New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Adding extension server policy handling. #3371
base: main
Are you sure you want to change the base?
Conversation
754eb7b
to
ee207be
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3371 +/- ##
==========================================
- Coverage 67.22% 67.13% -0.10%
==========================================
Files 166 167 +1
Lines 19720 19961 +241
==========================================
+ Hits 13257 13400 +143
- Misses 5507 5590 +83
- Partials 956 971 +15 ☔ View full report in Codecov by Sentry. |
e227366
to
bc120d8
Compare
cc @AliceProxy |
/retest |
2 similar comments
/retest |
/retest |
d5d5bd9
to
7ba5af2
Compare
@AliceProxy @arkodg @guydc PTAL |
internal/gatewayapi/resource.go
Outdated
@@ -56,6 +56,7 @@ type Resources struct { | |||
SecurityPolicies []*egv1a1.SecurityPolicy `json:"securityPolicies,omitempty" yaml:"securityPolicies,omitempty"` | |||
BackendTLSPolicies []*gwapiv1a3.BackendTLSPolicy `json:"backendTLSPolicies,omitempty" yaml:"backendTLSPolicies,omitempty"` | |||
EnvoyExtensionPolicies []*egv1a1.EnvoyExtensionPolicy `json:"envoyExtensionPolicies,omitempty" yaml:"envoyExtensionPolicies,omitempty"` | |||
ExtServerPolicies []unstructured.Unstructured `json:"extServerPolicies,omitempty" yaml:"extServerPolicies,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ExtServerPolicies []unstructured.Unstructured `json:"extServerPolicies,omitempty" yaml:"extServerPolicies,omitempty"` | |
ExtensionServerPolicies []unstructured.Unstructured `json:"extensionServerPolicies,omitempty" yaml:"extServerPolicies,omitempty"` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
for _, currTarget := range targetRefs { | ||
if currTarget.Kind != KindGateway { | ||
// TODO: mark this targetRef as an error | ||
t.Logger.Sugar().Errorf("extension policy %s doesn't target a Gateway", policy.GetName()) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we've tried to keep the gateway-api lib as minimal as possible, so it can be reused again in other places in the future, can we instead collect errs
here and return and let the runner log them ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
"github.com/envoyproxy/gateway/internal/utils" | ||
) | ||
|
||
func (t *Translator) ProcessExtensionServerPolicies(policies []unstructured.Unstructured, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I dont see this being used anywhere
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It is being used in translator.go
.
@@ -12,6 +12,22 @@ import ( | |||
"unicode" | |||
) | |||
|
|||
func SetMapValues(input map[string]any, fieldName string, fieldValue any) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
can we reuse SetValue ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think so. SetValue
assumes that the input is a struct, this function assumes that the input is a map[string]any
.
It's possible to force SetValue
to do this, but I don't think that this would make the code clearer.
panic(err) | ||
} | ||
tCopy := t.DeepCopy() | ||
tCopy.Object["status"] = *val |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lets make sure the field matches the type gwapiv1a2.PolicyStatus
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is already validated by the compiler.
The val
object is provided by the update
parameter to the function invoked by the HandleSubscription
function. It is a generic type, and it is narrowed to gwapiv1a2.PolicyStatus
in line 407:
mergeGateways sets.Set[string] | ||
resources *message.ProviderResources | ||
extGVKs []schema.GroupVersionKind | ||
extServerPolicies []schema.GroupVersionKind |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why not reuse extGVKs
here ?
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Like @AliceProxy wrote, keeping it separate captures the fact that these GVKs are used for different purposes in different places.
Maybe I should rename extGVKs
to extRouteFilters
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
No complaints from me. I 👍'd a few of Arko's suggestion, but I don't think this should really break any existing extensions other than needing to update the function signatures when they pull the latest package import with these changes.
"github.com/envoyproxy/gateway/internal/utils" | ||
) | ||
|
||
func (t *Translator) ProcessExtensionServerPolicies(policies []unstructured.Unstructured, |
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
mergeGateways sets.Set[string] | ||
resources *message.ProviderResources | ||
extGVKs []schema.GroupVersionKind | ||
extServerPolicies []schema.GroupVersionKind |
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
079425f
to
486aa61
Compare
/retest |
1 similar comment
/retest |
internal/gatewayapi/translator.go
Outdated
@@ -101,12 +102,15 @@ type Translator struct { | |||
|
|||
// Namespace is the namespace that Envoy Gateway runs in. | |||
Namespace string | |||
|
|||
Logger logging.Logger |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
still seeing the Logger
and LoggedErrors
being defined here
can we follow the approach taken in the gatewayapi
lib where we have a top level errs
field e.g.
err, errs error |
Translate
function and we'd append the errors returned from individual functions e.g. errs = errors.Join(errs, err) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The difference is that in BackendTrafficPolicy
the errors are aggregated into a single error
and then stored in the policy status.
In this policy, the decision was not to update the policy status section for errors, which means that errors would need to be propagated all the way to the runner in order to be logged. This is a pretty large structural change.
I will remove the logger, but I think keeping the LoggedErrors
approach is better.
cca4bda
to
cd72c97
Compare
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
runner Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
cd72c97
to
62d1a8a
Compare
/retest |
What this PR does / why we need it:
This PR implements extension server policies which can be attached to HTTP listeners.
See the full description in the issue (#2975)
Which issue(s) this PR fixes:
Fixes #2975