feat: Adding extension server policy handling. #3371
Conversation
liorokman
force-pushed
the
listener-hook-context
branch
from
754eb7b
to
ee207be
Compare
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3371 +/- ##
==========================================
- Coverage 67.22% 67.13% -0.10%
==========================================
Files 166 167 +1
Lines 19720 19961 +241
==========================================
+ Hits 13257 13400 +143
- Misses 5507 5590 +83
- Partials 956 971 +15 ☔ View full report in Codecov by Sentry. |
liorokman
force-pushed
the
listener-hook-context
branch
2 times, most recently
from
e227366
to
bc120d8
Compare
|
cc @AliceProxy |
|
/retest |
2 similar comments
|
/retest |
|
/retest |
liorokman
force-pushed
the
listener-hook-context
branch
from
d5d5bd9
to
7ba5af2
Compare
|
@AliceProxy @arkodg @guydc PTAL |
internal/gatewayapi/resource.go
Outdated
| @@ -56,6 +56,7 @@ type Resources struct { | |||
| SecurityPolicies []*egv1a1.SecurityPolicy `json:"securityPolicies,omitempty" yaml:"securityPolicies,omitempty"` | |||
| BackendTLSPolicies []*gwapiv1a3.BackendTLSPolicy `json:"backendTLSPolicies,omitempty" yaml:"backendTLSPolicies,omitempty"` | |||
| EnvoyExtensionPolicies []*egv1a1.EnvoyExtensionPolicy `json:"envoyExtensionPolicies,omitempty" yaml:"envoyExtensionPolicies,omitempty"` | |||
| ExtServerPolicies []unstructured.Unstructured `json:"extServerPolicies,omitempty" yaml:"extServerPolicies,omitempty"` | |||
There was a problem hiding this comment.
| ExtServerPolicies []unstructured.Unstructured `json:"extServerPolicies,omitempty" yaml:"extServerPolicies,omitempty"` | |
| ExtensionServerPolicies []unstructured.Unstructured `json:"extensionServerPolicies,omitempty" yaml:"extServerPolicies,omitempty"` |
| for _, currTarget := range targetRefs { | ||
| if currTarget.Kind != KindGateway { | ||
| // TODO: mark this targetRef as an error | ||
| t.Logger.Sugar().Errorf("extension policy %s doesn't target a Gateway", policy.GetName()) |
There was a problem hiding this comment.
we've tried to keep the gateway-api lib as minimal as possible, so it can be reused again in other places in the future, can we instead collect errs here and return and let the runner log them ?
| "github.com/envoyproxy/gateway/internal/utils" | ||
| ) | ||
|
|
||
| func (t *Translator) ProcessExtensionServerPolicies(policies []unstructured.Unstructured, |
There was a problem hiding this comment.
I dont see this being used anywhere
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
There was a problem hiding this comment.
It is being used in translator.go.
| @@ -12,6 +12,22 @@ import ( | |||
| "unicode" | |||
| ) | |||
|
|
|||
| func SetMapValues(input map[string]any, fieldName string, fieldValue any) { | |||
There was a problem hiding this comment.
I don't think so. SetValue assumes that the input is a struct, this function assumes that the input is a map[string]any.
It's possible to force SetValue to do this, but I don't think that this would make the code clearer.
| panic(err) | ||
| } | ||
| tCopy := t.DeepCopy() | ||
| tCopy.Object["status"] = *val |
There was a problem hiding this comment.
lets make sure the field matches the type gwapiv1a2.PolicyStatus
There was a problem hiding this comment.
This is already validated by the compiler.
The val object is provided by the update parameter to the function invoked by the HandleSubscription function. It is a generic type, and it is narrowed to gwapiv1a2.PolicyStatus in line 407:
| mergeGateways sets.Set[string] | ||
| resources *message.ProviderResources | ||
| extGVKs []schema.GroupVersionKind | ||
| extServerPolicies []schema.GroupVersionKind |
There was a problem hiding this comment.
why not reuse extGVKs here ?
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
There was a problem hiding this comment.
Like @AliceProxy wrote, keeping it separate captures the fact that these GVKs are used for different purposes in different places.
Maybe I should rename extGVKs to extRouteFilters ?
| "github.com/envoyproxy/gateway/internal/utils" | ||
| ) | ||
|
|
||
| func (t *Translator) ProcessExtensionServerPolicies(policies []unstructured.Unstructured, |
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
| mergeGateways sets.Set[string] | ||
| resources *message.ProviderResources | ||
| extGVKs []schema.GroupVersionKind | ||
| extServerPolicies []schema.GroupVersionKind |
This comment was marked as duplicate.
This comment was marked as duplicate.
Sorry, something went wrong.
liorokman
force-pushed
the
listener-hook-context
branch
from
079425f
to
486aa61
Compare
|
/retest |
1 similar comment
|
/retest |
internal/gatewayapi/translator.go
Outdated
| @@ -101,12 +102,15 @@ type Translator struct { | |||
|
|
|||
| // Namespace is the namespace that Envoy Gateway runs in. | |||
| Namespace string | |||
|
|
|||
| Logger logging.Logger | |||
There was a problem hiding this comment.
still seeing the Logger and LoggedErrors being defined here
can we follow the approach taken in the gatewayapi lib where we have a top level errs field e.g.
Translate function and we'd append the errors returned from individual functions e.g.
There was a problem hiding this comment.
The difference is that in BackendTrafficPolicy the errors are aggregated into a single error and then stored in the policy status.
In this policy, the decision was not to update the policy status section for errors, which means that errors would need to be propagated all the way to the runner in order to be logged. This is a pretty large structural change.
I will remove the logger, but I think keeping the LoggedErrors approach is better.
liorokman
force-pushed
the
listener-hook-context
branch
from
cca4bda
to
cd72c97
Compare
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
runner Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
Signed-off-by: Lior Okman <lior.okman@sap.com>
liorokman
force-pushed
the
listener-hook-context
branch
from
cd72c97
to
62d1a8a
Compare
|
/retest |
What this PR does / why we need it:
This PR implements extension server policies which can be attached to HTTP listeners.
See the full description in the issue (#2975)
Which issue(s) this PR fixes:
Fixes #2975