Skip to content

Commit

Permalink
move provider/uitls outside
Browse files Browse the repository at this point in the history
Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
  • Loading branch information
zhaohuabing committed Feb 23, 2024
1 parent fc7d6bc commit f458418
Show file tree
Hide file tree
Showing 20 changed files with 48 additions and 68 deletions.
3 changes: 2 additions & 1 deletion internal/cmd/egctl/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ import (
"github.com/envoyproxy/gateway/internal/cmd/options"
"github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/proxy"
kube "github.com/envoyproxy/gateway/internal/kubernetes"
"github.com/envoyproxy/gateway/internal/utils"
)

var (
Expand Down Expand Up @@ -168,7 +169,7 @@ func fetchRunningEnvoyPods(c kube.CLIClient, nn types.NamespacedName, labelSelec

podsNamespacedNames := []types.NamespacedName{}
for _, pod := range pods {
podNsName := types.NamespacedName{Namespace: pod.Namespace, Name: pod.Name}
podNsName := utils.NamespacedName(&pod)
if pod.Status.Phase != "Running" {
return podsNamespacedNames, fmt.Errorf("pod %s is not running", podNsName)
}
Expand Down
6 changes: 2 additions & 4 deletions internal/cmd/egctl/version.go
Original file line number Diff line number Diff line change
Expand Up @@ -20,6 +20,7 @@ import (
"github.com/envoyproxy/gateway/internal/cmd/options"
"github.com/envoyproxy/gateway/internal/cmd/version"
kube "github.com/envoyproxy/gateway/internal/kubernetes"
"github.com/envoyproxy/gateway/internal/utils"
)

const (
Expand Down Expand Up @@ -104,10 +105,7 @@ func versions(w io.Writer, containerName, output string, remote bool) error {
continue
}

nn := types.NamespacedName{
Namespace: pod.Namespace,
Name: pod.Name,
}
nn := utils.NamespacedName(&pod)
stdout, _, err := c.PodExec(nn, containerName, "envoy-gateway version -ojson")
if err != nil {
return fmt.Errorf("pod exec on %s/%s failed: %w", nn.Namespace, nn.Name, err)
Expand Down
6 changes: 2 additions & 4 deletions internal/gatewayapi/backendtrafficpolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,7 @@ import (
egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/ir"
"github.com/envoyproxy/gateway/internal/status"
"github.com/envoyproxy/gateway/internal/utils"
"github.com/envoyproxy/gateway/internal/utils/regex"
)

Expand Down Expand Up @@ -66,10 +67,7 @@ func (t *Translator) ProcessBackendTrafficPolicies(backendTrafficPolicies []*egv
}
gatewayMap := map[types.NamespacedName]*policyGatewayTargetContext{}
for _, gw := range gateways {
key := types.NamespacedName{
Name: gw.GetName(),
Namespace: gw.GetNamespace(),
}
key := utils.NamespacedName(gw)
gatewayMap[key] = &policyGatewayTargetContext{GatewayContext: gw}
}

Expand Down
6 changes: 2 additions & 4 deletions internal/gatewayapi/clienttrafficpolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (
egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/ir"
"github.com/envoyproxy/gateway/internal/status"
"github.com/envoyproxy/gateway/internal/utils"
)

const (
Expand Down Expand Up @@ -64,10 +65,7 @@ func (t *Translator) ProcessClientTrafficPolicies(resources *Resources,
}

// Check for conflicts
key := types.NamespacedName{
Name: gateway.Name,
Namespace: gateway.Namespace,
}
key := utils.NamespacedName(gateway)

// Check if another policy targeting the same section exists
section := string(*(policy.Spec.TargetRef.SectionName))
Expand Down
3 changes: 2 additions & 1 deletion internal/gatewayapi/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -18,6 +18,7 @@ import (
"sigs.k8s.io/gateway-api/apis/v1alpha2"

"github.com/envoyproxy/gateway/internal/ir"
"github.com/envoyproxy/gateway/internal/utils"
)

const (
Expand Down Expand Up @@ -126,7 +127,7 @@ func GetReferencedListeners(parentRef gwapiv1.ParentReference, gateways []*Gatew
var referencedListeners []*ListenerContext

for _, gateway := range gateways {
if !IsRefToGateway(parentRef, types.NamespacedName{Namespace: gateway.Namespace, Name: gateway.Name}) {
if !IsRefToGateway(parentRef, utils.NamespacedName(gateway)) {
continue
}

Expand Down
4 changes: 2 additions & 2 deletions internal/gatewayapi/listener.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,11 +9,11 @@ import (
"fmt"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"

egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/ir"
"github.com/envoyproxy/gateway/internal/utils"
"github.com/envoyproxy/gateway/internal/utils/naming"
)

Expand Down Expand Up @@ -242,7 +242,7 @@ func processTracing(gw *gwapiv1.Gateway, envoyproxy *egv1a1.EnvoyProxy) *ir.Trac
}

return &ir.Tracing{
ServiceName: naming.ServiceName(types.NamespacedName{Name: gw.Name, Namespace: gw.Namespace}),
ServiceName: naming.ServiceName(utils.NamespacedName(gw)),
ProxyTracing: *envoyproxy.Spec.Telemetry.Tracing,
}
}
Expand Down
2 changes: 1 addition & 1 deletion internal/gatewayapi/runner/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
extension "github.com/envoyproxy/gateway/internal/extension/types"
"github.com/envoyproxy/gateway/internal/gatewayapi"
"github.com/envoyproxy/gateway/internal/message"
"github.com/envoyproxy/gateway/internal/provider/utils"
"github.com/envoyproxy/gateway/internal/utils"
)

type Config struct {
Expand Down
14 changes: 4 additions & 10 deletions internal/gatewayapi/securitypolicy.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ import (
"encoding/json"
"errors"
"fmt"
"hash/fnv"
"net/http"
"net/netip"
"net/url"
Expand All @@ -28,6 +27,7 @@ import (
egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/ir"
"github.com/envoyproxy/gateway/internal/status"
"github.com/envoyproxy/gateway/internal/utils"
)

const (
Expand Down Expand Up @@ -61,10 +61,7 @@ func (t *Translator) ProcessSecurityPolicies(securityPolicies []*egv1a1.Security
}
gatewayMap := map[types.NamespacedName]*policyGatewayTargetContext{}
for _, gw := range gateways {
key := types.NamespacedName{
Name: gw.GetName(),
Namespace: gw.GetNamespace(),
}
key := utils.NamespacedName(gw)
gatewayMap[key] = &policyGatewayTargetContext{GatewayContext: gw}
}

Expand Down Expand Up @@ -495,11 +492,8 @@ func (t *Translator) buildOIDC(
logoutPath = *oidc.LogoutPath
}

h := fnv.New32a()
if _, err = h.Write([]byte(policy.UID)); err != nil {
return nil, fmt.Errorf("error generating oauth cookie suffix: %w", err)
}
suffix := fmt.Sprintf("%X", h.Sum32())
// Generate a unique cookie suffix for the OIDC Policy UID
suffix := utils.Digest(string(policy.UID))

return &ir.OIDC{
Provider: *provider,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -232,7 +232,7 @@ xdsIR:
oidc:
clientID: client2.oauth.foo.com
clientSecret: Y2xpZW50MTpzZWNyZXQK
cookieSuffix: 5F93C2E4
cookieSuffix: 5f93c2e4
logoutPath: /foo/logout
provider:
authorizationEndpoint: https://oauth.foo.com/oauth2/v2/auth
Expand Down Expand Up @@ -264,7 +264,7 @@ xdsIR:
oidc:
clientID: client1.apps.googleusercontent.com
clientSecret: Y2xpZW50MTpzZWNyZXQK
cookieSuffix: B0A1B740
cookieSuffix: b0a1b740
logoutPath: /bar/logout
provider:
authorizationEndpoint: https://accounts.google.com/o/oauth2/v2/auth
Expand Down
6 changes: 3 additions & 3 deletions internal/infrastructure/kubernetes/proxy/resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ import (
"github.com/envoyproxy/gateway/internal/envoygateway/config"
"github.com/envoyproxy/gateway/internal/infrastructure/kubernetes/resource"
"github.com/envoyproxy/gateway/internal/ir"
providerutils "github.com/envoyproxy/gateway/internal/provider/utils"
"github.com/envoyproxy/gateway/internal/utils"
"github.com/envoyproxy/gateway/internal/xds/bootstrap"
)

Expand Down Expand Up @@ -52,7 +52,7 @@ var (

// ExpectedResourceHashedName returns expected resource hashed name including up to the 48 characters of the original name.
func ExpectedResourceHashedName(name string) string {
hashedName := providerutils.GetHashedName(name, 48)
hashedName := utils.GetHashedName(name, 48)
return fmt.Sprintf("%s-%s", config.EnvoyPrefix, hashedName)
}

Expand Down Expand Up @@ -116,7 +116,7 @@ func expectedProxyContainers(infra *ir.ProxyInfra,
}
port := corev1.ContainerPort{
// hashed container port name including up to the 6 characters of the port name and the maximum of 15 characters.
Name: providerutils.GetHashedName(p.Name, 6),
Name: utils.GetHashedName(p.Name, 6),
ContainerPort: p.ContainerPort,
Protocol: protocol,
}
Expand Down
2 changes: 1 addition & 1 deletion internal/provider/kubernetes/controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -37,8 +37,8 @@ import (
"github.com/envoyproxy/gateway/internal/gatewayapi"
"github.com/envoyproxy/gateway/internal/logging"
"github.com/envoyproxy/gateway/internal/message"
"github.com/envoyproxy/gateway/internal/provider/utils"
"github.com/envoyproxy/gateway/internal/status"
"github.com/envoyproxy/gateway/internal/utils"
"github.com/envoyproxy/gateway/internal/utils/slice"
)

Expand Down
17 changes: 4 additions & 13 deletions internal/provider/kubernetes/kubernetes_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -321,7 +321,7 @@ func testGatewayScheduledStatus(ctx context.Context, t *testing.T, provider *Pro

// Ensure the Gateway reports "Scheduled".
require.Eventually(t, func() bool {
if err := cli.Get(ctx, types.NamespacedName{Namespace: gw.Namespace, Name: gw.Name}, gw); err != nil {
if err := cli.Get(ctx, utils.NamespacedName(gw), gw); err != nil {
return false
}

Expand Down Expand Up @@ -354,10 +354,7 @@ func testGatewayScheduledStatus(ctx context.Context, t *testing.T, provider *Pro
}, defaultWait, defaultTick)

// Ensure the test Gateway in the Gateway resources is as expected.
key := types.NamespacedName{
Namespace: gw.Namespace,
Name: gw.Name,
}
key := utils.NamespacedName(gw)
require.Eventually(t, func() bool {
return cli.Get(ctx, key, gw) == nil
}, defaultWait, defaultTick)
Expand Down Expand Up @@ -884,10 +881,7 @@ func testHTTPRoute(ctx context.Context, t *testing.T, provider *Provider, resour
}, defaultWait, defaultTick)

// Ensure the test HTTPRoute in the HTTPRoute resources is as expected.
key := types.NamespacedName{
Namespace: testCase.route.Namespace,
Name: testCase.route.Name,
}
key := utils.NamespacedName(testCase.route)
require.Eventually(t, func() bool {
return cli.Get(ctx, key, &testCase.route) == nil
}, defaultWait, defaultTick)
Expand Down Expand Up @@ -1035,10 +1029,7 @@ func testTLSRoute(ctx context.Context, t *testing.T, provider *Provider, resourc
}, defaultWait, defaultTick)

// Ensure the test TLSRoute in the TLSRoute resources is as expected.
key := types.NamespacedName{
Namespace: testCase.route.Namespace,
Name: testCase.route.Name,
}
key := utils.NamespacedName(testCase.route)
require.Eventually(t, func() bool {
return cli.Get(ctx, key, &testCase.route) == nil
}, defaultWait, defaultTick)
Expand Down
2 changes: 1 addition & 1 deletion internal/provider/kubernetes/predicates.go
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ import (

egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/gatewayapi"
"github.com/envoyproxy/gateway/internal/provider/utils"
"github.com/envoyproxy/gateway/internal/utils"
)

// hasMatchingController returns true if the provided object is a GatewayClass
Expand Down
2 changes: 1 addition & 1 deletion internal/provider/kubernetes/routes.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ import (
gwapiv1a2 "sigs.k8s.io/gateway-api/apis/v1alpha2"

"github.com/envoyproxy/gateway/internal/gatewayapi"
"github.com/envoyproxy/gateway/internal/provider/utils"
"github.com/envoyproxy/gateway/internal/utils"
)

// processTLSRoutes finds TLSRoutes corresponding to a gatewayNamespaceName, further checks for
Expand Down
7 changes: 2 additions & 5 deletions internal/provider/kubernetes/secrets.go
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,10 @@ import (
corev1 "k8s.io/api/core/v1"
kerrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/types"
"sigs.k8s.io/controller-runtime/pkg/client"

"github.com/envoyproxy/gateway/internal/crypto"
"github.com/envoyproxy/gateway/internal/utils"
)

var (
Expand Down Expand Up @@ -86,10 +86,7 @@ func CreateOrUpdateSecrets(ctx context.Context, client client.Client, secrets []
for i := range secrets {
secret := secrets[i]
current := new(corev1.Secret)
key := types.NamespacedName{
Namespace: secret.Namespace,
Name: secret.Name,
}
key := utils.NamespacedName(&secret)
if err := client.Get(ctx, key, current); err != nil {
// Create if not found.
if kerrors.IsNotFound(err) {
Expand Down
2 changes: 1 addition & 1 deletion internal/provider/kubernetes/status.go
Original file line number Diff line number Diff line change
Expand Up @@ -17,8 +17,8 @@ import (

"github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/message"
"github.com/envoyproxy/gateway/internal/provider/utils"
"github.com/envoyproxy/gateway/internal/status"
"github.com/envoyproxy/gateway/internal/utils"
)

// subscribeAndUpdateStatus subscribes to gateway API object status updates and
Expand Down
18 changes: 10 additions & 8 deletions internal/provider/utils/utils.go → internal/utils/misc.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,8 +6,8 @@
package utils

import (
"crypto/sha256"
"fmt"
"hash/fnv"
"strings"

"k8s.io/apimachinery/pkg/types"
Expand All @@ -25,19 +25,21 @@ func NamespacedName(obj client.Object) types.NamespacedName {
// GetHashedName returns a partially hashed name for the string including up to the given length of the original name characters before the hash.
// Input `nsName` should be formatted as `{Namespace}/{ResourceName}`.
func GetHashedName(nsName string, length int) string {
hashedName := HashString(nsName)
hashedName := Digest(nsName)
// replace `/` with `-` to create a valid K8s resource name
resourceName := strings.ReplaceAll(nsName, "/", "-")
if length > 0 && len(resourceName) > length {
// resource name needs to be trimmed, as container port name must not contain consecutive hyphens
trimmedName := strings.TrimSuffix(resourceName[0:length], "-")
return fmt.Sprintf("%s-%s", trimmedName, hashedName[0:8])
return fmt.Sprintf("%s-%s", trimmedName, hashedName)
}
return fmt.Sprintf("%s-%s", resourceName, hashedName[0:8])
return fmt.Sprintf("%s-%s", resourceName, hashedName)
}

func HashString(str string) string {
h := sha256.New() // Using sha256 instead of sha1 due to Blocklisted import crypto/sha1: weak cryptographic primitive (gosec)
h.Write([]byte(str))
return strings.ToLower(fmt.Sprintf("%x", h.Sum(nil)))
// Digest returns a 32-bit hashh of the input string.
// The hash is represented as a capitalized hexadecimal string.
func Digest(str string) string {
h := fnv.New32a()
_, _ = h.Write([]byte(str))
return fmt.Sprintf("%x", h.Sum32())
}
File renamed without changes.
2 changes: 1 addition & 1 deletion internal/xds/translator/testdata/in/xds-ir/oidc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -55,4 +55,4 @@ http:
redirectURL: "https://www.example.com/bar/oauth2/callback"
redirectPath: "/bar/oauth2/callback"
logoutPath: "/bar/logout"
cookieSuffix: B0A1B740
cookieSuffix: 5f93c2e4
10 changes: 5 additions & 5 deletions internal/xds/translator/testdata/out/xds-ir/oidc.listeners.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -69,11 +69,11 @@
credentials:
clientId: client.oauth.bar.com
cookieNames:
bearerToken: BearerToken-B0A1B740
idToken: IdToken-B0A1B740
oauthExpires: OauthExpires-B0A1B740
oauthHmac: OauthHMAC-B0A1B740
refreshToken: RefreshToken-B0A1B740
bearerToken: BearerToken-5f93c2e4
idToken: IdToken-5f93c2e4
oauthExpires: OauthExpires-5f93c2e4
oauthHmac: OauthHMAC-5f93c2e4
refreshToken: RefreshToken-5f93c2e4
hmacSecret:
name: second-route/oauth2/hmac_secret
sdsConfig:
Expand Down

0 comments on commit f458418

Please sign in to comment.