pilot/pkg/bootstrap/options.go - dubbo-go-pixiu - Git at Google

 // Copyright Istio Authors
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
 // You may obtain a copy of the License at
 //
 //     http://www.apache.org/licenses/LICENSE-2.0
 //
 // Unless required by applicable law or agreed to in writing, software
 // distributed under the License is distributed on an "AS IS" BASIS,
 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 // See the License for the specific language governing permissions and
 // limitations under the License.

 package bootstrap

 import (
 	"crypto/tls"
 	"fmt"
 	"time"
 )

 import (
 	"istio.io/pkg/ctrlz"
 	"istio.io/pkg/env"
 )

 import (
 	"github.com/apache/dubbo-go-pixiu/pilot/pkg/features"
 	kubecontroller "github.com/apache/dubbo-go-pixiu/pilot/pkg/serviceregistry/kube/controller"
 	"github.com/apache/dubbo-go-pixiu/pkg/config/constants"
 	"github.com/apache/dubbo-go-pixiu/pkg/keepalive"
 )

 // RegistryOptions provide configuration options for the configuration controller. If FileDir is set, that directory will
 // be monitored for CRD yaml files and will update the controller as those files change (This is used for testing
 // purposes). Otherwise, a CRD client is created based on the configuration.
 type RegistryOptions struct {
 	// If FileDir is set, the below kubernetes options are ignored
 	FileDir string

 	Registries []string

 	// Kubernetes controller options
 	KubeOptions kubecontroller.Options
 	// ClusterRegistriesNamespace specifies where the multi-cluster secret resides
 	ClusterRegistriesNamespace string
 	KubeConfig                 string

 	// DistributionTracking control
 	DistributionCacheRetention time.Duration

 	// DistributionTracking control
 	DistributionTrackingEnabled bool
 }

 // PilotArgs provides all of the configuration parameters for the Pilot discovery service.
 type PilotArgs struct {
 	ServerOptions      DiscoveryServerOptions
 	InjectionOptions   InjectionOptions
 	PodName            string
 	Namespace          string
 	Revision           string
 	MeshConfigFile     string
 	NetworksConfigFile string
 	RegistryOptions    RegistryOptions
 	CtrlZOptions       *ctrlz.Options
 	KeepaliveOptions   *keepalive.Options
 	ShutdownDuration   time.Duration
 	JwtRule            string
 }

 // DiscoveryServerOptions contains options for create a new discovery server instance.
 type DiscoveryServerOptions struct {
 	// The listening address for HTTP (debug). If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
 	// a port number is automatically chosen.
 	HTTPAddr string

 	// The listening address for HTTPS (webhooks). If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
 	// a port number is automatically chosen.
 	// If the address is empty, the secure port is disabled, and the
 	// webhooks are registered on the HTTP port - a gateway in front will
 	// terminate TLS instead.
 	HTTPSAddr string

 	// The listening address for gRPC. If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
 	// a port number is automatically chosen.
 	GRPCAddr string

 	// The listening address for the monitoring port. If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
 	// a port number is automatically chosen.
 	MonitoringAddr string

 	EnableProfiling bool

 	// Optional TLS configuration
 	TLSOptions TLSOptions

 	// The listening address for secured gRPC. If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
 	// a port number is automatically chosen.
 	SecureGRPCAddr string
 }

 type InjectionOptions struct {
 	// Directory of injection related config files.
 	InjectionDirectory string
 }

 // TLSOptions is optional TLS parameters for Istiod server.
 type TLSOptions struct {
 	CaCertFile      string
 	CertFile        string
 	KeyFile         string
 	TLSCipherSuites []string
 	CipherSuits     []uint16 // This is the parsed cipher suites
 }

 var (
 	PodNamespace = env.RegisterStringVar("POD_NAMESPACE", constants.IstioSystemNamespace, "").Get()
 	PodName      = env.RegisterStringVar("POD_NAME", "", "").Get()
 	JwtRule      = env.RegisterStringVar("JWT_RULE", "",
 		"The JWT rule used by istiod authentication").Get()
 )

 // Revision is the value of the Istio control plane revision, e.g. "canary",
 // and is the value used by the "istio.io/rev" label.
 var Revision = env.RegisterStringVar("REVISION", "", "").Get()

 // NewPilotArgs constructs pilotArgs with default values.
 func NewPilotArgs(initFuncs ...func(*PilotArgs)) *PilotArgs {
 	p := &PilotArgs{}

 	// Apply Default Values.
 	p.applyDefaults()

 	// Apply custom initialization functions.
 	for _, fn := range initFuncs {
 		fn(p)
 	}

 	return p
 }

 // Apply default value to PilotArgs
 func (p *PilotArgs) applyDefaults() {
 	p.Namespace = PodNamespace
 	p.PodName = PodName
 	p.Revision = Revision
 	p.JwtRule = JwtRule
 	p.KeepaliveOptions = keepalive.DefaultOption()
 	p.RegistryOptions.DistributionTrackingEnabled = features.EnableDistributionTracking
 	p.RegistryOptions.DistributionCacheRetention = features.DistributionHistoryRetention
 	p.RegistryOptions.ClusterRegistriesNamespace = p.Namespace
 }

 func (p *PilotArgs) Complete() error {
 	cipherSuits, err := TLSCipherSuites(p.ServerOptions.TLSOptions.TLSCipherSuites)
 	if err != nil {
 		return err
 	}
 	p.ServerOptions.TLSOptions.CipherSuits = cipherSuits
 	return nil
 }

 func allCiphers() map[string]uint16 {
 	acceptedCiphers := make(map[string]uint16, len(tls.CipherSuites())+len(tls.InsecureCipherSuites()))
 	for _, cipher := range tls.InsecureCipherSuites() {
 		acceptedCiphers[cipher.Name] = cipher.ID
 	}
 	for _, cipher := range tls.CipherSuites() {
 		acceptedCiphers[cipher.Name] = cipher.ID
 	}
 	return acceptedCiphers
 }

 // TLSCipherSuites returns a list of cipher suite IDs from the cipher suite names passed.
 func TLSCipherSuites(cipherNames []string) ([]uint16, error) {
 	if len(cipherNames) == 0 {
 		return nil, nil
 	}
 	ciphersIntSlice := make([]uint16, 0)
 	possibleCiphers := allCiphers()
 	for _, cipher := range cipherNames {
 		intValue, ok := possibleCiphers[cipher]
 		if !ok {
 			return nil, fmt.Errorf("cipher suite %s not supported or doesn't exist", cipher)
 		}
 		ciphersIntSlice = append(ciphersIntSlice, intValue)
 	}
 	return ciphersIntSlice, nil
 }
	// Copyright Istio Authors
	//
	// Licensed under the Apache License, Version 2.0 (the "License");
	// you may not use this file except in compliance with the License.
	// You may obtain a copy of the License at
	//
	// http://www.apache.org/licenses/LICENSE-2.0
	//
	// Unless required by applicable law or agreed to in writing, software
	// distributed under the License is distributed on an "AS IS" BASIS,
	// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	// See the License for the specific language governing permissions and
	// limitations under the License.

	package bootstrap

	import (
	"crypto/tls"
	"fmt"
	"time"
	)

	import (
	"istio.io/pkg/ctrlz"
	"istio.io/pkg/env"
	)

	import (
	"github.com/apache/dubbo-go-pixiu/pilot/pkg/features"
	kubecontroller "github.com/apache/dubbo-go-pixiu/pilot/pkg/serviceregistry/kube/controller"
	"github.com/apache/dubbo-go-pixiu/pkg/config/constants"
	"github.com/apache/dubbo-go-pixiu/pkg/keepalive"
	)

	// RegistryOptions provide configuration options for the configuration controller. If FileDir is set, that directory will
	// be monitored for CRD yaml files and will update the controller as those files change (This is used for testing
	// purposes). Otherwise, a CRD client is created based on the configuration.
	type RegistryOptions struct {
	// If FileDir is set, the below kubernetes options are ignored
	FileDir string

	Registries []string

	// Kubernetes controller options
	KubeOptions kubecontroller.Options
	// ClusterRegistriesNamespace specifies where the multi-cluster secret resides
	ClusterRegistriesNamespace string
	KubeConfig string

	// DistributionTracking control
	DistributionCacheRetention time.Duration

	// DistributionTracking control
	DistributionTrackingEnabled bool
	}

	// PilotArgs provides all of the configuration parameters for the Pilot discovery service.
	type PilotArgs struct {
	ServerOptions DiscoveryServerOptions
	InjectionOptions InjectionOptions
	PodName string
	Namespace string
	Revision string
	MeshConfigFile string
	NetworksConfigFile string
	RegistryOptions RegistryOptions
	CtrlZOptions *ctrlz.Options
	KeepaliveOptions *keepalive.Options
	ShutdownDuration time.Duration
	JwtRule string
	}

	// DiscoveryServerOptions contains options for create a new discovery server instance.
	type DiscoveryServerOptions struct {
	// The listening address for HTTP (debug). If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
	// a port number is automatically chosen.
	HTTPAddr string

	// The listening address for HTTPS (webhooks). If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
	// a port number is automatically chosen.
	// If the address is empty, the secure port is disabled, and the
	// webhooks are registered on the HTTP port - a gateway in front will
	// terminate TLS instead.
	HTTPSAddr string

	// The listening address for gRPC. If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
	// a port number is automatically chosen.
	GRPCAddr string

	// The listening address for the monitoring port. If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
	// a port number is automatically chosen.
	MonitoringAddr string

	EnableProfiling bool

	// Optional TLS configuration
	TLSOptions TLSOptions

	// The listening address for secured gRPC. If the port in the address is empty or "0" (as in "127.0.0.1:" or "[::1]:0")
	// a port number is automatically chosen.
	SecureGRPCAddr string
	}

	type InjectionOptions struct {
	// Directory of injection related config files.
	InjectionDirectory string
	}

	// TLSOptions is optional TLS parameters for Istiod server.
	type TLSOptions struct {
	CaCertFile string
	CertFile string
	KeyFile string
	TLSCipherSuites []string
	CipherSuits []uint16 // This is the parsed cipher suites
	}

	var (
	PodNamespace = env.RegisterStringVar("POD_NAMESPACE", constants.IstioSystemNamespace, "").Get()
	PodName = env.RegisterStringVar("POD_NAME", "", "").Get()
	JwtRule = env.RegisterStringVar("JWT_RULE", "",
	"The JWT rule used by istiod authentication").Get()
	)

	// Revision is the value of the Istio control plane revision, e.g. "canary",
	// and is the value used by the "istio.io/rev" label.
	var Revision = env.RegisterStringVar("REVISION", "", "").Get()

	// NewPilotArgs constructs pilotArgs with default values.
	func NewPilotArgs(initFuncs ...func(PilotArgs)) PilotArgs {
	p := &PilotArgs{}

	// Apply Default Values.
	p.applyDefaults()

	// Apply custom initialization functions.
	for _, fn := range initFuncs {
	fn(p)
	}

	return p
	}

	// Apply default value to PilotArgs
	func (p *PilotArgs) applyDefaults() {
	p.Namespace = PodNamespace
	p.PodName = PodName
	p.Revision = Revision
	p.JwtRule = JwtRule
	p.KeepaliveOptions = keepalive.DefaultOption()
	p.RegistryOptions.DistributionTrackingEnabled = features.EnableDistributionTracking
	p.RegistryOptions.DistributionCacheRetention = features.DistributionHistoryRetention
	p.RegistryOptions.ClusterRegistriesNamespace = p.Namespace
	}

	func (p *PilotArgs) Complete() error {
	cipherSuits, err := TLSCipherSuites(p.ServerOptions.TLSOptions.TLSCipherSuites)
	if err != nil {
	return err
	}
	p.ServerOptions.TLSOptions.CipherSuits = cipherSuits
	return nil
	}

	func allCiphers() map[string]uint16 {
	acceptedCiphers := make(map[string]uint16, len(tls.CipherSuites())+len(tls.InsecureCipherSuites()))
	for _, cipher := range tls.InsecureCipherSuites() {
	acceptedCiphers[cipher.Name] = cipher.ID
	}
	for _, cipher := range tls.CipherSuites() {
	acceptedCiphers[cipher.Name] = cipher.ID
	}
	return acceptedCiphers
	}

	// TLSCipherSuites returns a list of cipher suite IDs from the cipher suite names passed.
	func TLSCipherSuites(cipherNames []string) ([]uint16, error) {
	if len(cipherNames) == 0 {
	return nil, nil
	}
	ciphersIntSlice := make([]uint16, 0)
	possibleCiphers := allCiphers()
	for _, cipher := range cipherNames {
	intValue, ok := possibleCiphers[cipher]
	if !ok {
	return nil, fmt.Errorf("cipher suite %s not supported or doesn't exist", cipher)
	}
	ciphersIntSlice = append(ciphersIntSlice, intValue)
	}
	return ciphersIntSlice, nil
	}