ignore"`
Partition string `json:",omitempty" bexpr:"-" hash:"ignore"`
// Datacenter is only ever returned and is ignored if presented.
Datacenter string `json:",omitempty" bexpr:"-" hash:"ignore"`
Datacenter string `json:",omitempty" bexpr:"-" hash:"ignore"`
Locality *Locality `json:",omitempty" bexpr:"-" hash:"ignore"`
}
// AgentServiceChecksInfo returns information about a Service and its checks
@@ -118,6 +127,7 @@ type AgentServiceConnect struct {
// AgentServiceConnectProxyConfig is the proxy configuration in a connect-proxy
// ServiceDefinition or response.
type AgentServiceConnectProxyConfig struct {
EnvoyExtensions []EnvoyExtension `json:",omitempty"`
DestinationServiceName string `json:",omitempty"`
DestinationServiceID string `json:",omitempty"`
LocalServiceAddress string `json:",omitempty"`
@@ -129,6 +139,7 @@ type AgentServiceConnectProxyConfig struct {
Upstreams []Upstream `json:",omitempty"`
MeshGateway MeshGatewayConfig `json:",omitempty"`
Expose ExposeConfig `json:",omitempty"`
AccessLogs *AccessLogsConfig `json:",omitempty"`
}
const (
@@ -199,11 +210,11 @@ const (
// ACLModeEnabled indicates that ACLs are enabled and operating in new ACL
// mode (v1.4.0+ ACLs)
ACLModeEnabled MemberACLMode = "1"
// ACLModeLegacy indicates that ACLs are enabled and operating in legacy mode.
ACLModeLegacy MemberACLMode = "2"
// ACLModeLegacy has been deprecated, and will be treated as ACLModeUnknown.
ACLModeLegacy MemberACLMode = "2" // DEPRECATED
// ACLModeUnkown is used to indicate that the AgentMember.Tags didn't advertise
// an ACL mode at all. This is the case for Consul versions before v1.4.0 and
// should be treated similarly to ACLModeLegacy.
// should be treated the same as ACLModeLegacy.
ACLModeUnknown MemberACLMode = "3"
)
@@ -242,8 +253,6 @@ func (m *AgentMember) ACLMode() MemberACLMode {
return ACLModeDisabled
case ACLModeEnabled:
return ACLModeEnabled
case ACLModeLegacy:
return ACLModeLegacy
default:
return ACLModeUnknown
}
@@ -265,6 +274,8 @@ type MembersOpts struct {
// Segment is the LAN segment to show members for. Setting this to the
// AllSegments value above will show members in all segments.
Segment string
Filter string
}
// AgentServiceRegistration is used to register a new service
@@ -286,6 +297,7 @@ type AgentServiceRegistration struct {
Connect *AgentServiceConnect `json:",omitempty"`
Namespace string `json:",omitempty" bexpr:"-" hash:"ignore"`
Partition string `json:",omitempty" bexpr:"-" hash:"ignore"`
Locality *Locality `json:",omitempty" bexpr:"-" hash:"ignore"`
}
// ServiceRegisterOpts is used to pass extra options to the service register.
@@ -333,6 +345,7 @@ type AgentServiceCheck struct {
Method string `json:",omitempty"`
Body string `json:",omitempty"`
TCP string `json:",omitempty"`
TCPUseTLS bool `json:",omitempty"`
UDP string `json:",omitempty"`
Status string `json:",omitempty"`
Notes string `json:",omitempty"`
@@ -493,6 +506,24 @@ func (a *Agent) Host() (map[string]interface{}, error) {
return out, nil
}
// Version is used to retrieve information about the running Consul version and build.
func (a *Agent) Version() (map[string]interface{}, error) {
r := a.c.newRequest("GET", "/v1/agent/version")
_, resp, err := a.c.doRequest(r)
if err != nil {
return nil, err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return nil, err
}
var out map[string]interface{}
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return out, nil
}
// Metrics is used to query the agent we are speaking to for
// its current internal metric data
func (a *Agent) Metrics() (*MetricsInfo, error) {
@@ -762,6 +793,10 @@ func (a *Agent) MembersOpts(opts MembersOpts) ([]*AgentMember, error) {
r.params.Set("wan", "1")
}
if opts.Filter != "" {
r.params.Set("filter", opts.Filter)
}
_, resp, err := a.c.doRequest(r)
if err != nil {
return nil, err
@@ -1045,8 +1080,17 @@ func (a *Agent) ForceLeavePrune(node string) error {
// ForceLeaveOpts is used to have the agent eject a failed node or remove it
// completely from the list of members.
//
// DEPRECATED - Use ForceLeaveOptions instead.
func (a *Agent) ForceLeaveOpts(node string, opts ForceLeaveOpts) error {
return a.ForceLeaveOptions(node, opts, nil)
}
// ForceLeaveOptions is used to have the agent eject a failed node or remove it
// completely from the list of members. Allows usage of QueryOptions on-top of ForceLeaveOpts
func (a *Agent) ForceLeaveOptions(node string, opts ForceLeaveOpts, q *QueryOptions) error {
r := a.c.newRequest("PUT", "/v1/agent/force-leave/"+node)
r.setQueryOptions(q)
if opts.Prune {
r.params.Set("prune", "1")
}
@@ -1266,35 +1310,35 @@ func (a *Agent) monitor(loglevel string, logJSON bool, stopCh <-chan struct{}, q
}
// UpdateACLToken updates the agent's "acl_token". See updateToken for more
// details.
// details. Deprecated in Consul 1.4.
//
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateDefaultACLToken for v1.4.3 and above
func (a *Agent) UpdateACLToken(token string, q *WriteOptions) (*WriteMeta, error) {
return a.updateToken("acl_token", token, q)
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
}
// UpdateACLAgentToken updates the agent's "acl_agent_token". See updateToken
// for more details.
// for more details. Deprecated in Consul 1.4.
//
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateAgentACLToken for v1.4.3 and above
func (a *Agent) UpdateACLAgentToken(token string, q *WriteOptions) (*WriteMeta, error) {
return a.updateToken("acl_agent_token", token, q)
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
}
// UpdateACLAgentMasterToken updates the agent's "acl_agent_master_token". See
// updateToken for more details.
// updateToken for more details. Deprecated in Consul 1.4.
//
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateAgentMasterACLToken for v1.4.3 and above
func (a *Agent) UpdateACLAgentMasterToken(token string, q *WriteOptions) (*WriteMeta, error) {
return a.updateToken("acl_agent_master_token", token, q)
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
}
// UpdateACLReplicationToken updates the agent's "acl_replication_token". See
// updateToken for more details.
// updateToken for more details. Deprecated in Consul 1.4.
//
// DEPRECATED (ACL-Legacy-Compat) - Prefer UpdateReplicationACLToken for v1.4.3 and above
func (a *Agent) UpdateACLReplicationToken(token string, q *WriteOptions) (*WriteMeta, error) {
return a.updateToken("acl_replication_token", token, q)
return nil, fmt.Errorf("Legacy ACL Tokens were deprecated in Consul 1.4")
}
// UpdateDefaultACLToken updates the agent's "default" token. See updateToken
@@ -1329,6 +1373,12 @@ func (a *Agent) UpdateReplicationACLToken(token string, q *WriteOptions) (*Write
return a.updateTokenFallback(token, q, "replication", "acl_replication_token")
}
// UpdateConfigFileRegistrationToken updates the agent's "replication" token. See updateToken
// for more details
func (a *Agent) UpdateConfigFileRegistrationToken(token string, q *WriteOptions) (*WriteMeta, error) {
return a.updateToken("config_file_service_registration", token, q)
}
// updateToken can be used to update one of an agent's ACL tokens after the agent has
// started. The tokens are may not be persisted, so will need to be updated again if
// the agent is restarted unless the agent is configured to persist them.

82
vendor/github.com/hashicorp/consul/api/api.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -7,7 +10,6 @@ import (
"encoding/json"
"fmt"
"io"
"io/ioutil"
"net"
"net/http"
"net/url"
@@ -73,6 +75,14 @@ const (
// other ENV names we use.
GRPCAddrEnvName = "CONSUL_GRPC_ADDR"
// GRPCCAFileEnvName defines an environment variable name which sets the
// CA file to use for talking to Consul gRPC over TLS.
GRPCCAFileEnvName = "CONSUL_GRPC_CACERT"
// GRPCCAPathEnvName defines an environment variable name which sets the
// path to a directory of CA certs to use for talking to Consul gRPC over TLS.
GRPCCAPathEnvName = "CONSUL_GRPC_CAPATH"
// HTTPNamespaceEnvVar defines an environment variable name which sets
// the HTTP Namespace to be used by default. This can still be overridden.
HTTPNamespaceEnvName = "CONSUL_NAMESPACE"
@@ -111,6 +121,9 @@ type QueryOptions struct {
// by the Config
Datacenter string
// Providing a peer name in the query option
Peer string
// AllowStale allows any Consul server (non-leader) to service
// a read. This allows for lower latency and higher throughput
AllowStale bool
@@ -196,6 +209,10 @@ type QueryOptions struct {
// This can be used to ensure a full service definition is returned in the response
// especially when the service might not be written into the catalog that way.
MergeCentralConfig bool
// Global is used to request information from all datacenters. Currently only
// used for operator usage requests.
Global bool
}
func (o *QueryOptions) Context() context.Context {
@@ -740,20 +757,35 @@ func NewClient(config *Config) (*Client, error) {
// If the TokenFile is set, always use that, even if a Token is configured.
// This is because when TokenFile is set it is read into the Token field.
// We want any derived clients to have to re-read the token file.
if config.TokenFile != "" {
data, err := ioutil.ReadFile(config.TokenFile)
// The precedence of ACL token should be:
// 1. -token-file cli option
// 2. -token cli option
// 3. CONSUL_HTTP_TOKEN_FILE environment variable
// 4. CONSUL_HTTP_TOKEN environment variable
if config.TokenFile != "" && config.TokenFile != defConfig.TokenFile {
data, err := os.ReadFile(config.TokenFile)
if err != nil {
return nil, fmt.Errorf("Error loading token file: %s", err)
return nil, fmt.Errorf("Error loading token file %s : %s", config.TokenFile, err)
}
if token := strings.TrimSpace(string(data)); token != "" {
config.Token = token
}
}
if config.Token == "" {
} else if config.Token != "" && defConfig.Token != config.Token {
// Fall through
} else if defConfig.TokenFile != "" {
data, err := os.ReadFile(defConfig.TokenFile)
if err != nil {
return nil, fmt.Errorf("Error loading token file %s : %s", defConfig.TokenFile, err)
}
if token := strings.TrimSpace(string(data)); token != "" {
config.Token = token
config.TokenFile = defConfig.TokenFile
}
} else {
config.Token = defConfig.Token
}
return &Client{config: *config, headers: make(http.Header)}, nil
}
@@ -804,14 +836,26 @@ func (r *request) setQueryOptions(q *QueryOptions) {
return
}
if q.Namespace != "" {
// For backwards-compatibility with existing tests,
// use the short-hand query param name "ns"
// rather than the alternative long-hand "namespace"
r.params.Set("ns", q.Namespace)
}
if q.Partition != "" {
// For backwards-compatibility with existing tests,
// use the long-hand query param name "partition"
// rather than the alternative short-hand "ap"
r.params.Set("partition", q.Partition)
}
if q.Datacenter != "" {
// For backwards-compatibility with existing tests,
// use the short-hand query param name "dc"
// rather than the alternative long-hand "datacenter"
r.params.Set("dc", q.Datacenter)
}
if q.Peer != "" {
r.params.Set("peer", q.Peer)
}
if q.AllowStale {
r.params.Set("stale", "")
}
@@ -867,6 +911,9 @@ func (r *request) setQueryOptions(q *QueryOptions) {
if q.MergeCentralConfig {
r.params.Set("merge-central-config", "")
}
if q.Global {
r.params.Set("global", "")
}
r.ctx = q.ctx
}
@@ -911,12 +958,16 @@ func (r *request) setWriteOptions(q *WriteOptions) {
if q == nil {
return
}
// For backwards-compatibility, continue to use the shorthand "ns"
// rather than "namespace"
if q.Namespace != "" {
r.params.Set("ns", q.Namespace)
}
if q.Partition != "" {
r.params.Set("partition", q.Partition)
}
// For backwards-compatibility, continue to use the shorthand "dc"
// rather than "datacenter"
if q.Datacenter != "" {
r.params.Set("dc", q.Datacenter)
}
@@ -949,6 +1000,19 @@ func (r *request) toHTTP() (*http.Request, error) {
return nil, err
}
// validate that socket communications that do not use the host, detect
// slashes in the host name and replace it with local host.
// this is required since go started validating req.host in 1.20.6 and 1.19.11.
// prior to that they would strip out the slashes for you. They removed that
// behavior and added more strict validation as part of a CVE.
// This issue is being tracked by the Go team:
// https://github.com/golang/go/issues/61431
// If there is a resolution in this issue, we will remove this code.
// In the time being, this is the accepted workaround.
if strings.HasPrefix(r.url.Host, "/") {
r.url.Host = "localhost"
}
req.URL.Host = r.url.Host
req.URL.Scheme = r.url.Scheme
req.Host = r.url.Host
@@ -1059,7 +1123,7 @@ func (c *Client) write(endpoint string, in, out interface{}, q *WriteOptions) (*
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
} else if _, err := ioutil.ReadAll(resp.Body); err != nil {
} else if _, err := io.ReadAll(resp.Body); err != nil {
return nil, err
}
return wm, nil
@@ -1177,7 +1241,7 @@ func requireHttpCodes(resp *http.Response, httpCodes ...int) error {
// is necessary to ensure that the http.Client's underlying RoundTripper is able
// to re-use the TCP connection. See godoc on net/http.Client.Do.
func closeResponseBody(resp *http.Response) error {
_, _ = io.Copy(ioutil.Discard, resp.Body)
_, _ = io.Copy(io.Discard, resp.Body)
return resp.Body.Close()
}

12
vendor/github.com/hashicorp/consul/api/catalog.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -19,8 +22,9 @@ type Node struct {
Meta map[string]string
CreateIndex uint64
ModifyIndex uint64
Partition string `json:",omitempty"`
PeerName string `json:",omitempty"`
Partition string `json:",omitempty"`
PeerName string `json:",omitempty"`
Locality *Locality `json:",omitempty"`
}
type ServiceAddress struct {
@@ -45,6 +49,7 @@ type CatalogService struct {
ServiceWeights Weights
ServiceEnableTagOverride bool
ServiceProxy *AgentServiceConnectProxyConfig
ServiceLocality *Locality `json:",omitempty"`
CreateIndex uint64
Checks HealthChecks
ModifyIndex uint64
@@ -73,7 +78,8 @@ type CatalogRegistration struct {
Check *AgentCheck
Checks HealthChecks
SkipNodeUpdate bool
Partition string `json:",omitempty"`
Partition string `json:",omitempty"`
Locality *Locality `json:",omitempty"`
}
type CatalogDeregistration struct {

176
vendor/github.com/hashicorp/consul/api/config_entry.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -23,9 +26,28 @@ const (
ServiceIntentions string = "service-intentions"
MeshConfig string = "mesh"
ExportedServices string = "exported-services"
SamenessGroup string = "sameness-group"
RateLimitIPConfig string = "control-plane-request-limit"
ProxyConfigGlobal string = "global"
MeshConfigMesh string = "mesh"
APIGateway string = "api-gateway"
TCPRoute string = "tcp-route"
InlineCertificate string = "inline-certificate"
HTTPRoute string = "http-route"
JWTProvider string = "jwt-provider"
)
const (
BuiltinAWSLambdaExtension string = "builtin/aws/lambda"
BuiltinExtAuthzExtension string = "builtin/ext-authz"
BuiltinLuaExtension string = "builtin/lua"
BuiltinPropertyOverrideExtension string = "builtin/property-override"
BuiltinWasmExtension string = "builtin/wasm"
// BuiltinValidateExtension should not be exposed directly or accepted as a valid configured
// extension type, as it is only used indirectly via troubleshooting tools. It is included here
// for common reference alongside other builtin extensions.
BuiltinValidateExtension string = "builtin/proxy/validate"
)
type ConfigEntry interface {
@@ -93,6 +115,21 @@ type TransparentProxyConfig struct {
DialedDirectly bool `json:",omitempty" alias:"dialed_directly"`
}
type MutualTLSMode string
const (
// MutualTLSModeDefault represents no specific mode and should
// be used to indicate that a different layer of the configuration
// chain should take precedence.
MutualTLSModeDefault MutualTLSMode = ""
// MutualTLSModeStrict requires mTLS for incoming traffic.
MutualTLSModeStrict MutualTLSMode = "strict"
// MutualTLSModePermissive allows incoming non-mTLS traffic.
MutualTLSModePermissive MutualTLSMode = "permissive"
)
// ExposeConfig describes HTTP paths to expose through Envoy outside of Connect.
// Users can expose individual paths and/or all HTTP/GRPC paths for checks.
type ExposeConfig struct {
@@ -104,6 +141,15 @@ type ExposeConfig struct {
Paths []ExposePath `json:",omitempty"`
}
// EnvoyExtension has configuration for an extension that patches Envoy resources.
type EnvoyExtension struct {
Name string
Required bool
Arguments map[string]interface{} `bexpr:"-"`
ConsulVersion string
EnvoyVersion string
}
type ExposePath struct {
// ListenerPort defines the port of the proxy's listener for exposed paths.
ListenerPort int `json:",omitempty" alias:"listener_port"`
@@ -122,6 +168,36 @@ type ExposePath struct {
ParsedFromCheck bool
}
type LogSinkType string
const (
DefaultLogSinkType LogSinkType = ""
FileLogSinkType LogSinkType = "file"
StdErrLogSinkType LogSinkType = "stderr"
StdOutLogSinkType LogSinkType = "stdout"
)
// AccessLogsConfig contains the associated default settings for all Envoy instances within the datacenter or partition
type AccessLogsConfig struct {
// Enabled turns off all access logging
Enabled bool `json:",omitempty" alias:"enabled"`
// DisableListenerLogs turns off just listener logs for connections rejected by Envoy because they don't
// have a matching listener filter.
DisableListenerLogs bool `json:",omitempty" alias:"disable_listener_logs"`
// Type selects the output for logs: "file", "stderr". "stdout"
Type LogSinkType `json:",omitempty" alias:"type"`
// Path is the output file to write logs
Path string `json:",omitempty" alias:"path"`
// The presence of one format string or the other implies the access log string encoding.
// Defining Both is invalid.
JSONFormat string `json:",omitempty" alias:"json_format"`
TextFormat string `json:",omitempty" alias:"text_format"`
}
type UpstreamConfiguration struct {
// Overrides is a slice of per-service configuration. The name field is
// required.
@@ -133,15 +209,18 @@ type UpstreamConfiguration struct {
}
type UpstreamConfig struct {
// Name is only accepted within a service-defaults config entry.
// Name is only accepted within service-defaults.upstreamConfig.overrides .
Name string `json:",omitempty"`
// Partition is only accepted within a service-defaults config entry.
// Partition is only accepted within service-defaults.upstreamConfig.overrides .
Partition string `json:",omitempty"`
// Namespace is only accepted within a service-defaults config entry.
// Namespace is only accepted within service-defaults.upstreamConfig.overrides .
Namespace string `json:",omitempty"`
// Peer is only accepted within service-defaults.upstreamConfig.overrides .
Peer string `json:",omitempty"`
// EnvoyListenerJSON is a complete override ("escape hatch") for the upstream's
// listener.
//
@@ -177,6 +256,10 @@ type UpstreamConfig struct {
// MeshGatewayConfig controls how Mesh Gateways are configured and used
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway" `
// BalanceOutboundConnections indicates that the proxy should attempt to evenly distribute
// outbound connections across worker threads. Only used by envoy proxies.
BalanceOutboundConnections string `json:",omitempty" alias:"balance_outbound_connections"`
}
// DestinationConfig represents a virtual service, i.e. one that is external to Consul
@@ -201,6 +284,15 @@ type PassiveHealthCheck struct {
// when an outlier status is detected through consecutive 5xx.
// This setting can be used to disable ejection or to ramp it up slowly.
EnforcingConsecutive5xx *uint32 `json:",omitempty" alias:"enforcing_consecutive_5xx"`
// The maximum % of an upstream cluster that can be ejected due to outlier detection.
// Defaults to 10% but will eject at least one host regardless of the value.
MaxEjectionPercent *uint32 `json:",omitempty" alias:"max_ejection_percent"`
// The base time that a host is ejected for. The real time is equal to the base time
// multiplied by the number of times the host has been ejected and is capped by
// max_ejection_time (Default 300s). Defaults to 30000ms or 30s.
BaseEjectionTime *time.Duration `json:",omitempty" alias:"base_ejection_time"`
}
// UpstreamLimits describes the limits that are associated with a specific
@@ -223,24 +315,27 @@ type UpstreamLimits struct {
}
type ServiceConfigEntry struct {
Kind string
Name string
Partition string `json:",omitempty"`
Namespace string `json:",omitempty"`
Protocol string `json:",omitempty"`
Mode ProxyMode `json:",omitempty"`
TransparentProxy *TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`
Expose ExposeConfig `json:",omitempty"`
ExternalSNI string `json:",omitempty" alias:"external_sni"`
UpstreamConfig *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"`
Destination *DestinationConfig `json:",omitempty"`
MaxInboundConnections int `json:",omitempty" alias:"max_inbound_connections"`
LocalConnectTimeoutMs int `json:",omitempty" alias:"local_connect_timeout_ms"`
LocalRequestTimeoutMs int `json:",omitempty" alias:"local_request_timeout_ms"`
Meta map[string]string `json:",omitempty"`
CreateIndex uint64
ModifyIndex uint64
Kind string
Name string
Partition string `json:",omitempty"`
Namespace string `json:",omitempty"`
Protocol string `json:",omitempty"`
Mode ProxyMode `json:",omitempty"`
TransparentProxy *TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
MutualTLSMode MutualTLSMode `json:",omitempty" alias:"mutual_tls_mode"`
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`
Expose ExposeConfig `json:",omitempty"`
ExternalSNI string `json:",omitempty" alias:"external_sni"`
UpstreamConfig *UpstreamConfiguration `json:",omitempty" alias:"upstream_config"`
Destination *DestinationConfig `json:",omitempty"`
MaxInboundConnections int `json:",omitempty" alias:"max_inbound_connections"`
LocalConnectTimeoutMs int `json:",omitempty" alias:"local_connect_timeout_ms"`
LocalRequestTimeoutMs int `json:",omitempty" alias:"local_request_timeout_ms"`
BalanceInboundConnections string `json:",omitempty" alias:"balance_inbound_connections"`
EnvoyExtensions []EnvoyExtension `json:",omitempty" alias:"envoy_extensions"`
Meta map[string]string `json:",omitempty"`
CreateIndex uint64
ModifyIndex uint64
}
func (s *ServiceConfigEntry) GetKind() string { return s.Kind }
@@ -252,15 +347,20 @@ func (s *ServiceConfigEntry) GetCreateIndex() uint64 { return s.CreateIndex
func (s *ServiceConfigEntry) GetModifyIndex() uint64 { return s.ModifyIndex }
type ProxyConfigEntry struct {
Kind string
Name string
Partition string `json:",omitempty"`
Namespace string `json:",omitempty"`
Mode ProxyMode `json:",omitempty"`
TransparentProxy *TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
Config map[string]interface{} `json:",omitempty"`
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`
Expose ExposeConfig `json:",omitempty"`
Kind string
Name string
Partition string `json:",omitempty"`
Namespace string `json:",omitempty"`
Mode ProxyMode `json:",omitempty"`
TransparentProxy *TransparentProxyConfig `json:",omitempty" alias:"transparent_proxy"`
MutualTLSMode MutualTLSMode `json:",omitempty" alias:"mutual_tls_mode"`
Config map[string]interface{} `json:",omitempty"`
MeshGateway MeshGatewayConfig `json:",omitempty" alias:"mesh_gateway"`
Expose ExposeConfig `json:",omitempty"`
AccessLogs *AccessLogsConfig `json:",omitempty" alias:"access_logs"`
EnvoyExtensions []EnvoyExtension `json:",omitempty" alias:"envoy_extensions"`
FailoverPolicy *ServiceResolverFailoverPolicy `json:",omitempty" alias:"failover_policy"`
PrioritizeByLocality *ServiceResolverPrioritizeByLocality `json:",omitempty" alias:"prioritize_by_locality"`
Meta map[string]string `json:",omitempty"`
CreateIndex uint64
@@ -268,7 +368,7 @@ type ProxyConfigEntry struct {
}
func (p *ProxyConfigEntry) GetKind() string { return p.Kind }
func (p *ProxyConfigEntry) GetName() string { return p.Name }
func (p *ProxyConfigEntry) GetName() string { return ProxyConfigGlobal }
func (p *ProxyConfigEntry) GetPartition() string { return p.Partition }
func (p *ProxyConfigEntry) GetNamespace() string { return p.Namespace }
func (p *ProxyConfigEntry) GetMeta() map[string]string { return p.Meta }
@@ -297,6 +397,20 @@ func makeConfigEntry(kind, name string) (ConfigEntry, error) {
return &MeshConfigEntry{}, nil
case ExportedServices:
return &ExportedServicesConfigEntry{Name: name}, nil
case SamenessGroup:
return &SamenessGroupConfigEntry{Kind: kind, Name: name}, nil
case APIGateway:
return &APIGatewayConfigEntry{Kind: kind, Name: name}, nil
case TCPRoute:
return &TCPRouteConfigEntry{Kind: kind, Name: name}, nil
case InlineCertificate:
return &InlineCertificateConfigEntry{Kind: kind, Name: name}, nil
case HTTPRoute:
return &HTTPRouteConfigEntry{Kind: kind, Name: name}, nil
case RateLimitIPConfig:
return &RateLimitIPConfigEntry{Kind: kind, Name: name}, nil
case JWTProvider:
return &JWTProviderConfigEntry{Kind: kind, Name: name}, nil
default:
return nil, fmt.Errorf("invalid config entry kind: %s", kind)
}

53
vendor/github.com/hashicorp/consul/api/config_entry_discoverychain.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -69,9 +72,11 @@ type ServiceRouteDestination struct {
Partition string `json:",omitempty"`
PrefixRewrite string `json:",omitempty" alias:"prefix_rewrite"`
RequestTimeout time.Duration `json:",omitempty" alias:"request_timeout"`
IdleTimeout time.Duration `json:",omitempty" alias:"idle_timeout"`
NumRetries uint32 `json:",omitempty" alias:"num_retries"`
RetryOnConnectFailure bool `json:",omitempty" alias:"retry_on_connect_failure"`
RetryOnStatusCodes []uint32 `json:",omitempty" alias:"retry_on_status_codes"`
RetryOn []string `json:",omitempty" alias:"retry_on"`
RequestHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"`
ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"`
}
@@ -80,14 +85,19 @@ func (e *ServiceRouteDestination) MarshalJSON() ([]byte, error) {
type Alias ServiceRouteDestination
exported := &struct {
RequestTimeout string `json:",omitempty"`
IdleTimeout string `json:",omitempty"`
*Alias
}{
RequestTimeout: e.RequestTimeout.String(),
IdleTimeout: e.IdleTimeout.String(),
Alias: (*Alias)(e),
}
if e.RequestTimeout == 0 {
exported.RequestTimeout = ""
}
if e.IdleTimeout == 0 {
exported.IdleTimeout = ""
}
return json.Marshal(exported)
}
@@ -96,6 +106,7 @@ func (e *ServiceRouteDestination) UnmarshalJSON(data []byte) error {
type Alias ServiceRouteDestination
aux := &struct {
RequestTimeout string
IdleTimeout string
*Alias
}{
Alias: (*Alias)(e),
@@ -109,6 +120,11 @@ func (e *ServiceRouteDestination) UnmarshalJSON(data []byte) error {
return err
}
}
if aux.IdleTimeout != "" {
if e.IdleTimeout, err = time.ParseDuration(aux.IdleTimeout); err != nil {
return err
}
}
return nil
}
@@ -154,6 +170,11 @@ type ServiceResolverConfigEntry struct {
Redirect *ServiceResolverRedirect `json:",omitempty"`
Failover map[string]ServiceResolverFailover `json:",omitempty"`
ConnectTimeout time.Duration `json:",omitempty" alias:"connect_timeout"`
RequestTimeout time.Duration `json:",omitempty" alias:"request_timeout"`
// PrioritizeByLocality controls whether the locality of services within the
// local partition will be used to prioritize connectivity.
PrioritizeByLocality *ServiceResolverPrioritizeByLocality `json:",omitempty" alias:"prioritize_by_locality"`
// LoadBalancer determines the load balancing policy and configuration for services
// issuing requests to this upstream service.
@@ -219,14 +240,42 @@ type ServiceResolverRedirect struct {
Namespace string `json:",omitempty"`
Partition string `json:",omitempty"`
Datacenter string `json:",omitempty"`
Peer string `json:",omitempty"`
SamenessGroup string `json:",omitempty" alias:"sameness_group"`
}
type ServiceResolverFailover struct {
Service string `json:",omitempty"`
ServiceSubset string `json:",omitempty" alias:"service_subset"`
// Referencing other partitions is not supported.
Namespace string `json:",omitempty"`
Datacenters []string `json:",omitempty"`
Namespace string `json:",omitempty"`
Datacenters []string `json:",omitempty"`
Targets []ServiceResolverFailoverTarget `json:",omitempty"`
Policy *ServiceResolverFailoverPolicy `json:",omitempty"`
SamenessGroup string `json:",omitempty" alias:"sameness_group"`
}
type ServiceResolverFailoverTarget struct {
Service string `json:",omitempty"`
ServiceSubset string `json:",omitempty" alias:"service_subset"`
Partition string `json:",omitempty"`
Namespace string `json:",omitempty"`
Datacenter string `json:",omitempty"`
Peer string `json:",omitempty"`
}
type ServiceResolverFailoverPolicy struct {
// Mode specifies the type of failover that will be performed. Valid values are
// "sequential", "" (equivalent to "sequential") and "order-by-locality".
Mode string `json:",omitempty"`
Regions []string `json:",omitempty"`
}
type ServiceResolverPrioritizeByLocality struct {
// Mode specifies the type of prioritization that will be performed
// when selecting nodes in the local partition.
// Valid values are: "" (default "none"), "none", and "failover".
Mode string `json:",omitempty"`
}
// LoadBalancer determines the load balancing policy and configuration for services

13
vendor/github.com/hashicorp/consul/api/config_entry_exports.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import "encoding/json"
@@ -44,14 +47,16 @@ type ExportedService struct {
}
// ServiceConsumer represents a downstream consumer of the service to be exported.
// At most one of Partition or PeerName must be specified.
// At most one of Partition or Peer must be specified.
type ServiceConsumer struct {
// Partition is the admin partition to export the service to.
// Deprecated: PeerName should be used for both remote peers and local partitions.
Partition string `json:",omitempty"`
// PeerName is the name of the peer to export the service to.
PeerName string `json:",omitempty" alias:"peer_name"`
// Peer is the name of the peer to export the service to.
Peer string `json:",omitempty" alias:"peer_name"`
// SamenessGroup is the name of the sameness group to export the service to.
SamenessGroup string `json:",omitempty" alias:"sameness_group"`
}
func (e *ExportedServicesConfigEntry) GetKind() string { return ExportedServices }

102
vendor/github.com/hashicorp/consul/api/config_entry_gateways.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// IngressGatewayConfigEntry manages the configuration for an ingress service
@@ -27,6 +30,9 @@ type IngressGatewayConfigEntry struct {
Meta map[string]string `json:",omitempty"`
// Defaults is default configuration for all upstream services
Defaults *IngressServiceConfig `json:",omitempty"`
// CreateIndex is the Raft index this entry was created at. This is a
// read-only field.
CreateIndex uint64
@@ -37,6 +43,16 @@ type IngressGatewayConfigEntry struct {
ModifyIndex uint64
}
type IngressServiceConfig struct {
MaxConnections *uint32
MaxPendingRequests *uint32
MaxConcurrentRequests *uint32
// PassiveHealthCheck configuration determines how upstream proxy instances will
// be monitored for removal from the load balancing pool.
PassiveHealthCheck *PassiveHealthCheck `json:",omitempty" alias:"passive_health_check"`
}
type GatewayTLSConfig struct {
// Indicates that TLS should be enabled for this gateway service.
Enabled bool
@@ -124,6 +140,14 @@ type IngressService struct {
// Allow HTTP header manipulation to be configured.
RequestHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"request_headers"`
ResponseHeaders *HTTPHeaderModifiers `json:",omitempty" alias:"response_headers"`
MaxConnections *uint32 `json:",omitempty" alias:"max_connections"`
MaxPendingRequests *uint32 `json:",omitempty" alias:"max_pending_requests"`
MaxConcurrentRequests *uint32 `json:",omitempty" alias:"max_concurrent_requests"`
// PassiveHealthCheck configuration determines how upstream proxy instances will
// be monitored for removal from the load balancing pool.
PassiveHealthCheck *PassiveHealthCheck `json:",omitempty" alias:"passive_health_check"`
}
func (i *IngressGatewayConfigEntry) GetKind() string { return i.Kind }
@@ -200,3 +224,81 @@ func (g *TerminatingGatewayConfigEntry) GetNamespace() string { return g.N
func (g *TerminatingGatewayConfigEntry) GetMeta() map[string]string { return g.Meta }
func (g *TerminatingGatewayConfigEntry) GetCreateIndex() uint64 { return g.CreateIndex }
func (g *TerminatingGatewayConfigEntry) GetModifyIndex() uint64 { return g.ModifyIndex }
// APIGatewayConfigEntry manages the configuration for an API gateway
// with the given name.
type APIGatewayConfigEntry struct {
// Kind of the config entry. This should be set to api.APIGateway.
Kind string
// Name is used to match the config entry with its associated api gateway
// service. This should match the name provided in the service definition.
Name string
Meta map[string]string `json:",omitempty"`
// Listeners is the set of listener configuration to which an API Gateway
// might bind.
Listeners []APIGatewayListener
// Status is the asynchronous status which an APIGateway propagates to the user.
Status ConfigEntryStatus
// CreateIndex is the Raft index this entry was created at. This is a
// read-only field.
CreateIndex uint64
// ModifyIndex is used for the Check-And-Set operations and can also be fed
// back into the WaitIndex of the QueryOptions in order to perform blocking
// queries.
ModifyIndex uint64
// Partition is the partition the config entry is associated with.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the config entry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
}
func (g *APIGatewayConfigEntry) GetKind() string { return g.Kind }
func (g *APIGatewayConfigEntry) GetName() string { return g.Name }
func (g *APIGatewayConfigEntry) GetPartition() string { return g.Partition }
func (g *APIGatewayConfigEntry) GetNamespace() string { return g.Namespace }
func (g *APIGatewayConfigEntry) GetMeta() map[string]string { return g.Meta }
func (g *APIGatewayConfigEntry) GetCreateIndex() uint64 { return g.CreateIndex }
func (g *APIGatewayConfigEntry) GetModifyIndex() uint64 { return g.ModifyIndex }
// APIGatewayListener represents an individual listener for an APIGateway
type APIGatewayListener struct {
// Name is the name of the listener in a given gateway. This must be
// unique within a gateway.
Name string
// Hostname is the host name that a listener should be bound to, if
// unspecified, the listener accepts requests for all hostnames.
Hostname string
// Port is the port at which this listener should bind.
Port int
// Protocol is the protocol that a listener should use, it must
// either be "http" or "tcp"
Protocol string
// TLS is the TLS settings for the listener.
TLS APIGatewayTLSConfiguration
}
// APIGatewayTLSConfiguration specifies the configuration of a listeners
// TLS settings.
type APIGatewayTLSConfiguration struct {
// Certificates is a set of references to certificates
// that a gateway listener uses for TLS termination.
Certificates []ResourceReference
// MaxVersion is the maximum TLS version that the listener
// should support.
MaxVersion string `json:",omitempty" alias:"tls_max_version"`
// MinVersion is the minimum TLS version that the listener
// should support.
MinVersion string `json:",omitempty" alias:"tls_min_version"`
// Define a subset of cipher suites to restrict
// Only applicable to connections negotiated via TLS 1.2 or earlier
CipherSuites []string `json:",omitempty" alias:"cipher_suites"`
}

46
vendor/github.com/hashicorp/consul/api/config_entry_inline_certificate.go generated vendored Normal file
View File

@@ -0,0 +1,46 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// InlineCertificateConfigEntry -- TODO stub
type InlineCertificateConfigEntry struct {
// Kind of the config entry. This should be set to api.InlineCertificate.
Kind string
// Name is used to match the config entry with its associated tcp-route
// service. This should match the name provided in the service definition.
Name string
// Certificate is the public certificate component of an x509 key pair encoded in raw PEM format.
Certificate string
// PrivateKey is the private key component of an x509 key pair encoded in raw PEM format.
PrivateKey string `alias:"private_key"`
Meta map[string]string `json:",omitempty"`
// CreateIndex is the Raft index this entry was created at. This is a
// read-only field.
CreateIndex uint64
// ModifyIndex is used for the Check-And-Set operations and can also be fed
// back into the WaitIndex of the QueryOptions in order to perform blocking
// queries.
ModifyIndex uint64
// Partition is the partition the config entry is associated with.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the config entry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
}
func (a *InlineCertificateConfigEntry) GetKind() string { return InlineCertificate }
func (a *InlineCertificateConfigEntry) GetName() string { return a.Name }
func (a *InlineCertificateConfigEntry) GetPartition() string { return a.Partition }
func (a *InlineCertificateConfigEntry) GetNamespace() string { return a.Namespace }
func (a *InlineCertificateConfigEntry) GetMeta() map[string]string { return a.Meta }
func (a *InlineCertificateConfigEntry) GetCreateIndex() uint64 { return a.CreateIndex }
func (a *InlineCertificateConfigEntry) GetModifyIndex() uint64 { return a.ModifyIndex }

51
vendor/github.com/hashicorp/consul/api/config_entry_intentions.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import "time"
@@ -9,6 +12,7 @@ type ServiceIntentionsConfigEntry struct {
Namespace string `json:",omitempty"`
Sources []*SourceIntention
JWT *IntentionJWTRequirement `json:",omitempty"`
Meta map[string]string `json:",omitempty"`
@@ -17,15 +21,16 @@ type ServiceIntentionsConfigEntry struct {
}
type SourceIntention struct {
Name string
Peer string `json:",omitempty"`
Partition string `json:",omitempty"`
Namespace string `json:",omitempty"`
Action IntentionAction `json:",omitempty"`
Permissions []*IntentionPermission `json:",omitempty"`
Precedence int
Type IntentionSourceType
Description string `json:",omitempty"`
Name string
Peer string `json:",omitempty"`
Partition string `json:",omitempty"`
Namespace string `json:",omitempty"`
SamenessGroup string `json:",omitempty" alias:"sameness_group"`
Action IntentionAction `json:",omitempty"`
Permissions []*IntentionPermission `json:",omitempty"`
Precedence int
Type IntentionSourceType
Description string `json:",omitempty"`
LegacyID string `json:",omitempty" alias:"legacy_id"`
LegacyMeta map[string]string `json:",omitempty" alias:"legacy_meta"`
@@ -44,6 +49,7 @@ func (e *ServiceIntentionsConfigEntry) GetModifyIndex() uint64 { return e.Mo
type IntentionPermission struct {
Action IntentionAction
HTTP *IntentionHTTPPermission `json:",omitempty"`
JWT *IntentionJWTRequirement `json:",omitempty"`
}
type IntentionHTTPPermission struct {
@@ -65,3 +71,30 @@ type IntentionHTTPHeaderPermission struct {
Regex string `json:",omitempty"`
Invert bool `json:",omitempty"`
}
type IntentionJWTRequirement struct {
// Providers is a list of providers to consider when verifying a JWT.
Providers []*IntentionJWTProvider `json:",omitempty"`
}
type IntentionJWTProvider struct {
// Name is the name of the JWT provider. There MUST be a corresponding
// "jwt-provider" config entry with this name.
Name string `json:",omitempty"`
// VerifyClaims is a list of additional claims to verify in a JWT's payload.
VerifyClaims []*IntentionJWTClaimVerification `json:",omitempty" alias:"verify_claims"`
}
type IntentionJWTClaimVerification struct {
// Path is the path to the claim in the token JSON.
Path []string `json:",omitempty"`
// Value is the expected value at the given path:
// - If the type at the path is a list then we verify
// that this value is contained in the list.
//
// - If the type at the path is a string then we verify
// that this value matches.
Value string `json:",omitempty"`
}

310
vendor/github.com/hashicorp/consul/api/config_entry_jwt_provider.go generated vendored Normal file
View File

@@ -0,0 +1,310 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"time"
)
const (
DiscoveryTypeStrictDNS ClusterDiscoveryType = "STRICT_DNS"
DiscoveryTypeStatic ClusterDiscoveryType = "STATIC"
DiscoveryTypeLogicalDNS ClusterDiscoveryType = "LOGICAL_DNS"
DiscoveryTypeEDS ClusterDiscoveryType = "EDS"
DiscoveryTypeOriginalDST ClusterDiscoveryType = "ORIGINAL_DST"
)
type JWTProviderConfigEntry struct {
// Kind is the kind of configuration entry and must be "jwt-provider".
Kind string `json:",omitempty"`
// Name is the name of the provider being configured.
Name string `json:",omitempty"`
// JSONWebKeySet defines a JSON Web Key Set, its location on disk, or the
// means with which to fetch a key set from a remote server.
JSONWebKeySet *JSONWebKeySet `json:",omitempty" alias:"json_web_key_set"`
// Issuer is the entity that must have issued the JWT.
// This value must match the "iss" claim of the token.
Issuer string `json:",omitempty"`
// Audiences is the set of audiences the JWT is allowed to access.
// If specified, all JWTs verified with this provider must address
// at least one of these to be considered valid.
Audiences []string `json:",omitempty"`
// Locations where the JWT will be present in requests.
// Envoy will check all of these locations to extract a JWT.
// If no locations are specified Envoy will default to:
// 1. Authorization header with Bearer schema:
// "Authorization: Bearer <token>"
// 2. access_token query parameter.
Locations []*JWTLocation `json:",omitempty"`
// Forwarding defines rules for forwarding verified JWTs to the backend.
Forwarding *JWTForwardingConfig `json:",omitempty"`
// ClockSkewSeconds specifies the maximum allowable time difference
// from clock skew when validating the "exp" (Expiration) and "nbf"
// (Not Before) claims.
//
// Default value is 30 seconds.
ClockSkewSeconds int `json:",omitempty" alias:"clock_skew_seconds"`
// CacheConfig defines configuration for caching the validation
// result for previously seen JWTs. Caching results can speed up
// verification when individual tokens are expected to be handled
// multiple times.
CacheConfig *JWTCacheConfig `json:",omitempty" alias:"cache_config"`
Meta map[string]string `json:",omitempty"`
// CreateIndex is the Raft index this entry was created at. This is a
// read-only field.
CreateIndex uint64 `json:",omitempty"`
// ModifyIndex is used for the Check-And-Set operations and can also be fed
// back into the WaitIndex of the QueryOptions in order to perform blocking
// queries.
ModifyIndex uint64 `json:",omitempty"`
// Partition is the partition the JWTProviderConfigEntry applies to.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the JWTProviderConfigEntry applies to.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
}
// JWTLocation is a location where the JWT could be present in requests.
//
// Only one of Header, QueryParam, or Cookie can be specified.
type JWTLocation struct {
// Header defines how to extract a JWT from an HTTP request header.
Header *JWTLocationHeader `json:",omitempty"`
// QueryParam defines how to extract a JWT from an HTTP request
// query parameter.
QueryParam *JWTLocationQueryParam `json:",omitempty" alias:"query_param"`
// Cookie defines how to extract a JWT from an HTTP request cookie.
Cookie *JWTLocationCookie `json:",omitempty"`
}
// JWTLocationHeader defines how to extract a JWT from an HTTP
// request header.
type JWTLocationHeader struct {
// Name is the name of the header containing the token.
Name string `json:",omitempty"`
// ValuePrefix is an optional prefix that precedes the token in the
// header value.
// For example, "Bearer " is a standard value prefix for a header named
// "Authorization", but the prefix is not part of the token itself:
// "Authorization: Bearer <token>"
ValuePrefix string `json:",omitempty" alias:"value_prefix"`
// Forward defines whether the header with the JWT should be
// forwarded after the token has been verified. If false, the
// header will not be forwarded to the backend.
//
// Default value is false.
Forward bool `json:",omitempty"`
}
// JWTLocationQueryParam defines how to extract a JWT from an HTTP request query parameter.
type JWTLocationQueryParam struct {
// Name is the name of the query param containing the token.
Name string `json:",omitempty"`
}
// JWTLocationCookie defines how to extract a JWT from an HTTP request cookie.
type JWTLocationCookie struct {
// Name is the name of the cookie containing the token.
Name string `json:",omitempty"`
}
type JWTForwardingConfig struct {
// HeaderName is a header name to use when forwarding a verified
// JWT to the backend. The verified JWT could have been extracted
// from any location (query param, header, or cookie).
//
// The header value will be base64-URL-encoded, and will not be
// padded unless PadForwardPayloadHeader is true.
HeaderName string `json:",omitempty" alias:"header_name"`
// PadForwardPayloadHeader determines whether padding should be added
// to the base64 encoded token forwarded with ForwardPayloadHeader.
//
// Default value is false.
PadForwardPayloadHeader bool `json:",omitempty" alias:"pad_forward_payload_header"`
}
// JSONWebKeySet defines a key set, its location on disk, or the
// means with which to fetch a key set from a remote server.
//
// Exactly one of Local or Remote must be specified.
type JSONWebKeySet struct {
// Local specifies a local source for the key set.
Local *LocalJWKS `json:",omitempty"`
// Remote specifies how to fetch a key set from a remote server.
Remote *RemoteJWKS `json:",omitempty"`
}
// LocalJWKS specifies a location for a local JWKS.
//
// Only one of String and Filename can be specified.
type LocalJWKS struct {
// JWKS contains a base64 encoded JWKS.
JWKS string `json:",omitempty"`
// Filename configures a location on disk where the JWKS can be
// found. If specified, the file must be present on the disk of ALL
// proxies with intentions referencing this provider.
Filename string `json:",omitempty"`
}
// RemoteJWKS specifies how to fetch a JWKS from a remote server.
type RemoteJWKS struct {
// URI is the URI of the server to query for the JWKS.
URI string `json:",omitempty"`
// RequestTimeoutMs is the number of milliseconds to
// time out when making a request for the JWKS.
RequestTimeoutMs int `json:",omitempty" alias:"request_timeout_ms"`
// CacheDuration is the duration after which cached keys
// should be expired.
//
// Default value is 5 minutes.
CacheDuration time.Duration `json:",omitempty" alias:"cache_duration"`
// FetchAsynchronously indicates that the JWKS should be fetched
// when a client request arrives. Client requests will be paused
// until the JWKS is fetched.
// If false, the proxy listener will wait for the JWKS to be
// fetched before being activated.
//
// Default value is false.
FetchAsynchronously bool `json:",omitempty" alias:"fetch_asynchronously"`
// RetryPolicy defines a retry policy for fetching JWKS.
//
// There is no retry by default.
RetryPolicy *JWKSRetryPolicy `json:",omitempty" alias:"retry_policy"`
// JWKSCluster defines how the specified Remote JWKS URI is to be fetched.
JWKSCluster *JWKSCluster `json:",omitempty" alias:"jwks_cluster"`
}
type JWKSCluster struct {
// DiscoveryType refers to the service discovery type to use for resolving the cluster.
//
// This defaults to STRICT_DNS.
// Other options include STATIC, LOGICAL_DNS, EDS or ORIGINAL_DST.
DiscoveryType ClusterDiscoveryType `json:",omitempty" alias:"discovery_type"`
// TLSCertificates refers to the data containing certificate authority certificates to use
// in verifying a presented peer certificate.
// If not specified and a peer certificate is presented it will not be verified.
//
// Must be either CaCertificateProviderInstance or TrustedCA.
TLSCertificates *JWKSTLSCertificate `json:",omitempty" alias:"tls_certificates"`
// The timeout for new network connections to hosts in the cluster.
// If not set, a default value of 5s will be used.
ConnectTimeout time.Duration `json:",omitempty" alias:"connect_timeout"`
}
type ClusterDiscoveryType string
// JWKSTLSCertificate refers to the data containing certificate authority certificates to use
// in verifying a presented peer certificate.
// If not specified and a peer certificate is presented it will not be verified.
//
// Must be either CaCertificateProviderInstance or TrustedCA.
type JWKSTLSCertificate struct {
// CaCertificateProviderInstance Certificate provider instance for fetching TLS certificates.
CaCertificateProviderInstance *JWKSTLSCertProviderInstance `json:",omitempty" alias:"ca_certificate_provider_instance"`
// TrustedCA defines TLS certificate data containing certificate authority certificates
// to use in verifying a presented peer certificate.
//
// Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified.
TrustedCA *JWKSTLSCertTrustedCA `json:",omitempty" alias:"trusted_ca"`
}
// JWKSTLSCertTrustedCA defines TLS certificate data containing certificate authority certificates
// to use in verifying a presented peer certificate.
//
// Exactly one of Filename, EnvironmentVariable, InlineString or InlineBytes must be specified.
type JWKSTLSCertTrustedCA struct {
Filename string `json:",omitempty" alias:"filename"`
EnvironmentVariable string `json:",omitempty" alias:"environment_variable"`
InlineString string `json:",omitempty" alias:"inline_string"`
InlineBytes []byte `json:",omitempty" alias:"inline_bytes"`
}
type JWKSTLSCertProviderInstance struct {
// InstanceName refers to the certificate provider instance name
//
// The default value is "default".
InstanceName string `json:",omitempty" alias:"instance_name"`
// CertificateName is used to specify certificate instances or types. For example, "ROOTCA" to specify
// a root-certificate (validation context) or "example.com" to specify a certificate for a
// particular domain.
//
// The default value is the empty string.
CertificateName string `json:",omitempty" alias:"certificate_name"`
}
type JWKSRetryPolicy struct {
// NumRetries is the number of times to retry fetching the JWKS.
// The retry strategy uses jittered exponential backoff with
// a base interval of 1s and max of 10s.
//
// Default value is 0.
NumRetries int `json:",omitempty" alias:"num_retries"`
// Backoff policy
//
// Defaults to Envoy's backoff policy
RetryPolicyBackOff *RetryPolicyBackOff `json:",omitempty" alias:"retry_policy_back_off"`
}
type RetryPolicyBackOff struct {
// BaseInterval to be used for the next back off computation
//
// The default value from envoy is 1s
BaseInterval time.Duration `json:",omitempty" alias:"base_interval"`
// MaxInternal to be used to specify the maximum interval between retries.
// Optional but should be greater or equal to BaseInterval.
//
// Defaults to 10 times BaseInterval
MaxInterval time.Duration `json:",omitempty" alias:"max_interval"`
}
type JWTCacheConfig struct {
// Size specifies the maximum number of JWT verification
// results to cache.
//
// Defaults to 0, meaning that JWT caching is disabled.
Size int `json:",omitempty"`
}
func (e *JWTProviderConfigEntry) GetKind() string {
return JWTProvider
}
func (e *JWTProviderConfigEntry) GetName() string { return e.Name }
func (e *JWTProviderConfigEntry) GetMeta() map[string]string { return e.Meta }
func (e *JWTProviderConfigEntry) GetCreateIndex() uint64 { return e.CreateIndex }
func (e *JWTProviderConfigEntry) GetModifyIndex() uint64 { return e.ModifyIndex }
func (e *JWTProviderConfigEntry) GetPartition() string { return e.Partition }
func (e *JWTProviderConfigEntry) GetNamespace() string { return e.Namespace }

13
vendor/github.com/hashicorp/consul/api/config_entry_mesh.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -19,10 +22,16 @@ type MeshConfigEntry struct {
// in transparent mode.
TransparentProxy TransparentProxyMeshConfig `alias:"transparent_proxy"`
// AllowEnablingPermissiveMutualTLS must be true in order to allow setting
// MutualTLSMode=permissive in either service-defaults or proxy-defaults.
AllowEnablingPermissiveMutualTLS bool `json:",omitempty" alias:"allow_enabling_permissive_mutual_tls"`
TLS *MeshTLSConfig `json:",omitempty"`
HTTP *MeshHTTPConfig `json:",omitempty"`
Peering *PeeringMeshConfig `json:",omitempty"`
Meta map[string]string `json:",omitempty"`
// CreateIndex is the Raft index this entry was created at. This is a
@@ -54,6 +63,10 @@ type MeshHTTPConfig struct {
SanitizeXForwardedClientCert bool `alias:"sanitize_x_forwarded_client_cert"`
}
type PeeringMeshConfig struct {
PeerThroughMeshGateways bool `json:",omitempty" alias:"peer_through_mesh_gateways"`
}
func (e *MeshConfigEntry) GetKind() string { return MeshConfig }
func (e *MeshConfigEntry) GetName() string { return MeshConfigMesh }
func (e *MeshConfigEntry) GetPartition() string { return e.Partition }

91
vendor/github.com/hashicorp/consul/api/config_entry_rate_limit_ip.go generated vendored Normal file
View File

@@ -0,0 +1,91 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
type ReadWriteRatesConfig struct {
ReadRate float64
WriteRate float64
}
type RateLimitIPConfigEntry struct {
// Kind of the config entry. This will be set to structs.RateLimitIPConfig
Kind string
Name string
Mode string // {permissive, enforcing, disabled}
Meta map[string]string `json:",omitempty"`
// overall limits
ReadRate float64
WriteRate float64
//limits specific to a type of call
ACL *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryACL OperationCategory = "ACL"
Catalog *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryCatalog OperationCategory = "Catalog"
ConfigEntry *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryConfigEntry OperationCategory = "ConfigEntry"
ConnectCA *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryConnectCA OperationCategory = "ConnectCA"
Coordinate *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryCoordinate OperationCategory = "Coordinate"
DiscoveryChain *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryDiscoveryChain OperationCategory = "DiscoveryChain"
ServerDiscovery *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryServerDiscovery OperationCategory = "ServerDiscovery"
Health *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryHealth OperationCategory = "Health"
Intention *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryIntention OperationCategory = "Intention"
KV *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryKV OperationCategory = "KV"
Tenancy *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryPartition OperationCategory = "Tenancy"
PreparedQuery *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryPreparedQuery OperationCategory = "PreparedQuery"
Session *ReadWriteRatesConfig `json:",omitempty"` // OperationCategorySession OperationCategory = "Session"
Txn *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryTxn OperationCategory = "Txn"
AutoConfig *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryAutoConfig OperationCategory = "AutoConfig"
FederationState *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryFederationState OperationCategory = "FederationState"
Internal *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryInternal OperationCategory = "Internal"
PeerStream *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryPeerStream OperationCategory = "PeerStream"
Peering *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryPeering OperationCategory = "Peering"
DataPlane *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryDataPlane OperationCategory = "DataPlane"
DNS *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryDNS OperationCategory = "DNS"
Subscribe *ReadWriteRatesConfig `json:",omitempty"` // OperationCategorySubscribe OperationCategory = "Subscribe"
Resource *ReadWriteRatesConfig `json:",omitempty"` // OperationCategoryResource OperationCategory = "Resource"
// Partition is the partition the config entry is associated with.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the config entry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
// CreateIndex is the Raft index this entry was created at. This is a
// read-only field.
CreateIndex uint64
// ModifyIndex is used for the Check-And-Set operations and can also be fed
// back into the WaitIndex of the QueryOptions in order to perform blocking
// queries.
ModifyIndex uint64
}
func (r *RateLimitIPConfigEntry) GetKind() string {
return RateLimitIPConfig
}
func (r *RateLimitIPConfigEntry) GetName() string {
if r == nil {
return ""
}
return r.Name
}
func (r *RateLimitIPConfigEntry) GetPartition() string {
return r.Partition
}
func (r *RateLimitIPConfigEntry) GetNamespace() string {
return r.Namespace
}
func (r *RateLimitIPConfigEntry) GetMeta() map[string]string {
if r == nil {
return nil
}
return r.Meta
}
func (r *RateLimitIPConfigEntry) GetCreateIndex() uint64 {
return r.CreateIndex
}
func (r *RateLimitIPConfigEntry) GetModifyIndex() uint64 {
return r.ModifyIndex
}

245
vendor/github.com/hashicorp/consul/api/config_entry_routes.go generated vendored Normal file
View File

@@ -0,0 +1,245 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// TCPRouteConfigEntry -- TODO stub
type TCPRouteConfigEntry struct {
// Kind of the config entry. This should be set to api.TCPRoute.
Kind string
// Name is used to match the config entry with its associated tcp-route
// service. This should match the name provided in the service definition.
Name string
// Parents is a list of gateways that this route should be bound to.
Parents []ResourceReference
// Services is a list of TCP-based services that this should route to.
// Currently, this must specify at maximum one service.
Services []TCPService
Meta map[string]string `json:",omitempty"`
// Status is the asynchronous status which a TCPRoute propagates to the user.
Status ConfigEntryStatus
// CreateIndex is the Raft index this entry was created at. This is a
// read-only field.
CreateIndex uint64
// ModifyIndex is used for the Check-And-Set operations and can also be fed
// back into the WaitIndex of the QueryOptions in order to perform blocking
// queries.
ModifyIndex uint64
// Partition is the partition the config entry is associated with.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the config entry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
}
func (a *TCPRouteConfigEntry) GetKind() string { return TCPRoute }
func (a *TCPRouteConfigEntry) GetName() string { return a.Name }
func (a *TCPRouteConfigEntry) GetPartition() string { return a.Partition }
func (a *TCPRouteConfigEntry) GetNamespace() string { return a.Namespace }
func (a *TCPRouteConfigEntry) GetMeta() map[string]string { return a.Meta }
func (a *TCPRouteConfigEntry) GetCreateIndex() uint64 { return a.CreateIndex }
func (a *TCPRouteConfigEntry) GetModifyIndex() uint64 { return a.ModifyIndex }
// TCPService is a service reference for a TCPRoute
type TCPService struct {
Name string
// Partition is the partition the config entry is associated with.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the config entry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
}
// HTTPRouteConfigEntry manages the configuration for a HTTP route
// with the given name.
type HTTPRouteConfigEntry struct {
// Kind of the config entry. This should be set to api.HTTPRoute.
Kind string
// Name is used to match the config entry with its associated http-route.
Name string
// Parents is a list of gateways that this route should be bound to
Parents []ResourceReference
// Rules are a list of HTTP-based routing rules that this route should
// use for constructing a routing table.
Rules []HTTPRouteRule
// Hostnames are the hostnames for which this HTTPRoute should respond to requests.
Hostnames []string
Meta map[string]string `json:",omitempty"`
// CreateIndex is the Raft index this entry was created at. This is a
// read-only field.
CreateIndex uint64
// ModifyIndex is used for the Check-And-Set operations and can also be fed
// back into the WaitIndex of the QueryOptions in order to perform blocking
// queries.
ModifyIndex uint64
// Partition is the partition the config entry is associated with.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the config entry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
// Status is the asynchronous status which an HTTPRoute propagates to the user.
Status ConfigEntryStatus
}
func (r *HTTPRouteConfigEntry) GetKind() string { return HTTPRoute }
func (r *HTTPRouteConfigEntry) GetName() string { return r.Name }
func (r *HTTPRouteConfigEntry) GetPartition() string { return r.Partition }
func (r *HTTPRouteConfigEntry) GetNamespace() string { return r.Namespace }
func (r *HTTPRouteConfigEntry) GetMeta() map[string]string { return r.Meta }
func (r *HTTPRouteConfigEntry) GetCreateIndex() uint64 { return r.CreateIndex }
func (r *HTTPRouteConfigEntry) GetModifyIndex() uint64 { return r.ModifyIndex }
// HTTPMatch specifies the criteria that should be
// used in determining whether or not a request should
// be routed to a given set of services.
type HTTPMatch struct {
Headers []HTTPHeaderMatch
Method HTTPMatchMethod
Path HTTPPathMatch
Query []HTTPQueryMatch
}
// HTTPMatchMethod specifies which type of HTTP verb should
// be used for matching a given request.
type HTTPMatchMethod string
const (
HTTPMatchMethodAll HTTPMatchMethod = ""
HTTPMatchMethodConnect HTTPMatchMethod = "CONNECT"
HTTPMatchMethodDelete HTTPMatchMethod = "DELETE"
HTTPMatchMethodGet HTTPMatchMethod = "GET"
HTTPMatchMethodHead HTTPMatchMethod = "HEAD"
HTTPMatchMethodOptions HTTPMatchMethod = "OPTIONS"
HTTPMatchMethodPatch HTTPMatchMethod = "PATCH"
HTTPMatchMethodPost HTTPMatchMethod = "POST"
HTTPMatchMethodPut HTTPMatchMethod = "PUT"
HTTPMatchMethodTrace HTTPMatchMethod = "TRACE"
)
// HTTPHeaderMatchType specifies how header matching criteria
// should be applied to a request.
type HTTPHeaderMatchType string
const (
HTTPHeaderMatchExact HTTPHeaderMatchType = "exact"
HTTPHeaderMatchPrefix HTTPHeaderMatchType = "prefix"
HTTPHeaderMatchPresent HTTPHeaderMatchType = "present"
HTTPHeaderMatchRegularExpression HTTPHeaderMatchType = "regex"
HTTPHeaderMatchSuffix HTTPHeaderMatchType = "suffix"
)
// HTTPHeaderMatch specifies how a match should be done
// on a request's headers.
type HTTPHeaderMatch struct {
Match HTTPHeaderMatchType
Name string
Value string
}
// HTTPPathMatchType specifies how path matching criteria
// should be applied to a request.
type HTTPPathMatchType string
const (
HTTPPathMatchExact HTTPPathMatchType = "exact"
HTTPPathMatchPrefix HTTPPathMatchType = "prefix"
HTTPPathMatchRegularExpression HTTPPathMatchType = "regex"
)
// HTTPPathMatch specifies how a match should be done
// on a request's path.
type HTTPPathMatch struct {
Match HTTPPathMatchType
Value string
}
// HTTPQueryMatchType specifies how querys matching criteria
// should be applied to a request.
type HTTPQueryMatchType string
const (
HTTPQueryMatchExact HTTPQueryMatchType = "exact"
HTTPQueryMatchPresent HTTPQueryMatchType = "present"
HTTPQueryMatchRegularExpression HTTPQueryMatchType = "regex"
)
// HTTPQueryMatch specifies how a match should be done
// on a request's query parameters.
type HTTPQueryMatch struct {
Match HTTPQueryMatchType
Name string
Value string
}
// HTTPFilters specifies a list of filters used to modify a request
// before it is routed to an upstream.
type HTTPFilters struct {
Headers []HTTPHeaderFilter
URLRewrite *URLRewrite
}
// HTTPHeaderFilter specifies how HTTP headers should be modified.
type HTTPHeaderFilter struct {
Add map[string]string
Remove []string
Set map[string]string
}
type URLRewrite struct {
Path string
}
// HTTPRouteRule specifies the routing rules used to determine what upstream
// service an HTTP request is routed to.
type HTTPRouteRule struct {
// Filters is a list of HTTP-based filters used to modify a request prior
// to routing it to the upstream service
Filters HTTPFilters
// Matches specified the matching criteria used in the routing table. If a
// request matches the given HTTPMatch configuration, then traffic is routed
// to services specified in the Services field.
Matches []HTTPMatch
// Services is a list of HTTP-based services to route to if the request matches
// the rules specified in the Matches field.
Services []HTTPService
}
// HTTPService is a service reference for HTTP-based routing rules
type HTTPService struct {
Name string
// Weight is an arbitrary integer used in calculating how much
// traffic should be sent to the given service.
Weight int
// Filters is a list of HTTP-based filters used to modify a request prior
// to routing it to the upstream service
Filters HTTPFilters
// Partition is the partition the config entry is associated with.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the config entry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
}

29
vendor/github.com/hashicorp/consul/api/config_entry_sameness_group.go generated vendored Normal file
View File

@@ -0,0 +1,29 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
type SamenessGroupConfigEntry struct {
Kind string
Name string
Partition string `json:",omitempty"`
DefaultForFailover bool `json:",omitempty" alias:"default_for_failover"`
IncludeLocal bool `json:",omitempty" alias:"include_local"`
Members []SamenessGroupMember
Meta map[string]string `json:",omitempty"`
CreateIndex uint64
ModifyIndex uint64
}
type SamenessGroupMember struct {
Partition string `json:",omitempty"`
Peer string `json:",omitempty"`
}
func (s *SamenessGroupConfigEntry) GetKind() string { return s.Kind }
func (s *SamenessGroupConfigEntry) GetName() string { return s.Name }
func (s *SamenessGroupConfigEntry) GetPartition() string { return s.Partition }
func (s *SamenessGroupConfigEntry) GetNamespace() string { return "" }
func (s *SamenessGroupConfigEntry) GetCreateIndex() uint64 { return s.CreateIndex }
func (s *SamenessGroupConfigEntry) GetModifyIndex() uint64 { return s.ModifyIndex }
func (s *SamenessGroupConfigEntry) GetMeta() map[string]string { return s.Meta }

339
vendor/github.com/hashicorp/consul/api/config_entry_status.go generated vendored Normal file
View File

@@ -0,0 +1,339 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"fmt"
"time"
"golang.org/x/exp/slices"
)
// ResourceReference is a reference to a ConfigEntry
// with an optional reference to a subsection of that ConfigEntry
// that can be specified as SectionName
type ResourceReference struct {
// Kind is the kind of ConfigEntry that this resource refers to.
Kind string
// Name is the identifier for the ConfigEntry this resource refers to.
Name string
// SectionName is a generic subresource identifier that specifies
// a subset of the ConfigEntry to which this reference applies. Usage
// of this field should be up to the controller that leverages it. If
// unused, this should be blank.
SectionName string
// Partition is the partition the config entry is associated with.
// Partitioning is a Consul Enterprise feature.
Partition string `json:",omitempty"`
// Namespace is the namespace the config entry is associated with.
// Namespacing is a Consul Enterprise feature.
Namespace string `json:",omitempty"`
}
// ConfigEntryStatus is used for propagating back asynchronously calculated
// messages from control loops to a user
type ConfigEntryStatus struct {
// Conditions is the set of condition objects associated with
// a ConfigEntry status.
Conditions []Condition
}
// Condition is used for a single message and state associated
// with an object. For example, a ConfigEntry that references
// multiple other resources may have different statuses with
// respect to each of those resources.
type Condition struct {
// Type is a value from a bounded set of types that an object might have
Type string
// Status is a value from a bounded set of statuses that an object might have
Status ConditionStatus
// Reason is a value from a bounded set of reasons for a given status
Reason string
// Message is a message that gives more detailed information about
// why a Condition has a given status and reason
Message string
// Resource is an optional reference to a resource for which this
// condition applies
Resource *ResourceReference
// LastTransitionTime is the time at which this Condition was created
LastTransitionTime *time.Time
}
type (
ConditionStatus string
)
const (
ConditionStatusTrue ConditionStatus = "True"
ConditionStatusFalse ConditionStatus = "False"
ConditionStatusUnknown ConditionStatus = "Unknown"
)
// GatewayConditionType is a type of condition associated with a
// Gateway. This type should be used with the GatewayStatus.Conditions
// field.
type GatewayConditionType string
// GatewayConditionReason defines the set of reasons that explain why a
// particular Gateway condition type has been raised.
type GatewayConditionReason string
// the following are directly from the k8s spec
const (
// This condition is true when the controller managing the Gateway is
// syntactically and semantically valid enough to produce some configuration
// in the underlying data plane. This does not indicate whether or not the
// configuration has been propagated to the data plane.
//
// Possible reasons for this condition to be True are:
//
// * "Accepted"
//
// Possible reasons for this condition to be False are:
//
// * InvalidCertificates
//
GatewayConditionAccepted GatewayConditionType = "Accepted"
// This reason is used with the "Accepted" condition when the condition is
// True.
GatewayReasonAccepted GatewayConditionReason = "Accepted"
// This reason is used with the "Accepted" condition when the gateway has multiple invalid
// certificates and cannot bind to any routes
GatewayReasonInvalidCertificates GatewayConditionReason = "InvalidCertificates"
// This condition indicates that the gateway was unable to resolve
// conflicting specification requirements for this Listener. If a
// Listener is conflicted, its network port should not be configured
// on any network elements.
//
// Possible reasons for this condition to be true are:
//
// * "RouteConflict"
//
// Possible reasons for this condition to be False are:
//
// * "NoConflict"
//
// Controllers may raise this condition with other reasons,
// but should prefer to use the reasons listed above to improve
// interoperability.
GatewayConditionConflicted GatewayConditionType = "Conflicted"
// This reason is used with the "Conflicted" condition when the condition
// is False.
GatewayReasonNoConflict GatewayConditionReason = "NoConflict"
// This reason is used with the "Conflicted" condition when the route is
// in a conflicted state, such as when a TCPListener attempts to bind to two routes
GatewayReasonRouteConflict GatewayConditionReason = "RouteConflict"
// This condition indicates whether the controller was able to
// resolve all the object references for the Gateway. When setting this
// condition to False, a ResourceReference to the misconfigured Listener should
// be provided.
//
// Possible reasons for this condition to be true are:
//
// * "ResolvedRefs"
//
// Possible reasons for this condition to be False are:
//
// * "InvalidCertificateRef"
// * "InvalidRouteKinds"
// * "RefNotPermitted"
//
GatewayConditionResolvedRefs GatewayConditionType = "ResolvedRefs"
// This reason is used with the "ResolvedRefs" condition when the condition
// is true.
GatewayReasonResolvedRefs GatewayConditionReason = "ResolvedRefs"
// This reason is used with the "ResolvedRefs" condition when a
// Listener has a TLS configuration with at least one TLS CertificateRef
// that is invalid or does not exist.
// A CertificateRef is considered invalid when it refers to a nonexistent
// or unsupported resource or kind, or when the data within that resource
// is malformed.
// This reason must be used only when the reference is allowed, either by
// referencing an object in the same namespace as the Gateway, or when
// a cross-namespace reference has been explicitly allowed by a ReferenceGrant.
// If the reference is not allowed, the reason RefNotPermitted must be used
// instead.
GatewayListenerReasonInvalidCertificateRef GatewayConditionReason = "InvalidCertificateRef"
)
var validGatewayConditionReasonsMapping = map[GatewayConditionType]map[ConditionStatus][]GatewayConditionReason{
GatewayConditionAccepted: {
ConditionStatusTrue: {
GatewayReasonAccepted,
},
ConditionStatusFalse: {
GatewayReasonInvalidCertificates,
},
ConditionStatusUnknown: {},
},
GatewayConditionConflicted: {
ConditionStatusTrue: {
GatewayReasonRouteConflict,
},
ConditionStatusFalse: {
GatewayReasonNoConflict,
},
ConditionStatusUnknown: {},
},
GatewayConditionResolvedRefs: {
ConditionStatusTrue: {
GatewayReasonResolvedRefs,
},
ConditionStatusFalse: {
GatewayListenerReasonInvalidCertificateRef,
},
ConditionStatusUnknown: {},
},
}
func ValidateGatewayConditionReason(name GatewayConditionType, status ConditionStatus, reason GatewayConditionReason) error {
if err := checkConditionStatus(status); err != nil {
return err
}
reasons, ok := validGatewayConditionReasonsMapping[name]
if !ok {
return fmt.Errorf("unrecognized GatewayConditionType %q", name)
}
reasonsForStatus, ok := reasons[status]
if !ok {
return fmt.Errorf("unrecognized ConditionStatus %q", status)
}
if !slices.Contains(reasonsForStatus, reason) {
return fmt.Errorf("gateway condition reason %q not allowed for gateway condition type %q with status %q", reason, name, status)
}
return nil
}
// RouteConditionType is a type of condition for a route.
type RouteConditionType string
// RouteConditionReason is a reason for a route condition.
type RouteConditionReason string
// The following statuses are taken from the K8's Spec
// With the exception of: "RouteReasonInvalidDiscoveryChain" and "NoUpstreamServicesTargeted"
const (
// This condition indicates whether the route has been accepted or rejected
// by a Gateway, and why.
//
// Possible reasons for this condition to be true are:
//
// * "Accepted"
//
// Possible reasons for this condition to be False are:
//
// * "InvalidDiscoveryChain"
// * "NoUpstreamServicesTargeted"
//
//
// Controllers may raise this condition with other reasons,
// but should prefer to use the reasons listed above to improve
// interoperability.
RouteConditionAccepted RouteConditionType = "Accepted"
// This reason is used with the "Accepted" condition when the Route has been
// accepted by the Gateway.
RouteReasonAccepted RouteConditionReason = "Accepted"
// This reason is used with the "Accepted" condition when the route has an
// invalid discovery chain, this includes conditions like the protocol being invalid
// or the discovery chain failing to compile
RouteReasonInvalidDiscoveryChain RouteConditionReason = "InvalidDiscoveryChain"
// This reason is used with the "Accepted" condition when the route
RouteReasonNoUpstreamServicesTargeted RouteConditionReason = "NoUpstreamServicesTargeted"
)
// the following statuses are custom to Consul
const (
// This condition indicates whether the route was able to successfully bind the
// Listener on the gateway
// Possible reasons for this condition to be true are:
//
// * "Bound"
//
// Possible reasons for this condition to be false are:
//
// * "FailedToBind"
// * "GatewayNotFound"
//
RouteConditionBound RouteConditionType = "Bound"
// This reason is used with the "Bound" condition when the condition
// is true
RouteReasonBound RouteConditionReason = "Bound"
// This reason is used with the "Bound" condition when the route failed
// to bind to the gateway
RouteReasonFailedToBind RouteConditionReason = "FailedToBind"
// This reason is used with the "Bound" condition when the route fails
// to find the gateway
RouteReasonGatewayNotFound RouteConditionReason = "GatewayNotFound"
)
var validRouteConditionReasonsMapping = map[RouteConditionType]map[ConditionStatus][]RouteConditionReason{
RouteConditionAccepted: {
ConditionStatusTrue: {
RouteReasonAccepted,
},
ConditionStatusFalse: {
RouteReasonInvalidDiscoveryChain,
RouteReasonNoUpstreamServicesTargeted,
},
ConditionStatusUnknown: {},
},
RouteConditionBound: {
ConditionStatusTrue: {
RouteReasonBound,
},
ConditionStatusFalse: {
RouteReasonGatewayNotFound,
RouteReasonFailedToBind,
},
ConditionStatusUnknown: {},
},
}
func ValidateRouteConditionReason(name RouteConditionType, status ConditionStatus, reason RouteConditionReason) error {
if err := checkConditionStatus(status); err != nil {
return err
}
reasons, ok := validRouteConditionReasonsMapping[name]
if !ok {
return fmt.Errorf("unrecognized RouteConditionType %s", name)
}
reasonsForStatus, ok := reasons[status]
if !ok {
return fmt.Errorf("unrecognized ConditionStatus %s", name)
}
if !slices.Contains(reasonsForStatus, reason) {
return fmt.Errorf("route condition reason %s not allowed for route condition type %s with status %s", reason, name, status)
}
return nil
}
func checkConditionStatus(status ConditionStatus) error {
switch status {
case ConditionStatusTrue, ConditionStatusFalse, ConditionStatusUnknown:
return nil
default:
return fmt.Errorf("unrecognized condition status: %q", status)
}
}

6
vendor/github.com/hashicorp/consul/api/connect.go generated vendored
View File

@@ -1,5 +1,11 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// TelemetryCollectorName is the service name for the Consul Telemetry Collector
const TelemetryCollectorName string = "consul-telemetry-collector"
// Connect can be used to work with endpoints related to Connect, the
// feature for securely connecting services within Consul.
type Connect struct {

3
vendor/github.com/hashicorp/consul/api/connect_ca.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

7
vendor/github.com/hashicorp/consul/api/connect_intention.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -40,6 +43,10 @@ type Intention struct {
// same level of tenancy (partition is local to cluster, peer is remote).
SourcePeer string `json:",omitempty"`
// SourceSamenessGroup cannot be wildcards "*" and
// is not compatible with legacy intentions.
SourceSamenessGroup string `json:",omitempty"`
// SourceType is the type of the value for the source.
SourceType IntentionSourceType

3
vendor/github.com/hashicorp/consul/api/coordinate.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

12
vendor/github.com/hashicorp/consul/api/debug.go generated vendored
View File

@@ -1,10 +1,12 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"context"
"fmt"
"io"
"io/ioutil"
"strconv"
)
@@ -36,7 +38,7 @@ func (d *Debug) Heap() ([]byte, error) {
// We return a raw response because we're just passing through a response
// from the pprof handlers
body, err := ioutil.ReadAll(resp.Body)
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("error decoding body: %s", err)
}
@@ -62,7 +64,7 @@ func (d *Debug) Profile(seconds int) ([]byte, error) {
// We return a raw response because we're just passing through a response
// from the pprof handlers
body, err := ioutil.ReadAll(resp.Body)
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("error decoding body: %s", err)
}
@@ -107,7 +109,7 @@ func (d *Debug) Trace(seconds int) ([]byte, error) {
// We return a raw response because we're just passing through a response
// from the pprof handlers
body, err := ioutil.ReadAll(resp.Body)
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("error decoding body: %s", err)
}
@@ -130,7 +132,7 @@ func (d *Debug) Goroutine() ([]byte, error) {
// We return a raw response because we're just passing through a response
// from the pprof handlers
body, err := ioutil.ReadAll(resp.Body)
body, err := io.ReadAll(resp.Body)
if err != nil {
return nil, fmt.Errorf("error decoding body: %s", err)
}

4
vendor/github.com/hashicorp/consul/api/discovery_chain.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -221,6 +224,7 @@ func (r *DiscoveryResolver) UnmarshalJSON(data []byte) error {
// compiled form of ServiceResolverFailover
type DiscoveryFailover struct {
Targets []string
Policy ServiceResolverFailoverPolicy `json:",omitempty"`
}
// DiscoveryTarget represents all of the inputs necessary to use a resolver

3
vendor/github.com/hashicorp/consul/api/event.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

5
vendor/github.com/hashicorp/consul/api/health.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -64,8 +67,10 @@ type HealthCheckDefinition struct {
TLSServerName string
TLSSkipVerify bool
TCP string
TCPUseTLS bool
UDP string
GRPC string
OSService string
GRPCUseTLS bool
IntervalDuration time.Duration `json:"-"`
TimeoutDuration time.Duration `json:"-"`

64
vendor/github.com/hashicorp/consul/api/internal.go generated vendored Normal file
View File

@@ -0,0 +1,64 @@
package api
import "context"
// Internal can be used to query endpoints that are intended for
// Hashicorp internal-use only.
type Internal struct {
c *Client
}
// Internal returns a handle to endpoints that are for internal
// Hashicorp usage only. There is not guarantee that these will
// be backwards-compatible or supported, so usage of these is
// not encouraged.
func (c *Client) Internal() *Internal {
return &Internal{c}
}
type AssignServiceManualVIPsRequest struct {
Service string
ManualVIPs []string
}
type AssignServiceManualVIPsResponse struct {
ServiceFound bool `json:"Found"`
UnassignedFrom []PeeredServiceName
}
type PeeredServiceName struct {
ServiceName CompoundServiceName
Peer string
}
func (i *Internal) AssignServiceVirtualIP(
ctx context.Context,
service string,
manualVIPs []string,
wo *WriteOptions,
) (*AssignServiceManualVIPsResponse, *QueryMeta, error) {
req := i.c.newRequest("PUT", "/v1/internal/service-virtual-ip")
req.setWriteOptions(wo)
req.ctx = ctx
req.obj = AssignServiceManualVIPsRequest{
Service: service,
ManualVIPs: manualVIPs,
}
rtt, resp, err := i.c.doRequest(req)
if err != nil {
return nil, nil, err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return nil, nil, err
}
qm := &QueryMeta{RequestTime: rtt}
parseQueryMeta(resp, qm)
var out AssignServiceManualVIPsResponse
if err := decodeBody(resp, &out); err != nil {
return nil, nil, err
}
return &out, qm, nil
}

3
vendor/github.com/hashicorp/consul/api/kv.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

3
vendor/github.com/hashicorp/consul/api/lock.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

3
vendor/github.com/hashicorp/consul/api/namespace.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

3
vendor/github.com/hashicorp/consul/api/operator.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// Operator can be used to perform low-level operator tasks for Consul.

3
vendor/github.com/hashicorp/consul/api/operator_area.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// The /v1/operator/area endpoints are available only in Consul Enterprise and

40
vendor/github.com/hashicorp/consul/api/operator_audit.go generated vendored Normal file
View File

@@ -0,0 +1,40 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
// The /v1/operator/audit-hash endpoint is available only in Consul Enterprise and
// interact with its audit logging subsystem.
package api
type AuditHashRequest struct {
Input string
}
type AuditHashResponse struct {
Hash string
}
func (op *Operator) AuditHash(a *AuditHashRequest, q *QueryOptions) (*AuditHashResponse, error) {
r := op.c.newRequest("POST", "/v1/operator/audit-hash")
r.setQueryOptions(q)
r.obj = a
rtt, resp, err := op.c.doRequest(r)
if err != nil {
return nil, err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return nil, err
}
wm := &WriteMeta{}
wm.RequestTime = rtt
var out AuditHashResponse
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return &out, nil
}

3
vendor/github.com/hashicorp/consul/api/operator_autopilot.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

3
vendor/github.com/hashicorp/consul/api/operator_keyring.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// keyringRequest is used for performing Keyring operations

10
vendor/github.com/hashicorp/consul/api/operator_license.go generated vendored
View File

@@ -1,7 +1,10 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
"io/ioutil"
"io"
"strings"
"time"
)
@@ -30,6 +33,9 @@ type License struct {
// no longer be used in any capacity
TerminationTime time.Time `json:"termination_time"`
// Whether the license will ignore termination
IgnoreTermination bool `json:"ignore_termination"`
// The product the license is valid for
Product string `json:"product"`
@@ -71,7 +77,7 @@ func (op *Operator) LicenseGetSigned(q *QueryOptions) (string, error) {
return "", err
}
data, err := ioutil.ReadAll(resp.Body)
data, err := io.ReadAll(resp.Body)
if err != nil {
return "", err
}

31
vendor/github.com/hashicorp/consul/api/operator_raft.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// RaftServer has information about a server in the Raft configuration.
@@ -25,6 +28,9 @@ type RaftServer struct {
// it's a non-voting server, which will be added in a future release of
// Consul.
Voter bool
// LastIndex is the last log index this server has a record of in its Raft log.
LastIndex uint64
}
// RaftConfiguration is returned when querying for the current Raft configuration.
@@ -36,6 +42,11 @@ type RaftConfiguration struct {
Index uint64
}
// TransferLeaderResponse is returned when querying for the current Raft configuration.
type TransferLeaderResponse struct {
Success bool
}
// RaftGetConfiguration is used to query the current Raft peer set.
func (op *Operator) RaftGetConfiguration(q *QueryOptions) (*RaftConfiguration, error) {
r := op.c.newRequest("GET", "/v1/operator/raft/configuration")
@@ -56,6 +67,26 @@ func (op *Operator) RaftGetConfiguration(q *QueryOptions) (*RaftConfiguration, e
return &out, nil
}
// RaftLeaderTransfer is used to transfer the current raft leader to another node
func (op *Operator) RaftLeaderTransfer(q *QueryOptions) (*TransferLeaderResponse, error) {
r := op.c.newRequest("POST", "/v1/operator/raft/transfer-leader")
r.setQueryOptions(q)
_, resp, err := op.c.doRequest(r)
if err != nil {
return nil, err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return nil, err
}
var out TransferLeaderResponse
if err := decodeBody(resp, &out); err != nil {
return nil, err
}
return &out, nil
}
// RaftRemovePeerByAddress is used to kick a stale peer (one that it in the Raft
// quorum but no longer known to Serf or the catalog) by address in the form of
// "IP:port".

3
vendor/github.com/hashicorp/consul/api/operator_segment.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// SegmentList returns all the available LAN segments.

57
vendor/github.com/hashicorp/consul/api/operator_usage.go generated vendored Normal file
View File

@@ -0,0 +1,57 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
type Usage struct {
// Usage is a map of datacenter -> usage information
Usage map[string]ServiceUsage
}
// ServiceUsage contains information about the number of services and service instances for a datacenter.
type ServiceUsage struct {
Nodes int
Services int
ServiceInstances int
ConnectServiceInstances map[string]int
// Billable services are of "typical" service kind (i.e. non-connect or connect-native),
// excluding the "consul" service.
BillableServiceInstances int
// A map of partition+namespace to number of unique services registered in that namespace
PartitionNamespaceServices map[string]map[string]int
// A map of partition+namespace to number of service instances registered in that namespace
PartitionNamespaceServiceInstances map[string]map[string]int
// A map of partition+namespace+kind to number of service-mesh instances registered in that namespace
PartitionNamespaceConnectServiceInstances map[string]map[string]map[string]int
// A map of partition+namespace to number of billable instances registered in that namespace
PartitionNamespaceBillableServiceInstances map[string]map[string]int
}
// Usage is used to query for usage information in the given datacenter.
func (op *Operator) Usage(q *QueryOptions) (*Usage, *QueryMeta, error) {
r := op.c.newRequest("GET", "/v1/operator/usage")
r.setQueryOptions(q)
rtt, resp, err := op.c.doRequest(r)
if err != nil {
return nil, nil, err
}
defer closeResponseBody(resp)
if err := requireOK(resp); err != nil {
return nil, nil, err
}
qm := &QueryMeta{}
parseQueryMeta(resp, qm)
qm.RequestTime = rtt
var out *Usage
if err := decodeBody(resp, &out); err != nil {
return nil, nil, err
}
return out, qm, nil
}

3
vendor/github.com/hashicorp/consul/api/partition.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

43
vendor/github.com/hashicorp/consul/api/peering.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -39,6 +42,23 @@ const (
PeeringStateTerminated PeeringState = "TERMINATED"
)
type PeeringRemoteInfo struct {
// Partition is the remote peer's partition.
Partition string
// Datacenter is the remote peer's datacenter.
Datacenter string
Locality *Locality `json:",omitempty"`
}
// Locality identifies where a given entity is running.
type Locality struct {
// Region is region the zone belongs to.
Region string
// Zone is the zone the entity is running in.
Zone string
}
type Peering struct {
// ID is a datacenter-scoped UUID for the peering.
ID string
@@ -62,14 +82,27 @@ type Peering struct {
PeerServerName string `json:",omitempty"`
// PeerServerAddresses contains all the connection addresses for the remote peer.
PeerServerAddresses []string `json:",omitempty"`
// ImportedServiceCount is the count of how many services are imported from this peering.
ImportedServiceCount uint64
// ExportedServiceCount is the count of how many services are exported to this peering.
ExportedServiceCount uint64
// StreamStatus contains information computed on read based on the state of the stream.
StreamStatus PeeringStreamStatus
// CreateIndex is the Raft index at which the Peering was created.
CreateIndex uint64
// ModifyIndex is the latest Raft index at which the Peering. was modified.
// ModifyIndex is the latest Raft index at which the Peering was modified.
ModifyIndex uint64
// Remote contains metadata for the remote peer.
Remote PeeringRemoteInfo
}
type PeeringStreamStatus struct {
// ImportedServices is the list of services imported from this peering.
ImportedServices []string
// ExportedServices is the list of services exported to this peering.
ExportedServices []string
// LastHeartbeat represents when the last heartbeat message was received.
LastHeartbeat *time.Time
// LastReceive represents when any message was last received, regardless of success or error.
LastReceive *time.Time
// LastSend represents when any message was last sent, regardless of success or error.
LastSend *time.Time
}
type PeeringReadResponse struct {

31
vendor/github.com/hashicorp/consul/api/prepared_query.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// QueryFailoverOptions sets options about how we fail over if there are no
@@ -21,11 +24,19 @@ type QueryFailoverOptions struct {
type QueryDatacenterOptions = QueryFailoverOptions
type QueryFailoverTarget struct {
// PeerName specifies a peer to try during failover.
PeerName string
// Peer specifies a peer to try during failover.
Peer string
// Datacenter specifies a datacenter to try during failover.
Datacenter string
// Partition specifies a partition to try during failover
// Note: Partition are available only in Consul Enterprise
Partition string `json:",omitempty"`
// Namespace specifies a namespace to try during failover
// Note: Namespaces are available only in Consul Enterprise
Namespace string `json:",omitempty"`
}
// QueryDNSOptions controls settings when query results are served over DNS.
@@ -40,9 +51,17 @@ type ServiceQuery struct {
// Service is the service to query.
Service string
// SamenessGroup specifies a sameness group to query. The first member of the Sameness Group will
// be targeted first on PQ execution and subsequent members will be targeted during failover scenarios.
// This field is mutually exclusive with Failover.
SamenessGroup string `json:",omitempty"`
// Namespace of the service to query
Namespace string `json:",omitempty"`
// Partition of the service to query
Partition string `json:",omitempty"`
// Near allows baking in the name of a node to automatically distance-
// sort from. The magic "_agent" value is supported, which sorts near
// the agent which initiated the request by default.
@@ -50,7 +69,7 @@ type ServiceQuery struct {
// Failover controls what we do if there are no healthy nodes in the
// local datacenter.
Failover QueryFailoverOptions
Failover QueryFailoverOptions `json:",omitempty"`
// IgnoreCheckIDs is an optional list of health check IDs to ignore when
// considering which nodes are healthy. It is useful as an emergency measure
@@ -96,6 +115,12 @@ type QueryTemplate struct {
// Regexp allows specifying a regex pattern to match against the name
// of the query being executed.
Regexp string
// RemoveEmptyTags if set to true, will cause the Tags list inside
// the Service structure to be stripped of any empty strings. This is useful
// when interpolating into tags in a way where the tag is optional, and
// where searching for an empty tag would yield no results from the query.
RemoveEmptyTags bool
}
// PreparedQueryDefinition defines a complete prepared query.

3
vendor/github.com/hashicorp/consul/api/raw.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// Raw can be used to do raw queries against custom endpoints

3
vendor/github.com/hashicorp/consul/api/semaphore.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

3
vendor/github.com/hashicorp/consul/api/session.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

3
vendor/github.com/hashicorp/consul/api/snapshot.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (

3
vendor/github.com/hashicorp/consul/api/status.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
// Status can be used to query the Status endpoints

4
vendor/github.com/hashicorp/consul/api/txn.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package api
import (
@@ -67,6 +70,7 @@ const (
KVLock KVOp = "lock"
KVUnlock KVOp = "unlock"
KVGet KVOp = "get"
KVGetOrEmpty KVOp = "get-or-empty"
KVGetTree KVOp = "get-tree"
KVCheckSession KVOp = "check-session"
KVCheckIndex KVOp = "check-index"

32
vendor/github.com/hashicorp/consul/api/watch/funcs.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package watch
import (
@@ -89,13 +92,20 @@ func keyPrefixWatch(params map[string]interface{}) (WatcherFunc, error) {
// servicesWatch is used to watch the list of available services
func servicesWatch(params map[string]interface{}) (WatcherFunc, error) {
stale := false
filter := ""
if err := assignValueBool(params, "stale", &stale); err != nil {
return nil, err
}
if err := assignValue(params, "filter", &filter); err != nil {
return nil, err
}
fn := func(p *Plan) (BlockingParamVal, interface{}, error) {
catalog := p.client.Catalog()
opts := makeQueryOptionsWithContext(p, stale)
if filter != "" {
opts.Filter = filter
}
defer p.cancelFunc()
services, meta, err := catalog.Services(&opts)
if err != nil {
@@ -109,13 +119,20 @@ func servicesWatch(params map[string]interface{}) (WatcherFunc, error) {
// nodesWatch is used to watch the list of available nodes
func nodesWatch(params map[string]interface{}) (WatcherFunc, error) {
stale := false
filter := ""
if err := assignValueBool(params, "stale", &stale); err != nil {
return nil, err
}
if err := assignValue(params, "filter", &filter); err != nil {
return nil, err
}
fn := func(p *Plan) (BlockingParamVal, interface{}, error) {
catalog := p.client.Catalog()
opts := makeQueryOptionsWithContext(p, stale)
if filter != "" {
opts.Filter = filter
}
defer p.cancelFunc()
nodes, meta, err := catalog.Nodes(&opts)
if err != nil {
@@ -129,9 +146,13 @@ func nodesWatch(params map[string]interface{}) (WatcherFunc, error) {
// serviceWatch is used to watch a specific service for changes
func serviceWatch(params map[string]interface{}) (WatcherFunc, error) {
stale := false
filter := ""
if err := assignValueBool(params, "stale", &stale); err != nil {
return nil, err
}
if err := assignValue(params, "filter", &filter); err != nil {
return nil, err
}
var (
service string
@@ -155,6 +176,9 @@ func serviceWatch(params map[string]interface{}) (WatcherFunc, error) {
fn := func(p *Plan) (BlockingParamVal, interface{}, error) {
health := p.client.Health()
opts := makeQueryOptionsWithContext(p, stale)
if filter != "" {
opts.Filter = filter
}
defer p.cancelFunc()
nodes, meta, err := health.ServiceMultipleTags(service, tags, passingOnly, &opts)
if err != nil {
@@ -172,13 +196,16 @@ func checksWatch(params map[string]interface{}) (WatcherFunc, error) {
return nil, err
}
var service, state string
var service, state, filter string
if err := assignValue(params, "service", &service); err != nil {
return nil, err
}
if err := assignValue(params, "state", &state); err != nil {
return nil, err
}
if err := assignValue(params, "filter", &filter); err != nil {
return nil, err
}
if service != "" && state != "" {
return nil, fmt.Errorf("Cannot specify service and state")
}
@@ -193,6 +220,9 @@ func checksWatch(params map[string]interface{}) (WatcherFunc, error) {
var checks []*consulapi.HealthCheck
var meta *consulapi.QueryMeta
var err error
if filter != "" {
opts.Filter = filter
}
if state != "" {
checks, meta, err = health.State(state, &opts)
} else {

8
vendor/github.com/hashicorp/consul/api/watch/plan.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package watch
import (
@@ -8,8 +11,9 @@ import (
"reflect"
"time"
consulapi "github.com/hashicorp/consul/api"
"github.com/hashicorp/go-hclog"
consulapi "github.com/hashicorp/consul/api"
)
const (
@@ -133,7 +137,7 @@ OUTER:
return nil
}
//Deprecated: Use RunwithClientAndHclog
// Deprecated: Use RunwithClientAndHclog
func (p *Plan) RunWithClientAndLogger(client *consulapi.Client, logger *log.Logger) error {
p.client = client

3
vendor/github.com/hashicorp/consul/api/watch/watch.go generated vendored
View File

@@ -1,3 +1,6 @@
// Copyright (c) HashiCorp, Inc.
// SPDX-License-Identifier: MPL-2.0
package watch
import (

49
vendor/github.com/miekg/dns/LICENSE generated vendored
View File

@@ -1,30 +1,29 @@
Copyright (c) 2009 The Go Authors. All rights reserved.
BSD 3-Clause License
Copyright (c) 2009, The Go Authors. Extensions copyright (c) 2011, Miek Gieben.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are
met:
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above
copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the
distribution.
* Neither the name of Google Inc. nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
1. Redistributions of source code must retain the above copyright notice, this
list of conditions and the following disclaimer.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
2. Redistributions in binary form must reproduce the above copyright notice,
this list of conditions and the following disclaimer in the documentation
and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its
contributors may be used to endorse or promote products derived from
this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
As this is fork of the official Go code the same license applies.
Extensions of the original work are copyright (c) 2011 Miek Gieben

7
vendor/github.com/miekg/dns/README.md generated vendored
View File

@@ -77,6 +77,11 @@ A not-so-up-to-date-list-that-may-be-actually-current:
* https://ping.sx/dig
* https://fleetdeck.io/
* https://github.com/markdingo/autoreverse
* https://github.com/slackhq/nebula
* https://addr.tools/
* https://dnscheck.tools/
* https://github.com/egbakou/domainverifier
* https://github.com/semihalev/sdns
Send pull request if you want to be listed here.
@@ -140,6 +145,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
* 340{1,2,3} - NAPTR record
* 3445 - Limiting the scope of (DNS)KEY
* 3597 - Unknown RRs
* 4025 - A Method for Storing IPsec Keying Material in DNS
* 403{3,4,5} - DNSSEC + validation functions
* 4255 - SSHFP record
* 4343 - Case insensitivity
@@ -175,6 +181,7 @@ Example programs can be found in the `github.com/miekg/exdns` repository.
* 8080 - EdDSA for DNSSEC
* 8499 - DNS Terminology
* 8659 - DNS Certification Authority Authorization (CAA) Resource Record
* 8777 - DNS Reverse IP Automatic Multicast Tunneling (AMT) Discovery
* 8914 - Extended DNS Errors
* 8976 - Message Digest for DNS Zones (ZONEMD RR)

3
vendor/github.com/miekg/dns/acceptfunc.go generated vendored
View File

@@ -10,8 +10,6 @@ type MsgAcceptFunc func(dh Header) MsgAcceptAction
//
// * opcode isn't OpcodeQuery or OpcodeNotify
//
// * Zero bit isn't zero
//
// * does not have exactly 1 question in the question section
//
// * has more than 1 RR in the Answer section
@@ -19,7 +17,6 @@ type MsgAcceptFunc func(dh Header) MsgAcceptAction
// * has more than 0 RRs in the Authority section
//
// * has more than 2 RRs in the Additional section
//
var DefaultMsgAcceptFunc MsgAcceptFunc = defaultMsgAcceptFunc
// MsgAcceptAction represents the action to be taken.

69
vendor/github.com/miekg/dns/client.go generated vendored
View File

@@ -6,7 +6,6 @@ import (
"context"
"crypto/tls"
"encoding/binary"
"fmt"
"io"
"net"
"strings"
@@ -56,14 +55,20 @@ type Client struct {
// Timeout is a cumulative timeout for dial, write and read, defaults to 0 (disabled) - overrides DialTimeout, ReadTimeout,
// WriteTimeout when non-zero. Can be overridden with net.Dialer.Timeout (see Client.ExchangeWithDialer and
// Client.Dialer) or context.Context.Deadline (see ExchangeContext)
Timeout time.Duration
DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds, or net.Dialer.Timeout if expiring earlier - overridden by Timeout when that value is non-zero
ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero
WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero
TsigSecret map[string]string // secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
TsigProvider TsigProvider // An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
SingleInflight bool // if true suppress multiple outstanding queries for the same Qname, Qtype and Qclass
group singleflight
Timeout time.Duration
DialTimeout time.Duration // net.DialTimeout, defaults to 2 seconds, or net.Dialer.Timeout if expiring earlier - overridden by Timeout when that value is non-zero
ReadTimeout time.Duration // net.Conn.SetReadTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero
WriteTimeout time.Duration // net.Conn.SetWriteTimeout value for connections, defaults to 2 seconds - overridden by Timeout when that value is non-zero
TsigSecret map[string]string // secret(s) for Tsig map[<zonename>]<base64 secret>, zonename must be in canonical form (lowercase, fqdn, see RFC 4034 Section 6.2)
TsigProvider TsigProvider // An implementation of the TsigProvider interface. If defined it replaces TsigSecret and is used for all TSIG operations.
// SingleInflight previously serialised multiple concurrent queries for the
// same Qname, Qtype and Qclass to ensure only one would be in flight at a
// time.
//
// Deprecated: This is a no-op. Callers should implement their own in flight
// query caching if needed. See github.com/miekg/dns/issues/1449.
SingleInflight bool
}
// Exchange performs a synchronous UDP query. It sends the message m to the address
@@ -106,7 +111,6 @@ func (c *Client) Dial(address string) (conn *Conn, err error) {
}
// DialContext connects to the address on the named network, with a context.Context.
// For TLS over TCP (DoT) the context isn't used yet. This will be enabled when Go 1.18 is released.
func (c *Client) DialContext(ctx context.Context, address string) (conn *Conn, err error) {
// create a new dialer with the appropriate timeout
var d net.Dialer
@@ -127,15 +131,11 @@ func (c *Client) DialContext(ctx context.Context, address string) (conn *Conn, e
if useTLS {
network = strings.TrimSuffix(network, "-tls")
// TODO(miekg): Enable after Go 1.18 is released, to be able to support two prev. releases.
/*
tlsDialer := tls.Dialer{
NetDialer: &d,
Config: c.TLSConfig,
}
conn.Conn, err = tlsDialer.DialContext(ctx, network, address)
*/
conn.Conn, err = tls.DialWithDialer(&d, network, address, c.TLSConfig)
tlsDialer := tls.Dialer{
NetDialer: &d,
Config: c.TLSConfig,
}
conn.Conn, err = tlsDialer.DialContext(ctx, network, address)
} else {
conn.Conn, err = d.DialContext(ctx, network, address)
}
@@ -183,33 +183,13 @@ func (c *Client) Exchange(m *Msg, address string) (r *Msg, rtt time.Duration, er
// This allows users of the library to implement their own connection management,
// as opposed to Exchange, which will always use new connections and incur the added overhead
// that entails when using "tcp" and especially "tcp-tls" clients.
//
// When the singleflight is set for this client the context is _not_ forwarded to the (shared) exchange, to
// prevent one cancelation from canceling all outstanding requests.
func (c *Client) ExchangeWithConn(m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error) {
return c.exchangeWithConnContext(context.Background(), m, conn)
return c.ExchangeWithConnContext(context.Background(), m, conn)
}
func (c *Client) exchangeWithConnContext(ctx context.Context, m *Msg, conn *Conn) (r *Msg, rtt time.Duration, err error) {
if !c.SingleInflight {
return c.exchangeContext(ctx, m, conn)
}
q := m.Question[0]
key := fmt.Sprintf("%s:%d:%d", q.Name, q.Qtype, q.Qclass)
r, rtt, err, shared := c.group.Do(key, func() (*Msg, time.Duration, error) {
// When we're doing singleflight we don't want one context cancelation, cancel _all_ outstanding queries.
// Hence we ignore the context and use Background().
return c.exchangeContext(context.Background(), m, conn)
})
if r != nil && shared {
r = r.Copy()
}
return r, rtt, err
}
func (c *Client) exchangeContext(ctx context.Context, m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error) {
// ExchangeWithConnContext has the same behaviour as ExchangeWithConn and
// additionally obeys deadlines from the passed Context.
func (c *Client) ExchangeWithConnContext(ctx context.Context, m *Msg, co *Conn) (r *Msg, rtt time.Duration, err error) {
opt := m.IsEdns0()
// If EDNS0 is used use that for size.
if opt != nil && opt.UDPSize() >= MinMsgSize {
@@ -431,7 +411,6 @@ func ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg, err error)
// co.WriteMsg(m)
// in, _ := co.ReadMsg()
// co.Close()
//
func ExchangeConn(c net.Conn, m *Msg) (r *Msg, err error) {
println("dns: ExchangeConn: this function is deprecated")
co := new(Conn)
@@ -480,5 +459,5 @@ func (c *Client) ExchangeContext(ctx context.Context, m *Msg, a string) (r *Msg,
}
defer conn.Close()
return c.exchangeWithConnContext(ctx, m, conn)
return c.ExchangeWithConnContext(ctx, m, conn)
}

2
vendor/github.com/miekg/dns/clientconfig.go generated vendored
View File

@@ -68,7 +68,7 @@ func ClientConfigFromReader(resolvconf io.Reader) (*ClientConfig, error) {
}
case "search": // set search path to given servers
c.Search = append([]string(nil), f[1:]...)
c.Search = cloneSlice(f[1:])
case "options": // magic options
for _, s := range f[1:] {

54
vendor/github.com/miekg/dns/defaults.go generated vendored
View File

@@ -22,8 +22,7 @@ func (dns *Msg) SetReply(request *Msg) *Msg {
}
dns.Rcode = RcodeSuccess
if len(request.Question) > 0 {
dns.Question = make([]Question, 1)
dns.Question[0] = request.Question[0]
dns.Question = []Question{request.Question[0]}
}
return dns
}
@@ -208,7 +207,7 @@ func IsDomainName(s string) (labels int, ok bool) {
}
// check for \DDD
if i+3 < len(s) && isDigit(s[i+1]) && isDigit(s[i+2]) && isDigit(s[i+3]) {
if isDDD(s[i+1:]) {
i += 3
begin += 3
} else {
@@ -272,40 +271,39 @@ func IsMsg(buf []byte) error {
// IsFqdn checks if a domain name is fully qualified.
func IsFqdn(s string) bool {
s2 := strings.TrimSuffix(s, ".")
if s == s2 {
// Check for (and remove) a trailing dot, returning if there isn't one.
if s == "" || s[len(s)-1] != '.' {
return false
}
s = s[:len(s)-1]
i := strings.LastIndexFunc(s2, func(r rune) bool {
// If we don't have an escape sequence before the final dot, we know it's
// fully qualified and can return here.
if s == "" || s[len(s)-1] != '\\' {
return true
}
// Otherwise we have to check if the dot is escaped or not by checking if
// there are an odd or even number of escape sequences before the dot.
i := strings.LastIndexFunc(s, func(r rune) bool {
return r != '\\'
})
// Test whether we have an even number of escape sequences before
// the dot or none.
return (len(s2)-i)%2 != 0
return (len(s)-i)%2 != 0
}
// IsRRset checks if a set of RRs is a valid RRset as defined by RFC 2181.
// This means the RRs need to have the same type, name, and class. Returns true
// if the RR set is valid, otherwise false.
// IsRRset reports whether a set of RRs is a valid RRset as defined by RFC 2181.
// This means the RRs need to have the same type, name, and class.
func IsRRset(rrset []RR) bool {
if len(rrset) == 0 {
return false
}
if len(rrset) == 1 {
return true
}
rrHeader := rrset[0].Header()
rrType := rrHeader.Rrtype
rrClass := rrHeader.Class
rrName := rrHeader.Name
baseH := rrset[0].Header()
for _, rr := range rrset[1:] {
curRRHeader := rr.Header()
if curRRHeader.Rrtype != rrType || curRRHeader.Class != rrClass || curRRHeader.Name != rrName {
curH := rr.Header()
if curH.Rrtype != baseH.Rrtype || curH.Class != baseH.Class || curH.Name != baseH.Name {
// Mismatch between the records, so this is not a valid rrset for
//signing/verifying
// signing/verifying
return false
}
}
@@ -323,9 +321,15 @@ func Fqdn(s string) string {
}
// CanonicalName returns the domain name in canonical form. A name in canonical
// form is lowercase and fully qualified. See Section 6.2 in RFC 4034.
// form is lowercase and fully qualified. Only US-ASCII letters are affected. See
// Section 6.2 in RFC 4034.
func CanonicalName(s string) string {
return strings.ToLower(Fqdn(s))
return strings.Map(func(r rune) rune {
if r >= 'A' && r <= 'Z' {
r += 'a' - 'A'
}
return r
}, Fqdn(s))
}
// Copied from the official Go code.

14
vendor/github.com/miekg/dns/dnssec.go generated vendored
View File

@@ -128,10 +128,6 @@ type dnskeyWireFmt struct {
/* Nothing is left out */
}
func divRoundUp(a, b int) int {
return (a + b - 1) / b
}
// KeyTag calculates the keytag (or key-id) of the DNSKEY.
func (k *DNSKEY) KeyTag() uint16 {
if k == nil {
@@ -417,11 +413,11 @@ func (rr *RRSIG) Verify(k *DNSKEY, rrset []RR) error {
return err
}
sigbuf := rr.sigBuf() // Get the binary signature data
if rr.Algorithm == PRIVATEDNS { // PRIVATEOID
// TODO(miek)
// remove the domain name and assume its ours?
}
sigbuf := rr.sigBuf() // Get the binary signature data
// TODO(miek)
// remove the domain name and assume its ours?
// if rr.Algorithm == PRIVATEDNS { // PRIVATEOID
// }
h, cryptohash, err := hashFromAlgorithm(rr.Algorithm)
if err != nil {

3
vendor/github.com/miekg/dns/dnssec_keyscan.go generated vendored
View File

@@ -37,7 +37,8 @@ func (k *DNSKEY) ReadPrivateKey(q io.Reader, file string) (crypto.PrivateKey, er
return nil, ErrPrivKey
}
// TODO(mg): check if the pubkey matches the private key
algo, err := strconv.ParseUint(strings.SplitN(m["algorithm"], " ", 2)[0], 10, 8)
algoStr, _, _ := strings.Cut(m["algorithm"], " ")
algo, err := strconv.ParseUint(algoStr, 10, 8)
if err != nil {
return nil, ErrPrivKey
}

86
vendor/github.com/miekg/dns/doc.go generated vendored
View File

@@ -13,28 +13,28 @@ names in a message will result in a packing failure.
Resource records are native types. They are not stored in wire format. Basic
usage pattern for creating a new resource record:
r := new(dns.MX)
r.Hdr = dns.RR_Header{Name: "miek.nl.", Rrtype: dns.TypeMX, Class: dns.ClassINET, Ttl: 3600}
r.Preference = 10
r.Mx = "mx.miek.nl."
r := new(dns.MX)
r.Hdr = dns.RR_Header{Name: "miek.nl.", Rrtype: dns.TypeMX, Class: dns.ClassINET, Ttl: 3600}
r.Preference = 10
r.Mx = "mx.miek.nl."
Or directly from a string:
mx, err := dns.NewRR("miek.nl. 3600 IN MX 10 mx.miek.nl.")
mx, err := dns.NewRR("miek.nl. 3600 IN MX 10 mx.miek.nl.")
Or when the default origin (.) and TTL (3600) and class (IN) suit you:
mx, err := dns.NewRR("miek.nl MX 10 mx.miek.nl")
mx, err := dns.NewRR("miek.nl MX 10 mx.miek.nl")
Or even:
mx, err := dns.NewRR("$ORIGIN nl.\nmiek 1H IN MX 10 mx.miek")
mx, err := dns.NewRR("$ORIGIN nl.\nmiek 1H IN MX 10 mx.miek")
In the DNS messages are exchanged, these messages contain resource records
(sets). Use pattern for creating a message:
m := new(dns.Msg)
m.SetQuestion("miek.nl.", dns.TypeMX)
m := new(dns.Msg)
m.SetQuestion("miek.nl.", dns.TypeMX)
Or when not certain if the domain name is fully qualified:
@@ -45,17 +45,17 @@ records for the miek.nl. zone.
The following is slightly more verbose, but more flexible:
m1 := new(dns.Msg)
m1.Id = dns.Id()
m1.RecursionDesired = true
m1.Question = make([]dns.Question, 1)
m1.Question[0] = dns.Question{"miek.nl.", dns.TypeMX, dns.ClassINET}
m1 := new(dns.Msg)
m1.Id = dns.Id()
m1.RecursionDesired = true
m1.Question = make([]dns.Question, 1)
m1.Question[0] = dns.Question{"miek.nl.", dns.TypeMX, dns.ClassINET}
After creating a message it can be sent. Basic use pattern for synchronous
querying the DNS at a server configured on 127.0.0.1 and port 53:
c := new(dns.Client)
in, rtt, err := c.Exchange(m1, "127.0.0.1:53")
c := new(dns.Client)
in, rtt, err := c.Exchange(m1, "127.0.0.1:53")
Suppressing multiple outstanding queries (with the same question, type and
class) is as easy as setting:
@@ -72,7 +72,7 @@ and port to use for the connection:
Port: 12345,
Zone: "",
}
c.Dialer := &net.Dialer{
c.Dialer = &net.Dialer{
Timeout: 200 * time.Millisecond,
LocalAddr: &laddr,
}
@@ -96,7 +96,7 @@ the Answer section:
// do something with t.Txt
}
Domain Name and TXT Character String Representations
# Domain Name and TXT Character String Representations
Both domain names and TXT character strings are converted to presentation form
both when unpacked and when converted to strings.
@@ -108,7 +108,7 @@ be escaped. Bytes below 32 and above 127 will be converted to \DDD form.
For domain names, in addition to the above rules brackets, periods, spaces,
semicolons and the at symbol are escaped.
DNSSEC
# DNSSEC
DNSSEC (DNS Security Extension) adds a layer of security to the DNS. It uses
public key cryptography to sign resource records. The public keys are stored in
@@ -117,12 +117,12 @@ DNSKEY records and the signatures in RRSIG records.
Requesting DNSSEC information for a zone is done by adding the DO (DNSSEC OK)
bit to a request.
m := new(dns.Msg)
m.SetEdns0(4096, true)
m := new(dns.Msg)
m.SetEdns0(4096, true)
Signature generation, signature verification and key generation are all supported.
DYNAMIC UPDATES
# DYNAMIC UPDATES
Dynamic updates reuses the DNS message format, but renames three of the
sections. Question is Zone, Answer is Prerequisite, Authority is Update, only
@@ -133,30 +133,30 @@ certain resource records or names in a zone to specify if resource records
should be added or removed. The table from RFC 2136 supplemented with the Go
DNS function shows which functions exist to specify the prerequisites.
3.2.4 - Table Of Metavalues Used In Prerequisite Section
3.2.4 - Table Of Metavalues Used In Prerequisite Section
CLASS TYPE RDATA Meaning Function
--------------------------------------------------------------
ANY ANY empty Name is in use dns.NameUsed
ANY rrset empty RRset exists (value indep) dns.RRsetUsed
NONE ANY empty Name is not in use dns.NameNotUsed
NONE rrset empty RRset does not exist dns.RRsetNotUsed
zone rrset rr RRset exists (value dep) dns.Used
CLASS TYPE RDATA Meaning Function
--------------------------------------------------------------
ANY ANY empty Name is in use dns.NameUsed
ANY rrset empty RRset exists (value indep) dns.RRsetUsed
NONE ANY empty Name is not in use dns.NameNotUsed
NONE rrset empty RRset does not exist dns.RRsetNotUsed
zone rrset rr RRset exists (value dep) dns.Used
The prerequisite section can also be left empty. If you have decided on the
prerequisites you can tell what RRs should be added or deleted. The next table
shows the options you have and what functions to call.
3.4.2.6 - Table Of Metavalues Used In Update Section
3.4.2.6 - Table Of Metavalues Used In Update Section
CLASS TYPE RDATA Meaning Function
---------------------------------------------------------------
ANY ANY empty Delete all RRsets from name dns.RemoveName
ANY rrset empty Delete an RRset dns.RemoveRRset
NONE rrset rr Delete an RR from RRset dns.Remove
zone rrset rr Add to an RRset dns.Insert
CLASS TYPE RDATA Meaning Function
---------------------------------------------------------------
ANY ANY empty Delete all RRsets from name dns.RemoveName
ANY rrset empty Delete an RRset dns.RemoveRRset
NONE rrset rr Delete an RR from RRset dns.Remove
zone rrset rr Add to an RRset dns.Insert
TRANSACTION SIGNATURE
# TRANSACTION SIGNATURE
An TSIG or transaction signature adds a HMAC TSIG record to each message sent.
The supported algorithms include: HmacSHA1, HmacSHA256 and HmacSHA512.
@@ -239,7 +239,7 @@ Basic use pattern validating and replying to a message that has TSIG set.
w.WriteMsg(m)
}
PRIVATE RRS
# PRIVATE RRS
RFC 6895 sets aside a range of type codes for private use. This range is 65,280
- 65,534 (0xFF00 - 0xFFFE). When experimenting with new Resource Records these
@@ -248,7 +248,7 @@ can be used, before requesting an official type code from IANA.
See https://miek.nl/2014/september/21/idn-and-private-rr-in-go-dns/ for more
information.
EDNS0
# EDNS0
EDNS0 is an extension mechanism for the DNS defined in RFC 2671 and updated by
RFC 6891. It defines a new RR type, the OPT RR, which is then completely
@@ -279,9 +279,9 @@ SIG(0)
From RFC 2931:
SIG(0) provides protection for DNS transactions and requests ....
... protection for glue records, DNS requests, protection for message headers
on requests and responses, and protection of the overall integrity of a response.
SIG(0) provides protection for DNS transactions and requests ....
... protection for glue records, DNS requests, protection for message headers
on requests and responses, and protection of the overall integrity of a response.
It works like TSIG, except that SIG(0) uses public key cryptography, instead of
the shared secret approach in TSIG. Supported algorithms: ECDSAP256SHA256,

55
vendor/github.com/miekg/dns/edns.go generated vendored
View File

@@ -78,7 +78,10 @@ func (rr *OPT) String() string {
if rr.Do() {
s += "flags: do; "
} else {
s += "flags: ; "
s += "flags:; "
}
if rr.Hdr.Ttl&0x7FFF != 0 {
s += fmt.Sprintf("MBZ: 0x%04x, ", rr.Hdr.Ttl&0x7FFF)
}
s += "udp: " + strconv.Itoa(int(rr.UDPSize()))
@@ -98,6 +101,8 @@ func (rr *OPT) String() string {
s += "\n; SUBNET: " + o.String()
case *EDNS0_COOKIE:
s += "\n; COOKIE: " + o.String()
case *EDNS0_EXPIRE:
s += "\n; EXPIRE: " + o.String()
case *EDNS0_TCP_KEEPALIVE:
s += "\n; KEEPALIVE: " + o.String()
case *EDNS0_UL:
@@ -180,7 +185,7 @@ func (rr *OPT) Do() bool {
// SetDo sets the DO (DNSSEC OK) bit.
// If we pass an argument, set the DO bit to that value.
// It is possible to pass 2 or more arguments. Any arguments after the 1st is silently ignored.
// It is possible to pass 2 or more arguments, but they will be ignored.
func (rr *OPT) SetDo(do ...bool) {
if len(do) == 1 {
if do[0] {
@@ -258,7 +263,7 @@ func (e *EDNS0_NSID) copy() EDNS0 { return &EDNS0_NSID{e.Code, e.Nsid}
// o.Hdr.Name = "."
// o.Hdr.Rrtype = dns.TypeOPT
// e := new(dns.EDNS0_SUBNET)
// e.Code = dns.EDNS0SUBNET
// e.Code = dns.EDNS0SUBNET // by default this is filled in through unpacking OPT packets (unpackDataOpt)
// e.Family = 1 // 1 for IPv4 source address, 2 for IPv6
// e.SourceNetmask = 32 // 32 for IPV4, 128 for IPv6
// e.SourceScope = 0
@@ -503,6 +508,7 @@ func (e *EDNS0_LLQ) String() string {
" " + strconv.FormatUint(uint64(e.LeaseLife), 10)
return s
}
func (e *EDNS0_LLQ) copy() EDNS0 {
return &EDNS0_LLQ{e.Code, e.Version, e.Opcode, e.Error, e.Id, e.LeaseLife}
}
@@ -515,8 +521,8 @@ type EDNS0_DAU struct {
// Option implements the EDNS0 interface.
func (e *EDNS0_DAU) Option() uint16 { return EDNS0DAU }
func (e *EDNS0_DAU) pack() ([]byte, error) { return e.AlgCode, nil }
func (e *EDNS0_DAU) unpack(b []byte) error { e.AlgCode = b; return nil }
func (e *EDNS0_DAU) pack() ([]byte, error) { return cloneSlice(e.AlgCode), nil }
func (e *EDNS0_DAU) unpack(b []byte) error { e.AlgCode = cloneSlice(b); return nil }
func (e *EDNS0_DAU) String() string {
s := ""
@@ -539,8 +545,8 @@ type EDNS0_DHU struct {
// Option implements the EDNS0 interface.
func (e *EDNS0_DHU) Option() uint16 { return EDNS0DHU }
func (e *EDNS0_DHU) pack() ([]byte, error) { return e.AlgCode, nil }
func (e *EDNS0_DHU) unpack(b []byte) error { e.AlgCode = b; return nil }
func (e *EDNS0_DHU) pack() ([]byte, error) { return cloneSlice(e.AlgCode), nil }
func (e *EDNS0_DHU) unpack(b []byte) error { e.AlgCode = cloneSlice(b); return nil }
func (e *EDNS0_DHU) String() string {
s := ""
@@ -563,8 +569,8 @@ type EDNS0_N3U struct {
// Option implements the EDNS0 interface.
func (e *EDNS0_N3U) Option() uint16 { return EDNS0N3U }
func (e *EDNS0_N3U) pack() ([]byte, error) { return e.AlgCode, nil }
func (e *EDNS0_N3U) unpack(b []byte) error { e.AlgCode = b; return nil }
func (e *EDNS0_N3U) pack() ([]byte, error) { return cloneSlice(e.AlgCode), nil }
func (e *EDNS0_N3U) unpack(b []byte) error { e.AlgCode = cloneSlice(b); return nil }
func (e *EDNS0_N3U) String() string {
// Re-use the hash map
@@ -641,30 +647,21 @@ type EDNS0_LOCAL struct {
// Option implements the EDNS0 interface.
func (e *EDNS0_LOCAL) Option() uint16 { return e.Code }
func (e *EDNS0_LOCAL) String() string {
return strconv.FormatInt(int64(e.Code), 10) + ":0x" + hex.EncodeToString(e.Data)
}
func (e *EDNS0_LOCAL) copy() EDNS0 {
b := make([]byte, len(e.Data))
copy(b, e.Data)
return &EDNS0_LOCAL{e.Code, b}
return &EDNS0_LOCAL{e.Code, cloneSlice(e.Data)}
}
func (e *EDNS0_LOCAL) pack() ([]byte, error) {
b := make([]byte, len(e.Data))
copied := copy(b, e.Data)
if copied != len(e.Data) {
return nil, ErrBuf
}
return b, nil
return cloneSlice(e.Data), nil
}
func (e *EDNS0_LOCAL) unpack(b []byte) error {
e.Data = make([]byte, len(b))
copied := copy(e.Data, b)
if copied != len(b) {
return ErrBuf
}
e.Data = cloneSlice(b)
return nil
}
@@ -727,14 +724,10 @@ type EDNS0_PADDING struct {
// Option implements the EDNS0 interface.
func (e *EDNS0_PADDING) Option() uint16 { return EDNS0PADDING }
func (e *EDNS0_PADDING) pack() ([]byte, error) { return e.Padding, nil }
func (e *EDNS0_PADDING) unpack(b []byte) error { e.Padding = b; return nil }
func (e *EDNS0_PADDING) pack() ([]byte, error) { return cloneSlice(e.Padding), nil }
func (e *EDNS0_PADDING) unpack(b []byte) error { e.Padding = cloneSlice(b); return nil }
func (e *EDNS0_PADDING) String() string { return fmt.Sprintf("%0X", e.Padding) }
func (e *EDNS0_PADDING) copy() EDNS0 {
b := make([]byte, len(e.Padding))
copy(b, e.Padding)
return &EDNS0_PADDING{b}
}
func (e *EDNS0_PADDING) copy() EDNS0 { return &EDNS0_PADDING{cloneSlice(e.Padding)} }
// Extended DNS Error Codes (RFC 8914).
const (
@@ -821,7 +814,7 @@ func (e *EDNS0_EDE) String() string {
func (e *EDNS0_EDE) pack() ([]byte, error) {
b := make([]byte, 2+len(e.ExtraText))
binary.BigEndian.PutUint16(b[0:], e.InfoCode)
copy(b[2:], []byte(e.ExtraText))
copy(b[2:], e.ExtraText)
return b, nil
}

1
vendor/github.com/miekg/dns/fuzz.go generated vendored
View File

@@ -1,3 +1,4 @@
//go:build fuzz
// +build fuzz
package dns

33
vendor/github.com/miekg/dns/generate.go generated vendored
View File

@@ -35,17 +35,17 @@ func (zp *ZoneParser) generate(l lex) (RR, bool) {
token = token[:i]
}
sx := strings.SplitN(token, "-", 2)
if len(sx) != 2 {
startStr, endStr, ok := strings.Cut(token, "-")
if !ok {
return zp.setParseError("bad start-stop in $GENERATE range", l)
}
start, err := strconv.ParseInt(sx[0], 10, 64)
start, err := strconv.ParseInt(startStr, 10, 64)
if err != nil {
return zp.setParseError("bad start in $GENERATE range", l)
}
end, err := strconv.ParseInt(sx[1], 10, 64)
end, err := strconv.ParseInt(endStr, 10, 64)
if err != nil {
return zp.setParseError("bad stop in $GENERATE range", l)
}
@@ -54,7 +54,7 @@ func (zp *ZoneParser) generate(l lex) (RR, bool) {
}
// _BLANK
l, ok := zp.c.Next()
l, ok = zp.c.Next()
if !ok || l.value != zBlank {
return zp.setParseError("garbage after $GENERATE range", l)
}
@@ -211,15 +211,16 @@ func (r *generateReader) ReadByte() (byte, error) {
func modToPrintf(s string) (string, int64, string) {
// Modifier is { offset [ ,width [ ,base ] ] } - provide default
// values for optional width and type, if necessary.
var offStr, widthStr, base string
switch xs := strings.Split(s, ","); len(xs) {
case 1:
offStr, widthStr, base = xs[0], "0", "d"
case 2:
offStr, widthStr, base = xs[0], xs[1], "d"
case 3:
offStr, widthStr, base = xs[0], xs[1], xs[2]
default:
offStr, s, ok0 := strings.Cut(s, ",")
widthStr, s, ok1 := strings.Cut(s, ",")
base, _, ok2 := strings.Cut(s, ",")
if !ok0 {
widthStr = "0"
}
if !ok1 {
base = "d"
}
if ok2 {
return "", 0, "bad modifier in $GENERATE"
}
@@ -234,8 +235,8 @@ func modToPrintf(s string) (string, int64, string) {
return "", 0, "bad offset in $GENERATE"
}
width, err := strconv.ParseInt(widthStr, 10, 64)
if err != nil || width < 0 || width > 255 {
width, err := strconv.ParseUint(widthStr, 10, 8)
if err != nil {
return "", 0, "bad width in $GENERATE"
}

2
vendor/github.com/miekg/dns/labels.go generated vendored
View File

@@ -122,7 +122,7 @@ func Split(s string) []int {
}
// NextLabel returns the index of the start of the next label in the
// string s starting at offset.
// string s starting at offset. A negative offset will cause a panic.
// The bool end is true when the end of the string has been reached.
// Also see PrevLabel.
func NextLabel(s string, offset int) (i int, end bool) {

13
vendor/github.com/miekg/dns/listen_no_reuseport.go generated vendored
View File

@@ -1,4 +1,5 @@
// +build !go1.11 !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd
//go:build !aix && !darwin && !dragonfly && !freebsd && !linux && !netbsd && !openbsd
// +build !aix,!darwin,!dragonfly,!freebsd,!linux,!netbsd,!openbsd
package dns
@@ -6,16 +7,18 @@ import "net"
const supportsReusePort = false
func listenTCP(network, addr string, reuseport bool) (net.Listener, error) {
if reuseport {
func listenTCP(network, addr string, reuseport, reuseaddr bool) (net.Listener, error) {
if reuseport || reuseaddr {
// TODO(tmthrgd): return an error?
}
return net.Listen(network, addr)
}
func listenUDP(network, addr string, reuseport bool) (net.PacketConn, error) {
if reuseport {
const supportsReuseAddr = false
func listenUDP(network, addr string, reuseport, reuseaddr bool) (net.PacketConn, error) {
if reuseport || reuseaddr {
// TODO(tmthrgd): return an error?
}

32
vendor/github.com/miekg/dns/listen_reuseport.go generated vendored
View File

@@ -1,4 +1,4 @@
// +build go1.11
//go:build aix || darwin || dragonfly || freebsd || linux || netbsd || openbsd
// +build aix darwin dragonfly freebsd linux netbsd openbsd
package dns
@@ -25,19 +25,41 @@ func reuseportControl(network, address string, c syscall.RawConn) error {
return opErr
}
func listenTCP(network, addr string, reuseport bool) (net.Listener, error) {
const supportsReuseAddr = true
func reuseaddrControl(network, address string, c syscall.RawConn) error {
var opErr error
err := c.Control(func(fd uintptr) {
opErr = unix.SetsockoptInt(int(fd), unix.SOL_SOCKET, unix.SO_REUSEADDR, 1)
})
if err != nil {
return err
}
return opErr
}
func listenTCP(network, addr string, reuseport, reuseaddr bool) (net.Listener, error) {
var lc net.ListenConfig
if reuseport {
switch {
case reuseaddr && reuseport:
case reuseport:
lc.Control = reuseportControl
case reuseaddr:
lc.Control = reuseaddrControl
}
return lc.Listen(context.Background(), network, addr)
}
func listenUDP(network, addr string, reuseport bool) (net.PacketConn, error) {
func listenUDP(network, addr string, reuseport, reuseaddr bool) (net.PacketConn, error) {
var lc net.ListenConfig
if reuseport {
switch {
case reuseaddr && reuseport:
case reuseport:
lc.Control = reuseportControl
case reuseaddr:
lc.Control = reuseaddrControl
}
return lc.ListenPacket(context.Background(), network, addr)

111
vendor/github.com/miekg/dns/msg.go generated vendored
View File

@@ -252,7 +252,7 @@ loop:
}
// check for \DDD
if i+3 < ls && isDigit(bs[i+1]) && isDigit(bs[i+2]) && isDigit(bs[i+3]) {
if isDDD(bs[i+1:]) {
bs[i] = dddToByte(bs[i+1:])
copy(bs[i+1:ls-3], bs[i+4:])
ls -= 3
@@ -448,7 +448,7 @@ Loop:
return string(s), off1, nil
}
func packTxt(txt []string, msg []byte, offset int, tmp []byte) (int, error) {
func packTxt(txt []string, msg []byte, offset int) (int, error) {
if len(txt) == 0 {
if offset >= len(msg) {
return offset, ErrBuf
@@ -458,10 +458,7 @@ func packTxt(txt []string, msg []byte, offset int, tmp []byte) (int, error) {
}
var err error
for _, s := range txt {
if len(s) > len(tmp) {
return offset, ErrBuf
}
offset, err = packTxtString(s, msg, offset, tmp)
offset, err = packTxtString(s, msg, offset)
if err != nil {
return offset, err
}
@@ -469,32 +466,30 @@ func packTxt(txt []string, msg []byte, offset int, tmp []byte) (int, error) {
return offset, nil
}
func packTxtString(s string, msg []byte, offset int, tmp []byte) (int, error) {
func packTxtString(s string, msg []byte, offset int) (int, error) {
lenByteOffset := offset
if offset >= len(msg) || len(s) > len(tmp) {
if offset >= len(msg) || len(s) > 256*4+1 /* If all \DDD */ {
return offset, ErrBuf
}
offset++
bs := tmp[:len(s)]
copy(bs, s)
for i := 0; i < len(bs); i++ {
for i := 0; i < len(s); i++ {
if len(msg) <= offset {
return offset, ErrBuf
}
if bs[i] == '\\' {
if s[i] == '\\' {
i++
if i == len(bs) {
if i == len(s) {
break
}
// check for \DDD
if i+2 < len(bs) && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) {
msg[offset] = dddToByte(bs[i:])
if isDDD(s[i:]) {
msg[offset] = dddToByte(s[i:])
i += 2
} else {
msg[offset] = bs[i]
msg[offset] = s[i]
}
} else {
msg[offset] = bs[i]
msg[offset] = s[i]
}
offset++
}
@@ -506,30 +501,28 @@ func packTxtString(s string, msg []byte, offset int, tmp []byte) (int, error) {
return offset, nil
}
func packOctetString(s string, msg []byte, offset int, tmp []byte) (int, error) {
if offset >= len(msg) || len(s) > len(tmp) {
func packOctetString(s string, msg []byte, offset int) (int, error) {
if offset >= len(msg) || len(s) > 256*4+1 {
return offset, ErrBuf
}
bs := tmp[:len(s)]
copy(bs, s)
for i := 0; i < len(bs); i++ {
for i := 0; i < len(s); i++ {
if len(msg) <= offset {
return offset, ErrBuf
}
if bs[i] == '\\' {
if s[i] == '\\' {
i++
if i == len(bs) {
if i == len(s) {
break
}
// check for \DDD
if i+2 < len(bs) && isDigit(bs[i]) && isDigit(bs[i+1]) && isDigit(bs[i+2]) {
msg[offset] = dddToByte(bs[i:])
if isDDD(s[i:]) {
msg[offset] = dddToByte(s[i:])
i += 2
} else {
msg[offset] = bs[i]
msg[offset] = s[i]
}
} else {
msg[offset] = bs[i]
msg[offset] = s[i]
}
offset++
}
@@ -551,12 +544,11 @@ func unpackTxt(msg []byte, off0 int) (ss []string, off int, err error) {
// Helpers for dealing with escaped bytes
func isDigit(b byte) bool { return b >= '0' && b <= '9' }
func dddToByte(s []byte) byte {
_ = s[2] // bounds check hint to compiler; see golang.org/issue/14808
return byte((s[0]-'0')*100 + (s[1]-'0')*10 + (s[2] - '0'))
func isDDD[T ~[]byte | ~string](s T) bool {
return len(s) >= 3 && isDigit(s[0]) && isDigit(s[1]) && isDigit(s[2])
}
func dddStringToByte(s string) byte {
func dddToByte[T ~[]byte | ~string](s T) byte {
_ = s[2] // bounds check hint to compiler; see golang.org/issue/14808
return byte((s[0]-'0')*100 + (s[1]-'0')*10 + (s[2] - '0'))
}
@@ -680,9 +672,9 @@ func unpackRRslice(l int, msg []byte, off int) (dst1 []RR, off1 int, err error)
// Convert a MsgHdr to a string, with dig-like headers:
//
//;; opcode: QUERY, status: NOERROR, id: 48404
// ;; opcode: QUERY, status: NOERROR, id: 48404
//
//;; flags: qr aa rd ra;
// ;; flags: qr aa rd ra;
func (h *MsgHdr) String() string {
if h == nil {
return "<nil> MsgHdr"
@@ -866,7 +858,7 @@ func (dns *Msg) unpack(dh Header, msg []byte, off int) (err error) {
// The header counts might have been wrong so we need to update it
dh.Nscount = uint16(len(dns.Ns))
if err == nil {
dns.Extra, off, err = unpackRRslice(int(dh.Arcount), msg, off)
dns.Extra, _, err = unpackRRslice(int(dh.Arcount), msg, off)
}
// The header counts might have been wrong so we need to update it
dh.Arcount = uint16(len(dns.Extra))
@@ -876,11 +868,11 @@ func (dns *Msg) unpack(dh Header, msg []byte, off int) (err error) {
dns.Rcode |= opt.ExtendedRcode()
}
if off != len(msg) {
// TODO(miek) make this an error?
// use PackOpt to let people tell how detailed the error reporting should be?
// println("dns: extra bytes in dns packet", off, "<", len(msg))
}
// TODO(miek) make this an error?
// use PackOpt to let people tell how detailed the error reporting should be?
// if off != len(msg) {
// // println("dns: extra bytes in dns packet", off, "<", len(msg))
// }
return err
}
@@ -902,23 +894,38 @@ func (dns *Msg) String() string {
return "<nil> MsgHdr"
}
s := dns.MsgHdr.String() + " "
s += "QUERY: " + strconv.Itoa(len(dns.Question)) + ", "
s += "ANSWER: " + strconv.Itoa(len(dns.Answer)) + ", "
s += "AUTHORITY: " + strconv.Itoa(len(dns.Ns)) + ", "
s += "ADDITIONAL: " + strconv.Itoa(len(dns.Extra)) + "\n"
if dns.MsgHdr.Opcode == OpcodeUpdate {
s += "ZONE: " + strconv.Itoa(len(dns.Question)) + ", "
s += "PREREQ: " + strconv.Itoa(len(dns.Answer)) + ", "
s += "UPDATE: " + strconv.Itoa(len(dns.Ns)) + ", "
s += "ADDITIONAL: " + strconv.Itoa(len(dns.Extra)) + "\n"
} else {
s += "QUERY: " + strconv.Itoa(len(dns.Question)) + ", "
s += "ANSWER: " + strconv.Itoa(len(dns.Answer)) + ", "
s += "AUTHORITY: " + strconv.Itoa(len(dns.Ns)) + ", "
s += "ADDITIONAL: " + strconv.Itoa(len(dns.Extra)) + "\n"
}
opt := dns.IsEdns0()
if opt != nil {
// OPT PSEUDOSECTION
s += opt.String() + "\n"
}
if len(dns.Question) > 0 {
s += "\n;; QUESTION SECTION:\n"
if dns.MsgHdr.Opcode == OpcodeUpdate {
s += "\n;; ZONE SECTION:\n"
} else {
s += "\n;; QUESTION SECTION:\n"
}
for _, r := range dns.Question {
s += r.String() + "\n"
}
}
if len(dns.Answer) > 0 {
s += "\n;; ANSWER SECTION:\n"
if dns.MsgHdr.Opcode == OpcodeUpdate {
s += "\n;; PREREQUISITE SECTION:\n"
} else {
s += "\n;; ANSWER SECTION:\n"
}
for _, r := range dns.Answer {
if r != nil {
s += r.String() + "\n"
@@ -926,7 +933,11 @@ func (dns *Msg) String() string {
}
}
if len(dns.Ns) > 0 {
s += "\n;; AUTHORITY SECTION:\n"
if dns.MsgHdr.Opcode == OpcodeUpdate {
s += "\n;; UPDATE SECTION:\n"
} else {
s += "\n;; AUTHORITY SECTION:\n"
}
for _, r := range dns.Ns {
if r != nil {
s += r.String() + "\n"
@@ -1024,7 +1035,7 @@ func escapedNameLen(s string) int {
continue
}
if i+3 < len(s) && isDigit(s[i+1]) && isDigit(s[i+2]) && isDigit(s[i+3]) {
if isDDD(s[i+1:]) {
nameLen -= 3
i += 3
} else {
@@ -1065,8 +1076,8 @@ func (dns *Msg) CopyTo(r1 *Msg) *Msg {
r1.Compress = dns.Compress
if len(dns.Question) > 0 {
r1.Question = make([]Question, len(dns.Question))
copy(r1.Question, dns.Question) // TODO(miek): Question is an immutable value, ok to do a shallow-copy
// TODO(miek): Question is an immutable value, ok to do a shallow-copy
r1.Question = cloneSlice(dns.Question)
}
rrArr := make([]RR, len(dns.Answer)+len(dns.Ns)+len(dns.Extra))

92
vendor/github.com/miekg/dns/msg_helpers.go generated vendored
View File

@@ -20,9 +20,7 @@ func unpackDataA(msg []byte, off int) (net.IP, int, error) {
if off+net.IPv4len > len(msg) {
return nil, len(msg), &Error{err: "overflow unpacking a"}
}
a := append(make(net.IP, 0, net.IPv4len), msg[off:off+net.IPv4len]...)
off += net.IPv4len
return a, off, nil
return cloneSlice(msg[off : off+net.IPv4len]), off + net.IPv4len, nil
}
func packDataA(a net.IP, msg []byte, off int) (int, error) {
@@ -47,9 +45,7 @@ func unpackDataAAAA(msg []byte, off int) (net.IP, int, error) {
if off+net.IPv6len > len(msg) {
return nil, len(msg), &Error{err: "overflow unpacking aaaa"}
}
aaaa := append(make(net.IP, 0, net.IPv6len), msg[off:off+net.IPv6len]...)
off += net.IPv6len
return aaaa, off, nil
return cloneSlice(msg[off : off+net.IPv6len]), off + net.IPv6len, nil
}
func packDataAAAA(aaaa net.IP, msg []byte, off int) (int, error) {
@@ -299,8 +295,7 @@ func unpackString(msg []byte, off int) (string, int, error) {
}
func packString(s string, msg []byte, off int) (int, error) {
txtTmp := make([]byte, 256*4+1)
off, err := packTxtString(s, msg, off, txtTmp)
off, err := packTxtString(s, msg, off)
if err != nil {
return len(msg), err
}
@@ -402,8 +397,7 @@ func unpackStringTxt(msg []byte, off int) ([]string, int, error) {
}
func packStringTxt(s []string, msg []byte, off int) (int, error) {
txtTmp := make([]byte, 256*4+1) // If the whole string consists out of \DDD we need this many.
off, err := packTxt(s, msg, off, txtTmp)
off, err := packTxt(s, msg, off)
if err != nil {
return len(msg), err
}
@@ -412,29 +406,24 @@ func packStringTxt(s []string, msg []byte, off int) (int, error) {
func unpackDataOpt(msg []byte, off int) ([]EDNS0, int, error) {
var edns []EDNS0
Option:
var code uint16
if off+4 > len(msg) {
return nil, len(msg), &Error{err: "overflow unpacking opt"}
for off < len(msg) {
if off+4 > len(msg) {
return nil, len(msg), &Error{err: "overflow unpacking opt"}
}
code := binary.BigEndian.Uint16(msg[off:])
off += 2
optlen := binary.BigEndian.Uint16(msg[off:])
off += 2
if off+int(optlen) > len(msg) {
return nil, len(msg), &Error{err: "overflow unpacking opt"}
}
opt := makeDataOpt(code)
if err := opt.unpack(msg[off : off+int(optlen)]); err != nil {
return nil, len(msg), err
}
edns = append(edns, opt)
off += int(optlen)
}
code = binary.BigEndian.Uint16(msg[off:])
off += 2
optlen := binary.BigEndian.Uint16(msg[off:])
off += 2
if off+int(optlen) > len(msg) {
return nil, len(msg), &Error{err: "overflow unpacking opt"}
}
e := makeDataOpt(code)
if err := e.unpack(msg[off : off+int(optlen)]); err != nil {
return nil, len(msg), err
}
edns = append(edns, e)
off += int(optlen)
if off < len(msg) {
goto Option
}
return edns, off, nil
}
@@ -463,8 +452,7 @@ func unpackStringOctet(msg []byte, off int) (string, int, error) {
}
func packStringOctet(s string, msg []byte, off int) (int, error) {
txtTmp := make([]byte, 256*4+1)
off, err := packOctetString(s, msg, off, txtTmp)
off, err := packOctetString(s, msg, off)
if err != nil {
return len(msg), err
}
@@ -625,7 +613,7 @@ func unpackDataSVCB(msg []byte, off int) ([]SVCBKeyValue, int, error) {
}
func packDataSVCB(pairs []SVCBKeyValue, msg []byte, off int) (int, error) {
pairs = append([]SVCBKeyValue(nil), pairs...)
pairs = cloneSlice(pairs)
sort.Slice(pairs, func(i, j int) bool {
return pairs[i].Key() < pairs[j].Key()
})
@@ -810,3 +798,37 @@ func unpackDataAplPrefix(msg []byte, off int) (APLPrefix, int, error) {
Network: ipnet,
}, off, nil
}
func unpackIPSECGateway(msg []byte, off int, gatewayType uint8) (net.IP, string, int, error) {
var retAddr net.IP
var retString string
var err error
switch gatewayType {
case IPSECGatewayNone: // do nothing
case IPSECGatewayIPv4:
retAddr, off, err = unpackDataA(msg, off)
case IPSECGatewayIPv6:
retAddr, off, err = unpackDataAAAA(msg, off)
case IPSECGatewayHost:
retString, off, err = UnpackDomainName(msg, off)
}
return retAddr, retString, off, err
}
func packIPSECGateway(gatewayAddr net.IP, gatewayString string, msg []byte, off int, gatewayType uint8, compression compressionMap, compress bool) (int, error) {
var err error
switch gatewayType {
case IPSECGatewayNone: // do nothing
case IPSECGatewayIPv4:
off, err = packDataA(gatewayAddr, msg, off)
case IPSECGatewayIPv6:
off, err = packDataAAAA(gatewayAddr, msg, off)
case IPSECGatewayHost:
off, err = packDomainName(gatewayString, msg, off, compression, compress)
}
return off, err
}

71
vendor/github.com/miekg/dns/scan.go generated vendored
View File

@@ -10,13 +10,13 @@ import (
"strings"
)
const maxTok = 2048 // Largest token we can return.
const maxTok = 512 // Token buffer start size, and growth size amount.
// The maximum depth of $INCLUDE directives supported by the
// ZoneParser API.
const maxIncludeDepth = 7
// Tokinize a RFC 1035 zone file. The tokenizer will normalize it:
// Tokenize a RFC 1035 zone file. The tokenizer will normalize it:
// * Add ownernames if they are left blank;
// * Suppress sequences of spaces;
// * Make each RR fit on one line (_NEWLINE is send as last)
@@ -605,8 +605,6 @@ func (zp *ZoneParser) Next() (RR, bool) {
if !isPrivate && zp.c.Peek().token == "" {
// This is a dynamic update rr.
// TODO(tmthrgd): Previously slurpRemainder was only called
// for certain RR types, which may have been important.
if err := slurpRemainder(zp.c); err != nil {
return zp.setParseError(err.err, err.lex)
}
@@ -765,8 +763,8 @@ func (zl *zlexer) Next() (lex, bool) {
}
var (
str [maxTok]byte // Hold string text
com [maxTok]byte // Hold comment text
str = make([]byte, maxTok) // Hold string text
com = make([]byte, maxTok) // Hold comment text
stri int // Offset in str (0 means empty)
comi int // Offset in com (0 means empty)
@@ -785,14 +783,12 @@ func (zl *zlexer) Next() (lex, bool) {
l.line, l.column = zl.line, zl.column
if stri >= len(str) {
l.token = "token length insufficient for parsing"
l.err = true
return *l, true
// if buffer length is insufficient, increase it.
str = append(str[:], make([]byte, maxTok)...)
}
if comi >= len(com) {
l.token = "comment length insufficient for parsing"
l.err = true
return *l, true
// if buffer length is insufficient, increase it.
com = append(com[:], make([]byte, maxTok)...)
}
switch x {
@@ -816,7 +812,7 @@ func (zl *zlexer) Next() (lex, bool) {
if stri == 0 {
// Space directly in the beginning, handled in the grammar
} else if zl.owner {
// If we have a string and its the first, make it an owner
// If we have a string and it's the first, make it an owner
l.value = zOwner
l.token = string(str[:stri])
@@ -1218,42 +1214,34 @@ func stringToCm(token string) (e, m uint8, ok bool) {
if token[len(token)-1] == 'M' || token[len(token)-1] == 'm' {
token = token[0 : len(token)-1]
}
s := strings.SplitN(token, ".", 2)
var meters, cmeters, val int
var err error
switch len(s) {
case 2:
if cmeters, err = strconv.Atoi(s[1]); err != nil {
return
}
var (
meters, cmeters, val int
err error
)
mStr, cmStr, hasCM := strings.Cut(token, ".")
if hasCM {
// There's no point in having more than 2 digits in this part, and would rather make the implementation complicated ('123' should be treated as '12').
// So we simply reject it.
// We also make sure the first character is a digit to reject '+-' signs.
if len(s[1]) > 2 || s[1][0] < '0' || s[1][0] > '9' {
cmeters, err = strconv.Atoi(cmStr)
if err != nil || len(cmStr) > 2 || cmStr[0] < '0' || cmStr[0] > '9' {
return
}
if len(s[1]) == 1 {
if len(cmStr) == 1 {
// 'nn.1' must be treated as 'nn-meters and 10cm, not 1cm.
cmeters *= 10
}
if s[0] == "" {
// This will allow omitting the 'meter' part, like .01 (meaning 0.01m = 1cm).
break
}
fallthrough
case 1:
if meters, err = strconv.Atoi(s[0]); err != nil {
return
}
// RFC1876 states the max value is 90000000.00. The latter two conditions enforce it.
if s[0][0] < '0' || s[0][0] > '9' || meters > 90000000 || (meters == 90000000 && cmeters != 0) {
return
}
case 0:
// huh?
return 0, 0, false
}
ok = true
// This slighly ugly condition will allow omitting the 'meter' part, like .01 (meaning 0.01m = 1cm).
if !hasCM || mStr != "" {
meters, err = strconv.Atoi(mStr)
// RFC1876 states the max value is 90000000.00. The latter two conditions enforce it.
if err != nil || mStr[0] < '0' || mStr[0] > '9' || meters > 90000000 || (meters == 90000000 && cmeters != 0) {
return
}
}
if meters > 0 {
e = 2
val = meters
@@ -1265,8 +1253,7 @@ func stringToCm(token string) (e, m uint8, ok bool) {
e++
val /= 10
}
m = uint8(val)
return
return e, uint8(val), true
}
func toAbsoluteName(name, origin string) (absolute string, ok bool) {

134
vendor/github.com/miekg/dns/scan_rr.go generated vendored
View File

@@ -1,8 +1,8 @@
package dns
import (
"bytes"
"encoding/base64"
"errors"
"net"
"strconv"
"strings"
@@ -11,15 +11,15 @@ import (
// A remainder of the rdata with embedded spaces, return the parsed string (sans the spaces)
// or an error
func endingToString(c *zlexer, errstr string) (string, *ParseError) {
var buffer bytes.Buffer
var s strings.Builder
l, _ := c.Next() // zString
for l.value != zNewline && l.value != zEOF {
if l.err {
return buffer.String(), &ParseError{"", errstr, l}
return s.String(), &ParseError{"", errstr, l}
}
switch l.value {
case zString:
buffer.WriteString(l.token)
s.WriteString(l.token)
case zBlank: // Ok
default:
return "", &ParseError{"", errstr, l}
@@ -27,7 +27,7 @@ func endingToString(c *zlexer, errstr string) (string, *ParseError) {
l, _ = c.Next()
}
return buffer.String(), nil
return s.String(), nil
}
// A remainder of the rdata with embedded spaces, split on unquoted whitespace
@@ -903,11 +903,18 @@ func (rr *RRSIG) parse(c *zlexer, o string) *ParseError {
c.Next() // zBlank
l, _ = c.Next()
i, e := strconv.ParseUint(l.token, 10, 8)
if e != nil || l.err {
if l.err {
return &ParseError{"", "bad RRSIG Algorithm", l}
}
rr.Algorithm = uint8(i)
i, e := strconv.ParseUint(l.token, 10, 8)
rr.Algorithm = uint8(i) // if 0 we'll check the mnemonic in the if
if e != nil {
v, ok := StringToAlgorithm[l.token]
if !ok {
return &ParseError{"", "bad RRSIG Algorithm", l}
}
rr.Algorithm = v
}
c.Next() // zBlank
l, _ = c.Next()
@@ -1216,6 +1223,117 @@ func (rr *DS) parse(c *zlexer, o string) *ParseError { return rr.parseDS(c,
func (rr *DLV) parse(c *zlexer, o string) *ParseError { return rr.parseDS(c, o, "DLV") }
func (rr *CDS) parse(c *zlexer, o string) *ParseError { return rr.parseDS(c, o, "CDS") }
func (rr *IPSECKEY) parse(c *zlexer, o string) *ParseError {
l, _ := c.Next()
num, err := strconv.ParseUint(l.token, 10, 8)
if err != nil || l.err {
return &ParseError{"", "bad IPSECKEY value", l}
}
rr.Precedence = uint8(num)
c.Next() // zBlank
l, _ = c.Next()
num, err = strconv.ParseUint(l.token, 10, 8)
if err != nil || l.err {
return &ParseError{"", "bad IPSECKEY value", l}
}
rr.GatewayType = uint8(num)
c.Next() // zBlank
l, _ = c.Next()
num, err = strconv.ParseUint(l.token, 10, 8)
if err != nil || l.err {
return &ParseError{"", "bad IPSECKEY value", l}
}
rr.Algorithm = uint8(num)
c.Next() // zBlank
l, _ = c.Next()
if l.err {
return &ParseError{"", "bad IPSECKEY gateway", l}
}
rr.GatewayAddr, rr.GatewayHost, err = parseAddrHostUnion(l.token, o, rr.GatewayType)
if err != nil {
return &ParseError{"", "IPSECKEY " + err.Error(), l}
}
c.Next() // zBlank
s, pErr := endingToString(c, "bad IPSECKEY PublicKey")
if pErr != nil {
return pErr
}
rr.PublicKey = s
return slurpRemainder(c)
}
func (rr *AMTRELAY) parse(c *zlexer, o string) *ParseError {
l, _ := c.Next()
num, err := strconv.ParseUint(l.token, 10, 8)
if err != nil || l.err {
return &ParseError{"", "bad AMTRELAY value", l}
}
rr.Precedence = uint8(num)
c.Next() // zBlank
l, _ = c.Next()
if l.err || !(l.token == "0" || l.token == "1") {
return &ParseError{"", "bad discovery value", l}
}
if l.token == "1" {
rr.GatewayType = 0x80
}
c.Next() // zBlank
l, _ = c.Next()
num, err = strconv.ParseUint(l.token, 10, 8)
if err != nil || l.err {
return &ParseError{"", "bad AMTRELAY value", l}
}
rr.GatewayType |= uint8(num)
c.Next() // zBlank
l, _ = c.Next()
if l.err {
return &ParseError{"", "bad AMTRELAY gateway", l}
}
rr.GatewayAddr, rr.GatewayHost, err = parseAddrHostUnion(l.token, o, rr.GatewayType&0x7f)
if err != nil {
return &ParseError{"", "AMTRELAY " + err.Error(), l}
}
return slurpRemainder(c)
}
// same constants and parsing between IPSECKEY and AMTRELAY
func parseAddrHostUnion(token, o string, gatewayType uint8) (addr net.IP, host string, err error) {
switch gatewayType {
case IPSECGatewayNone:
if token != "." {
return addr, host, errors.New("gateway type none with gateway set")
}
case IPSECGatewayIPv4, IPSECGatewayIPv6:
addr = net.ParseIP(token)
if addr == nil {
return addr, host, errors.New("gateway IP invalid")
}
if (addr.To4() == nil) == (gatewayType == IPSECGatewayIPv4) {
return addr, host, errors.New("gateway IP family mismatch")
}
case IPSECGatewayHost:
var ok bool
host, ok = toAbsoluteName(token, o)
if !ok {
return addr, host, errors.New("invalid gateway host")
}
}
return addr, host, nil
}
func (rr *RKEY) parse(c *zlexer, o string) *ParseError {
l, _ := c.Next()
i, e := strconv.ParseUint(l.token, 10, 16)

14
vendor/github.com/miekg/dns/server.go generated vendored
View File

@@ -18,7 +18,7 @@ import (
const maxTCPQueries = 128
// aLongTimeAgo is a non-zero time, far in the past, used for
// immediate cancelation of network operations.
// immediate cancellation of network operations.
var aLongTimeAgo = time.Unix(1, 0)
// Handler is implemented by any value that implements ServeDNS.
@@ -224,8 +224,12 @@ type Server struct {
// Maximum number of TCP queries before we close the socket. Default is maxTCPQueries (unlimited if -1).
MaxTCPQueries int
// Whether to set the SO_REUSEPORT socket option, allowing multiple listeners to be bound to a single address.
// It is only supported on go1.11+ and when using ListenAndServe.
// It is only supported on certain GOOSes and when using ListenAndServe.
ReusePort bool
// Whether to set the SO_REUSEADDR socket option, allowing multiple listeners to be bound to a single address.
// Crucially this allows binding when an existing server is listening on `0.0.0.0` or `::`.
// It is only supported on certain GOOSes and when using ListenAndServe.
ReuseAddr bool
// AcceptMsgFunc will check the incoming message and will reject it early in the process.
// By default DefaultMsgAcceptFunc will be used.
MsgAcceptFunc MsgAcceptFunc
@@ -304,7 +308,7 @@ func (srv *Server) ListenAndServe() error {
switch srv.Net {
case "tcp", "tcp4", "tcp6":
l, err := listenTCP(srv.Net, addr, srv.ReusePort)
l, err := listenTCP(srv.Net, addr, srv.ReusePort, srv.ReuseAddr)
if err != nil {
return err
}
@@ -317,7 +321,7 @@ func (srv *Server) ListenAndServe() error {
return errors.New("dns: neither Certificates nor GetCertificate set in Config")
}
network := strings.TrimSuffix(srv.Net, "-tls")
l, err := listenTCP(network, addr, srv.ReusePort)
l, err := listenTCP(network, addr, srv.ReusePort, srv.ReuseAddr)
if err != nil {
return err
}
@@ -327,7 +331,7 @@ func (srv *Server) ListenAndServe() error {
unlock()
return srv.serveTCP(l)
case "udp", "udp4", "udp6":
l, err := listenUDP(srv.Net, addr, srv.ReusePort)
l, err := listenUDP(srv.Net, addr, srv.ReusePort, srv.ReuseAddr)
if err != nil {
return err
}

61
vendor/github.com/miekg/dns/singleinflight.go generated vendored
View File

@@ -1,61 +0,0 @@
// Copyright 2013 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
// Adapted for dns package usage by Miek Gieben.
package dns
import "sync"
import "time"
// call is an in-flight or completed singleflight.Do call
type call struct {
wg sync.WaitGroup
val *Msg
rtt time.Duration
err error
dups int
}
// singleflight represents a class of work and forms a namespace in
// which units of work can be executed with duplicate suppression.
type singleflight struct {
sync.Mutex // protects m
m map[string]*call // lazily initialized
dontDeleteForTesting bool // this is only to be used by TestConcurrentExchanges
}
// Do executes and returns the results of the given function, making
// sure that only one execution is in-flight for a given key at a
// time. If a duplicate comes in, the duplicate caller waits for the
// original to complete and receives the same results.
// The return value shared indicates whether v was given to multiple callers.
func (g *singleflight) Do(key string, fn func() (*Msg, time.Duration, error)) (v *Msg, rtt time.Duration, err error, shared bool) {
g.Lock()
if g.m == nil {
g.m = make(map[string]*call)
}
if c, ok := g.m[key]; ok {
c.dups++
g.Unlock()
c.wg.Wait()
return c.val, c.rtt, c.err, true
}
c := new(call)
c.wg.Add(1)
g.m[key] = c
g.Unlock()
c.val, c.rtt, c.err = fn()
c.wg.Done()
if !g.dontDeleteForTesting {
g.Lock()
delete(g.m, key)
g.Unlock()
}
return c.val, c.rtt, c.err, c.dups > 0
}

102
vendor/github.com/miekg/dns/svcb.go generated vendored
View File

@@ -289,7 +289,7 @@ func (s *SVCBMandatory) String() string {
}
func (s *SVCBMandatory) pack() ([]byte, error) {
codes := append([]SVCBKey(nil), s.Code...)
codes := cloneSlice(s.Code)
sort.Slice(codes, func(i, j int) bool {
return codes[i] < codes[j]
})
@@ -314,10 +314,11 @@ func (s *SVCBMandatory) unpack(b []byte) error {
}
func (s *SVCBMandatory) parse(b string) error {
str := strings.Split(b, ",")
codes := make([]SVCBKey, 0, len(str))
for _, e := range str {
codes = append(codes, svcbStringToKey(e))
codes := make([]SVCBKey, 0, strings.Count(b, ",")+1)
for len(b) > 0 {
var key string
key, b, _ = strings.Cut(b, ",")
codes = append(codes, svcbStringToKey(key))
}
s.Code = codes
return nil
@@ -328,9 +329,7 @@ func (s *SVCBMandatory) len() int {
}
func (s *SVCBMandatory) copy() SVCBKeyValue {
return &SVCBMandatory{
append([]SVCBKey(nil), s.Code...),
}
return &SVCBMandatory{cloneSlice(s.Code)}
}
// SVCBAlpn pair is used to list supported connection protocols.
@@ -353,7 +352,7 @@ func (*SVCBAlpn) Key() SVCBKey { return SVCB_ALPN }
func (s *SVCBAlpn) String() string {
// An ALPN value is a comma-separated list of values, each of which can be
// an arbitrary binary value. In order to allow parsing, the comma and
// backslash characters are themselves excaped.
// backslash characters are themselves escaped.
//
// However, this escaping is done in addition to the normal escaping which
// happens in zone files, meaning that these values must be
@@ -481,9 +480,7 @@ func (s *SVCBAlpn) len() int {
}
func (s *SVCBAlpn) copy() SVCBKeyValue {
return &SVCBAlpn{
append([]string(nil), s.Alpn...),
}
return &SVCBAlpn{cloneSlice(s.Alpn)}
}
// SVCBNoDefaultAlpn pair signifies no support for default connection protocols.
@@ -563,15 +560,15 @@ func (s *SVCBPort) parse(b string) error {
// to the hinted IP address may be terminated and a new connection may be opened.
// Basic use pattern for creating an ipv4hint option:
//
// h := new(dns.HTTPS)
// h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
// e := new(dns.SVCBIPv4Hint)
// e.Hint = []net.IP{net.IPv4(1,1,1,1).To4()}
// h := new(dns.HTTPS)
// h.Hdr = dns.RR_Header{Name: ".", Rrtype: dns.TypeHTTPS, Class: dns.ClassINET}
// e := new(dns.SVCBIPv4Hint)
// e.Hint = []net.IP{net.IPv4(1,1,1,1).To4()}
//
// Or
// Or
//
// e.Hint = []net.IP{net.ParseIP("1.1.1.1").To4()}
// h.Value = append(h.Value, e)
// e.Hint = []net.IP{net.ParseIP("1.1.1.1").To4()}
// h.Value = append(h.Value, e)
type SVCBIPv4Hint struct {
Hint []net.IP
}
@@ -595,6 +592,7 @@ func (s *SVCBIPv4Hint) unpack(b []byte) error {
if len(b) == 0 || len(b)%4 != 0 {
return errors.New("dns: svcbipv4hint: ipv4 address byte array length is not a multiple of 4")
}
b = cloneSlice(b)
x := make([]net.IP, 0, len(b)/4)
for i := 0; i < len(b); i += 4 {
x = append(x, net.IP(b[i:i+4]))
@@ -616,31 +614,33 @@ func (s *SVCBIPv4Hint) String() string {
}
func (s *SVCBIPv4Hint) parse(b string) error {
if b == "" {
return errors.New("dns: svcbipv4hint: empty hint")
}
if strings.Contains(b, ":") {
return errors.New("dns: svcbipv4hint: expected ipv4, got ipv6")
}
str := strings.Split(b, ",")
dst := make([]net.IP, len(str))
for i, e := range str {
hint := make([]net.IP, 0, strings.Count(b, ",")+1)
for len(b) > 0 {
var e string
e, b, _ = strings.Cut(b, ",")
ip := net.ParseIP(e).To4()
if ip == nil {
return errors.New("dns: svcbipv4hint: bad ip")
}
dst[i] = ip
hint = append(hint, ip)
}
s.Hint = dst
s.Hint = hint
return nil
}
func (s *SVCBIPv4Hint) copy() SVCBKeyValue {
hint := make([]net.IP, len(s.Hint))
for i, ip := range s.Hint {
hint[i] = copyIP(ip)
}
return &SVCBIPv4Hint{
Hint: hint,
hint[i] = cloneSlice(ip)
}
return &SVCBIPv4Hint{Hint: hint}
}
// SVCBECHConfig pair contains the ECHConfig structure defined in draft-ietf-tls-esni [RFC xxxx].
@@ -660,19 +660,18 @@ func (s *SVCBECHConfig) String() string { return toBase64(s.ECH) }
func (s *SVCBECHConfig) len() int { return len(s.ECH) }
func (s *SVCBECHConfig) pack() ([]byte, error) {
return append([]byte(nil), s.ECH...), nil
return cloneSlice(s.ECH), nil
}
func (s *SVCBECHConfig) copy() SVCBKeyValue {
return &SVCBECHConfig{
append([]byte(nil), s.ECH...),
}
return &SVCBECHConfig{cloneSlice(s.ECH)}
}
func (s *SVCBECHConfig) unpack(b []byte) error {
s.ECH = append([]byte(nil), b...)
s.ECH = cloneSlice(b)
return nil
}
func (s *SVCBECHConfig) parse(b string) error {
x, err := fromBase64([]byte(b))
if err != nil {
@@ -715,6 +714,7 @@ func (s *SVCBIPv6Hint) unpack(b []byte) error {
if len(b) == 0 || len(b)%16 != 0 {
return errors.New("dns: svcbipv6hint: ipv6 address byte array length not a multiple of 16")
}
b = cloneSlice(b)
x := make([]net.IP, 0, len(b)/16)
for i := 0; i < len(b); i += 16 {
ip := net.IP(b[i : i+16])
@@ -739,9 +739,14 @@ func (s *SVCBIPv6Hint) String() string {
}
func (s *SVCBIPv6Hint) parse(b string) error {
str := strings.Split(b, ",")
dst := make([]net.IP, len(str))
for i, e := range str {
if b == "" {
return errors.New("dns: svcbipv6hint: empty hint")
}
hint := make([]net.IP, 0, strings.Count(b, ",")+1)
for len(b) > 0 {
var e string
e, b, _ = strings.Cut(b, ",")
ip := net.ParseIP(e)
if ip == nil {
return errors.New("dns: svcbipv6hint: bad ip")
@@ -749,21 +754,18 @@ func (s *SVCBIPv6Hint) parse(b string) error {
if ip.To4() != nil {
return errors.New("dns: svcbipv6hint: expected ipv6, got ipv4-mapped-ipv6")
}
dst[i] = ip
hint = append(hint, ip)
}
s.Hint = dst
s.Hint = hint
return nil
}
func (s *SVCBIPv6Hint) copy() SVCBKeyValue {
hint := make([]net.IP, len(s.Hint))
for i, ip := range s.Hint {
hint[i] = copyIP(ip)
}
return &SVCBIPv6Hint{
Hint: hint,
hint[i] = cloneSlice(ip)
}
return &SVCBIPv6Hint{Hint: hint}
}
// SVCBDoHPath pair is used to indicate the URI template that the
@@ -831,11 +833,11 @@ type SVCBLocal struct {
func (s *SVCBLocal) Key() SVCBKey { return s.KeyCode }
func (s *SVCBLocal) String() string { return svcbParamToStr(s.Data) }
func (s *SVCBLocal) pack() ([]byte, error) { return append([]byte(nil), s.Data...), nil }
func (s *SVCBLocal) pack() ([]byte, error) { return cloneSlice(s.Data), nil }
func (s *SVCBLocal) len() int { return len(s.Data) }
func (s *SVCBLocal) unpack(b []byte) error {
s.Data = append([]byte(nil), b...)
s.Data = cloneSlice(b)
return nil
}
@@ -849,9 +851,7 @@ func (s *SVCBLocal) parse(b string) error {
}
func (s *SVCBLocal) copy() SVCBKeyValue {
return &SVCBLocal{s.KeyCode,
append([]byte(nil), s.Data...),
}
return &SVCBLocal{s.KeyCode, cloneSlice(s.Data)}
}
func (rr *SVCB) String() string {
@@ -867,8 +867,8 @@ func (rr *SVCB) String() string {
// areSVCBPairArraysEqual checks if SVCBKeyValue arrays are equal after sorting their
// copies. arrA and arrB have equal lengths, otherwise zduplicate.go wouldn't call this function.
func areSVCBPairArraysEqual(a []SVCBKeyValue, b []SVCBKeyValue) bool {
a = append([]SVCBKeyValue(nil), a...)
b = append([]SVCBKeyValue(nil), b...)
a = cloneSlice(a)
b = cloneSlice(b)
sort.Slice(a, func(i, j int) bool { return a[i].Key() < a[j].Key() })
sort.Slice(b, func(i, j int) bool { return b[i].Key() < b[j].Key() })
for i, e := range a {

1
vendor/github.com/miekg/dns/tools.go generated vendored
View File

@@ -1,3 +1,4 @@
//go:build tools
// +build tools
// We include our tool dependencies for `go generate` here to ensure they're

129
vendor/github.com/miekg/dns/types.go generated vendored
View File

@@ -65,6 +65,7 @@ const (
TypeAPL uint16 = 42
TypeDS uint16 = 43
TypeSSHFP uint16 = 44
TypeIPSECKEY uint16 = 45
TypeRRSIG uint16 = 46
TypeNSEC uint16 = 47
TypeDNSKEY uint16 = 48
@@ -98,6 +99,7 @@ const (
TypeURI uint16 = 256
TypeCAA uint16 = 257
TypeAVC uint16 = 258
TypeAMTRELAY uint16 = 260
TypeTKEY uint16 = 249
TypeTSIG uint16 = 250
@@ -159,6 +161,22 @@ const (
ZoneMDHashAlgSHA512 = 2
)
// Used in IPSEC https://datatracker.ietf.org/doc/html/rfc4025#section-2.3
const (
IPSECGatewayNone uint8 = iota
IPSECGatewayIPv4
IPSECGatewayIPv6
IPSECGatewayHost
)
// Used in AMTRELAY https://datatracker.ietf.org/doc/html/rfc8777#section-4.2.3
const (
AMTRELAYNone = IPSECGatewayNone
AMTRELAYIPv4 = IPSECGatewayIPv4
AMTRELAYIPv6 = IPSECGatewayIPv6
AMTRELAYHost = IPSECGatewayHost
)
// Header is the wire format for the DNS packet header.
type Header struct {
Id uint16
@@ -180,7 +198,7 @@ const (
_CD = 1 << 4 // checking disabled
)
// Various constants used in the LOC RR. See RFC 1887.
// Various constants used in the LOC RR. See RFC 1876.
const (
LOC_EQUATOR = 1 << 31 // RFC 1876, Section 2.
LOC_PRIMEMERIDIAN = 1 << 31 // RFC 1876, Section 2.
@@ -218,6 +236,9 @@ var CertTypeToString = map[uint16]string{
CertOID: "OID",
}
// Prefix for IPv4 encoded as IPv6 address
const ipv4InIPv6Prefix = "::ffff:"
//go:generate go run types_generate.go
// Question holds a DNS question. Usually there is just one. While the
@@ -613,8 +634,8 @@ func nextByte(s string, offset int) (byte, int) {
return 0, 0
case 2, 3: // too short to be \ddd
default: // maybe \ddd
if isDigit(s[offset+1]) && isDigit(s[offset+2]) && isDigit(s[offset+3]) {
return dddStringToByte(s[offset+1:]), 4
if isDDD(s[offset+1:]) {
return dddToByte(s[offset+1:]), 4
}
}
// not \ddd, just an RFC 1035 "quoted" character
@@ -733,6 +754,11 @@ func (rr *AAAA) String() string {
if rr.AAAA == nil {
return rr.Hdr.String()
}
if rr.AAAA.To4() != nil {
return rr.Hdr.String() + ipv4InIPv6Prefix + rr.AAAA.String()
}
return rr.Hdr.String() + rr.AAAA.String()
}
@@ -774,7 +800,10 @@ type LOC struct {
// cmToM takes a cm value expressed in RFC 1876 SIZE mantissa/exponent
// format and returns a string in m (two decimals for the cm).
func cmToM(m, e uint8) string {
func cmToM(x uint8) string {
m := x & 0xf0 >> 4
e := x & 0x0f
if e < 2 {
if e == 1 {
m *= 10
@@ -830,10 +859,9 @@ func (rr *LOC) String() string {
s += fmt.Sprintf("%.0fm ", alt)
}
s += cmToM(rr.Size&0xf0>>4, rr.Size&0x0f) + "m "
s += cmToM(rr.HorizPre&0xf0>>4, rr.HorizPre&0x0f) + "m "
s += cmToM(rr.VertPre&0xf0>>4, rr.VertPre&0x0f) + "m"
s += cmToM(rr.Size) + "m "
s += cmToM(rr.HorizPre) + "m "
s += cmToM(rr.VertPre) + "m"
return s
}
@@ -994,6 +1022,69 @@ func (rr *DNSKEY) String() string {
" " + rr.PublicKey
}
// IPSECKEY RR. See RFC 4025.
type IPSECKEY struct {
Hdr RR_Header
Precedence uint8
GatewayType uint8
Algorithm uint8
GatewayAddr net.IP `dns:"-"` // packing/unpacking/parsing/etc handled together with GatewayHost
GatewayHost string `dns:"ipsechost"`
PublicKey string `dns:"base64"`
}
func (rr *IPSECKEY) String() string {
var gateway string
switch rr.GatewayType {
case IPSECGatewayIPv4, IPSECGatewayIPv6:
gateway = rr.GatewayAddr.String()
case IPSECGatewayHost:
gateway = rr.GatewayHost
case IPSECGatewayNone:
fallthrough
default:
gateway = "."
}
return rr.Hdr.String() + strconv.Itoa(int(rr.Precedence)) +
" " + strconv.Itoa(int(rr.GatewayType)) +
" " + strconv.Itoa(int(rr.Algorithm)) +
" " + gateway +
" " + rr.PublicKey
}
// AMTRELAY RR. See RFC 8777.
type AMTRELAY struct {
Hdr RR_Header
Precedence uint8
GatewayType uint8 // discovery is packed in here at bit 0x80
GatewayAddr net.IP `dns:"-"` // packing/unpacking/parsing/etc handled together with GatewayHost
GatewayHost string `dns:"amtrelayhost"`
}
func (rr *AMTRELAY) String() string {
var gateway string
switch rr.GatewayType & 0x7f {
case AMTRELAYIPv4, AMTRELAYIPv6:
gateway = rr.GatewayAddr.String()
case AMTRELAYHost:
gateway = rr.GatewayHost
case AMTRELAYNone:
fallthrough
default:
gateway = "."
}
boolS := "0"
if rr.GatewayType&0x80 == 0x80 {
boolS = "1"
}
return rr.Hdr.String() + strconv.Itoa(int(rr.Precedence)) +
" " + boolS +
" " + strconv.Itoa(int(rr.GatewayType&0x7f)) +
" " + gateway
}
// RKEY RR. See https://www.iana.org/assignments/dns-parameters/RKEY/rkey-completed-template.
type RKEY struct {
Hdr RR_Header
@@ -1434,7 +1525,7 @@ func (a *APLPrefix) str() string {
case net.IPv6len:
// add prefix for IPv4-mapped IPv6
if v4 := a.Network.IP.To4(); v4 != nil {
sb.WriteString("::ffff:")
sb.WriteString(ipv4InIPv6Prefix)
}
sb.WriteString(a.Network.IP.String())
}
@@ -1450,7 +1541,7 @@ func (a *APLPrefix) str() string {
// equals reports whether two APL prefixes are identical.
func (a *APLPrefix) equals(b *APLPrefix) bool {
return a.Negation == b.Negation &&
bytes.Equal(a.Network.IP, b.Network.IP) &&
a.Network.IP.Equal(b.Network.IP) &&
bytes.Equal(a.Network.Mask, b.Network.Mask)
}
@@ -1518,21 +1609,19 @@ func euiToString(eui uint64, bits int) (hex string) {
return
}
// copyIP returns a copy of ip.
func copyIP(ip net.IP) net.IP {
p := make(net.IP, len(ip))
copy(p, ip)
return p
// cloneSlice returns a shallow copy of s.
func cloneSlice[E any, S ~[]E](s S) S {
if s == nil {
return nil
}
return append(S(nil), s...)
}
// copyNet returns a copy of a subnet.
func copyNet(n net.IPNet) net.IPNet {
m := make(net.IPMask, len(n.Mask))
copy(m, n.Mask)
return net.IPNet{
IP: copyIP(n.IP),
Mask: m,
IP: cloneSlice(n.IP),
Mask: cloneSlice(n.Mask),
}
}

1
vendor/github.com/miekg/dns/udp.go generated vendored
View File

@@ -1,3 +1,4 @@
//go:build !windows
// +build !windows
package dns

8
vendor/github.com/miekg/dns/udp_windows.go generated vendored
View File

@@ -1,5 +1,9 @@
//go:build windows
// +build windows
// TODO(tmthrgd): Remove this Windows-specific code if go.dev/issue/7175 and
// go.dev/issue/7174 are ever fixed.
package dns
import "net"
@@ -14,7 +18,6 @@ func (s *SessionUDP) RemoteAddr() net.Addr { return s.raddr }
// ReadFromSessionUDP acts just like net.UDPConn.ReadFrom(), but returns a session object instead of a
// net.UDPAddr.
// TODO(fastest963): Once go1.10 is released, use ReadMsgUDP.
func ReadFromSessionUDP(conn *net.UDPConn, b []byte) (int, *SessionUDP, error) {
n, raddr, err := conn.ReadFrom(b)
if err != nil {
@@ -24,12 +27,9 @@ func ReadFromSessionUDP(conn *net.UDPConn, b []byte) (int, *SessionUDP, error) {
}
// WriteToSessionUDP acts just like net.UDPConn.WriteTo(), but uses a *SessionUDP instead of a net.Addr.
// TODO(fastest963): Once go1.10 is released, use WriteMsgUDP.
func WriteToSessionUDP(conn *net.UDPConn, b []byte, session *SessionUDP) (int, error) {
return conn.WriteTo(b, session.raddr)
}
// TODO(fastest963): Once go1.10 is released and we can use *MsgUDP methods
// use the standard method in udp.go for these.
func setUDPSocketOptions(*net.UDPConn) error { return nil }
func parseDstFromOOB([]byte, net.IP) net.IP { return nil }

2
vendor/github.com/miekg/dns/version.go generated vendored
View File

@@ -3,7 +3,7 @@ package dns
import "fmt"
// Version is current version of this library.
var Version = v{1, 1, 50}
var Version = v{1, 1, 57}
// v holds the version of this library.
type v struct {

19
vendor/github.com/miekg/dns/xfr.go generated vendored
View File

@@ -44,7 +44,6 @@ func (t *Transfer) tsigProvider() TsigProvider {
// dnscon := &dns.Conn{Conn:con}
// transfer = &dns.Transfer{Conn: dnscon}
// channel, err := transfer.In(message, master)
//
func (t *Transfer) In(q *Msg, a string) (env chan *Envelope, err error) {
switch q.Question[0].Qtype {
case TypeAXFR, TypeIXFR:
@@ -81,8 +80,13 @@ func (t *Transfer) In(q *Msg, a string) (env chan *Envelope, err error) {
func (t *Transfer) inAxfr(q *Msg, c chan *Envelope) {
first := true
defer t.Close()
defer close(c)
defer func() {
// First close the connection, then the channel. This allows functions blocked on
// the channel to assume that the connection is closed and no further operations are
// pending when they resume.
t.Close()
close(c)
}()
timeout := dnsTimeout
if t.ReadTimeout != 0 {
timeout = t.ReadTimeout
@@ -132,8 +136,13 @@ func (t *Transfer) inIxfr(q *Msg, c chan *Envelope) {
axfr := true
n := 0
qser := q.Ns[0].(*SOA).Serial
defer t.Close()
defer close(c)
defer func() {
// First close the connection, then the channel. This allows functions blocked on
// the channel to assume that the connection is closed and no further operations are
// pending when they resume.
t.Close()
close(c)
}()
timeout := dnsTimeout
if t.ReadTimeout != 0 {
timeout = t.ReadTimeout

58
vendor/github.com/miekg/dns/zduplicate.go generated vendored
View File

@@ -43,6 +43,32 @@ func (r1 *AFSDB) isDuplicate(_r2 RR) bool {
return true
}
func (r1 *AMTRELAY) isDuplicate(_r2 RR) bool {
r2, ok := _r2.(*AMTRELAY)
if !ok {
return false
}
_ = r2
if r1.Precedence != r2.Precedence {
return false
}
if r1.GatewayType != r2.GatewayType {
return false
}
switch r1.GatewayType {
case IPSECGatewayIPv4, IPSECGatewayIPv6:
if !r1.GatewayAddr.Equal(r2.GatewayAddr) {
return false
}
case IPSECGatewayHost:
if !isDuplicateName(r1.GatewayHost, r2.GatewayHost) {
return false
}
}
return true
}
func (r1 *ANY) isDuplicate(_r2 RR) bool {
r2, ok := _r2.(*ANY)
if !ok {
@@ -423,6 +449,38 @@ func (r1 *HTTPS) isDuplicate(_r2 RR) bool {
return true
}
func (r1 *IPSECKEY) isDuplicate(_r2 RR) bool {
r2, ok := _r2.(*IPSECKEY)
if !ok {
return false
}
_ = r2
if r1.Precedence != r2.Precedence {
return false
}
if r1.GatewayType != r2.GatewayType {
return false
}
if r1.Algorithm != r2.Algorithm {
return false
}
switch r1.GatewayType {
case IPSECGatewayIPv4, IPSECGatewayIPv6:
if !r1.GatewayAddr.Equal(r2.GatewayAddr) {
return false
}
case IPSECGatewayHost:
if !isDuplicateName(r1.GatewayHost, r2.GatewayHost) {
return false
}
}
if r1.PublicKey != r2.PublicKey {
return false
}
return true
}
func (r1 *KEY) isDuplicate(_r2 RR) bool {
r2, ok := _r2.(*KEY)
if !ok {

110
vendor/github.com/miekg/dns/zmsg.go generated vendored
View File

@@ -32,6 +32,22 @@ func (rr *AFSDB) pack(msg []byte, off int, compression compressionMap, compress
return off, nil
}
func (rr *AMTRELAY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
off, err = packUint8(rr.Precedence, msg, off)
if err != nil {
return off, err
}
off, err = packUint8(rr.GatewayType, msg, off)
if err != nil {
return off, err
}
off, err = packIPSECGateway(rr.GatewayAddr, rr.GatewayHost, msg, off, rr.GatewayType, compression, false)
if err != nil {
return off, err
}
return off, nil
}
func (rr *ANY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
return off, nil
}
@@ -332,6 +348,30 @@ func (rr *HTTPS) pack(msg []byte, off int, compression compressionMap, compress
return off, nil
}
func (rr *IPSECKEY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
off, err = packUint8(rr.Precedence, msg, off)
if err != nil {
return off, err
}
off, err = packUint8(rr.GatewayType, msg, off)
if err != nil {
return off, err
}
off, err = packUint8(rr.Algorithm, msg, off)
if err != nil {
return off, err
}
off, err = packIPSECGateway(rr.GatewayAddr, rr.GatewayHost, msg, off, rr.GatewayType, compression, false)
if err != nil {
return off, err
}
off, err = packStringBase64(rr.PublicKey, msg, off)
if err != nil {
return off, err
}
return off, nil
}
func (rr *KEY) pack(msg []byte, off int, compression compressionMap, compress bool) (off1 int, err error) {
off, err = packUint16(rr.Flags, msg, off)
if err != nil {
@@ -1180,6 +1220,34 @@ func (rr *AFSDB) unpack(msg []byte, off int) (off1 int, err error) {
return off, nil
}
func (rr *AMTRELAY) unpack(msg []byte, off int) (off1 int, err error) {
rdStart := off
_ = rdStart
rr.Precedence, off, err = unpackUint8(msg, off)
if err != nil {
return off, err
}
if off == len(msg) {
return off, nil
}
rr.GatewayType, off, err = unpackUint8(msg, off)
if err != nil {
return off, err
}
if off == len(msg) {
return off, nil
}
if off == len(msg) {
return off, nil
}
rr.GatewayAddr, rr.GatewayHost, off, err = unpackIPSECGateway(msg, off, rr.GatewayType)
if err != nil {
return off, err
}
return off, nil
}
func (rr *ANY) unpack(msg []byte, off int) (off1 int, err error) {
rdStart := off
_ = rdStart
@@ -1636,6 +1704,48 @@ func (rr *HTTPS) unpack(msg []byte, off int) (off1 int, err error) {
return off, nil
}
func (rr *IPSECKEY) unpack(msg []byte, off int) (off1 int, err error) {
rdStart := off
_ = rdStart
rr.Precedence, off, err = unpackUint8(msg, off)
if err != nil {
return off, err
}
if off == len(msg) {
return off, nil
}
rr.GatewayType, off, err = unpackUint8(msg, off)
if err != nil {
return off, err
}
if off == len(msg) {
return off, nil
}
rr.Algorithm, off, err = unpackUint8(msg, off)
if err != nil {
return off, err
}
if off == len(msg) {
return off, nil
}
if off == len(msg) {
return off, nil
}
rr.GatewayAddr, rr.GatewayHost, off, err = unpackIPSECGateway(msg, off, rr.GatewayType)
if err != nil {
return off, err
}
if off == len(msg) {
return off, nil
}
rr.PublicKey, off, err = unpackStringBase64(msg, off, rdStart+int(rr.Hdr.Rdlength))
if err != nil {
return off, err
}
return off, nil
}
func (rr *KEY) unpack(msg []byte, off int) (off1 int, err error) {
rdStart := off
_ = rdStart

453
vendor/github.com/miekg/dns/ztypes.go generated vendored
View File

File diff suppressed because it is too large Load Diff

2
vendor/github.com/open-policy-agent/opa/ast/check.go generated vendored
View File

@@ -93,6 +93,8 @@ func (tc *typeChecker) WithInputType(tpe types.Type) *typeChecker {
return tc
}
// WithAllowUndefinedFunctionCalls sets the type checker to allow references to undefined functions.
// Additionally, the 'CheckUndefinedFuncs' and 'CheckSafetyRuleBodies' compiler stages are skipped.
func (tc *typeChecker) WithAllowUndefinedFunctionCalls(allow bool) *typeChecker {
tc.allowUndefinedFuncs = allow
return tc

2
vendor/github.com/open-policy-agent/opa/ast/compile.go generated vendored
View File

@@ -1585,7 +1585,7 @@ func (c *Compiler) compile() {
}
}
if c.allowUndefinedFuncCalls && s.name == "CheckUndefinedFuncs" {
if c.allowUndefinedFuncCalls && (s.name == "CheckUndefinedFuncs" || s.name == "CheckSafetyRuleBodies") {
continue
}

4737
vendor/github.com/open-policy-agent/opa/capabilities/v0.62.0.json generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

4737
vendor/github.com/open-policy-agent/opa/capabilities/v0.62.1.json generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

53
vendor/github.com/open-policy-agent/opa/internal/errors/join.go generated vendored
View File

@@ -1,53 +0,0 @@
// Copyright 2022 The Go Authors. All rights reserved.
// Use of this source code is governed by a BSD-style
// license that can be found in the LICENSE file.
//go:build !go1.20
package errors
// Join returns an error that wraps the given errors.
// Any nil error values are discarded.
// Join returns nil if errs contains no non-nil values.
// The error formats as the concatenation of the strings obtained
// by calling the Error method of each element of errs, with a newline
// between each string.
func Join(errs ...error) error {
n := 0
for _, err := range errs {
if err != nil {
n++
}
}
if n == 0 {
return nil
}
e := &joinError{
errs: make([]error, 0, n),
}
for _, err := range errs {
if err != nil {
e.errs = append(e.errs, err)
}
}
return e
}
type joinError struct {
errs []error
}
func (e *joinError) Error() string {
var b []byte
for i, err := range e.errs {
if i > 0 {
b = append(b, '\n')
}
b = append(b, err.Error()...)
}
return string(b)
}
func (e *joinError) Unwrap() []error {
return e.errs
}

7
vendor/github.com/open-policy-agent/opa/internal/errors/join_go1.20.go generated vendored
View File

@@ -1,7 +0,0 @@
//go:build go1.20
package errors
import "errors"
var Join = errors.Join

16
vendor/github.com/open-policy-agent/opa/logging/logging.go generated vendored
View File

@@ -126,21 +126,37 @@ func (l *StandardLogger) GetLevel() Level {
// Debug logs at debug level
func (l *StandardLogger) Debug(fmt string, a ...interface{}) {
if len(a) == 0 {
l.logger.WithFields(l.getFields()).Debug(fmt)
return
}
l.logger.WithFields(l.getFields()).Debugf(fmt, a...)
}
// Info logs at info level
func (l *StandardLogger) Info(fmt string, a ...interface{}) {
if len(a) == 0 {
l.logger.WithFields(l.getFields()).Info(fmt)
return
}
l.logger.WithFields(l.getFields()).Infof(fmt, a...)
}
// Error logs at error level
func (l *StandardLogger) Error(fmt string, a ...interface{}) {
if len(a) == 0 {
l.logger.WithFields(l.getFields()).Error(fmt)
return
}
l.logger.WithFields(l.getFields()).Errorf(fmt, a...)
}
// Warn logs at warn level
func (l *StandardLogger) Warn(fmt string, a ...interface{}) {
if len(a) == 0 {
l.logger.WithFields(l.getFields()).Warn(fmt)
return
}
l.logger.WithFields(l.getFields()).Warnf(fmt, a...)
}

2
vendor/github.com/open-policy-agent/opa/plugins/plugins.go generated vendored
View File

@@ -7,6 +7,7 @@ package plugins
import (
"context"
"errors"
"fmt"
mr "math/rand"
"sync"
@@ -24,7 +25,6 @@ import (
"github.com/open-policy-agent/opa/hooks"
bundleUtils "github.com/open-policy-agent/opa/internal/bundle"
cfg "github.com/open-policy-agent/opa/internal/config"
"github.com/open-policy-agent/opa/internal/errors"
initload "github.com/open-policy-agent/opa/internal/runtime/init"
"github.com/open-policy-agent/opa/keys"
"github.com/open-policy-agent/opa/loader"

50
vendor/github.com/open-policy-agent/opa/topdown/http.go generated vendored
View File

@@ -114,42 +114,56 @@ const (
)
func builtinHTTPSend(bctx BuiltinContext, operands []*ast.Term, iter func(*ast.Term) error) error {
req, err := validateHTTPRequestOperand(operands[0], 1)
obj, err := builtins.ObjectOperand(operands[0].Value, 1)
if err != nil {
return handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)
}
raiseError, err := getRaiseErrorValue(req)
raiseError, err := getRaiseErrorValue(obj)
if err != nil {
return handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)
}
req, err := validateHTTPRequestOperand(operands[0], 1)
if err != nil {
if raiseError {
return handleHTTPSendErr(bctx, err)
}
return iter(generateRaiseErrorResult(handleBuiltinErr(ast.HTTPSend.Name, bctx.Location, err)))
}
result, err := getHTTPResponse(bctx, req)
if err != nil {
if raiseError {
return handleHTTPSendErr(bctx, err)
}
obj := ast.NewObject()
obj.Insert(ast.StringTerm("status_code"), ast.IntNumberTerm(0))
errObj := ast.NewObject()
switch err.(type) {
case *url.Error:
errObj.Insert(ast.StringTerm("code"), ast.StringTerm(HTTPSendNetworkErr))
default:
errObj.Insert(ast.StringTerm("code"), ast.StringTerm(HTTPSendInternalErr))
}
errObj.Insert(ast.StringTerm("message"), ast.StringTerm(err.Error()))
obj.Insert(ast.StringTerm("error"), ast.NewTerm(errObj))
result = ast.NewTerm(obj)
result = generateRaiseErrorResult(err)
}
return iter(result)
}
func generateRaiseErrorResult(err error) *ast.Term {
obj := ast.NewObject()
obj.Insert(ast.StringTerm("status_code"), ast.IntNumberTerm(0))
errObj := ast.NewObject()
switch err.(type) {
case *url.Error:
errObj.Insert(ast.StringTerm("code"), ast.StringTerm(HTTPSendNetworkErr))
default:
errObj.Insert(ast.StringTerm("code"), ast.StringTerm(HTTPSendInternalErr))
}
errObj.Insert(ast.StringTerm("message"), ast.StringTerm(err.Error()))
obj.Insert(ast.StringTerm("error"), ast.NewTerm(errObj))
return ast.NewTerm(obj)
}
func getHTTPResponse(bctx BuiltinContext, req ast.Object) (*ast.Term, error) {
bctx.Metrics.Timer(httpSendLatencyMetricKey).Start()

2
vendor/github.com/open-policy-agent/opa/version/version.go generated vendored
View File

@@ -11,7 +11,7 @@ import (
)
// Version is the canonical version of OPA.
var Version = "0.61.0"
var Version = "0.62.1"
// GoVersion is the version of Go this was built with
var GoVersion = runtime.Version()

8
vendor/github.com/open-policy-agent/opa/version/version_go1.18.go generated vendored
View File

@@ -1,8 +0,0 @@
// Copyright 2022 The OPA Authors. All rights reserved.
// Use of this source code is governed by an Apache2
// license that can be found in the LICENSE file.
//go:build go1.18
// +build go1.18
package version