From 692e556046b48ebc471205211c68a2c69e74a321 Mon Sep 17 00:00:00 2001 From: Lawrence G Date: Thu, 1 Feb 2024 19:11:40 -0600 Subject: [PATCH 1/3] point to release 1.20.3 proxy (#134) --- istio.deps | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/istio.deps b/istio.deps index 0a14a9473b2..5a2f00c490f 100644 --- a/istio.deps +++ b/istio.deps @@ -4,7 +4,7 @@ "name": "PROXY_REPO_SHA", "repoName": "proxy", "file": "", - "lastStableSHA": "b080ac27d39c8adcaf0be843a55e8c080cbde7f9" + "lastStableSHA": "30e213147c5e54158b6176417c39c46eca60c580" }, { "_comment": "", From e65778a257ee24c68b5e1d4eb0fa710130f97b01 Mon Sep 17 00:00:00 2001 From: Jonathan Jamroga Date: Mon, 11 Mar 2024 13:17:14 -0400 Subject: [PATCH 2/3] Add message metadata --- .../analysis/analyzers/annotations/annotations.go | 7 +++++++ .../analysis/analyzers/authz/authorizationpolicies.go | 5 +++++ pkg/config/analysis/analyzers/deployment/pod.go | 4 ++++ pkg/config/analysis/analyzers/deployment/services.go | 5 +++++ .../analysis/analyzers/deprecation/deprecation.go | 4 ++++ .../analyzers/destinationrule/ca-certificates.go | 5 +++++ .../analysis/analyzers/envoyfilter/envoyfilter.go | 5 +++++ .../externalcontrolplane/externalcontrolplane.go | 5 +++++ pkg/config/analysis/analyzers/gateway/certificate.go | 4 ++++ .../analysis/analyzers/gateway/conflictinggateway.go | 5 +++++ pkg/config/analysis/analyzers/gateway/gateway.go | 5 +++++ pkg/config/analysis/analyzers/gateway/secret.go | 5 +++++ pkg/config/analysis/analyzers/injection/image-auto.go | 5 +++++ .../analysis/analyzers/injection/injection-image.go | 4 ++++ pkg/config/analysis/analyzers/injection/injection.go | 7 +++++++ pkg/config/analysis/analyzers/maturity/maturity.go | 4 ++++ .../analysis/analyzers/multicluster/meshnetworks.go | 4 ++++ pkg/config/analysis/analyzers/schema/validation.go | 4 ++++ pkg/config/analysis/analyzers/service/portname.go | 5 +++++ .../analyzers/serviceentry/protocoladdresses.go | 4 ++++ .../analysis/analyzers/sidecar/defaultselector.go | 4 ++++ pkg/config/analysis/analyzers/sidecar/selector.go | 5 +++++ .../analysis/analyzers/telemetry/default_selector.go | 4 ++++ pkg/config/analysis/analyzers/telemetry/lightstep.go | 4 ++++ pkg/config/analysis/analyzers/telemetry/providers.go | 4 ++++ pkg/config/analysis/analyzers/telemetry/selector.go | 5 +++++ .../virtualservice/conflictingmeshgatewayhosts.go | 4 ++++ .../analyzers/virtualservice/destinationhosts.go | 6 ++++++ .../analyzers/virtualservice/destinationrules.go | 4 ++++ .../analysis/analyzers/virtualservice/gateways.go | 5 +++++ .../analysis/analyzers/virtualservice/jwtclaimroute.go | 4 ++++ .../analysis/analyzers/virtualservice/regexes.go | 4 ++++ pkg/config/analysis/analyzers/webhook/webhook.go | 4 ++++ pkg/config/analysis/metadata.go | 10 +++++++--- 34 files changed, 160 insertions(+), 3 deletions(-) diff --git a/pkg/config/analysis/analyzers/annotations/annotations.go b/pkg/config/analysis/analyzers/annotations/annotations.go index 82326f3fb4b..bb2d8bbf837 100644 --- a/pkg/config/analysis/analyzers/annotations/annotations.go +++ b/pkg/config/analysis/analyzers/annotations/annotations.go @@ -28,6 +28,7 @@ import ( "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/kube/inject" "istio.io/istio/pkg/slices" + "istio.io/istio/pkg/config/analysis/diag" ) // K8sAnalyzer checks for misplaced and invalid Istio annotations in K8s resources @@ -46,6 +47,12 @@ func (*K8sAnalyzer) Metadata() analysis.Metadata { gvk.Pod, gvk.Deployment, }, + MessageTypes: []*diag.MessageType{ + msg.UnknownAnnotation, + msg.DeprecatedAnnotation, + msg.MisplacedAnnotation, + msg.InvalidAnnotation, + }, } } diff --git a/pkg/config/analysis/analyzers/authz/authorizationpolicies.go b/pkg/config/analysis/analyzers/authz/authorizationpolicies.go index 86373181488..fb4bc3c0a8a 100644 --- a/pkg/config/analysis/analyzers/authz/authorizationpolicies.go +++ b/pkg/config/analysis/analyzers/authz/authorizationpolicies.go @@ -28,6 +28,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // AuthorizationPoliciesAnalyzer checks the validity of authorization policies @@ -48,6 +49,10 @@ func (a *AuthorizationPoliciesAnalyzer) Metadata() analysis.Metadata { gvk.Namespace, gvk.Pod, }, + MessageTypes: []*diag.MessageType{ + msg.NoMatchingWorkloadsFound, + msg.ReferencedResourceNotFound, + }, } } diff --git a/pkg/config/analysis/analyzers/deployment/pod.go b/pkg/config/analysis/analyzers/deployment/pod.go index 7d727deb95e..be774026807 100644 --- a/pkg/config/analysis/analyzers/deployment/pod.go +++ b/pkg/config/analysis/analyzers/deployment/pod.go @@ -24,6 +24,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) type ApplicationUIDAnalyzer struct{} @@ -42,6 +43,9 @@ func (appUID *ApplicationUIDAnalyzer) Metadata() analysis.Metadata { gvk.Pod, gvk.Deployment, }, + MessageTypes: []*diag.MessageType{ + msg.InvalidApplicationUID, + }, } } diff --git a/pkg/config/analysis/analyzers/deployment/services.go b/pkg/config/analysis/analyzers/deployment/services.go index d84f0a27ddb..4c1d4e18674 100644 --- a/pkg/config/analysis/analyzers/deployment/services.go +++ b/pkg/config/analysis/analyzers/deployment/services.go @@ -28,6 +28,7 @@ import ( "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) type ServiceAssociationAnalyzer struct{} @@ -56,6 +57,10 @@ func (s *ServiceAssociationAnalyzer) Metadata() analysis.Metadata { gvk.Deployment, gvk.Namespace, }, + MessageTypes: []*diag.MessageType{ + msg.DeploymentAssociatedToMultipleServices, + msg.DeploymentConflictingPorts, + }, } } diff --git a/pkg/config/analysis/analyzers/deprecation/deprecation.go b/pkg/config/analysis/analyzers/deprecation/deprecation.go index 533f93e18bc..184138bef99 100644 --- a/pkg/config/analysis/analyzers/deprecation/deprecation.go +++ b/pkg/config/analysis/analyzers/deprecation/deprecation.go @@ -25,6 +25,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // FieldAnalyzer checks for deprecated Istio types and fields @@ -66,6 +67,9 @@ func (*FieldAnalyzer) Metadata() analysis.Metadata { Name: "deprecation.DeprecationAnalyzer", Description: "Checks for deprecated Istio types and fields", Inputs: deprecationInputs, + MessageTypes: []*diag.MessageType{ + msg.Deprecated, + }, } } diff --git a/pkg/config/analysis/analyzers/destinationrule/ca-certificates.go b/pkg/config/analysis/analyzers/destinationrule/ca-certificates.go index 0c53f9f6231..b19d216c4c2 100644 --- a/pkg/config/analysis/analyzers/destinationrule/ca-certificates.go +++ b/pkg/config/analysis/analyzers/destinationrule/ca-certificates.go @@ -24,6 +24,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // CaCertificateAnalyzer checks if CaCertificate is set in case mode is SIMPLE/MUTUAL @@ -38,6 +39,10 @@ func (c *CaCertificateAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.DestinationRule, }, + MessageTypes: []*diag.MessageType{ + msg.NoServerCertificateVerificationDestinationLevel, + msg.NoServerCertificateVerificationPortLevel, + }, } } diff --git a/pkg/config/analysis/analyzers/envoyfilter/envoyfilter.go b/pkg/config/analysis/analyzers/envoyfilter/envoyfilter.go index 15276f2a935..578d6533486 100644 --- a/pkg/config/analysis/analyzers/envoyfilter/envoyfilter.go +++ b/pkg/config/analysis/analyzers/envoyfilter/envoyfilter.go @@ -24,6 +24,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // EnvoyPatchAnalyzer checks envoyFilters to see if the patch section is okay @@ -40,6 +41,10 @@ func (*EnvoyPatchAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.EnvoyFilter, }, + MessageTypes: []*diag.MessageType{ + msg.EnvoyFilterUsesRelativeOperation, + msg.EnvoyFilterUsesRelativeOperationWithProxyVersion, + }, } } diff --git a/pkg/config/analysis/analyzers/externalcontrolplane/externalcontrolplane.go b/pkg/config/analysis/analyzers/externalcontrolplane/externalcontrolplane.go index 108f98f235f..667a672aad3 100644 --- a/pkg/config/analysis/analyzers/externalcontrolplane/externalcontrolplane.go +++ b/pkg/config/analysis/analyzers/externalcontrolplane/externalcontrolplane.go @@ -26,6 +26,7 @@ import ( "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/slices" + "istio.io/istio/pkg/config/analysis/diag" ) type ExternalControlPlaneAnalyzer struct{} @@ -42,6 +43,10 @@ func (s *ExternalControlPlaneAnalyzer) Metadata() analysis.Metadata { gvk.ValidatingWebhookConfiguration, gvk.MutatingWebhookConfiguration, }, + MessageTypes: []*diag.MessageType{ + msg.ExternalControlPlaneAddressIsNotAHostname, + msg.InvalidExternalControlPlaneConfig, + }, } } diff --git a/pkg/config/analysis/analyzers/gateway/certificate.go b/pkg/config/analysis/analyzers/gateway/certificate.go index 6cdb3109546..68bad6deb7e 100644 --- a/pkg/config/analysis/analyzers/gateway/certificate.go +++ b/pkg/config/analysis/analyzers/gateway/certificate.go @@ -23,6 +23,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) type CertificateAnalyzer struct{} @@ -36,6 +37,9 @@ func (*CertificateAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.Gateway, }, + MessageTypes: []*diag.MessageType{ + msg.GatewayDuplicateCertificate, + }, } } diff --git a/pkg/config/analysis/analyzers/gateway/conflictinggateway.go b/pkg/config/analysis/analyzers/gateway/conflictinggateway.go index 7b3ffa4af49..49b3e0529fb 100644 --- a/pkg/config/analysis/analyzers/gateway/conflictinggateway.go +++ b/pkg/config/analysis/analyzers/gateway/conflictinggateway.go @@ -29,6 +29,7 @@ import ( "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // ConflictingGatewayAnalyzer checks a gateway's selector, port number and hosts. @@ -45,6 +46,10 @@ func (*ConflictingGatewayAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.Gateway, }, + MessageTypes: []*diag.MessageType{ + msg.ReferencedResourceNotFound, + msg.ConflictingGateways, + }, } } diff --git a/pkg/config/analysis/analyzers/gateway/gateway.go b/pkg/config/analysis/analyzers/gateway/gateway.go index eb1fe6c6a63..010c1ad902d 100644 --- a/pkg/config/analysis/analyzers/gateway/gateway.go +++ b/pkg/config/analysis/analyzers/gateway/gateway.go @@ -27,6 +27,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // IngressGatewayPortAnalyzer checks a gateway's ports against the gateway's Kubernetes service ports. @@ -45,6 +46,10 @@ func (*IngressGatewayPortAnalyzer) Metadata() analysis.Metadata { gvk.Pod, gvk.Service, }, + MessageTypes: []*diag.MessageType{ + msg.ReferencedResourceNotFound, + msg.GatewayPortNotDefinedOnService, + }, } } diff --git a/pkg/config/analysis/analyzers/gateway/secret.go b/pkg/config/analysis/analyzers/gateway/secret.go index d2c113735de..738971abadb 100644 --- a/pkg/config/analysis/analyzers/gateway/secret.go +++ b/pkg/config/analysis/analyzers/gateway/secret.go @@ -29,6 +29,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // SecretAnalyzer checks a gateway's referenced secrets for correctness @@ -46,6 +47,10 @@ func (a *SecretAnalyzer) Metadata() analysis.Metadata { gvk.Pod, gvk.Secret, }, + MessageTypes: []*diag.MessageType{ + msg.ReferencedResourceNotFound, + msg.InvalidGatewayCredential, + }, } } diff --git a/pkg/config/analysis/analyzers/injection/image-auto.go b/pkg/config/analysis/analyzers/injection/image-auto.go index 76fec80a74c..ae41f5cc82f 100644 --- a/pkg/config/analysis/analyzers/injection/image-auto.go +++ b/pkg/config/analysis/analyzers/injection/image-auto.go @@ -28,6 +28,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // ImageAutoAnalyzer reports an error if Pods and Deployments with `image: auto` are not going to be injected. @@ -51,6 +52,10 @@ func (a *ImageAutoAnalyzer) Metadata() analysis.Metadata { gvk.Deployment, gvk.MutatingWebhookConfiguration, }, + MessageTypes: []*diag.MessageType{ + msg.ImageAutoWithoutInjectionError, + msg.ImageAutoWithoutInjectionWarning, + }, } } diff --git a/pkg/config/analysis/analyzers/injection/injection-image.go b/pkg/config/analysis/analyzers/injection/injection-image.go index 45ff8e3100d..5b30f8595d5 100644 --- a/pkg/config/analysis/analyzers/injection/injection-image.go +++ b/pkg/config/analysis/analyzers/injection/injection-image.go @@ -28,6 +28,7 @@ import ( "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/slices" + "istio.io/istio/pkg/config/analysis/diag" ) // ImageAnalyzer checks the image of auto-injection configured with the running proxies on pods. @@ -60,6 +61,9 @@ func (a *ImageAnalyzer) Metadata() analysis.Metadata { gvk.Pod, gvk.ConfigMap, }, + MessageTypes: []*diag.MessageType{ + msg.PodsIstioProxyImageMismatchInNamespace, + }, } } diff --git a/pkg/config/analysis/analyzers/injection/injection.go b/pkg/config/analysis/analyzers/injection/injection.go index 623dcd128a6..eeba0181503 100644 --- a/pkg/config/analysis/analyzers/injection/injection.go +++ b/pkg/config/analysis/analyzers/injection/injection.go @@ -31,6 +31,7 @@ import ( "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/slices" + "istio.io/istio/pkg/config/analysis/diag" ) // Analyzer checks conditions related to Istio sidecar injection. @@ -55,6 +56,12 @@ func (a *Analyzer) Metadata() analysis.Metadata { gvk.Pod, gvk.ConfigMap, }, + MessageTypes: []*diag.MessageType{ + msg.NamespaceMultipleInjectionLabels, + msg.NamespaceInjectionEnabledByDefault, + msg.NamespaceNotInjected, + msg.PodMissingProxy, + }, } } diff --git a/pkg/config/analysis/analyzers/maturity/maturity.go b/pkg/config/analysis/analyzers/maturity/maturity.go index e95d1b455f3..48478bd43c9 100644 --- a/pkg/config/analysis/analyzers/maturity/maturity.go +++ b/pkg/config/analysis/analyzers/maturity/maturity.go @@ -27,6 +27,7 @@ import ( "istio.io/istio/pkg/config/constants" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // AlphaAnalyzer checks for alpha Istio annotations in K8s resources @@ -49,6 +50,9 @@ func (*AlphaAnalyzer) Metadata() analysis.Metadata { gvk.Pod, gvk.Deployment, }, + MessageTypes: []*diag.MessageType{ + msg.AlphaAnnotation, + }, } } diff --git a/pkg/config/analysis/analyzers/multicluster/meshnetworks.go b/pkg/config/analysis/analyzers/multicluster/meshnetworks.go index 587d9168813..f23402125b5 100644 --- a/pkg/config/analysis/analyzers/multicluster/meshnetworks.go +++ b/pkg/config/analysis/analyzers/multicluster/meshnetworks.go @@ -28,6 +28,7 @@ import ( "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/kube/multicluster" + "istio.io/istio/pkg/config/analysis/diag" ) // MeshNetworksAnalyzer validates MeshNetworks configuration in multi-cluster. @@ -51,6 +52,9 @@ func (s *MeshNetworksAnalyzer) Metadata() analysis.Metadata { gvk.MeshNetworks, gvk.Secret, }, + MessageTypes: []*diag.MessageType{ + msg.UnknownMeshNetworksServiceRegistry, + }, } } diff --git a/pkg/config/analysis/analyzers/schema/validation.go b/pkg/config/analysis/analyzers/schema/validation.go index 81e834b4ecf..ffe90c16ed3 100644 --- a/pkg/config/analysis/analyzers/schema/validation.go +++ b/pkg/config/analysis/analyzers/schema/validation.go @@ -54,6 +54,10 @@ func (a *ValidationAnalyzer) Metadata() analysis.Metadata { Name: "schema.ValidationAnalyzer." + a.s.Kind(), Description: "Runs schema validation as an analyzer on '" + a.s.Kind() + "' resources", Inputs: []config.GroupVersionKind{a.s.GroupVersionKind()}, + MessageTypes: []*diag.MessageType{ + msg.VirtualServiceUnreachableRule, + msg.VirtualServiceIneffectiveMatch, + }, } } diff --git a/pkg/config/analysis/analyzers/service/portname.go b/pkg/config/analysis/analyzers/service/portname.go index 5978509accb..01bdd088a47 100644 --- a/pkg/config/analysis/analyzers/service/portname.go +++ b/pkg/config/analysis/analyzers/service/portname.go @@ -27,6 +27,7 @@ import ( configKube "istio.io/istio/pkg/config/kube" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // PortNameAnalyzer checks the port name of the service @@ -42,6 +43,10 @@ func (s *PortNameAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.Service, }, + MessageTypes: []*diag.MessageType{ + msg.PortNameIsNotUnderNamingConvention, + msg.ExternalNameServiceTypeInvalidPortName, + }, } } diff --git a/pkg/config/analysis/analyzers/serviceentry/protocoladdresses.go b/pkg/config/analysis/analyzers/serviceentry/protocoladdresses.go index 753418ccd1d..cf3af1b2f9a 100644 --- a/pkg/config/analysis/analyzers/serviceentry/protocoladdresses.go +++ b/pkg/config/analysis/analyzers/serviceentry/protocoladdresses.go @@ -25,6 +25,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) type ProtocolAddressesAnalyzer struct{} @@ -39,6 +40,9 @@ func (serviceEntry *ProtocolAddressesAnalyzer) Metadata() analysis.Metadata { gvk.ServiceEntry, gvk.MeshConfig, }, + MessageTypes: []*diag.MessageType{ + msg.ServiceEntryAddressesRequired, + }, } } diff --git a/pkg/config/analysis/analyzers/sidecar/defaultselector.go b/pkg/config/analysis/analyzers/sidecar/defaultselector.go index 6b64b8635f7..7b30f583fa8 100644 --- a/pkg/config/analysis/analyzers/sidecar/defaultselector.go +++ b/pkg/config/analysis/analyzers/sidecar/defaultselector.go @@ -20,6 +20,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // DefaultSelectorAnalyzer validates, per namespace, that there aren't multiple @@ -38,6 +39,9 @@ func (a *DefaultSelectorAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.Sidecar, }, + MessageTypes: []*diag.MessageType{ + msg.MultipleSidecarsWithoutWorkloadSelectors, + }, } } diff --git a/pkg/config/analysis/analyzers/sidecar/selector.go b/pkg/config/analysis/analyzers/sidecar/selector.go index 1deed05ba58..0552d26f433 100644 --- a/pkg/config/analysis/analyzers/sidecar/selector.go +++ b/pkg/config/analysis/analyzers/sidecar/selector.go @@ -25,6 +25,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // SelectorAnalyzer validates, per namespace, that: @@ -44,6 +45,10 @@ func (a *SelectorAnalyzer) Metadata() analysis.Metadata { gvk.Sidecar, gvk.Pod, }, + MessageTypes: []*diag.MessageType{ + msg.ReferencedResourceNotFound, + msg.ConflictingSidecarWorkloadSelectors, + }, } } diff --git a/pkg/config/analysis/analyzers/telemetry/default_selector.go b/pkg/config/analysis/analyzers/telemetry/default_selector.go index 4af76d906de..f36bb940046 100644 --- a/pkg/config/analysis/analyzers/telemetry/default_selector.go +++ b/pkg/config/analysis/analyzers/telemetry/default_selector.go @@ -20,6 +20,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // DefaultSelectorAnalyzer validates, per namespace, that there aren't multiple @@ -38,6 +39,9 @@ func (a *DefaultSelectorAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.Telemetry, }, + MessageTypes: []*diag.MessageType{ + msg.MultipleTelemetriesWithoutWorkloadSelectors, + }, } } diff --git a/pkg/config/analysis/analyzers/telemetry/lightstep.go b/pkg/config/analysis/analyzers/telemetry/lightstep.go index 4087c4cfbbe..687930f0aff 100644 --- a/pkg/config/analysis/analyzers/telemetry/lightstep.go +++ b/pkg/config/analysis/analyzers/telemetry/lightstep.go @@ -25,6 +25,7 @@ import ( "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/util/sets" + "istio.io/istio/pkg/config/analysis/diag" ) type LightstepAnalyzer struct{} @@ -40,6 +41,9 @@ func (a *LightstepAnalyzer) Metadata() analysis.Metadata { gvk.Telemetry, gvk.MeshConfig, }, + MessageTypes: []*diag.MessageType{ + msg.Deprecated, + }, } } diff --git a/pkg/config/analysis/analyzers/telemetry/providers.go b/pkg/config/analysis/analyzers/telemetry/providers.go index 0c5aeca48a6..9ef562b09f3 100644 --- a/pkg/config/analysis/analyzers/telemetry/providers.go +++ b/pkg/config/analysis/analyzers/telemetry/providers.go @@ -21,6 +21,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) type ProdiverAnalyzer struct{} @@ -36,6 +37,9 @@ func (a *ProdiverAnalyzer) Metadata() analysis.Metadata { gvk.Telemetry, gvk.MeshConfig, }, + MessageTypes: []*diag.MessageType{ + msg.InvalidTelemetryProvider, + }, } } diff --git a/pkg/config/analysis/analyzers/telemetry/selector.go b/pkg/config/analysis/analyzers/telemetry/selector.go index f8caa2a0a20..01b380f188a 100644 --- a/pkg/config/analysis/analyzers/telemetry/selector.go +++ b/pkg/config/analysis/analyzers/telemetry/selector.go @@ -25,6 +25,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // SelectorAnalyzer validates, per namespace, that: @@ -44,6 +45,10 @@ func (a *SelectorAnalyzer) Metadata() analysis.Metadata { gvk.Telemetry, gvk.Pod, }, + MessageTypes: []*diag.MessageType{ + msg.ReferencedResourceNotFound, + msg.ConflictingTelemetryWorkloadSelectors, + }, } } diff --git a/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go b/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go index b3e2223f4a7..5cde13b2b73 100644 --- a/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go +++ b/pkg/config/analysis/analyzers/virtualservice/conflictingmeshgatewayhosts.go @@ -27,6 +27,7 @@ import ( "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/util/sets" + "istio.io/istio/pkg/config/analysis/diag" ) // ConflictingMeshGatewayHostsAnalyzer checks if multiple virtual services @@ -44,6 +45,9 @@ func (c *ConflictingMeshGatewayHostsAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.VirtualService, }, + MessageTypes: []*diag.MessageType{ + msg.ConflictingMeshGatewayVirtualServiceHosts, + }, } } diff --git a/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go b/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go index a3edea422a0..c5853b2a96e 100644 --- a/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go +++ b/pkg/config/analysis/analyzers/virtualservice/destinationhosts.go @@ -24,6 +24,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // DestinationHostAnalyzer checks the destination hosts associated with each virtual service @@ -46,6 +47,11 @@ func (a *DestinationHostAnalyzer) Metadata() analysis.Metadata { gvk.VirtualService, gvk.Service, }, + MessageTypes: []*diag.MessageType{ + msg.IngressRouteRulesNotAffected, + msg.ReferencedResourceNotFound, + msg.VirtualServiceDestinationPortSelectorRequired, + }, } } diff --git a/pkg/config/analysis/analyzers/virtualservice/destinationrules.go b/pkg/config/analysis/analyzers/virtualservice/destinationrules.go index c5a78ed1f3a..9d665993e1f 100644 --- a/pkg/config/analysis/analyzers/virtualservice/destinationrules.go +++ b/pkg/config/analysis/analyzers/virtualservice/destinationrules.go @@ -24,6 +24,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // DestinationRuleAnalyzer checks the destination rules associated with each virtual service @@ -40,6 +41,9 @@ func (d *DestinationRuleAnalyzer) Metadata() analysis.Metadata { gvk.VirtualService, gvk.DestinationRule, }, + MessageTypes: []*diag.MessageType{ + msg.ReferencedResourceNotFound, + }, } } diff --git a/pkg/config/analysis/analyzers/virtualservice/gateways.go b/pkg/config/analysis/analyzers/virtualservice/gateways.go index f146e847f86..cf598cf89a9 100644 --- a/pkg/config/analysis/analyzers/virtualservice/gateways.go +++ b/pkg/config/analysis/analyzers/virtualservice/gateways.go @@ -26,6 +26,7 @@ import ( "istio.io/istio/pkg/config/host" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // GatewayAnalyzer checks the gateways associated with each virtual service @@ -42,6 +43,10 @@ func (s *GatewayAnalyzer) Metadata() analysis.Metadata { gvk.Gateway, gvk.VirtualService, }, + MessageTypes: []*diag.MessageType{ + msg.ReferencedResourceNotFound, + msg.VirtualServiceHostNotFoundInGateway, + }, } } diff --git a/pkg/config/analysis/analyzers/virtualservice/jwtclaimroute.go b/pkg/config/analysis/analyzers/virtualservice/jwtclaimroute.go index 88e16f25572..fb280a5f6db 100644 --- a/pkg/config/analysis/analyzers/virtualservice/jwtclaimroute.go +++ b/pkg/config/analysis/analyzers/virtualservice/jwtclaimroute.go @@ -27,6 +27,7 @@ import ( "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/jwt" + "istio.io/istio/pkg/config/analysis/diag" ) type JWTClaimRouteAnalyzer struct{} @@ -44,6 +45,9 @@ func (s *JWTClaimRouteAnalyzer) Metadata() analysis.Metadata { gvk.Gateway, gvk.Pod, }, + MessageTypes: []*diag.MessageType{ + msg.JwtClaimBasedRoutingWithoutRequestAuthN, + }, } } diff --git a/pkg/config/analysis/analyzers/virtualservice/regexes.go b/pkg/config/analysis/analyzers/virtualservice/regexes.go index 9fab304364a..57d8f8cda6b 100644 --- a/pkg/config/analysis/analyzers/virtualservice/regexes.go +++ b/pkg/config/analysis/analyzers/virtualservice/regexes.go @@ -25,6 +25,7 @@ import ( "istio.io/istio/pkg/config/analysis/msg" "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" + "istio.io/istio/pkg/config/analysis/diag" ) // RegexAnalyzer checks all regexes in a virtual service @@ -40,6 +41,9 @@ func (a *RegexAnalyzer) Metadata() analysis.Metadata { Inputs: []config.GroupVersionKind{ gvk.VirtualService, }, + MessageTypes: []*diag.MessageType{ + msg.InvalidRegexp, + }, } } diff --git a/pkg/config/analysis/analyzers/webhook/webhook.go b/pkg/config/analysis/analyzers/webhook/webhook.go index c5adb6d5208..fcd4aee8916 100644 --- a/pkg/config/analysis/analyzers/webhook/webhook.go +++ b/pkg/config/analysis/analyzers/webhook/webhook.go @@ -29,6 +29,7 @@ import ( "istio.io/istio/pkg/config/resource" "istio.io/istio/pkg/config/schema/gvk" "istio.io/istio/pkg/util/sets" + "istio.io/istio/pkg/config/analysis/diag" ) type Analyzer struct { @@ -45,6 +46,9 @@ func (a *Analyzer) Metadata() analysis.Metadata { gvk.MutatingWebhookConfiguration, gvk.Service, }, + MessageTypes: []*diag.MessageType{ + msg.InvalidWebhook, + }, } } diff --git a/pkg/config/analysis/metadata.go b/pkg/config/analysis/metadata.go index a9e95ca0615..d6275a7766c 100644 --- a/pkg/config/analysis/metadata.go +++ b/pkg/config/analysis/metadata.go @@ -14,13 +14,17 @@ package analysis -import "istio.io/istio/pkg/config" +import ( + "istio.io/istio/pkg/config" + "istio.io/istio/pkg/config/analysis/diag" +) // Metadata represents metadata for an analyzer type Metadata struct { Name string // Description is a short explanation of what the analyzer checks. This // field is displayed to users when --list-analyzers is called. - Description string - Inputs []config.GroupVersionKind + Description string + Inputs []config.GroupVersionKind + MessageTypes []*diag.MessageType } From 880a5814dc7009cc1cdcd2de81d1c0d887544efd Mon Sep 17 00:00:00 2001 From: Jonathan Jamroga Date: Fri, 29 Mar 2024 12:03:20 -0400 Subject: [PATCH 3/3] Combined Analyzer Interface --- pkg/config/analysis/analyzer.go | 25 +++++++++++++-------- pkg/config/analysis/analyzers/all.go | 2 +- pkg/config/analysis/local/istiod_analyze.go | 8 +++---- 3 files changed, 21 insertions(+), 14 deletions(-) diff --git a/pkg/config/analysis/analyzer.go b/pkg/config/analysis/analyzer.go index 81ad78f378d..f4ce8c71f05 100644 --- a/pkg/config/analysis/analyzer.go +++ b/pkg/config/analysis/analyzer.go @@ -27,22 +27,29 @@ type Analyzer interface { Analyze(c Context) } -// CombinedAnalyzer is a special Analyzer that combines multiple analyzers into one -type CombinedAnalyzer struct { +type CombinedAnalyzer interface { + Analyzer + RelevantSubset(kinds sets.Set[config.GroupVersionKind]) CombinedAnalyzer + RemoveSkipped(schemas collection.Schemas) []string + AnalyzerNames() []string +} + +// InternalCombinedAnalyzer is a special Analyzer that combines multiple analyzers into one +type InternalCombinedAnalyzer struct { name string analyzers []Analyzer } // Combine multiple analyzers into a single one. // For input metadata, use the union of the component analyzers -func Combine(name string, analyzers ...Analyzer) *CombinedAnalyzer { - return &CombinedAnalyzer{ +func Combine(name string, analyzers ...Analyzer) CombinedAnalyzer { + return &InternalCombinedAnalyzer{ name: name, analyzers: analyzers, } } -func (c *CombinedAnalyzer) RelevantSubset(kinds sets.Set[config.GroupVersionKind]) *CombinedAnalyzer { +func (c *InternalCombinedAnalyzer) RelevantSubset(kinds sets.Set[config.GroupVersionKind]) CombinedAnalyzer { var selected []Analyzer for _, a := range c.analyzers { for _, inputKind := range a.Metadata().Inputs { @@ -56,7 +63,7 @@ func (c *CombinedAnalyzer) RelevantSubset(kinds sets.Set[config.GroupVersionKind } // Metadata implements Analyzer -func (c *CombinedAnalyzer) Metadata() Metadata { +func (c *InternalCombinedAnalyzer) Metadata() Metadata { return Metadata{ Name: c.name, Inputs: combineInputs(c.analyzers), @@ -64,7 +71,7 @@ func (c *CombinedAnalyzer) Metadata() Metadata { } // Analyze implements Analyzer -func (c *CombinedAnalyzer) Analyze(ctx Context) { +func (c *InternalCombinedAnalyzer) Analyze(ctx Context) { for _, a := range c.analyzers { scope.Analysis.Debugf("Started analyzer %q...", a.Metadata().Name) if ctx.Canceled() { @@ -82,7 +89,7 @@ func (c *CombinedAnalyzer) Analyze(ctx Context) { // Transformer information is used to determine, based on the disabled input collections, which output collections // should be disabled. Any analyzers that require those output collections will be removed. // 2. The analyzer requires a collection not available in the current snapshot(s) -func (c *CombinedAnalyzer) RemoveSkipped(schemas collection.Schemas) []string { +func (c *InternalCombinedAnalyzer) RemoveSkipped(schemas collection.Schemas) []string { allSchemas := schemas.All() s := sets.NewWithLength[config.GroupVersionKind](len(allSchemas)) for _, sc := range allSchemas { @@ -109,7 +116,7 @@ mainloop: } // AnalyzerNames returns the names of analyzers in this combined analyzer -func (c *CombinedAnalyzer) AnalyzerNames() []string { +func (c *InternalCombinedAnalyzer) AnalyzerNames() []string { result := make([]string, 0, len(c.analyzers)) for _, a := range c.analyzers { result = append(result, a.Metadata().Name) diff --git a/pkg/config/analysis/analyzers/all.go b/pkg/config/analysis/analyzers/all.go index 054f48978dd..7ac9c41765e 100644 --- a/pkg/config/analysis/analyzers/all.go +++ b/pkg/config/analysis/analyzers/all.go @@ -78,6 +78,6 @@ func All() []analysis.Analyzer { } // AllCombined returns all analyzers combined as one -func AllCombined() *analysis.CombinedAnalyzer { +func AllCombined() analysis.CombinedAnalyzer { return analysis.Combine("all", All()...) } diff --git a/pkg/config/analysis/local/istiod_analyze.go b/pkg/config/analysis/local/istiod_analyze.go index 600d35d016a..f61cb737922 100644 --- a/pkg/config/analysis/local/istiod_analyze.go +++ b/pkg/config/analysis/local/istiod_analyze.go @@ -62,7 +62,7 @@ type IstiodAnalyzer struct { // fileSource contains all file bases sources fileSource *file.KubeSource - analyzer *analysis.CombinedAnalyzer + analyzer analysis.CombinedAnalyzer namespace resource.Namespace istioNamespace resource.Namespace @@ -88,14 +88,14 @@ type IstiodAnalyzer struct { } // NewSourceAnalyzer is a drop-in replacement for the galley function, adapting to istiod analyzer. -func NewSourceAnalyzer(analyzer *analysis.CombinedAnalyzer, namespace, istioNamespace resource.Namespace, cr CollectionReporterFn) *IstiodAnalyzer { +func NewSourceAnalyzer(analyzer analysis.CombinedAnalyzer, namespace, istioNamespace resource.Namespace, cr CollectionReporterFn) *IstiodAnalyzer { return NewIstiodAnalyzer(analyzer, namespace, istioNamespace, cr) } // NewIstiodAnalyzer creates a new IstiodAnalyzer with no sources. Use the Add*Source // methods to add sources in ascending precedence order, // then execute Analyze to perform the analysis -func NewIstiodAnalyzer(analyzer *analysis.CombinedAnalyzer, namespace, +func NewIstiodAnalyzer(analyzer analysis.CombinedAnalyzer, namespace, istioNamespace resource.Namespace, cr CollectionReporterFn, ) *IstiodAnalyzer { // collectionReporter hook function defaults to no-op @@ -131,7 +131,7 @@ func (sa *IstiodAnalyzer) ReAnalyze(cancel <-chan struct{}) (AnalysisResult, err return sa.internalAnalyze(sa.analyzer, cancel) } -func (sa *IstiodAnalyzer) internalAnalyze(a *analysis.CombinedAnalyzer, cancel <-chan struct{}) (AnalysisResult, error) { +func (sa *IstiodAnalyzer) internalAnalyze(a analysis.CombinedAnalyzer, cancel <-chan struct{}) (AnalysisResult, error) { store := sa.initializedStore var result AnalysisResult