Skip to content

Commit

Permalink
Merge branch 'main' into xpolicy-err
Browse files Browse the repository at this point in the history
  • Loading branch information
zirain authored Apr 30, 2024
2 parents 8092fe6 + d32256c commit 666ed47
Show file tree
Hide file tree
Showing 152 changed files with 1,990 additions and 1,020 deletions.
8 changes: 4 additions & 4 deletions .github/workflows/build_and_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ jobs:
run: make build-multiarch PLATFORMS="linux_amd64 linux_arm64"

- name: Upload EG Binaries
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: envoy-gateway
path: bin/
Expand All @@ -86,7 +86,7 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: envoy-gateway
path: bin/
Expand Down Expand Up @@ -114,7 +114,7 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: envoy-gateway
path: bin/
Expand All @@ -139,7 +139,7 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@8caf195ad4b1dee92908e23f56eeb0696f1dd42d # v4.1.5
uses: actions/download-artifact@65a9edc5881444af0b9093a5e628f2fe47ea3b2e # v4.1.7
with:
name: envoy-gateway
path: bin/
Expand Down
6 changes: 3 additions & 3 deletions .github/workflows/codeql.yml
Original file line number Diff line number Diff line change
Expand Up @@ -36,14 +36,14 @@ jobs:
- uses: ./tools/github-actions/setup-deps

- name: Initialize CodeQL
uses: github/codeql-action/init@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
languages: ${{ matrix.language }}

- name: Autobuild
uses: github/codeql-action/autobuild@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/autobuild@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
category: "/language:${{matrix.language}}"
2 changes: 1 addition & 1 deletion .github/workflows/experimental_conformance.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ jobs:
run: make experimental-conformance

- name: Upload Conformance Report
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: conformance-report-k8s-${{ matrix.version }}
path: ./test/conformance/conformance-report-k8s-${{ matrix.version }}.yaml
4 changes: 2 additions & 2 deletions .github/workflows/scorecard.yml
Original file line number Diff line number Diff line change
Expand Up @@ -33,13 +33,13 @@ jobs:
publish_results: true

- name: "Upload artifact"
uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: SARIF file
path: results.sarif
retention-days: 5

- name: "Upload to code-scanning"
uses: github/codeql-action/upload-sarif@c7f9125735019aa87cfc361530512d50ea439c71 # v3.25.1
uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3
with:
sarif_file: results.sarif
3 changes: 1 addition & 2 deletions api/v1alpha1/clienttrafficpolicy_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -176,8 +176,7 @@ type CustomHeaderExtensionSettings struct {
}

// HTTP3Settings provides HTTP/3 configuration on the listener.
type HTTP3Settings struct {
}
type HTTP3Settings struct{}

// HTTP1Settings provides HTTP/1 configuration on the listener.
type HTTP1Settings struct {
Expand Down
3 changes: 1 addition & 2 deletions api/v1alpha1/compression_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,8 +13,7 @@ type CompressorType string
// GzipCompressor defines the config for the Gzip compressor.
// The default values can be found here:
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/extensions/compression/gzip/compressor/v3/gzip.proto#extension-envoy-compression-gzip-compressor
type GzipCompressor struct {
}
type GzipCompressor struct{}

// Compression defines the config of enabling compression.
// This can help reduce the bandwidth at the expense of higher CPU.
Expand Down
1 change: 0 additions & 1 deletion api/v1alpha1/envoygateway_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -506,7 +506,6 @@ type ExtensionTLS struct {

// EnvoyGatewayAdmin defines the Envoy Gateway Admin configuration.
type EnvoyGatewayAdmin struct {

// Address defines the address of Envoy Gateway Admin Server.
//
// +optional
Expand Down
23 changes: 5 additions & 18 deletions api/v1alpha1/ext_proc_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,18 +45,15 @@ type ExtProcProcessingMode struct {
Response *ProcessingModeOptions `json:"response,omitempty"`
}

// +kubebuilder:validation:XValidation:rule="has(self.backendRef) ? (!has(self.backendRef.group) || self.backendRef.group == \"\") : true", message="group is invalid, only the core API group (specified by omitting the group field or setting it to an empty string) is supported"
// +kubebuilder:validation:XValidation:rule="has(self.backendRef) ? (!has(self.backendRef.kind) || self.backendRef.kind == 'Service') : true", message="kind is invalid, only Service (specified by omitting the kind field or setting it to 'Service') is supported"
//
// ExtProc defines the configuration for External Processing filter.
type ExtProc struct {
// BackendRef defines the configuration of the external processing service
BackendRef ExtProcBackendRef `json:"backendRef"`

// BackendRefs defines the configuration of the external processing service
//
// +optional
BackendRefs []BackendRef `json:"backendRefs,omitempty"`
// +kubebuilder:validation:MinItems=1
// +kubebuilder:validation:MaxItems=1
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Service kind.",rule="self.all(f, f.kind == 'Service')"
// +kubebuilder:validation:XValidation:message="BackendRefs only supports Core group.",rule="self.all(f, f.group == '')"
BackendRefs []BackendRef `json:"backendRefs"`

// MessageTimeout is the timeout for a response to be returned from the external processor
// Default: 200ms
Expand All @@ -77,13 +74,3 @@ type ExtProc struct {
// +optional
ProcessingMode *ExtProcProcessingMode `json:"processingMode,omitempty"`
}

// ExtProcService defines the gRPC External Processing service using the envoy grpc client
// The processing request and response messages are defined in
// https://www.envoyproxy.io/docs/envoy/latest/api-v3/service/ext_proc/v3/external_processor.proto
type ExtProcBackendRef struct {
// BackendObjectReference references a Kubernetes object that represents the
// backend server to which the processing requests will be sent.
// Only service Kind is supported for now.
gwapiv1.BackendObjectReference `json:",inline"`
}
1 change: 0 additions & 1 deletion api/v1alpha1/fault_injection.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,6 @@ import metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
//
// +kubebuilder:validation:XValidation:rule=" has(self.delay) || has(self.abort) ",message="Delay and abort faults are set at least one."
type FaultInjection struct {

// If specified, a delay will be injected into the request.
//
// +optional
Expand Down
1 change: 0 additions & 1 deletion api/v1alpha1/healthcheck_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,6 @@ type HealthCheck struct {
// PassiveHealthCheck defines the configuration for passive health checks in the context of Envoy's Outlier Detection,
// see https://www.envoyproxy.io/docs/envoy/latest/intro/arch_overview/upstream/outlier
type PassiveHealthCheck struct {

// SplitExternalLocalOriginErrors enables splitting of errors between external and local origin.
//
// +kubebuilder:default=false
Expand Down
2 changes: 0 additions & 2 deletions api/v1alpha1/jwt_types.go
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@ package v1alpha1

// JWT defines the configuration for JSON Web Token (JWT) authentication.
type JWT struct {

// Optional determines whether a missing JWT is acceptable, defaulting to false if not specified.
// Note: Even if optional is set to true, JWT authentication will still fail if an invalid JWT is presented.
Optional *bool `json:"optional,omitempty"`
Expand Down Expand Up @@ -91,7 +90,6 @@ type RemoteJWKS struct {

// ClaimToHeader defines a configuration to convert JWT claims into HTTP headers
type ClaimToHeader struct {

// Header defines the name of the HTTP request header that the JWT Claim will be saved into.
Header string `json:"header"`

Expand Down
6 changes: 4 additions & 2 deletions api/v1alpha1/validation/envoygateway_validate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -660,7 +660,8 @@ func TestEnvoyGatewayProvider(t *testing.T) {
Replicas: nil,
Pod: nil,
Container: nil,
}}
},
}
assert.Nil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Replicas)
assert.Nil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Pod)
assert.Nil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container)
Expand All @@ -674,7 +675,8 @@ func TestEnvoyGatewayProvider(t *testing.T) {
SecurityContext: nil,
Image: nil,
},
}}
},
}
assert.Nil(t, envoyGatewayProvider.Kubernetes.RateLimitDeployment.Container.Resources)
envoyGatewayProvider.GetEnvoyGatewayKubeProvider()

Expand Down
6 changes: 2 additions & 4 deletions api/v1alpha1/validation/envoyproxy_validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -110,14 +110,12 @@ func validateService(spec *egv1a1.EnvoyProxySpec) []error {
errs = append(errs, fmt.Errorf("unsupported envoy service type %v", serviceType))
}
}
if serviceType, serviceAllocateLoadBalancerNodePorts :=
spec.Provider.Kubernetes.EnvoyService.Type, spec.Provider.Kubernetes.EnvoyService.AllocateLoadBalancerNodePorts; serviceType != nil && serviceAllocateLoadBalancerNodePorts != nil {
if serviceType, serviceAllocateLoadBalancerNodePorts := spec.Provider.Kubernetes.EnvoyService.Type, spec.Provider.Kubernetes.EnvoyService.AllocateLoadBalancerNodePorts; serviceType != nil && serviceAllocateLoadBalancerNodePorts != nil {
if *serviceType != egv1a1.ServiceTypeLoadBalancer {
errs = append(errs, fmt.Errorf("allocateLoadBalancerNodePorts can only be set for %v type", egv1a1.ServiceTypeLoadBalancer))
}
}
if serviceType, serviceLoadBalancerSourceRanges :=
spec.Provider.Kubernetes.EnvoyService.Type, spec.Provider.Kubernetes.EnvoyService.LoadBalancerSourceRanges; serviceType != nil && serviceLoadBalancerSourceRanges != nil {
if serviceType, serviceLoadBalancerSourceRanges := spec.Provider.Kubernetes.EnvoyService.Type, spec.Provider.Kubernetes.EnvoyService.LoadBalancerSourceRanges; serviceType != nil && serviceLoadBalancerSourceRanges != nil {
if *serviceType != egv1a1.ServiceTypeLoadBalancer {
errs = append(errs, fmt.Errorf("loadBalancerSourceRanges can only be set for %v type", egv1a1.ServiceTypeLoadBalancer))
}
Expand Down
21 changes: 14 additions & 7 deletions api/v1alpha1/validation/envoyproxy_validate_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -447,7 +447,8 @@ func TestValidateEnvoyProxy(t *testing.T) {
},
},
expected: false,
}, {
},
{
name: "should invalid when metrics type is OpenTelemetry, but `OpenTelemetry` field being empty",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -467,7 +468,8 @@ func TestValidateEnvoyProxy(t *testing.T) {
},
},
expected: false,
}, {
},
{
name: "should valid when metrics type is OpenTelemetry and `OpenTelemetry` field being not empty",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -491,7 +493,8 @@ func TestValidateEnvoyProxy(t *testing.T) {
},
},
expected: true,
}, {
},
{
name: "should be invalid when service patch type is empty",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -514,7 +517,8 @@ func TestValidateEnvoyProxy(t *testing.T) {
},
},
expected: true,
}, {
},
{
name: "should be invalid when deployment patch type is empty",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -537,7 +541,8 @@ func TestValidateEnvoyProxy(t *testing.T) {
},
},
expected: true,
}, {
},
{
name: "should invalid when patch object is empty",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -558,7 +563,8 @@ func TestValidateEnvoyProxy(t *testing.T) {
},
},
expected: false,
}, {
},
{
name: "should valid when patch type and object are both not empty",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Expand All @@ -582,7 +588,8 @@ func TestValidateEnvoyProxy(t *testing.T) {
},
},
expected: true,
}, {
},
{
name: "should valid when patch type is empty and object is not empty",
proxy: &egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Expand Down
17 changes: 0 additions & 17 deletions api/v1alpha1/zz_generated.deepcopy.go

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

0 comments on commit 666ed47

Please sign in to comment.