Package test is a generated protocol buffer package.

ApplyJSON unmarshals a JSON string into a proto message.

ApplyMeshConfigDefaults returns a new MeshConfig decoded from the input YAML with defaults applied to omitted configuration values.

ApplyYAML unmarshals a YAML string into a proto message.

BuildDNSSrvSubsetKey generates a unique string referencing service instances for a given service name, a subset and a port.

BuildSubsetKey generates a unique string referencing service instances for a given service name, a subset and a port.

ConstructSdsSecretConfig constructs SDS Sececret Configuration for workload proxy.

ConstructSdsSecretConfig constructs SDS secret configuration for ingress gateway.

ConstructValidationContext constructs ValidationContext in CommonTlsContext.

ConvertToSidecarScope converts from Sidecar config to SidecarScope object.

DefaultMeshConfig configuration.

DefaultProxyConfig for individual proxies.

DefaultSidecarScope is a sidecar scope object with a default catch all egress listener that matches the default Istio behavior: a sidecar has listeners for all services in the mesh We use this scope when the user has not set any sidecar Config for a given config namespace.

EmptyMeshNetworks configuration with no networks.

GetConsolidateAuthenticationPolicy returns the authentication policy for service specified by hostname and port, if defined.

GetNetworkView returns the networks that the proxy requested.

GetOrDefaultFromMap returns either the value found for key or the default value if the map is nil or does not contain the key.

GetProxyConfigNamespace extracts the namespace associated with the proxy from the proxy metadata or the proxy ID.

GetTraceConfig returns configured TraceConfig.

HostnamesForNamespace returns the subset of hosts that are in the specified namespace.

IsApplicationNodeType verifies that the NodeType is one of the declared constants in the model.

IsDNS1123Label tests for a string that conforms to the definition of a label in DNS (RFC 1123).

IsHTTPServer returns true if this server is using HTTP or HTTPS with termination.

IsPassThroughServer returns true if this server does TLS passthrough (auto or manual).

IsTLSServer returns true if this server is non HTTP, with some TLS settings for termination/passthrough.

IsValidSubsetKey checks if a string is valid for subset key parsing.

IsWildcardDNS1123Label tests for a string that conforms to the definition of a label in DNS (RFC 1123), but allows the wildcard label (`*`), and typical labels with a leading astrisk instead of alphabetic character (e.g.

Key function for the configuration objects.

LoadMeshNetworksConfig returns a new MeshNetworks decoded from the input YAML.

MakeIstioStore creates a wrapper around a store.

MatchesDestHost returns true if the service instance matches the given IstioService ex: binding host(details.istio-system.svc.cluster.local) ?= instance(reviews.default.svc.cluster.local).

MergeGateways combines multiple gateways targeting the same workload into a single logical Gateway.

MostSpecificHostMatch compares the elements of the stack to the needle, and returns the longest stack element matching the needle, or false if no element in the stack matches the needle.

NewAuthzPolicies returns the AuthorizationPolicies constructed from raw authorization policies by storing policies into different namespaces.

NewPushContext creates a new PushContext structure to track push status.

ParseJwksURI parses the input URI and returns the corresponding hostname, port, and whether SSL is used.

ParseLabelsString extracts labels from a string.

ParseMetadata parses the opaque Metadata from an Envoy Node into string key-value pairs.

ParsePort extracts port number from a valid proxy address.

ParseProtocol from string ignoring case.

ParseServiceKey is the inverse of the Service.String() method Deprecated.

ParseServiceNodeWithMetadata parse the Envoy Node from the string generated by ServiceNode fuction and the metadata.

ParseSubsetKey is the inverse of the BuildSubsetKey method.

ResolveHostname produces a FQDN based on either the service or a concat of the namespace + domain Deprecated.

ResolveShortnameToFQDN uses metadata information to resolve a reference to shortname of the service to FQDN.

ServiceKey generates a service key for a collection of ports and labels Deprecated Interface wants to turn `Hostname` into `fmt.Stringer`, completely defeating the purpose of the type alias.

SortHTTPAPISpec sorts a slice in a stable manner.

SortQuotaSpec sorts a slice in a stable manner.

StringsToHostnames converts a slice of host name strings to type Hostnames.

ToJSON marshals a proto to canonical JSON.

ToJSONMap converts a proto message to a generic map using canonical JSON encoding JSON encoding is specified here: https://developers.google.com/protocol-buffers/docs/proto3#json.

ToJSONWithIndent marshals a proto to canonical JSON with pretty printed string.

ToYAML marshals a proto to canonical YAML.

ValidateAuthenticationPolicy checks that AuthenticationPolicy is well-formed.

ValidateClusterRbacConfig checks that ClusterRbacConfig is well-formed.

ValidateConnectTimeout validates the envoy conncection timeout.

ValidateDatadogCollector validates the configuration for sending envoy spans to Datadog.

ValidateDestinationRule checks proxy policies.

ValidateDuration checks that a proto duration is well-formed.

ValidateDurationGogo checks that a gogo proto duration is well-formed.

ValidateDurationRange verifies range is in specified duration.

ValidateEnvoyFilter checks envoy filter config supplied by user.

ValidateFQDN checks a fully-qualified domain name.

ValidateGateway checks gateway specifications.

ValidateGogoDuration validates the variant of duration.

ValidateHTTPAPISpec checks that HTTPAPISpec is well-formed.

ValidateHTTPAPISpecBinding checks that HTTPAPISpecBinding is well-formed.

ValidateHTTPHeaderName validates a header name.

ValidateIPv4Address validates that a string in "CIDR notation" or "Dot-decimal notation".

ValidateIPv4Subnet checks that a string is in "CIDR notation" or "Dot-decimal notation".

ValidateLightstepCollector validates the configuration for sending envoy spans to LightStep.

ValidateMeshConfig checks that the mesh config is well-formed.

ValidateMixerAttributes checks that Mixer attributes is well-formed.

ValidateMixerService checks for validity of a service reference.

ValidateNetworkEndpointAddress checks the Address field of a NetworkEndpoint.

ValidateParentAndDrain checks that parent and drain durations are valid.

ValidatePercent checks that percent is in range.

ValidatePort checks that the network port is in range.

ValidateProxyAddress checks that a network address is well-formed.

ValidateProxyConfig checks that the mesh config is well-formed.

ValidateQuotaSpec checks that Quota is well-formed.

ValidateQuotaSpecBinding checks that QuotaSpecBinding is well-formed.

ValidateRbacConfig checks that RbacConfig is well-formed.

ValidateServiceEntry validates a service entry.

ValidateServiceRole checks that ServiceRole is well-formed.

ValidateServiceRoleBinding checks that ServiceRoleBinding is well-formed.

ValidateSidecar checks sidecar config supplied by user.

ValidateUnixAddress validates that the string is a valid unix domain socket path.

ValidateVirtualService checks that a v1alpha3 route rule is well-formed.

ValidateWildcardDomain checks that a domain is a valid FQDN, but also allows wildcard prefixes.

ValidateZipkinCollector validates the configuration for sending envoy spans to Zipkin.

AddressFamilyTCP represents an address that connects to a TCP endpoint.

AddressFamilyUnix represents an address that connects to a Unix Domain Socket.

AuthCertsPath is the path location for mTLS certificates.

BinaryPathFilename envoy binary location.

CertChainFilename is mTLS chain file.

ClientSideLB implies that the proxy will decide the endpoint from its local lb pool.

ConfigPathDir config directory for storing envoy json config files.

DefaultAuthenticationPolicyName is the name of the cluster-scoped authentication policy.

DefaultServerCertChain is the default path to the mTLS chain file.

DefaultServerKey is the default path to the mTLS private key file.

DefaultRbacConfigName is the name of the mesh global RbacConfig name.

DefaultRootCert is the default path to the mTLS root cert file.

DiscoveryPlainAddress discovery IP address:port with plain text.

DNSLB implies that the proxy will resolve a DNS address and forward to the resolved address.

EventAdd is sent when an object is added.

EventDelete is sent when an object is deleted Captures the object at the last known state.

EventUpdate is sent when an object is modified Captures the modified object.

Ingress type is used for cluster ingress proxies.

IngressCertFilename is the ingress cert file name.

IngressCertsPath is the path location for ingress certificates.

IngressGatewaySdsCaSuffix is the suffix of the sds resource name for root CA.

IngressGatewaySdsUdsPath is the UDS path for ingress gateway to get credentials via SDS.

IngressKeyFilename is the ingress private key file name.

InterceptionNone indicates that the workload is not using IPtables for traffic interception.

InterceptionRedirect implies traffic intercepted by IPtables with REDIRECT mode This is our default mode.

InterceptionTproxy implies traffic intercepted by IPtables with TPROXY mode.

IstioAPIGroupDomain defines API group domain of all Istio configuration resources.

IstioDefaultConfigNamespace constant for default namespace.

IstioIngressGatewayName is the internal gateway name assigned to ingress.

IstioIngressNamespace is the namespace where Istio ingress controller is deployed.

IstioMeshGateway is the built in gateway for all sidecars.

IstioSystemNamespace is the namespace where Istio's components are deployed.

JwtPubKeyEvictionDuration is the life duration for cached item.

JwtPubKeyExpireDuration is the expire duration for JWT public key in the cache.

JwtPubKeyRefreshInterval is the running interval of JWT pubKey refresh job.

K8sSAJwtFileName is the token volume mount file name for k8s jwt token.

K8sSATrustworthyJwtFileName is the token volume mount file name for k8s trustworthy jwt token.

KeyFilename is mTLS private key.

LocalityLabel indicates the region/zone/subzone of an instance.

NamespaceAll is a designated symbol for listing across all namespaces.

NodeMetadataConfigNamespace is the name of the metadata variable that carries info about the config namespace associated with the proxy.

NodeMetadataHTTP10 indicates the application behind the sidecar is making outbound http requests with HTTP/1.0 protocol.

NodeMetadataIdleTimeout specifies the idle timeout for the proxy, in duration format (10s).

NodeMetadataInstanceIPs is the set of IPs attached to this proxy.

NodeMetadataInterceptionMode is the name of the metadata variable that carries info about traffic interception mode at the proxy.

NodeMetadataIstioProxyVersion specifies the Envoy version associated with the proxy.

NodeMetadataNetwork defines the network the node belongs to.

NodeMetadataPolicyCheckRetries determines the policy for behavior when unable to connect to mixer If not set, FAIL_CLOSE is set, rejecting requests.

NodeMetadataPolicyCheckBaseRetryWaitTime for base time to wait between retries, will be adjusted by backoff and jitter.

NodeMetadataPolicyCheckMaxRetryWaitTime for max time to wait between retries In duration format.

NodeMetadataPolicyCheckRetries is the max number of retries on transport error to mixer If not set, this will be 0, indicating no retries.

NodeMetadataRequestedNetworkView specifies the networks that the proxy wants to see.

NodeMetadataRouterMode indicates whether the proxy is functioning as a SNI-DNAT router processing the AUTO_PASSTHROUGH gateway servers.

NodeMetadataSdsTokenPath specifies the path of the SDS token used by the Enovy proxy.

NodeMetadataSidecarUID is the user ID running envoy.

NodeMetadataTLSClientCertChain is the absolute path to client cert-chain file.

NodeMetadataTLSClientKey is the absolute path to client private key file.

NodeMetadataTLSClientRootCert is the absolute path to client root cert file.

NodeMetadataTLSServerCertChain is the absolute path to server cert-chain file.

NodeMetadataTLSServerKey is the absolute path to server private key file.

NodeMetadataTLSServerRootCert is the absolute path to server root cert file.

Passthrough implies that the proxy should forward traffic to the destination IP requested by the caller.

ProtocolGRPC declares that the port carries gRPC traffic.

ProtocolGRPCWeb declares that the port carries gRPC traffic.

ProtocolHTTP declares that the port carries HTTP/1.1 traffic.

ProtocolHTTP2 declares that the port carries HTTP/2 traffic.

ProtocolHTTPS declares that the port carries HTTPS traffic.

ProtocolMongo declares that the port carries MongoDB traffic.

ProtocolMySQL declares that the port carries MySQL traffic.

ProtocolRedis declares that the port carries Redis traffic.

ProtocolTCP declares the the port uses TCP.

ProtocolTLS declares that the port carries TLS traffic.

ProtocolUDP declares that the port uses UDP.

ProtocolUnsupported - value to signify that the protocol is unsupported.

ProtocolUnsupported - value to signify that the protocol is unsupported.

RootCertFilename is mTLS root cert.

Router type is used for standalone proxies acting as L7/L4 routers.

SDSDefaultResourceName is the default name in sdsconfig, used for fetching normal key/cert.

SDSRootResourceName is the sdsconfig name for root CA, used for fetching root cert.

SDSStatPrefix is the human readable prefix to use when emitting statistics for the SDS service.

ServiceClusterName service cluster name used in xDS calls.

SidecarProxy type is used for sidecar proxies in the application containers.

SniDnatRouter is used for bridging two networks.

StandardRouter is the normal gateway mode.

TrafficDirectionInbound indicates inbound traffic.

TrafficDirectionOutbound indicates outbound traffic.

UnixAddressPrefix is the prefix used to indicate an address is for a Unix Domain socket.

UnnamedNetwork is the default network that proxies in the mesh get when they don't request a specific network view.

UnspecifiedIP constant for empty IP address.

VisibilityNone implies config is visible to none.

VisibilityPrivate implies namespace local config.

VisibilityPublic implies config is visible to all.

AuthenticationMeshPolicy describes an authentication policy at mesh level.

AuthenticationPolicy describes an authentication policy.

ClusterRbacConfig describes the cluster level RBAC config.

DestinationRule describes destination rules.

DuplicatedClusters tracks duplicate clusters seen while computing CDS.

DuplicatedDomains tracks rejected VirtualServices due to duplicated hostname.

DuplicatedSubsets tracks duplicate subsets that we rejected while merging multiple destination rules for same host.

EndpointNoPod tracks endpoints without an associated pod.

EnvoyFilter describes additional envoy filters to be inserted by Pilot.

Gateway describes a gateway (how a proxy is exposed on the network).

HTTPAPISpec describes an HTTP API specification.

HTTPAPISpecBinding describes an HTTP API specification binding.

IstioConfigTypes lists all Istio config types with schemas and validation.

IstioIngressWorkloadLabels is the label assigned to Istio ingress pods.

JwtKeyResolver resolves JWT public key and JwksURI.

LastPushMutex will protect the LastPushStatus.

LastPushStatus preserves the metrics and data collected during lasts global push.

MockConfig is used purely for testing.

ProxyStatusClusterNoInstances tracks clusters (services) without workloads.

ProxyStatusConflictInboundListener tracks cases of multiple inbound listeners - 2 services selecting the same port of the pod.

ProxyStatusConflictOutboundListenerHTTPOverTCP metric tracks number of wildcard HTTP listeners that conflicted with existing wildcard TCP listener on same port.

ProxyStatusConflictOutboundListenerTCPOverHTTP metric tracks number of wildcard TCP listeners that conflicted with existing wildcard HTTP listener on same port.

ProxyStatusConflictOutboundListenerTCPOverTCP metric tracks number of TCP listeners that conflicted with existing TCP listeners on same port.

ProxyStatusEndpointNotReady represents proxies found not be ready.

ProxyStatusNoService represents proxies not selected by any service This can be normal - for workloads that act only as client, or are not covered by a Service.

QuotaSpec describes an Quota specification.

QuotaSpecBinding describes an Quota specification binding.

RbacConfig describes the mesh level RBAC config.

ServiceEntry describes service entries.

ServiceRole describes an RBAC service role.

ServiceRoleBinding describes an RBAC service role.

Sidecar describes the listeners associated with sidecars in a namespace.

VirtualService describes v1alpha3 route rules.

AuthorizationPolicies stores all authorization policies (i.e.

Config is a configuration unit consisting of the type of configuration, the key identifier that is unique per type, and the content represented as a protobuf message.

ConfigMeta is metadata attached to each configuration unit.

Environment provides an aggregate environmental API for Pilot.

IstioEgressListenerWrapper is a wrapper for networking.IstioEgressListener object.

IstioEndpoint has the information about a single address+port for a specific service and shard.

MergedGateway describes a set of gateways for a workload merged into a single logical gateway.

NetworkEndpoint defines a network address (IP:port) associated with an instance of the service.

Port represents a network port where a service is listening for connections.

Probe represents a health probe associated with an instance of service.

ProtoSchema provides description of the configuration schema and its key function nolint: maligned.

Proxy contains information about an specific instance of a proxy (envoy sidecar, gateway, etc).

ProxyPushStatus represents an event captured during config push to proxies.

PushContext tracks the status of a push - metrics and errors.

PushMetric wraps a prometheus metric.

RolesAndBindings stores the the ServiceRole and ServiceRoleBinding in the same namespace.

Service describes an Istio service (e.g., catalog.mystore.com:8080) Each service has a fully qualified domain name (FQDN) and one or more ports where the service is listening for connections.

ServiceAttributes represents a group of custom attributes of the service.

ServiceInstance represents an individual instance of a specific version of a service.

SidecarScope is a wrapper over the Sidecar resource with some preprocessed data to determine the list of services, virtualServices, and destinationRules that are accessible to a given sidecar.

TraceConfig values are percentages 0.0 - 100.0.

ConfigStore describes a set of platform agnostic APIs that must be supported by the underlying platform to store and retrieve Istio configuration.

ConfigStoreCache is a local fully-replicated cache of the config store.

Controller defines an event controller loop.

IstioConfigStore is a specialized interface to access config store using Istio configuration types nolintgo:generate $GOPATH/src/istio.io/istio/bin/counterfeiter.sh -o $GOPATH/src/istio.io/istio/pilot/pkg/networking/core/v1alpha3/fakes/fake_istio_config_store.go --fake-name IstioConfigStore .

ServiceDiscovery enumerates Istio service instances.

XDSUpdater is used for direct updates of the xDS model and incremental push.

AddressFamily indicates the kind of transport used to reach a NetworkEndpoint.

ConfigDescriptor defines the bijection between the short type name and its fully qualified protobuf message name.

Event represents a registry update event.

Hostname describes a (possibly wildcarded) hostname.

Hostnames is a collection of Hostname; it exists so it's easy to sort hostnames consistently across Pilot.

Labels is a non empty set of arbitrary strings.

LabelsCollection is a collection of labels used for comparing labels against a collection of labels.

NodeType decides the responsibility of the proxy serves in the mesh.

PortList is a set of ports.

ProbeList is a set of probes.

Protocol defines network protocols for ports.

Resolution indicates how the service instances need to be resolved before routing traffic.

RouterMode decides the behavior of Istio Gateway (normal or sni-dnat).

TrafficDirection defines whether traffic exists a service instance or enters a service instance.

TrafficInterceptionMode indicates how traffic to/from the workload is captured and sent to Envoy.

Visibility defines whether a given config or service is exported to local namespace, all namespaces or none.