Decode is used to decode a MsgPack encoded object.

DecodeConfigEntry can be used to decode a ConfigEntry from a raw map value.

TODO(partition): stop using this.

DefaultEnterpriseMetaInPartition stub.

This should only be used for conversions generated by MOG.

This should only be used for conversions generated by MOG.

This should only be used for conversions generated by MOG.

This should only be used for conversions generated by MOG.

Encode is used to encode a MsgPack object with type prefix.

GetACLTemplatedPolicyList returns a copy of the list of templated policies.

HeadersWithUnderscoresActionStrings returns an ordered slice of all HeadersWithUnderscoresAction values as strings for use in returning validation errors.

IsZeroProtoTime returns true if the time is the minimum protobuf timestamp (the Unix epoch).

MergeHTTPHeaderModifiers takes a base HTTPHeaderModifiers and merges in field defined in overrides.

TODO(partition): stop using this.

NewRouteCondition is a helper to build allowable Conditions for a Route config entry.

TODO(partition): stop using this.

ParseDurationFunc is a mapstructure hook for decoding a string or []uint8 into a time.Duration value.

ParseUpstreamConfig returns the UpstreamConfig parsed from an opaque map.

PathWithEscapedSlashesActionStrings returns an ordered slice of all PathWithEscapedSlashesAction values as strings.

ReplicationEnterpriseMeta stub.

SatisfiesMetaFilters returns true if the metadata map contains the given filters.

TestAddDefaultsToUpstreams takes an array of upstreams (such as that from TestUpstreams) and adds default values that are populated during registration.

TestConnectProxyConfig returns a ConnectProxyConfig representing a valid Connect proxy.

TestIntention returns a valid, uninserted (no ID set) intention.

TestMsgpackEncodeDecode is a test helper to easily write a test to verify msgpack encoding and decoding using two handles is identical.

TestNodeService returns a *NodeService representing a valid regular service: "web".

TestNodeServiceMeshGateway returns a *NodeService representing a valid Mesh Gateway.

TestNodeServiceProxy returns a *NodeService representing a valid Connect proxy.

TestNodeServiceSidecar returns a *NodeService representing a service registration with a nested Sidecar registration.

TestRegisterIngressGateway returns a RegisterRequest for registering an ingress gateway.

TestRegisterRequest returns a RegisterRequest for registering a typical service.

TestRegisterRequestProxy returns a RegisterRequest for registering a Connect proxy.

TestServiceDefinition returns a ServiceDefinition for a typical service.

TestServiceDefinitionProxy returns a ServiceDefinition for a proxy.

TestUpstreams returns a set of upstreams to be used in tests exercising most important configuration patterns.

This should only be used for conversions generated by MOG.

This should only be used for conversions generated by MOG.

UniqueID is a unique identifier for a service instance within a datacenter by encoding: node/namespace/service_id Note: We do not have strict character restrictions in all node names, so this should NOT be split on / to retrieve components.

UpstreamFromAPI is a helper for converting api.Upstream to Upstream.

UpstreamsFromAPI is a helper for converting api.Upstream to Upstream.

ValidateMetaTags validates arbitrary key/value pairs from the agent_endpoints.

ValidateNodeMetadata validates a set of key/value pairs from the agent config for use on a Node.

ValidateServiceMetadata validates a set of key/value pairs from the agent config for use on a Service.

ValidateWeights checks the definition of DNS weight is valid.

TODO(partition): stop using this.

WildcardEnterpriseMetaInPartition stub.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

ACLModeDisabled indicates the ACL system is disabled.

ACLModeEnabled indicates the ACL system is enabled.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

This policy gives unlimited access to everything.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

catch-all schema for all templated policy that don't require a schema.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

BindingRuleBindTypeNode is the binding rule bind type that assigns a Node Identity to the token that is created using the value of the computed BindName as the NodeName like: &ACLToken{ ...other fields..

BindingRuleBindTypePolicy is the binding rule bind type that only allows the binding rule to function if a policy with the given name (BindName) exists at login-time.

BindingRuleBindTypeRole is the binding rule bind type that only allows the binding rule to function if a role with the given name (BindName) exists at login-time.

BindingRuleBindTypeService is the binding rule bind type that assigns a Service Identity to the token that is created using the value of the computed BindName as the ServiceName like: &ACLToken{ ...other fields..

BindingRuleBindTypeTemplatedPolicy is the binding rule bind type that assigns a TemplatedPolicy to the token that is created using the value of the computed BindVars as template variables and BindName as template name like: &ACLToken{ ...other fields..

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

FSM snapshots only.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are used to manage the "consul" service that's attached to every Consul server node in the catalog.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

~ 1 year = 365 * 24h.

DefaultPeerKeyword is the PeerName to use to refer to the local cluster's own data, rather than replicated peered data.

~ 10 years = 365 * 24h * 10.

Removed with the legacy ACL system.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

Names of Envoy's LB policies.

See github.com/envoyproxy/go-control-plane envoy_core_v3.HttpProtocolOptions_HeadersWithUnderscoresAction.

See github.com/envoyproxy/go-control-plane envoy_core_v3.HttpProtocolOptions_HeadersWithUnderscoresAction.

See github.com/envoyproxy/go-control-plane envoy_core_v3.HttpProtocolOptions_HeadersWithUnderscoresAction.

These are listed from most to least inclusive.

These are listed from most to least inclusive.

These are listed from most to least inclusive.

IgnoreUnknownTypeFlag is set along with a MessageType to indicate that the message type can be safely ignored if it is not recognized.

FSM snapshots only.

IntentionDefaultNamespace is the default namespace value.

NOTE: this is only accepted when it comes from the leader, RPCs will reject this.

config-entry only.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

IntentionSourceConsul is a service within the Consul catalog.

IntentionTargetDestination is a destination defined through a service-default config entry.

IntentionTargetService is a service within the Consul catalog.

JitterFraction is a the limit to the amount of jitter we apply to a user specified MaxQueryTime.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

Names of Envoy's LB policies.

LocalPeerKeyword is a reserved keyword used for indexing in the state store for objects in the local peer.

MaxLockDelay provides a maximum LockDelay value for a session.

MeshGatewayModeDefault represents no specific mode and should be used to indicate that a different layer of the configuration chain should take precedence.

MeshGatewayModeLocal represents that the Upstream Connect connections should be made to a mesh gateway in the local datacenter.

MeshGatewayModeNone represents that the Upstream Connect connections should be direct and not flow through a mesh gateway.

MeshGatewayModeRemote represents that the Upstream Connect connections should be made to a mesh gateway in a remote datacenter.

MetaConsulVersion is the node metadata key used to store the node's consul version.

MetaExternalSource is the metadata key used when a resource is managed by a source outside Consul like nomad/k8s.

The meta key prefix reserved for Consul's internal use.

MetaSegmentKey is the node metadata key used to store the node's network segment.

MetaWANFederationKey is the mesh gateway metadata key that indicates a mesh gateway is usable for wan federation.

Envoy will silently reject any RSA keys that are less than 2048 bytes long https://github.com/envoyproxy/envoy/blob/main/source/extensions/transport_sockets/tls/context_impl.cc#L238.

NodeMaint is the special key set by a node in maintenance mode.

See github.com/envoyproxy/go-control-plane envoy_http_v3.HttpConnectionManager_PathWithEscapedSlashesAction.

See github.com/envoyproxy/go-control-plane envoy_http_v3.HttpConnectionManager_PathWithEscapedSlashesAction.

See github.com/envoyproxy/go-control-plane envoy_http_v3.HttpConnectionManager_PathWithEscapedSlashesAction.

See github.com/envoyproxy/go-control-plane envoy_http_v3.HttpConnectionManager_PathWithEscapedSlashesAction.

See github.com/envoyproxy/go-control-plane envoy_http_v3.HttpConnectionManager_PathWithEscapedSlashesAction.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

ProxyModeDefault represents no specific mode and should be used to indicate that a different layer of the configuration chain should take precedence.

ProxyModeDirect represents that the proxy's listeners must be dialed directly by the local application and other proxies.

ProxyModeTransparent represents that inbound and outbound application traffic is being captured and redirected through the proxy.

QueryTemplateTypeNamePrefixMatch uses the Name field of the query as a prefix to select the template.

Only used for log verifier, no-op on FSM.

TODO: decide if we want to highlight 'ip' keyword in the name of RateLimitIPConfig.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are used to manage the built-in "serfHealth" check that's attached to every node in the catalog.

These are used to manage the built-in "serfHealth" check that's attached to every node in the catalog.

These are used to manage the built-in "serfHealth" check that's attached to every node in the catalog.

These are used to manage the built-in "serfHealth" check that's attached to every node in the catalog.

ServiceKindAPIGateway is an API Gateway for the Consul Service Mesh.

ServiceKindConnectEnabled is used to indicate whether a service is either connect-native or if the service has a corresponding sidecar.

ServiceKindConnectProxy is a proxy for the Consul Service Mesh.

ServiceKindDestination is a Destination for the Consul Service Mesh feature.

ServiceKindIngressGateway is an Ingress Gateway for the Consul Service Mesh.

ServiceKindMeshGateway is a Mesh Gateway for the Consul Service Mesh.

ServiceKindTerminatingGateway is a Terminating Gateway for the Consul Service Mesh feature.

ServiceKindTypical is a typical, classic Consul service.

ServiceMaintPrefix is the prefix for a service in maintenance mode.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

TaggedAddressVirtualIP is the key used to store tagged virtual IPs generated by Consul.

TODOPeerKeyword is the peer keyword to use if you aren't sure if the usage SHOULD be peering-aware yet.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

TopologySourceDefaultAllow is used to label upstreams or downstreams from default allow ACL policy.

TODO (freddy) Should we have a TopologySourceMixed when there is a mix of proxy reg and tproxy? Currently we label as proxy-registration if ANY instance has the explicit upstream definition.

TopologySourceRoutingConfig is used to label upstreams that are not backed by a service instance and are simply used for routing configurations.

TopologySourceSpecificIntention is used to label upstreams or downstreams from specific intentions.

TopologySourceWildcardIntention is used to label upstreams or downstreams from wildcard intentions.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

These are serialized between Consul servers and stored in Consul snapshots, so entries must only ever be added.

WildcardSpecifier is the string which should be used for specifying a wildcard The exact semantics of the wildcard is left up to the code where its used.

ACLBootstrapInvalidResetIndexErr is returned when bootstrap is requested with a non-zero reset index but the index doesn't match the bootstrap index.

ACLBootstrapNotAllowedErr is returned once we know that a bootstrap can no longer be done since the cluster was bootstrapped.

go:embed acltemplatedpolicy/policies/ce/api-gateway.hcl.

go:embed acltemplatedpolicy/schemas/api-gateway.json.

go:embed acltemplatedpolicy/policies/ce/dns.hcl.

go:embed acltemplatedpolicy/policies/ce/node.hcl.

go:embed acltemplatedpolicy/schemas/node.json.

go:embed acltemplatedpolicy/policies/ce/nomad-client.hcl.

go:embed acltemplatedpolicy/policies/ce/nomad-server.hcl.

go:embed acltemplatedpolicy/policies/ce/service.hcl.

go:embed acltemplatedpolicy/schemas/service.json.

CEDowngrade indicates if we are in downgrading from ent to ce.

Note: we depend on this error message in the gRPC ConnectCA.Sign endpoint (see: isRateLimitError).

intermediateCertRenewInterval is the interval at which the expiration of the intermediate cert is checked and renewed if necessary.

MsgpackHandle is a shared handle for encoding/decoding msgpack payloads.

TestingOldPre1dot7MsgpackHandle is the common configuration pre-1.7.0.

AccessLogsConfig contains the associated default settings for all Envoy instances within the datacenter or partition.

ACLAuthMethodBatchDeleteRequest is used at the Raft layer for batching multiple auth method deletions.

ACLAuthMethodBatchSetRequest is used at the Raft layer for batching multiple auth method creations and updates.

ACLAuthMethodDeleteRequest is used at the RPC layer deletion requests.

ACLAuthMethodGetRequest is used at the RPC layer to perform rule read operations.

ACLAuthMethodListRequest is used at the RPC layer to request a listing of auth methods.

Note: this is a subset of ACLAuthMethod's fields.

ACLAuthMethodResponse returns a single auth method + metadata.

ACLAuthMethodSetRequest is used at the RPC layer for creation and update requests.

ACLBindingRuleBatchDeleteRequest is used at the Raft layer for batching multiple rule deletions.

ACLBindingRuleBatchSetRequest is used at the Raft layer for batching multiple rule creations and updates.

ACLBindingRuleDeleteRequest is used at the RPC layer deletion requests.

ACLBindingRuleGetRequest is used at the RPC layer to perform rule read operations.

ACLBindingRuleListRequest is used at the RPC layer to request a listing of rules.

ACLBindingRuleResponse returns a single binding + metadata.

ACLBindingRuleSetRequest is used at the RPC layer for creation and update requests.

ACLNodeIdentity represents a high-level grant of all privileges necessary to assume the identity of that node and manage it.

ACLPolicyBatchDeleteRequest is used at the Raft layer for batching multiple policy deletions This is particularly useful during replication.

ACLPolicyBatchGetRequest is used at the RPC layer to request a subset of the policies associated with the token used for retrieval.

ACLPolicyBatchSetRequest is used at the Raft layer for batching multiple policy creations and updates This is particularly useful during replication.

ACLPolicyDeleteRequest is used at the RPC layer deletion requests.

ACLPolicyGetRequest is used at the RPC layer to perform policy read operations.

ACLPolicyListRequest is used at the RPC layer to request a listing of policies.

ACLPolicyResponse returns a single policy + metadata.

ACLPolicySetRequest is used at the RPC layer for creation and update requests.

ACLReplicationStatus provides information about the health of the ACL replication system.

ACLRoleBatchDeleteRequest is used at the Raft layer for batching multiple role deletions This is particularly useful during replication.

ACLRoleBatchGetRequest is used at the RPC layer to request a subset of the roles associated with the token used for retrieval.

ACLRoleBatchSetRequest is used at the Raft layer for batching multiple role creations and updates This is particularly useful during replication.

ACLRoleDeleteRequest is used at the RPC layer deletion requests.

ACLRoleGetRequest is used at the RPC layer to perform role read operations.

ACLRoleListRequest is used at the RPC layer to request a listing of roles.

ACLRoleResponse returns a single role + metadata.

ACLRoleSetRequest is used at the RPC layer for creation and update requests.

ACLServiceIdentity represents a high-level grant of all necessary privileges to assume the identity of the named Service in the Catalog and within Connect.

ACLTemplatedPolicy represents a template used to generate a `synthetic` policy given some input variables.

ACLTemplatedPolicyBase contains basic information about builtin templated policies template name, id, template code and schema.

ACLTemplatedPolicyVariables are input variables required to render templated policies.

ACLTokenBatchDeleteRequest is used only at the Raft layer for batching multiple token deletions.

ACLTokenBatchGetRequest is used for reading multiple tokens, this is different from the token list request in that only tokens with the the requested ids are returned.

ACLTokenBatchResponse returns multiple Tokens associated with the same metadata.

ACLTokenBatchSetRequest is used only at the Raft layer for batching multiple token creation/update operations This is particularly useful during token replication and during automatic legacy token upgrades.

ACLTokenBootstrapRequest is used only at the Raft layer for ACL bootstrapping The RPC layer will use ACLInitialTokenBootstrapRequest to indicate that bootstrapping must be performed but the actual token and the resetIndex will be generated by that RPC endpoint.

ACLTokenDeleteRequest is used for token deletion operations at the RPC layer.

ACLTokenGetRequest is used for token read operations at the RPC layer.

ACLTokenListRequest is used for token listing operations at the RPC layer.

ACLTokenListResponse is used to return the secret data free stubs of the tokens.

ACLTokenResponse returns a single Token + metadata.

ACLTokenSetRequest is used for token creation and update operations at the RPC layer.

APIGatewayConfigEntry manages the configuration for an API gateway service with the given name.

APIGatewayJWTRequirement holds the list of JWT providers to be verified against.

APIGatewayListener represents an individual listener for an APIGateway.

APIGatewayPolicy holds the policy that configures the gateway listener, this is used in the `Override` and `Default` fields of a listener.

APIGatewayTLSConfiguration specifies the configuration of a listener’s TLS settings.

Autopilotconfig holds the Autopilot configuration for a cluster.

AutopilotHealthReply is a representation of the overall health of the cluster.

ServerHealth is the health (from the leader's point of view) of a server.

AutopilotSetConfigRequest is used by the Operator endpoint to update the current Autopilot configuration of the cluster.

BoundAPIGatewayConfigEntry manages the configuration for a bound API gateway with the given name.

BoundAPIGatewayListener is an API gateway listener with information about the routes and certificates that have successfully bound to it.

CAConfiguration is the configuration for the current CA plugin.

CAConsulProviderState is used to track the built-in Consul CA provider's state.

CALeafRequest is used to modify connect CA leaf data.

CARequest is used to modify connect CA data.

CARoot represents a root CA certificate that is trusted.

CASignRequest is the request for signing a service certificate.

CheckDefinition is used to JSON decode the Check definitions.

CheckServiceNode is used to provide the node, its service definition, as well as a HealthCheck that is associated.

ChecksInStateRequest is used to query for checks in a state.

CheckType is used to create either the CheckMonitor or the CheckTTL.

CompiledDiscoveryChain is the result from taking a set of related config entries for a single service's discovery chain and restructuring them into a form that is more usable for actual service discovery.

Condition is used for a single message and state associated with an object.

ConfigEntryListAllRequest is used when requesting to list all config entries of a set of kinds.

ConfigEntryQuery is used when requesting info about a config entry.

ConfigEntryRequest is used when creating/updating/deleting a ConfigEntry.

ConfigEntryResponse returns a single ConfigEntry.

ConnectAuthorizeRequest is the structure of a request to authorize a connection.

ConnectProxyConfig describes the configuration needed for any proxy managed or unmanaged.

CookieConfig contains configuration for the "cookie" hash policy type.

Coordinate stores a node name with its associated network coordinate.

CoordinateUpdateRequest is used to update the network coordinate of a given node.

DatacenterMap is used to represent a list of nodes with their raw coordinates, associated with a datacenter.

DCSpecificRequest is used to query about a specific DC.

DeregisterRequest is used for the Catalog.Deregister endpoint to deregister a service, check, or node (only one should be provided).

DestinationConfig represents a virtual service, i.e.

DirEntry is used to represent a directory entry.

DiscoveryChainRequest is used when requesting the discovery chain for a service.

compiled form of ServiceResolverFailover.

DiscoveryGraphNode is a single node in the compiled discovery chain.

compiled form of ServiceResolverPrioritizeByLocality.

compiled form of ServiceResolverConfigEntry.

compiled form of ServiceRoute.

compiled form of ServiceSplit.

DiscoveryTarget represents all of the inputs necessary to use a resolver config entry to execute a catalog query to generate a list of service instances during discovery.

EnvoyExtension has configuration for an extension that patches Envoy resources.

EventFireRequest is used to ask a server to fire a Serf event.

EventFireResponse is used to respond to a fire request.

NOTE: this is not serialized via msgpack so it can be changed without concern.

ExportedService manages the exporting of a service in the local partition to other partitions.

NOTE: this is not serialized via msgpack so it can be changed without concern.

ExportedServicesConfigEntry is the top-level struct for exporting a service to be exposed across other admin partitions.

ExposeConfig describes HTTP paths to expose through Envoy outside of Connect.

FederationState defines some WAN federation related state that should be cross-shared between all datacenters joined on the WAN.

FederationStateQuery is used to query federation states.

FederationStateRequest is used to upsert and delete federation states.

FederationStateResponse is the response to a FederationStateQuery request.

FileSystemCertificateConfigEntry manages the configuration for a certificate and private key located in the local file system.

GatewayService is used to associate gateways with their linked services.

HashPolicy defines which attributes will be hashed by hash-based LB algorithms.

HealthCheck represents a single check on a given node.

HTTPFilters specifies a list of filters used to modify a request before it is routed to an upstream.

HTTPHeaderFilter specifies how HTTP headers should be modified.

HTTPHeaderMatch specifies how a match should be done on a request's headers.

HTTPHeaderModifiers is a set of rules for HTTP header modification that should be performed by proxies as the request passes through them.

HTTPMatch specifies the criteria that should be used in determining whether or not a request should be routed to a given set of services.

HTTPPathMatch specifies how a match should be done on a request's path.

HTTPQueryMatch specifies how a match should be done on a request's query parameters.

HTTPResponseFilters specifies a list of filters used to modify the response returned by an upstream.

HTTPRouteConfigEntry manages the configuration for a HTTP route with the given name.

HTTPRouteRule specifies the routing rules used to determine what upstream service an HTTP request is routed to.

HTTPService is a service reference for HTTP-based routing rules.

Identity of some entity (ex: service, node, check).

IndexedCARoots is the list of currently trusted CA Roots.

IndexedConfigEntries has its own encoding logic which differs from ConfigEntryRequest as it has to send a slice of ConfigEntry.

IndexedCoordinate is used to represent a single node's coordinate from the state store.

IndexedCoordinates is used to represent a list of nodes and their corresponding raw coordinates.

IndexedFederationStates represents the list of all federation states.

IndexedIntentionMatches represents the list of matches for a match query.

IndexedIntentions represents a list of intentions for RPC responses.

IngressGatewayConfigEntry manages the configuration for an ingress service with the given name.

InlineCertificateConfigEntry manages the configuration for an inline certificate with the given name.

InstanceLevelRateLimits represents rate limit configuration that are applied per service instance.

InstanceLevelRouteRateLimits represents rate limit configuration applied to a route matching one of PathExact/PathPrefix/PathRegex.

Intention defines an intention for the Connect Service Graph.

IntentionDecisionSummary contains a summary of a set of intentions between two services Currently contains: - Whether all actions are allowed - Whether the matching intention has L7 permissions attached - Whether the intention is managed by an external source like k8s - Whether there is an exact, or wildcard, intention referencing the two services - Whether intentions are in DefaultAllow mode.

TODO(peering): add support for listing peer.

IntentionMatchEntry is a single entry for matching an intention.

IntentionQueryCheck are the parameters for performing a test request.

IntentionQueryCheckResponse is the response for a test request.

IntentionQueryExact holds the parameters for performing a lookup of an intention by its unique name instead of its ID.

IntentionQueryMatch are the parameters for performing a match request against the state store.

IntentionQueryRequest is used to query intentions.

IntentionRequest is used to create, update, and delete intentions.

IssuedCert is a certificate that has been issued by a Connect CA.

JSONWebKeySet defines a key set, its location on disk, or the means with which to fetch a key set from a remote server.

JWKSTLSCertificate refers to the data containing certificate authority certificates to use in verifying a presented peer certificate.

JWKSTLSCertTrustedCA defines TLS certificate data containing certificate authority certificates to use in verifying a presented peer certificate.

JWTFilter holds the JWT Filter configuration for an HTTPRoute.

JWTLocation is a location where the JWT could be present in requests.

JWTLocationCookie defines how to extract a JWT from an HTTP request cookie.

JWTLocationHeader defines how to extract a JWT from an HTTP request header.

JWTLocationQueryParam defines how to extract a JWT from an HTTP request query parameter.

KeyListRequest is used to list keys.

KeyRequest is used to request a key, or key prefix.

KeyringRequest encapsulates a request to modify an encryption keyring.

KeyringResponse is a unified key response and can be used for install, remove, use, as well as listing key queries.

KeyringResponses holds multiple responses to keyring queries.

KVSRequest is used to operate on the Key-Value store.

LeastRequestConfig contains configuration for the "least_request" policy type.

A LinkedService is a service represented by a terminating gateway.

LoadBalancer determines the load balancing policy and configuration for services issuing requests to this upstream service.

Locality identifies where a given entity is running.

LocalJWKS specifies a location for a local JWKS.

MeshDirectionalHTTPConfig holds mesh configuration specific to HTTP requests for a given traffic direction.

MeshGatewayConfig controls how Mesh Gateways are configured and used This is a struct to allow for future additions without having more free-hanging configuration items all over the place.

(Enterprise-only) NetworkSegment is the configuration for a network segment, which is an isolated serf group on the LAN.

Used to return information about a node.

NodeInfo is used to dump all associated information about a node.

NodeService is a service provided by a node.

NodeServiceList represents services provided by Node.

NodeServices represents services provided by Node.

NodeSpecificRequest is used to request the information about a single node.

PartitionSpecificRequest is used to query about a specific partition.

PeeredServiceName is a basic tuple of ServiceName and peer.

PeeringMeshConfig contains cluster-wide options pertaining to peering.

PeeringServiceMeta is read-only information provided from an exported peer.

PeeringToken identifies a peer in order for a connection to be established.

PreparedQuery defines a complete prepared query, and is the structure we maintain in the state store.

PreparedQueryExecuteRemoteRequest is used when running a local query in a remote datacenter.

PreparedQueryExecuteRequest is used to execute a prepared query.

PreparedQueryExecuteResponse has the results of executing a query.

PreparedQueryExplainResponse has the results when explaining a query/.

QueryRequest is used to create or change prepared queries.

PreparedQuerySpecificRequest is used to get information about a prepared query.

ProxyConfigEntry is the top-level struct for global proxy configuration defaults.

QueryDNSOptions controls settings when query results are served over DNS.

QueryFailoverOptions sets options about how we fail over if there are no healthy nodes in the local datacenter.

QueryMeta allows a query response to include potentially useful metadata about a query.

QueryOptions is used to specify various flags for read queries.

QuerySource is used to pass along information about the source node in queries so that we can adjust the response based on its network coordinates.

QueryTemplateOptions controls settings if this query is a template.

RaftConfigurationResponse is returned when querying for the current Raft configuration.

RaftIndex is used to track the index used while creating or modifying a given struct type.

RaftRemovePeerRequest is used by the Operator endpoint to apply a Raft operation on a specific Raft peer by address in the form of "IP:port".

RaftServer has information about a server in the Raft configuration.

RaftStats holds miscellaneous Raft metrics for a server.

RateLimits is rate limiting configuration that is applied to inbound traffic for a service.

RegisterRequest is used for the Catalog.Register endpoint to register a node as providing a service.

RemoteJWKS specifies how to fetch a JWKS from a remote server.

RequestNormalizationMeshConfig contains options pertaining to the normalization of HTTP requests processed by mesh proxies.

ResourceReference is a reference to a ConfigEntry with an optional reference to a subsection of that ConfigEntry that can be specified as SectionName.

RingHashConfig contains configuration for the "ring_hash" policy type.

Type to hold a address and port of a service.

ServiceConfiguration is the top-level struct for the configuration of a service across the entire cluster.

ServiceConfigRequest is used when requesting the resolved configuration for a service.

ServiceConnect are the shared Connect settings between all service definitions from the agent to the state store.

ServiceConsumer represents a downstream consumer of the service to be exported.

ServiceDefinition is used to JSON decode the Service definitions.

ServiceNode represents a node that is part of a service.

ServiceQuery is used to query for a set of healthy nodes offering a specific service.

ServiceResolverConfigEntry defines which instances of a service should satisfy discovery requests for a given named service.

There are some restrictions on what is allowed in here: - Service, ServiceSubset, Namespace, Datacenters, and Targets cannot all be empty at once.

ServiceResolverSubset defines a way to select a portion of the Consul catalog during service discovery.

ServiceRoute is a single routing rule that routes traffic to the destination when the match criteria applies.

ServiceRouteDestination describes how to proxy the actual matching request to a service.

ServiceRouteHTTPMatch is a set of http-specific match criteria.

ServiceRouteMatch is a set of criteria that can match incoming L7 requests.

ServiceRouterConfigEntry defines L7 (e.g.

ServiceSpecificRequest is used to query about a specific service.

ServiceSplit defines how much traffic to send to which set of service instances during a traffic split.

ServiceSplitterConfigEntry defines how incoming requests are split across different subsets of a single service (like during staged canary rollouts), or perhaps across different services (like during a v2 rewrite or other type of codebase migration).

ServiceUsage contains all of the usage data related to services.

Session is used to represent an open session in the KV store.

SessionRequest is used to operate on sessions.

SessionSpecificRequest is used to request a session by ID.

SnapshotRequest is used as a header for a snapshot RPC request.

SnapshotResponse is used header for a snapshot RPC response.

Status is used for propagating back asynchronously calculated messages from control loops to a user.

SystemMetadataRequest is used to upsert and delete system metadata.

TCPRouteConfigEntry manages the configuration for a TCP route with the given name.

TCPService is a service reference for a TCPRoute.

TerminatingGatewayConfigEntry manages the configuration for a terminating service with the given name.

TombstoneRequest is used to trigger a reaping of the tombstones.

TransparentProxyMeshConfig contains cluster-wide options pertaining to TPROXY mode when enabled.

TxnCheckOp is used to define a single operation on a health check inside a transaction.

TxnError is used to return information about an error for a specific operation.

TxnKVOp is used to define a single operation on the KVS inside a transaction.

TxnNodeOp is used to define a single operation on a node in the catalog inside a transaction.

TxnOp is used to define a single operation inside a transaction.

TxnReadRequest is used as a fast path for read-only transactions that don't modify the state store.

TxnReadResponse is the structure returned by a TxnReadRequest.

TxnRequest is used to apply multiple operations to the state store in a single transaction.

TxnResponse is the structure returned by a TxnRequest.

TxnResult is used to define the result of a given operation inside a transaction.

TxnServiceOp is used to define a single operation on a service in the catalog inside a transaction.

TxnSessionOp is used to define a single operation on a session inside a transaction.

Upstream represents a single upstream dependency for a service or proxy.

UpstreamLimits describes the limits that are associated with a specific upstream of a service instance.

Weights represent the weight used by DNS for a given status.

BoundRoute indicates a route that has parent gateways which can be accessed by calling the GetParents associated function.

CompoundResponse is an interface for gathering multiple responses.

ConfigEntry is the interface for centralized configuration stored in Raft.

ControlledConfigEntry is an optional interface implemented by a ConfigEntry if it is reconciled via a controller and needs to respond with Status values.

RPCInfo is used to describe common information about query.

UpdatableConfigEntry is the optional interface implemented by a ConfigEntry if it wants more control over how the update part of upsert works differently than a straight create.

WarningConfigEntry is an optional interface implemented by a ConfigEntry if it wants to be able to emit warnings when it is being upserted.

ACLTokens is a slice of ACLTokens.

APIGatewayListenerProtocol is the protocol that an APIGateway listener uses.

CALeafOp is the operation for a request related to leaf certificates.

CAOp is the operation for a request related to intentions.

CARoots is a list of CARoot structures.

FederationStateOp is the operation for a request related to federation states.

FederationStates is a list of federation states.

HeadersWithUnderscoresAction is an enum that defines the action to take when a request contains headers with underscores.

HealthChecks is a collection of HealthCheck structs.

HealthFilterType is used to filter nodes based on their health status.

HTTPHeaderMatchType specifies how header matching criteria should be applied to a request.

HTTPMatchMethod specifies which type of HTTP verb should be used for matching a given request.

HTTPPathMatchType specifies how path matching criteria should be applied to a request.

HTTPQueryMatchType specifies how querys matching criteria should be applied to a request.

IntentionAction is the action that the intention represents.

IntentionMatchType is the target for a match request.

IntentionOp is the operation for a request related to intentions.

IntentionPrecedenceSorter takes a list of intentions and sorts them based on the match precedence rules for intentions.

Intentions is a list of intentions.

IntentionSourceType is the type of the source within an intention.

NodeDump is used to dump all the nodes with all their associated data.

PathWithEscapedSlashesAction is an enum that defines the action to take when a request path contains escaped slashes.

ServiceKind is the kind of service being registered.

ServiceRouteReferences is a map with a key of ServiceName type for a routed to service from a bound gateway listener with a value being a slice of resource references of the routes that reference the service.

Used to return information about a provided services.

SimplifiedIntentions contains expanded sameness groups.

SnapshotReplyFn gets a peek at the reply before the snapshot streams, which is useful for setting headers.

SystemMetadataOp is the operation for a request related to system metadata.

TxnErrors is a list of TxnError entries.

TxnIntentionOp is used to define a single operation on an Intention inside a transaction.

TxnOps is a list of operations within a transaction.

TxnResults is a list of TxnResult entries.

Upstreams is a list of upstreams.