Skip to content

fix: btlsp section name doesn't support port name #4784

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 14 commits into from
Dec 6, 2024
Merged

fix: btlsp section name doesn't support port name #4784

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
94aa125
fix btlsp section name
zhaohuabing Nov 26, 2024
41e3ba9
add release note
zhaohuabing Nov 26, 2024
1536c2a
optmize service search
zhaohuabing Nov 26, 2024
dfd2dac
address comment
zhaohuabing Nov 27, 2024
271d5d4
fix test
zhaohuabing Nov 27, 2024
51e94aa
Merge remote-tracking branch 'origin/main' into fix-btlsp-section-name
zhaohuabing Nov 27, 2024
28b13f2
fix test
zhaohuabing Nov 27, 2024
587da5d
Merge branch 'main' into fix-btlsp-section-name
zhaohuabing Nov 28, 2024
bd9c3e8
address comment
zhaohuabing Dec 2, 2024
1c829ce
Merge branch 'main' into fix-btlsp-section-name
zhaohuabing Dec 2, 2024
6b762eb
fix e2e
zhaohuabing Dec 3, 2024
0e78eb7
Merge remote-tracking branch 'origin/main' into fix-btlsp-section-name
zhaohuabing Dec 3, 2024
a0c2b0b
Merge branch 'main' into fix-btlsp-section-name
zirain Dec 5, 2024
1d5abcd
Merge branch 'main' into fix-btlsp-section-name
zhaohuabing Dec 6, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 7 additions & 2 deletions internal/cmd/egctl/translate_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"sigs.k8s.io/yaml"

"github.com/envoyproxy/gateway/internal/gatewayapi/resource"
"github.com/envoyproxy/gateway/internal/utils/field"
"github.com/envoyproxy/gateway/internal/utils/file"
)
Expand Down Expand Up @@ -368,8 +369,12 @@ func TestTranslate(t *testing.T) {
// want.GatewayClass.Status.SupportedFeatures = status.GatewaySupportedFeatures
// }

opts := cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime")
require.Empty(t, cmp.Diff(want, got, opts))
opts := []cmp.Option{
cmpopts.IgnoreFields(metav1.Condition{}, "LastTransitionTime"),
cmpopts.IgnoreFields(resource.Resources{}, "serviceMap"),
}

require.Empty(t, cmp.Diff(want, got, opts...))
})
}
}
Expand Down
12 changes: 9 additions & 3 deletions internal/gatewayapi/backendtlspolicy.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ func (t *Translator) processBackendTLSPolicy(
resources *resource.Resources,
envoyProxy *egv1a1.EnvoyProxy,
) (*ir.TLSUpstreamConfig, *gwapiv1a3.BackendTLSPolicy) {
policy := getBackendTLSPolicy(resources.BackendTLSPolicies, backendRef, backendNamespace)
policy := getBackendTLSPolicy(resources.BackendTLSPolicies, backendRef, backendNamespace, resources)
if policy == nil {
return nil, nil
}
Expand Down Expand Up @@ -157,8 +157,14 @@ func backendTLSTargetMatched(policy gwapiv1a3.BackendTLSPolicy, target gwapiv1a2
return false
}

func getBackendTLSPolicy(policies []*gwapiv1a3.BackendTLSPolicy, backendRef gwapiv1a2.BackendObjectReference, backendNamespace string) *gwapiv1a3.BackendTLSPolicy {
target := getTargetBackendReference(backendRef)
func getBackendTLSPolicy(
policies []*gwapiv1a3.BackendTLSPolicy,
backendRef gwapiv1a2.BackendObjectReference,
backendNamespace string,
resources *resource.Resources,
) *gwapiv1a3.BackendTLSPolicy {
// SectionName is port number for EG Backend object
target := getTargetBackendReference(backendRef, backendNamespace, resources)
for _, policy := range policies {
if backendTLSTargetMatched(*policy, target, backendNamespace) {
return policy
Expand Down
19 changes: 14 additions & 5 deletions internal/gatewayapi/resource/resource.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@
corev1 "k8s.io/api/core/v1"
discoveryv1 "k8s.io/api/discovery/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/types"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
gwapiv1a3 "sigs.k8s.io/gateway-api/apis/v1alpha3"
Expand Down Expand Up @@ -64,6 +65,8 @@
ExtensionServerPolicies []unstructured.Unstructured `json:"extensionServerPolicies,omitempty" yaml:"extensionServerPolicies,omitempty"`
Backends []*egv1a1.Backend `json:"backends,omitempty" yaml:"backends,omitempty"`
HTTPRouteFilters []*egv1a1.HTTPRouteFilter `json:"httpFilters,omitempty" yaml:"httpFilters,omitempty"`

serviceMap map[types.NamespacedName]*corev1.Service
}

func NewResources() *Resources {
Expand Down Expand Up @@ -111,14 +114,20 @@
return nil
}

// GetService returns the Service with the given namespace and name.
// This function creates a HashMap of Services for faster lookup when it's called for the first time.
// Subsequent calls will use the HashMap for lookup.
// Note:
// - This function is not thread-safe.
// - This function should be called after all the Services are added to the Resources.
func (r *Resources) GetService(namespace, name string) *corev1.Service {
for _, svc := range r.Services {
if svc.Namespace == namespace && svc.Name == name {
return svc
if r.serviceMap == nil {
r.serviceMap = make(map[types.NamespacedName]*corev1.Service)
for _, svc := range r.Services {
r.serviceMap[types.NamespacedName{Namespace: svc.Namespace, Name: svc.Name}] = svc

Check warning on line 127 in internal/gatewayapi/resource/resource.go

View check run for this annotation

Codecov / codecov/patch

internal/gatewayapi/resource/resource.go#L124-L127 

Added lines #L124 - L127 were not covered by tests
}
}

return nil
return r.serviceMap[types.NamespacedName{Namespace: namespace, Name: name}]

Check warning on line 130 in internal/gatewayapi/resource/resource.go

View check run for this annotation

Codecov / codecov/patch

internal/gatewayapi/resource/resource.go#L130 

Added line #L130 was not covered by tests
}

func (r *Resources) GetServiceImport(namespace, name string) *mcsapiv1a1.ServiceImport {
Expand Down
17 changes: 17 additions & 0 deletions internal/gatewayapi/resource/zz_generated.deepcopy.go
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

31 changes: 23 additions & 8 deletions internal/gatewayapi/route.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1598,30 +1598,45 @@ func getIREndpointsFromEndpointSlice(endpointSlice *discoveryv1.EndpointSlice, p
return endpoints
}

func getTargetBackendReference(backendRef gwapiv1a2.BackendObjectReference) gwapiv1a2.LocalPolicyTargetReferenceWithSectionName {
func getTargetBackendReference(backendRef gwapiv1a2.BackendObjectReference, backendNamespace string, resources *resource.Resources) gwapiv1a2.LocalPolicyTargetReferenceWithSectionName {
ref := gwapiv1a2.LocalPolicyTargetReferenceWithSectionName{
LocalPolicyTargetReference: gwapiv1a2.LocalPolicyTargetReference{
Group: func() gwapiv1a2.Group {
if backendRef.Group == nil {
if backendRef.Group == nil || *backendRef.Group == "" {
return ""
}
return *backendRef.Group
}(),
Kind: func() gwapiv1.Kind {
if backendRef.Kind == nil {
if backendRef.Kind == nil || *backendRef.Kind == resource.KindService {
return "Service"
}
return *backendRef.Kind
}(),
Name: backendRef.Name,
},
SectionName: func() *gwapiv1.SectionName {
if backendRef.Port != nil {
return SectionNamePtr(strconv.Itoa(int(*backendRef.Port)))
}
if backendRef.Port == nil {
return ref
}

// Set the section name to the port name if the backend is a Kubernetes Service
if backendRef.Kind == nil || *backendRef.Kind == resource.KindService {
if service := resources.GetService(backendNamespace, string(backendRef.Name)); service != nil {
for _, port := range service.Spec.Ports {
if port.Port == int32(*backendRef.Port) {
if port.Name != "" {
ref.SectionName = SectionNamePtr(port.Name)
break
}
}
}
return nil
}(),
}
} else {
// Set the section name to the port number if the backend is a EG Backend
ref.SectionName = SectionNamePtr(strconv.Itoa(int(*backendRef.Port)))
}

return ref
}

Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-across-ns.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-across-ns.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -108,7 +108,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: ca-secret
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-ca-only-secret.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-ca-only.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -123,7 +123,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-ca-only.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,7 +167,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
- group: gateway.envoyproxy.io
kind: Backend
name: backend-ip-tls
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-default-ns-targetrefs.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
- group: gateway.envoyproxy.io
kind: Backend
name: backend-ip-tls
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-default-ns.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -134,7 +134,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-default-ns.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -105,7 +105,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- name: no-ca-cmap
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-invalid-ca.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
caCertificateRefs:
- group: ""
Expand Down
8 changes: 4 additions & 4 deletions internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -64,11 +64,11 @@ services:
clusterIP: 10.11.12.13
ports:
- port: 8080
name: http
name: http1
protocol: TCP
targetPort: 8080
- port: 8081
name: http
name: http2
protocol: TCP
targetPort: 8081

Expand Down Expand Up @@ -110,11 +110,11 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http1
- group: ""
kind: Service
name: http-backend
sectionName: "8081"
sectionName: http2
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
4 changes: 2 additions & 2 deletions internal/gatewayapi/testdata/backendtlspolicy-multiple-targets.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,11 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http1
- group: ""
kind: Service
name: http-backend
sectionName: "8081"
sectionName: http2
validation:
caCertificateRefs:
- group: ""
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-system-truststore.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -98,7 +98,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
wellKnownCACertificates: System
hostname: example.com
2 changes: 1 addition & 1 deletion internal/gatewayapi/testdata/backendtlspolicy-system-truststore.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: http-backend
sectionName: "8080"
sectionName: http
validation:
hostname: example.com
wellKnownCACertificates: System
Expand Down
4 changes: 2 additions & 2 deletions internal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -160,7 +160,7 @@ backendTLSPolicies:
- group: ''
kind: Service
name: grpc-backend
sectionName: "8000"
sectionName: grpc
validation:
caCertificateRefs:
- name: ca-cmap
Expand All @@ -177,7 +177,7 @@ backendTLSPolicies:
- group: ''
kind: Service
name: grpc-backend-2
sectionName: "9000"
sectionName: grpc
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
4 changes: 2 additions & 2 deletions ...rnal/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-backendtlspolicy.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: grpc-backend
sectionName: "8000"
sectionName: grpc
validation:
caCertificateRefs:
- group: ""
Expand Down Expand Up @@ -42,7 +42,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: grpc-backend-2
sectionName: "9000"
sectionName: grpc
validation:
caCertificateRefs:
- group: ""
Expand Down
2 changes: 1 addition & 1 deletion ...l/gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.in.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -162,7 +162,7 @@ backendTLSPolicies:
- group: ''
kind: Service
name: grpc-backend
sectionName: "8000"
sectionName: grpc
validation:
caCertificateRefs:
- name: ca-cmap
Expand Down
2 changes: 1 addition & 1 deletion .../gatewayapi/testdata/envoyextensionpolicy-with-extproc-with-multiple-backendrefs.out.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ backendTLSPolicies:
- group: ""
kind: Service
name: grpc-backend
sectionName: "8000"
sectionName: grpc
validation:
caCertificateRefs:
- group: ""
Expand Down
Loading
Loading