From dcb10b17278eaf0f58b8160aecb143024fc03a8a Mon Sep 17 00:00:00 2001 From: Denis Mishin Date: Fri, 21 Mar 2025 14:26:47 -0400 Subject: [PATCH] core/envoyconfig: make adding ipv6 addresses to internal cidr list conditional on ipv6 support on the system (#5538) (#5539) --- config/envoyconfig/acmetlsalpn_test.go | 4 +-- config/envoyconfig/bootstrap_test.go | 12 +++---- config/envoyconfig/builder.go | 23 +++++++------ config/envoyconfig/clusters_test.go | 8 ++--- config/envoyconfig/filters.go | 4 +-- config/envoyconfig/http_connection_manager.go | 32 +++++++++++-------- config/envoyconfig/listeners_envoy_admin.go | 2 +- config/envoyconfig/listeners_grpc.go | 2 +- config/envoyconfig/listeners_main.go | 2 +- config/envoyconfig/listeners_main_test.go | 2 +- config/envoyconfig/listeners_metrics.go | 2 +- config/envoyconfig/listeners_test.go | 6 ++-- config/envoyconfig/outbound.go | 2 +- config/envoyconfig/outbound_test.go | 2 +- .../envoyconfig/route_configurations_test.go | 2 +- .../main_http_connection_manager_filter.json | 8 ++--- .../metrics_http_connection_manager.json | 8 ++--- config/envoyconfig/tls_test.go | 2 +- go.mod | 10 +++--- go.sum | 24 +++++++------- internal/controlplane/server.go | 2 ++ pkg/envoy/resource_monitor_test.go | 2 +- 22 files changed, 86 insertions(+), 75 deletions(-) diff --git a/config/envoyconfig/acmetlsalpn_test.go b/config/envoyconfig/acmetlsalpn_test.go index 9af05afc3..33a3455e8 100644 --- a/config/envoyconfig/acmetlsalpn_test.go +++ b/config/envoyconfig/acmetlsalpn_test.go @@ -8,7 +8,7 @@ import ( ) func TestBuilder_buildACMETLSALPNCluster(t *testing.T) { - b := New("local-grpc", "local-http", "local-metrics", nil, nil) + b := New("local-grpc", "local-http", "local-metrics", nil, nil, true) testutil.AssertProtoJSONEqual(t, `{ "name": "pomerium-acme-tls-alpn", @@ -34,7 +34,7 @@ func TestBuilder_buildACMETLSALPNCluster(t *testing.T) { } func TestBuilder_buildACMETLSALPNFilterChain(t *testing.T) { - b := New("local-grpc", "local-http", "local-metrics", nil, nil) + b := New("local-grpc", "local-http", "local-metrics", nil, nil, true) testutil.AssertProtoJSONEqual(t, `{ "filterChainMatch": { diff --git a/config/envoyconfig/bootstrap_test.go b/config/envoyconfig/bootstrap_test.go index b90539c93..ab06b65a1 100644 --- a/config/envoyconfig/bootstrap_test.go +++ b/config/envoyconfig/bootstrap_test.go @@ -13,7 +13,7 @@ import ( func TestBuilder_BuildBootstrapAdmin(t *testing.T) { t.Setenv("TMPDIR", "/tmp") - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) t.Run("valid", func(t *testing.T) { adminCfg, err := b.BuildBootstrapAdmin(&config.Config{ Options: &config.Options{ @@ -35,7 +35,7 @@ func TestBuilder_BuildBootstrapAdmin(t *testing.T) { } func TestBuilder_BuildBootstrapLayeredRuntime(t *testing.T) { - b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil) + b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true) staticCfg, err := b.BuildBootstrapLayeredRuntime(context.Background(), &config.Config{}) assert.NoError(t, err) testutil.AssertProtoJSONEqual(t, ` @@ -61,7 +61,7 @@ func TestBuilder_BuildBootstrapLayeredRuntime(t *testing.T) { func TestBuilder_BuildBootstrapStaticResources(t *testing.T) { t.Run("valid", func(t *testing.T) { - b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil) + b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true) staticCfg, err := b.BuildBootstrapStaticResources(context.Background(), &config.Config{}, false) assert.NoError(t, err) testutil.AssertProtoJSONEqual(t, ` @@ -105,14 +105,14 @@ func TestBuilder_BuildBootstrapStaticResources(t *testing.T) { `, staticCfg) }) t.Run("bad gRPC address", func(t *testing.T) { - b := New("xyz:zyx", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil) + b := New("xyz:zyx", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true) _, err := b.BuildBootstrapStaticResources(context.Background(), &config.Config{}, false) assert.Error(t, err) }) } func TestBuilder_BuildBootstrapStatsConfig(t *testing.T) { - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) t.Run("valid", func(t *testing.T) { statsCfg, err := b.BuildBootstrapStatsConfig(&config.Config{ Options: &config.Options{ @@ -132,7 +132,7 @@ func TestBuilder_BuildBootstrapStatsConfig(t *testing.T) { } func TestBuilder_BuildBootstrap(t *testing.T) { - b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil) + b := New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true) t.Run("OverloadManager", func(t *testing.T) { bootstrap, err := b.BuildBootstrap(context.Background(), &config.Config{ Options: &config.Options{ diff --git a/config/envoyconfig/builder.go b/config/envoyconfig/builder.go index 5fbb30551..621d78c56 100644 --- a/config/envoyconfig/builder.go +++ b/config/envoyconfig/builder.go @@ -7,11 +7,12 @@ import ( // A Builder builds envoy config from pomerium config. type Builder struct { - localGRPCAddress string - localHTTPAddress string - localMetricsAddress string - filemgr *filemgr.Manager - reproxy *reproxy.Handler + localGRPCAddress string + localHTTPAddress string + localMetricsAddress string + filemgr *filemgr.Manager + reproxy *reproxy.Handler + addIPV6InternalRanges bool } // New creates a new Builder. @@ -21,15 +22,17 @@ func New( localMetricsAddress string, fileManager *filemgr.Manager, reproxyHandler *reproxy.Handler, + addIPV6InternalRanges bool, ) *Builder { if reproxyHandler == nil { reproxyHandler = reproxy.New() } return &Builder{ - localGRPCAddress: localGRPCAddress, - localHTTPAddress: localHTTPAddress, - localMetricsAddress: localMetricsAddress, - filemgr: fileManager, - reproxy: reproxyHandler, + localGRPCAddress: localGRPCAddress, + localHTTPAddress: localHTTPAddress, + localMetricsAddress: localMetricsAddress, + filemgr: fileManager, + reproxy: reproxyHandler, + addIPV6InternalRanges: addIPV6InternalRanges, } } diff --git a/config/envoyconfig/clusters_test.go b/config/envoyconfig/clusters_test.go index 91ed0828a..0bd18472c 100644 --- a/config/envoyconfig/clusters_test.go +++ b/config/envoyconfig/clusters_test.go @@ -27,7 +27,7 @@ func Test_BuildClusters(t *testing.T) { opts := config.NewDefaultOptions() ctx := context.Background() - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) clusters, err := b.BuildClusters(ctx, &config.Config{Options: opts}) require.NoError(t, err) testutil.AssertProtoJSONFileEqual(t, "testdata/clusters.json", clusters) @@ -38,7 +38,7 @@ func Test_buildPolicyTransportSocket(t *testing.T) { cacheDir, _ := os.UserCacheDir() customCA := filepath.Join(cacheDir, "pomerium", "envoy", "files", "custom-ca-3133535332543131503345494c.pem") - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) rootCABytes, _ := getCombinedCertificateAuthority(ctx, &config.Config{Options: &config.Options{}}) rootCA := b.filemgr.BytesDataSource("ca.pem", rootCABytes).GetFilename() @@ -517,7 +517,7 @@ func Test_buildPolicyTransportSocket(t *testing.T) { func Test_buildCluster(t *testing.T) { ctx := context.Background() - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) rootCABytes, _ := getCombinedCertificateAuthority(ctx, &config.Config{Options: &config.Options{}}) rootCA := b.filemgr.BytesDataSource("ca.pem", rootCABytes).GetFilename() o1 := config.NewDefaultOptions() @@ -1012,7 +1012,7 @@ func Test_bindConfig(t *testing.T) { ctx, clearTimeout := context.WithTimeout(context.Background(), time.Second*10) defer clearTimeout() - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) t.Run("no bind config", func(t *testing.T) { cluster, err := b.buildPolicyCluster(ctx, &config.Config{Options: &config.Options{}}, &config.Policy{ From: "https://from.example.com", diff --git a/config/envoyconfig/filters.go b/config/envoyconfig/filters.go index e4c593b5e..594c99512 100644 --- a/config/envoyconfig/filters.go +++ b/config/envoyconfig/filters.go @@ -44,10 +44,10 @@ func ExtAuthzFilter(grpcClientTimeout *durationpb.Duration) *envoy_extensions_fi } // HTTPConnectionManagerFilter creates a new HTTP connection manager filter. -func HTTPConnectionManagerFilter( +func (b *Builder) HTTPConnectionManagerFilter( httpConnectionManager *envoy_extensions_filters_network_http_connection_manager.HttpConnectionManager, ) *envoy_config_listener_v3.Filter { - applyGlobalHTTPConnectionManagerOptions(httpConnectionManager) + b.applyGlobalHTTPConnectionManagerOptions(httpConnectionManager) return &envoy_config_listener_v3.Filter{ Name: "envoy.filters.network.http_connection_manager", ConfigType: &envoy_config_listener_v3.Filter_TypedConfig{ diff --git a/config/envoyconfig/http_connection_manager.go b/config/envoyconfig/http_connection_manager.go index 78d37ae5e..4f9f34ba7 100644 --- a/config/envoyconfig/http_connection_manager.go +++ b/config/envoyconfig/http_connection_manager.go @@ -128,23 +128,29 @@ func (b *Builder) buildLocalReplyConfig( }, nil } -func applyGlobalHTTPConnectionManagerOptions(hcm *envoy_http_connection_manager.HttpConnectionManager) { +func (b *Builder) applyGlobalHTTPConnectionManagerOptions(hcm *envoy_http_connection_manager.HttpConnectionManager) { if hcm.InternalAddressConfig == nil { - // see doc comment on InternalAddressConfig for details - hcm.InternalAddressConfig = &envoy_http_connection_manager.HttpConnectionManager_InternalAddressConfig{ - CidrRanges: []*envoy_config_core_v3.CidrRange{ - // localhost - {AddressPrefix: "127.0.0.1", PrefixLen: wrapperspb.UInt32(32)}, + ranges := []*envoy_config_core_v3.CidrRange{ + // localhost + {AddressPrefix: "127.0.0.1", PrefixLen: wrapperspb.UInt32(32)}, + + // RFC1918 + {AddressPrefix: "10.0.0.0", PrefixLen: wrapperspb.UInt32(8)}, + {AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(16)}, + {AddressPrefix: "172.16.0.0", PrefixLen: wrapperspb.UInt32(12)}, + } + if b.addIPV6InternalRanges { + ranges = append(ranges, []*envoy_config_core_v3.CidrRange{ + // Localhost IPv6 {AddressPrefix: "::1", PrefixLen: wrapperspb.UInt32(128)}, - - // RFC1918 - {AddressPrefix: "10.0.0.0", PrefixLen: wrapperspb.UInt32(8)}, - {AddressPrefix: "192.168.0.0", PrefixLen: wrapperspb.UInt32(16)}, - {AddressPrefix: "172.16.0.0", PrefixLen: wrapperspb.UInt32(12)}, - // RFC4193 {AddressPrefix: "fd00::", PrefixLen: wrapperspb.UInt32(8)}, - }, + }...) + } + + // see doc comment on InternalAddressConfig for details + hcm.InternalAddressConfig = &envoy_http_connection_manager.HttpConnectionManager_InternalAddressConfig{ + CidrRanges: ranges, } } } diff --git a/config/envoyconfig/listeners_envoy_admin.go b/config/envoyconfig/listeners_envoy_admin.go index f2bffb611..96f95bfe2 100644 --- a/config/envoyconfig/listeners_envoy_admin.go +++ b/config/envoyconfig/listeners_envoy_admin.go @@ -51,7 +51,7 @@ func (b *Builder) buildEnvoyAdminHTTPConnectionManagerFilter() *envoy_config_lis }, }}) - return HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{ + return b.HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{ CodecType: envoy_http_connection_manager.HttpConnectionManager_AUTO, StatPrefix: "envoy-admin", RouteSpecifier: &envoy_http_connection_manager.HttpConnectionManager_RouteConfig{ diff --git a/config/envoyconfig/listeners_grpc.go b/config/envoyconfig/listeners_grpc.go index 2f92b3de1..5a8295cdd 100644 --- a/config/envoyconfig/listeners_grpc.go +++ b/config/envoyconfig/listeners_grpc.go @@ -98,7 +98,7 @@ func (b *Builder) buildGRPCHTTPConnectionManagerFilter() *envoy_config_listener_ Routes: routes, }}) - return HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{ + return b.HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{ CodecType: envoy_http_connection_manager.HttpConnectionManager_AUTO, StatPrefix: "grpc_ingress", // limit request first byte to last byte time diff --git a/config/envoyconfig/listeners_main.go b/config/envoyconfig/listeners_main.go index 04d2b0ca2..875cc3357 100644 --- a/config/envoyconfig/listeners_main.go +++ b/config/envoyconfig/listeners_main.go @@ -233,7 +233,7 @@ func (b *Builder) buildMainHTTPConnectionManagerFilter( } } - return HTTPConnectionManagerFilter(mgr), nil + return b.HTTPConnectionManagerFilter(mgr), nil } func newListenerAccessLog() *envoy_config_accesslog_v3.AccessLog { diff --git a/config/envoyconfig/listeners_main_test.go b/config/envoyconfig/listeners_main_test.go index 0a77de4a3..f39d98415 100644 --- a/config/envoyconfig/listeners_main_test.go +++ b/config/envoyconfig/listeners_main_test.go @@ -12,7 +12,7 @@ import ( ) func Test_requireProxyProtocol(t *testing.T) { - b := New("local-grpc", "local-http", "local-metrics", nil, nil) + b := New("local-grpc", "local-http", "local-metrics", nil, nil, true) t.Run("required", func(t *testing.T) { li, err := b.buildMainListener(context.Background(), &config.Config{Options: &config.Options{ UseProxyProtocol: true, diff --git a/config/envoyconfig/listeners_metrics.go b/config/envoyconfig/listeners_metrics.go index 5ceff5af1..2488dbc7a 100644 --- a/config/envoyconfig/listeners_metrics.go +++ b/config/envoyconfig/listeners_metrics.go @@ -121,7 +121,7 @@ func (b *Builder) buildMetricsHTTPConnectionManagerFilter() *envoy_config_listen }, }}) - return HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{ + return b.HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{ CodecType: envoy_http_connection_manager.HttpConnectionManager_AUTO, StatPrefix: "metrics", RouteSpecifier: &envoy_http_connection_manager.HttpConnectionManager_RouteConfig{ diff --git a/config/envoyconfig/listeners_test.go b/config/envoyconfig/listeners_test.go index a5a40c8bb..03b740f07 100644 --- a/config/envoyconfig/listeners_test.go +++ b/config/envoyconfig/listeners_test.go @@ -51,7 +51,7 @@ func TestBuildListeners(t *testing.T) { OutboundPort: "10003", MetricsPort: "10004", } - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) t.Run("enable grpc by default", func(t *testing.T) { cfg := cfg.Clone() lis, err := b.BuildListeners(ctx, cfg, false) @@ -125,7 +125,7 @@ func Test_buildMetricsHTTPConnectionManagerFilter(t *testing.T) { certFileName := filepath.Join(cacheDir, "pomerium", "envoy", "files", "tls-crt-5a353247453159375849565a.pem") keyFileName := filepath.Join(cacheDir, "pomerium", "envoy", "files", "tls-key-3159554e32473758435257364b.pem") - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) li, err := b.buildMetricsListener(&config.Config{ Options: &config.Options{ MetricsAddr: "127.0.0.1:9902", @@ -143,7 +143,7 @@ func Test_buildMetricsHTTPConnectionManagerFilter(t *testing.T) { } func Test_buildMainHTTPConnectionManagerFilter(t *testing.T) { - b := New("local-grpc", "local-http", "local-metrics", nil, nil) + b := New("local-grpc", "local-http", "local-metrics", nil, nil, true) options := config.NewDefaultOptions() options.SkipXffAppend = true diff --git a/config/envoyconfig/outbound.go b/config/envoyconfig/outbound.go index fbab8c0d5..56d238e0a 100644 --- a/config/envoyconfig/outbound.go +++ b/config/envoyconfig/outbound.go @@ -42,7 +42,7 @@ func (b *Builder) buildOutboundListener(cfg *config.Config) (*envoy_config_liste func (b *Builder) buildOutboundHTTPConnectionManager() *envoy_config_listener_v3.Filter { rc := b.buildOutboundRouteConfiguration() - return HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{ + return b.HTTPConnectionManagerFilter(&envoy_http_connection_manager.HttpConnectionManager{ CodecType: envoy_http_connection_manager.HttpConnectionManager_AUTO, StatPrefix: "grpc_egress", // limit request first byte to last byte time diff --git a/config/envoyconfig/outbound_test.go b/config/envoyconfig/outbound_test.go index 3c7233f7a..36a6c40b7 100644 --- a/config/envoyconfig/outbound_test.go +++ b/config/envoyconfig/outbound_test.go @@ -7,7 +7,7 @@ import ( ) func Test_buildOutboundRoutes(t *testing.T) { - b := New("local-grpc", "local-http", "local-metrics", nil, nil) + b := New("local-grpc", "local-http", "local-metrics", nil, nil, true) routes := b.buildOutboundRoutes() testutil.AssertProtoJSONEqual(t, `[ { diff --git a/config/envoyconfig/route_configurations_test.go b/config/envoyconfig/route_configurations_test.go index a0cbef8f6..b5f61709e 100644 --- a/config/envoyconfig/route_configurations_test.go +++ b/config/envoyconfig/route_configurations_test.go @@ -32,7 +32,7 @@ func TestBuilder_buildMainRouteConfiguration(t *testing.T) { }, }, }} - b := New("grpc", "http", "metrics", filemgr.NewManager(), nil) + b := New("grpc", "http", "metrics", filemgr.NewManager(), nil, true) routeConfiguration, err := b.buildMainRouteConfiguration(ctx, cfg) assert.NoError(t, err) testutil.AssertProtoJSONEqual(t, `{ diff --git a/config/envoyconfig/testdata/main_http_connection_manager_filter.json b/config/envoyconfig/testdata/main_http_connection_manager_filter.json index baa435d2b..e95e56803 100644 --- a/config/envoyconfig/testdata/main_http_connection_manager_filter.json +++ b/config/envoyconfig/testdata/main_http_connection_manager_filter.json @@ -231,10 +231,6 @@ "addressPrefix": "127.0.0.1", "prefixLen": 32 }, - { - "addressPrefix": "::1", - "prefixLen": 128 - }, { "addressPrefix": "10.0.0.0", "prefixLen": 8 @@ -247,6 +243,10 @@ "addressPrefix": "172.16.0.0", "prefixLen": 12 }, + { + "addressPrefix": "::1", + "prefixLen": 128 + }, { "addressPrefix": "fd00::", "prefixLen": 8 diff --git a/config/envoyconfig/testdata/metrics_http_connection_manager.json b/config/envoyconfig/testdata/metrics_http_connection_manager.json index f1123d42c..bdd5e7a3b 100644 --- a/config/envoyconfig/testdata/metrics_http_connection_manager.json +++ b/config/envoyconfig/testdata/metrics_http_connection_manager.json @@ -61,10 +61,6 @@ "addressPrefix": "127.0.0.1", "prefixLen": 32 }, - { - "addressPrefix": "::1", - "prefixLen": 128 - }, { "addressPrefix": "10.0.0.0", "prefixLen": 8 @@ -77,6 +73,10 @@ "addressPrefix": "172.16.0.0", "prefixLen": 12 }, + { + "addressPrefix": "::1", + "prefixLen": 128 + }, { "addressPrefix": "fd00::", "prefixLen": 8 diff --git a/config/envoyconfig/tls_test.go b/config/envoyconfig/tls_test.go index f5652a218..0abb09d33 100644 --- a/config/envoyconfig/tls_test.go +++ b/config/envoyconfig/tls_test.go @@ -82,7 +82,7 @@ func TestValidateCertificate(t *testing.T) { } func Test_buildDownstreamTLSContext(t *testing.T) { - b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil) + b := New("local-grpc", "local-http", "local-metrics", filemgr.NewManager(), nil, true) cacheDir, _ := os.UserCacheDir() clientCAFileName := filepath.Join(cacheDir, "pomerium", "envoy", "files", "client-ca-4e4c564e5a36544a4a33385a.pem") diff --git a/go.mod b/go.mod index 215178106..94464482b 100644 --- a/go.mod +++ b/go.mod @@ -88,11 +88,11 @@ require ( go.uber.org/automaxprocs v1.6.0 go.uber.org/mock v0.5.0 go.uber.org/zap v1.27.0 - golang.org/x/crypto v0.33.0 - golang.org/x/net v0.35.0 + golang.org/x/crypto v0.36.0 + golang.org/x/net v0.37.0 golang.org/x/oauth2 v0.27.0 - golang.org/x/sync v0.11.0 - golang.org/x/sys v0.30.0 + golang.org/x/sync v0.12.0 + golang.org/x/sys v0.31.0 golang.org/x/time v0.10.0 google.golang.org/api v0.223.0 google.golang.org/genproto/googleapis/rpc v0.0.0-20250219182151-9fdb1cabc7b2 @@ -239,7 +239,7 @@ require ( go.uber.org/zap/exp v0.3.0 // indirect golang.org/x/exp v0.0.0-20240808152545-0cdaa3abc0fa // indirect golang.org/x/mod v0.20.0 // indirect - golang.org/x/text v0.22.0 // indirect + golang.org/x/text v0.23.0 // indirect golang.org/x/tools v0.24.0 // indirect google.golang.org/genproto v0.0.0-20241118233622-e639e219e697 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250115164207-1a7da9e5054f // indirect diff --git a/go.sum b/go.sum index b6c3c5d8d..7595b3557 100644 --- a/go.sum +++ b/go.sum @@ -750,8 +750,8 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.19.0/go.mod h1:Iy9bg/ha4yyC70EfRS8jz+B6ybOBKMaSxLj6P6oBDfU= -golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus= -golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M= +golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34= +golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -827,8 +827,8 @@ golang.org/x/net v0.0.0-20220225172249-27dd8689420f/go.mod h1:CfG3xpIq0wQ8r1q4Su golang.org/x/net v0.0.0-20220722155237-a158d28d115b/go.mod h1:XRhObCWvk6IyKnWLug+ECip1KBveYUHfp+8e9klMJ9c= golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs= golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg= -golang.org/x/net v0.35.0 h1:T5GQRQb2y08kTAByq9L4/bz8cipCdA8FbRTXewonqY8= -golang.org/x/net v0.35.0/go.mod h1:EglIi67kWsHKlRzzVMUD93VMSWGFOMSZgxFjparz1Qk= +golang.org/x/net v0.37.0 h1:1zLorHbz+LYj7MQlSf1+2tPIIgibq2eL5xkrGk6f+2c= +golang.org/x/net v0.37.0/go.mod h1:ivrbrMbzFq5J41QOQh0siUuly180yBYtLp+CKbEaFx8= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -851,8 +851,8 @@ golang.org/x/sync v0.0.0-20201207232520-09787c993a3a/go.mod h1:RxMgew5VJxzue5/jJ golang.org/x/sync v0.0.0-20220601150217-0de741cfad7f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= -golang.org/x/sync v0.11.0 h1:GGz8+XQP4FvTTrjZPzNKTMFtSXH80RAzG+5ghFPgK9w= -golang.org/x/sync v0.11.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/sync v0.12.0 h1:MHc5BpPuC30uJk597Ri8TV3CNZcTLu6B6z4lJy+g6Jw= +golang.org/x/sync v0.12.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA= golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY= @@ -912,15 +912,15 @@ golang.org/x/sys v0.8.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.14.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc= -golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik= +golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo= golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= -golang.org/x/term v0.29.0 h1:L6pJp37ocefwRRtYPKSWOWzOtWSxVajvz2ldH/xi3iU= -golang.org/x/term v0.29.0/go.mod h1:6bl4lRlvVuDgSf3179VpIxBF0o10JUpXWOnI7nErv7s= +golang.org/x/term v0.30.0 h1:PQ39fJZ+mfadBm0y5WlL4vlM7Sx1Hgf13sMIY2+QS9Y= +golang.org/x/term v0.30.0/go.mod h1:NYYFdzHoI5wRh/h5tDMdMqCqPJZEuNqVR5xJLd/n67g= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -931,8 +931,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8= golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8= golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= -golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM= -golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY= +golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY= +golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4= golang.org/x/time v0.0.0-20181108054448-85acf8d2951c/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20190308202827-9d24e82272b4/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/time v0.0.0-20191024005414-555d28b269f0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= diff --git a/internal/controlplane/server.go b/internal/controlplane/server.go index 96bf1f3d4..9de4e29f4 100644 --- a/internal/controlplane/server.go +++ b/internal/controlplane/server.go @@ -13,6 +13,7 @@ import ( "github.com/rs/zerolog" "go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc" coltracepb "go.opentelemetry.io/proto/otlp/collector/trace/v1" + "golang.org/x/net/nettest" "golang.org/x/sync/errgroup" "google.golang.org/grpc" "google.golang.org/grpc/health/grpc_health_v1" @@ -177,6 +178,7 @@ func NewServer( srv.MetricsListener.Addr().String(), srv.filemgr, srv.reproxy, + nettest.SupportsIPv6(), ) res, err := srv.buildDiscoveryResources(ctx) diff --git a/pkg/envoy/resource_monitor_test.go b/pkg/envoy/resource_monitor_test.go index 8210f84e3..16581d63f 100644 --- a/pkg/envoy/resource_monitor_test.go +++ b/pkg/envoy/resource_monitor_test.go @@ -713,7 +713,7 @@ func TestSharedResourceMonitor(t *testing.T) { } func TestBootstrapConfig(t *testing.T) { - b := envoyconfig.New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil) + b := envoyconfig.New("localhost:1111", "localhost:2222", "localhost:3333", filemgr.NewManager(), nil, true) testEnvoyPid := 99 tempDir := t.TempDir() monitor, err := NewSharedResourceMonitor(context.Background(), config.NewStaticSource(nil), tempDir, WithCgroupDriver(&cgroupV2Driver{