fix: multiple reference grants in same namespace#4008
Merged
arkodg merged 3 commits intoenvoyproxy:mainfrom Aug 8, 2024
Merged
fix: multiple reference grants in same namespace#4008arkodg merged 3 commits intoenvoyproxy:mainfrom
arkodg merged 3 commits intoenvoyproxy:mainfrom
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4008 +/- ##
==========================================
+ Coverage 67.61% 67.62% +0.01%
==========================================
Files 185 185
Lines 22578 22591 +13
==========================================
+ Hits 15265 15277 +12
- Misses 6217 6221 +4
+ Partials 1096 1093 -3 ☔ View full report in Codecov by Sentry. |
Contributor
Author
|
since there is no existing unit test for the corresponding line, could anyone advise me on whether I should add a unit test elsewhere? |
shawnh2
reviewed
Aug 6, 2024
Contributor
An e2e test would be nice! |
ardikabs
force-pushed
the
fix-multiple-referencegrants-in-same-namespace
branch
2 times, most recently
from
096abfd to
9ebc349
Compare
Contributor
Author
Contributor
ardikabs
force-pushed
the
fix-multiple-referencegrants-in-same-namespace
branch
4 times, most recently
from
f327bb8 to
bacea2c
Compare
Contributor
Author
|
hi @shawnh2, |
Contributor
|
they sure are flaky, and we are trying to repair them. 😿 |
shawnh2
approved these changes
Aug 8, 2024
Contributor
shawnh2
left a comment
shawnh2
left a comment
There was a problem hiding this comment.
LGTM! Thanks for fixing this
Contributor
|
/retest |
Signed-off-by: Ardika Bagus <[email protected]>
Signed-off-by: Ardika Bagus <[email protected]>
Signed-off-by: Ardika Bagus <[email protected]>
ardikabs
force-pushed
the
fix-multiple-referencegrants-in-same-namespace
branch
from
bacea2c to
dd4fde8
Compare
arkodg
approved these changes
Aug 8, 2024
Contributor
arkodg
left a comment
arkodg
left a comment
There was a problem hiding this comment.
LGTM !
thanks for adding an e2e
arkodg
added
cherrypick/release-v1.0
cherrypick/release-v1.1
arkodg
pushed a commit
to arkodg/gateway
that referenced
this pull request
Sep 7, 2024
* fix: multiple reference grants in same namespace Signed-off-by: Ardika Bagus <[email protected]> * test: add e2e test Signed-off-by: Ardika Bagus <[email protected]> * chore: wrong service port Signed-off-by: Ardika Bagus <[email protected]> --------- Signed-off-by: Ardika Bagus <[email protected]> (cherry picked from commit b82f4b2) Signed-off-by: Arko Dasgupta <[email protected]>
arkodg
pushed a commit
to arkodg/gateway
that referenced
this pull request
Sep 7, 2024
* fix: multiple reference grants in same namespace Signed-off-by: Ardika Bagus <[email protected]> * test: add e2e test Signed-off-by: Ardika Bagus <[email protected]> * chore: wrong service port Signed-off-by: Ardika Bagus <[email protected]> --------- Signed-off-by: Ardika Bagus <[email protected]> (cherry picked from commit b82f4b2) Signed-off-by: Arko Dasgupta <[email protected]>
guydc
pushed a commit
that referenced
this pull request
Sep 10, 2024
* bugfix: fix upstream get unwanted /. (#3990) * bugfix: fix upstream get unwanted /. Signed-off-by: qicz <[email protected]> * ut for bugfix Signed-off-by: qicz <[email protected]> --------- Signed-off-by: qicz <[email protected]> Co-authored-by: Xunzhuo <[email protected]> (cherry picked from commit b77f6a4) Signed-off-by: Arko Dasgupta <[email protected]> * feat: gateway http listener isolation (#4000) Signed-off-by: Kobi Levi <[email protected]> (cherry picked from commit 97830e9) Signed-off-by: Arko Dasgupta <[email protected]> * fix: multiple reference grants in same namespace (#4008) * fix: multiple reference grants in same namespace Signed-off-by: Ardika Bagus <[email protected]> * test: add e2e test Signed-off-by: Ardika Bagus <[email protected]> * chore: wrong service port Signed-off-by: Ardika Bagus <[email protected]> --------- Signed-off-by: Ardika Bagus <[email protected]> (cherry picked from commit b82f4b2) Signed-off-by: Arko Dasgupta <[email protected]> * reduce readinessProbe failureThreshold and periodSeconds (#4021) * Reduces time for the endpoint to be removed from the endpointSlice from `30s` (3 * 10) to `5s` (1 * 5) * Since kube-proxy and CNIs rely on this info and so do external LBs like GKE https://cloud.google.com/kubernetes-engine/docs/concepts/service-load-balancer Signed-off-by: Arko Dasgupta <[email protected]> (cherry picked from commit 67575b8) Signed-off-by: Arko Dasgupta <[email protected]> * fix: add header values as described in the documentation (#4031) Add header values after splitting the provided value string on ',', like described in the documentation. Signed-off-by: Lior Okman <[email protected]> (cherry picked from commit eac30d6) Signed-off-by: Arko Dasgupta <[email protected]> * fix ratelimit statsd not working (#4073) fix ratelimit statd not working Signed-off-by: zirain <[email protected]> (cherry picked from commit 6ab6482) Signed-off-by: Arko Dasgupta <[email protected]> * fix: active http healthcheck documents a default for expected status, but doesn't use it (#4090) If no expected status was explicitly set, use the default value as described in the documentation. Signed-off-by: Lior Okman <[email protected]> (cherry picked from commit 0926b38) Signed-off-by: Arko Dasgupta <[email protected]> * Fix IsNotFound check for secret and configmap (#4126) fix IsNotFound check for secret and configmap Signed-off-by: TasdidurRahman <[email protected]> (cherry picked from commit c20315f) Signed-off-by: Arko Dasgupta <[email protected]> * fix: assign sugar logger name. (#4144) Signed-off-by: qicz <[email protected]> Co-authored-by: zirain <[email protected]> (cherry picked from commit b50f5fa) Signed-off-by: Arko Dasgupta <[email protected]> * use sets and return stable result (#4074) Signed-off-by: zirain <[email protected]> (cherry picked from commit 6066f5a) Signed-off-by: Arko Dasgupta <[email protected]> * delete internal/gatewayapi/clustersettings.go NA for v1.1 Signed-off-by: Arko Dasgupta <[email protected]> * bump to go1.22.7 (#4175) * bump to go1.22.6 Signed-off-by: zirain <[email protected]> * bump to 1.22.7 Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> (cherry picked from commit 69bf882) Signed-off-by: Arko Dasgupta <[email protected]> --------- Signed-off-by: qicz <[email protected]> Signed-off-by: Arko Dasgupta <[email protected]> Signed-off-by: Kobi Levi <[email protected]> Signed-off-by: Ardika Bagus <[email protected]> Signed-off-by: Lior Okman <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: TasdidurRahman <[email protected]> Co-authored-by: qi <[email protected]> Co-authored-by: Xunzhuo <[email protected]> Co-authored-by: Kobi Levi <[email protected]> Co-authored-by: Ardika <[email protected]> Co-authored-by: Lior Okman <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Tasdidur Rahman <[email protected]>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What type of PR is this?
The current behavior of Envoy Gateway when working with multiple
ReferenceGrantsin the same namespace is problematic. When searching for a ReferenceGrant for corresponding resources, such as theHTTPRoute, it only checks theReferenceGrant.spec.fromsemantics. However, during translation, the translator validates both theReferenceGrant.spec.fromandReferenceGrant.spec.tosemantics thoroughly.As a result, the
findReferenceGrantmethod only captures the firstReferenceGrantwith the correctFrom, meaning otherReferenceGrantsare not honored. This leads to the corresponding resource that uses two different resource references encountering an error message such asBackend ref to service <namespace>/<service_name> not permitted by any ReferenceGrantduring translation.Code for
findReferenceGrant:gateway/internal/provider/kubernetes/controller.go
Lines 771 to 782 in 3497600
Code for translation:
gateway/internal/gatewayapi/validate.go
Lines 832 to 857 in 3497600
Proposed Solution
This PR modifies the
findReferenceGrantmethod to also check the To semantics.Fixes #2149