// Copyright Istio Authors // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. // You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. package clioptions import ( "fmt" "time" ) import ( "github.com/spf13/cobra" "github.com/spf13/viper" ) // CentralControlPlaneOptions holds options common to all subcommands // that invoke Istiod via xDS REST endpoint type CentralControlPlaneOptions struct { // Xds is XDS endpoint, e.g. localhost:15010. Xds string // XdsPodLabel is a Kubernetes label on the Istiod pods XdsPodLabel string // XdsPodPort is a port exposing XDS (typically 15010 or 15012) XdsPodPort int // CertDir is the local directory containing certificates CertDir string // Timeout is how long to wait before giving up on XDS Timeout time.Duration // InsecureSkipVerify skips client verification the server's certificate chain and host name. InsecureSkipVerify bool // XDSSAN is the expected Subject Alternative Name of the XDS server XDSSAN string // Plaintext forces plain text communication (for talking to port 15010) Plaintext bool // GCP project number or ID to use for XDS calls, if any. GCPProject string // Istiod address. For MCP may be different than Xds. IstiodAddr string } // AttachControlPlaneFlags attaches control-plane flags to a Cobra command. // (Currently just --endpoint) func (o *CentralControlPlaneOptions) AttachControlPlaneFlags(cmd *cobra.Command) { cmd.PersistentFlags().StringVar(&o.Xds, "xds-address", viper.GetString("XDS-ADDRESS"), "XDS Endpoint") cmd.PersistentFlags().StringVar(&o.CertDir, "cert-dir", viper.GetString("CERT-DIR"), "XDS Endpoint certificate directory") cmd.PersistentFlags().StringVar(&o.XdsPodLabel, "xds-label", "", "Istiod pod label selector") cmd.PersistentFlags().IntVar(&o.XdsPodPort, "xds-port", viper.GetInt("XDS-PORT"), "Istiod pod port") cmd.PersistentFlags().DurationVar(&o.Timeout, "timeout", time.Second*30, "The duration to wait before failing") cmd.PersistentFlags().StringVar(&o.XDSSAN, "authority", viper.GetString("AUTHORITY"), "XDS Subject Alternative Name (for example istiod.dubbo-system.svc)") cmd.PersistentFlags().BoolVar(&o.InsecureSkipVerify, "insecure", viper.GetBool("INSECURE"), "Skip server certificate and domain verification. (NOT SECURE!)") cmd.PersistentFlags().BoolVar(&o.Plaintext, "plaintext", viper.GetBool("PLAINTEXT"), "Use plain-text HTTP/2 when connecting to server (no TLS).") } // ValidateControlPlaneFlags checks arguments for valid values and combinations func (o *CentralControlPlaneOptions) ValidateControlPlaneFlags() error { if o.Xds != "" && o.XdsPodLabel != "" { return fmt.Errorf("either --xds-address or --xds-label, not both") } if o.Plaintext && o.CertDir != "" { return fmt.Errorf("either --plaintext or --cert-dir, not both") } return nil }