Skip to content

Commit

Permalink
Merge branch 'main' into tlspolicy500
Browse files Browse the repository at this point in the history
  • Loading branch information
alexwo authored Oct 19, 2024
2 parents 9ca0ccd + 70c568b commit e5b0dcd
Show file tree
Hide file tree
Showing 21 changed files with 237 additions and 207 deletions.
6 changes: 4 additions & 2 deletions api/v1alpha1/basic_auth_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,9 @@

package v1alpha1

import gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
import (
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
)

const BasicAuthUsersSecretKey = ".htpasswd"

Expand All @@ -23,5 +25,5 @@ type BasicAuth struct {
// for more details.
//
// Note: The secret must be in the same namespace as the SecurityPolicy.
Users gwapiv1b1.SecretObjectReference `json:"users"`
Users gwapiv1.SecretObjectReference `json:"users"`
}
4 changes: 2 additions & 2 deletions api/v1alpha1/oidc_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ package v1alpha1

import (
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
)

const OIDCClientSecretKey = "client-secret"
Expand All @@ -29,7 +29,7 @@ type OIDC struct {
// This is an Opaque secret. The client secret should be stored in the key
// "client-secret".
// +kubebuilder:validation:Required
ClientSecret gwapiv1b1.SecretObjectReference `json:"clientSecret"`
ClientSecret gwapiv1.SecretObjectReference `json:"clientSecret"`

// The optional cookie name overrides to be used for Bearer and IdToken cookies in the
// [Authentication Request](https://openid.net/specs/openid-connect-core-1_0.html#AuthRequest).
Expand Down
4 changes: 2 additions & 2 deletions api/v1alpha1/wasm_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@ package v1alpha1

import (
apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
)

// Wasm defines a Wasm extension.
Expand Down Expand Up @@ -136,7 +136,7 @@ type ImageWasmCodeSource struct {
// Only support Kubernetes Secret resource from the same namespace.
// +kubebuilder:validation:XValidation:message="only support Secret kind.",rule="self.kind == 'Secret'"
// +optional
PullSecretRef *gwapiv1b1.SecretObjectReference `json:"pullSecretRef,omitempty"`
PullSecretRef *gwapiv1.SecretObjectReference `json:"pullSecretRef,omitempty"`
}

// ImagePullPolicy defines the policy to use when pulling an OIC image.
Expand Down
23 changes: 15 additions & 8 deletions internal/gatewayapi/listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -344,7 +344,8 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
al := &ir.ALSAccessLog{
LogName: logName,
Destination: ir.RouteDestination{
Name: fmt.Sprintf("accesslog_als_%d_%d", i, j), // TODO: rename this, so that we can share backend with tracing?
// TODO: rename this, so that we can share backend with tracing?
Name: fmt.Sprintf("accesslog_als_%d_%d", i, j),
Settings: ds,
},
Traffic: traffic,
Expand Down Expand Up @@ -384,7 +385,8 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
CELMatches: validExprs,
Resources: sink.OpenTelemetry.Resources,
Destination: ir.RouteDestination{
Name: fmt.Sprintf("accesslog_otel_%d_%d", i, j), // TODO: rename this, so that we can share backend with tracing?
// TODO: rename this, so that we can share backend with tracing?
Name: fmt.Sprintf("accesslog_otel_%d_%d", i, j),
Settings: ds,
},
Traffic: traffic,
Expand Down Expand Up @@ -416,7 +418,9 @@ func (t *Translator) processAccessLog(envoyproxy *egv1a1.EnvoyProxy, resources *
return irAccessLog, nil
}

func (t *Translator) processTracing(gw *gwapiv1.Gateway, envoyproxy *egv1a1.EnvoyProxy, mergeGateways bool, resources *resource.Resources) (*ir.Tracing, error) {
func (t *Translator) processTracing(gw *gwapiv1.Gateway, envoyproxy *egv1a1.EnvoyProxy,
mergeGateways bool, resources *resource.Resources,
) (*ir.Tracing, error) {
if envoyproxy == nil ||
envoyproxy.Spec.Telemetry == nil ||
envoyproxy.Spec.Telemetry.Tracing == nil {
Expand Down Expand Up @@ -460,7 +464,8 @@ func (t *Translator) processTracing(gw *gwapiv1.Gateway, envoyproxy *egv1a1.Envo
SamplingRate: samplingRate,
CustomTags: tracing.CustomTags,
Destination: ir.RouteDestination{
Name: "tracing", // TODO: rename this, so that we can share backend with accesslog?
// TODO: rename this, so that we can share backend with accesslog?
Name: "tracing",
Settings: ds,
},
Provider: tracing.Provider,
Expand All @@ -487,13 +492,15 @@ func (t *Translator) processMetrics(envoyproxy *egv1a1.EnvoyProxy, resources *re
}

return &ir.Metrics{
EnableVirtualHostStats: envoyproxy.Spec.Telemetry.Metrics.EnableVirtualHostStats != nil && *envoyproxy.Spec.Telemetry.Metrics.EnableVirtualHostStats,
EnablePerEndpointStats: envoyproxy.Spec.Telemetry.Metrics.EnablePerEndpointStats != nil && *envoyproxy.Spec.Telemetry.Metrics.EnablePerEndpointStats,
EnableRequestResponseSizesStats: envoyproxy.Spec.Telemetry.Metrics.EnableRequestResponseSizesStats != nil && *envoyproxy.Spec.Telemetry.Metrics.EnableRequestResponseSizesStats,
EnableVirtualHostStats: ptr.Deref(envoyproxy.Spec.Telemetry.Metrics.EnableVirtualHostStats, false),
EnablePerEndpointStats: ptr.Deref(envoyproxy.Spec.Telemetry.Metrics.EnablePerEndpointStats, false),
EnableRequestResponseSizesStats: ptr.Deref(envoyproxy.Spec.Telemetry.Metrics.EnableRequestResponseSizesStats, false),
}, nil
}

func (t *Translator) processBackendRefs(backendCluster egv1a1.BackendCluster, namespace string, resources *resource.Resources, envoyProxy *egv1a1.EnvoyProxy) ([]*ir.DestinationSetting, *ir.TrafficFeatures, error) {
func (t *Translator) processBackendRefs(backendCluster egv1a1.BackendCluster, namespace string,
resources *resource.Resources, envoyProxy *egv1a1.EnvoyProxy,
) ([]*ir.DestinationSetting, *ir.TrafficFeatures, error) {
traffic, err := translateTrafficFeatures(backendCluster.BackendSettings)
if err != nil {
return nil, nil, err
Expand Down
6 changes: 3 additions & 3 deletions internal/gatewayapi/validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -916,7 +916,7 @@ func (t *Translator) validateHostname(hostname string) error {
func (t *Translator) validateSecretRef(
allowCrossNamespace bool,
from crossNamespaceFrom,
secretObjRef gwapiv1b1.SecretObjectReference,
secretObjRef gwapiv1.SecretObjectReference,
resources *resource.Resources,
) (*corev1.Secret, error) {
if err := t.validateSecretObjectRef(allowCrossNamespace, from, secretObjRef, resources); err != nil {
Expand All @@ -940,7 +940,7 @@ func (t *Translator) validateSecretRef(
func (t *Translator) validateConfigMapRef(
allowCrossNamespace bool,
from crossNamespaceFrom,
secretObjRef gwapiv1b1.SecretObjectReference,
secretObjRef gwapiv1.SecretObjectReference,
resources *resource.Resources,
) (*corev1.ConfigMap, error) {
if err := t.validateSecretObjectRef(allowCrossNamespace, from, secretObjRef, resources); err != nil {
Expand All @@ -964,7 +964,7 @@ func (t *Translator) validateConfigMapRef(
func (t *Translator) validateSecretObjectRef(
allowCrossNamespace bool,
from crossNamespaceFrom,
secretRef gwapiv1b1.SecretObjectReference,
secretRef gwapiv1.SecretObjectReference,
resources *resource.Resources,
) error {
var kind string
Expand Down
6 changes: 3 additions & 3 deletions internal/provider/kubernetes/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -602,7 +602,7 @@ func (r *gatewayAPIReconciler) processSecretRef(
ownerKind string,
ownerNS string,
ownerName string,
secretRef gwapiv1b1.SecretObjectReference,
secretRef gwapiv1.SecretObjectReference,
) error {
secret := new(corev1.Secret)
secretNS := gatewayapi.NamespaceDerefOr(secretRef.Namespace, ownerNS)
Expand Down Expand Up @@ -704,7 +704,7 @@ func (r *gatewayAPIReconciler) processConfigMapRef(
ownerKind string,
ownerNS string,
ownerName string,
configMapRef gwapiv1b1.SecretObjectReference,
configMapRef gwapiv1.SecretObjectReference,
) error {
configMap := new(corev1.ConfigMap)
configMapNS := gatewayapi.NamespaceDerefOr(configMapRef.Namespace, ownerNS)
Expand Down Expand Up @@ -1794,7 +1794,7 @@ func (r *gatewayAPIReconciler) processBackendTLSPolicyRefs(
string(caCertRef.Kind) == resource.KindSecret {

var err error
caRefNew := gwapiv1b1.SecretObjectReference{
caRefNew := gwapiv1.SecretObjectReference{
Group: gatewayapi.GroupPtr(string(caCertRef.Group)),
Kind: gatewayapi.KindPtr(string(caCertRef.Kind)),
Name: caCertRef.Name,
Expand Down
2 changes: 1 addition & 1 deletion internal/provider/kubernetes/indexers.go
Original file line number Diff line number Diff line change
Expand Up @@ -531,7 +531,7 @@ func secretSecurityPolicyIndexFunc(rawObj client.Object) []string {
securityPolicy := rawObj.(*egv1a1.SecurityPolicy)

var (
secretReferences []gwapiv1b1.SecretObjectReference
secretReferences []gwapiv1.SecretObjectReference
values []string
)

Expand Down
7 changes: 3 additions & 4 deletions internal/provider/kubernetes/predicates_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@ import (
fakeclient "sigs.k8s.io/controller-runtime/pkg/client/fake"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"
gwapiv1b1 "sigs.k8s.io/gateway-api/apis/v1beta1"

egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/envoygateway"
Expand Down Expand Up @@ -261,7 +260,7 @@ func TestValidateSecretForReconcile(t *testing.T) {
TokenEndpoint: ptr.To("https://oauth2.googleapis.com/token"),
},
ClientID: "client-id",
ClientSecret: gwapiv1b1.SecretObjectReference{
ClientSecret: gwapiv1.SecretObjectReference{
Name: "secret",
},
},
Expand Down Expand Up @@ -290,7 +289,7 @@ func TestValidateSecretForReconcile(t *testing.T) {
},
},
BasicAuth: &egv1a1.BasicAuth{
Users: gwapiv1b1.SecretObjectReference{
Users: gwapiv1.SecretObjectReference{
Name: "secret",
},
},
Expand Down Expand Up @@ -336,7 +335,7 @@ func TestValidateSecretForReconcile(t *testing.T) {
Type: egv1a1.ImageWasmCodeSourceType,
Image: &egv1a1.ImageWasmCodeSource{
URL: "https://example.com/testwasm:v1.0.0",
PullSecretRef: &gwapiv1b1.SecretObjectReference{
PullSecretRef: &gwapiv1.SecretObjectReference{
Name: "secret",
},
},
Expand Down
Loading

0 comments on commit e5b0dcd

Please sign in to comment.