-
Notifications
You must be signed in to change notification settings - Fork 468
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Validate requestRedirect with backendrefs #2161
fix: Validate requestRedirect with backendrefs #2161
Conversation
Welcome @slayer321! |
Hi @slayer321. Thanks for your PR. I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/ok-to-test |
@slayer321 The job failed due to a error:
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, thanks!
@@ -868,7 +868,7 @@ func TestValidateHTTPRouteTypeMatchesField(t *testing.T) { | |||
StatusCode: new(int), | |||
}, | |||
}, | |||
errCount: 0, | |||
errCount: 1, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why has this changed ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The same reason that I mentioned for v1beta1
changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@slayer321 do you happen to have a link handy to that comment or can you just copy it here? Not finding the context easily and also have the same question.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I was taking about this comment #2161 (comment)
@@ -1049,7 +1075,7 @@ func TestValidateHTTPRouteTypeMatchesField(t *testing.T) { | |||
StatusCode: new(int), | |||
}, | |||
}, | |||
errCount: 0, | |||
errCount: 1, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why has this changed ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So, as in this issue we need to validate that BackendRefs is not used when Redirect Filters are used in httpRoute.
In this example as we can see that we are using Redirect Filters and then in the for loops we have BackendRefs as well.
After I added a check of it inside validation/httproute.go
. The test started failing so I made the errCount
as 1 .
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ah thanks for the clarification, didnt go through at the entire file earlier 🙈
would be good to add a positive test case, maybe as a new standalone function that ensures thats when the Redirect filter exists and no backendRefs are set, validation is successful
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe I didn't get it. so for new we already have a standalone function which checks if Redirect filter exists then no backendRefs should be set.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
was referring to a standalone alone test TestValidateRequestRedirectFiltersWithNoBackendRef
anyways this is a good to have and is non blocking
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
make sense. I have added standalone test as you mentioned for both the cases where backendref is added and not added.
apis/v1beta1/validation/httproute.go
Outdated
var errs field.ErrorList | ||
for _, filter := range rule.Filters { | ||
if filter.RequestRedirect != nil && len(rule.BackendRefs) > 0 { | ||
errs = append(errs, field.Invalid(path.Child("filters"), filter, "RequestRedirect filter is not allowed with backendRefs")) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
is filter,
needed ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If you are asking if filter
needed inside the field.Invalid
function. So yeah I think we can change to gatewayv1b1.HTTPRouteFilterRequestRedirect
.. as it will be more specific.
errs = append(errs, field.Invalid(path.Child("filters"), gatewayv1b1.HTTPRouteFilterRequestRedirect, "RequestRedirect filter is not allowed with backendRefs"))
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
thanks, yeah +1 to this change
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM thanks !
Hi, as api-verify CI is failing so I tried running the
What can be the reason for that 🤔 |
@slayer321 can you rebase to |
Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>
Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>
Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>
Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>
I tried it but still got below error
After looking for it , I found that there where many similar errors but nothing same as this one. most of them says that we need to run |
@slayer321 I don't have idea about it. Even if you can't run the |
Signed-off-by: slayer321 <sachin.maurya7666@gmail.com>
30cec5f
to
caa509f
Compare
/release-note "Webhook validation now ensures that BackendRefs can not be specified in the same HTTPRoute rule as a Redirect filter" |
/release-note-edit |
Thanks @slayer321! /lgtm |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: arkodg, gyohuangxin, robscott, slayer321 The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
What type of PR is this?
/kind bug
/kind test
What this PR does / why we need it:
Validate and Prevent Redirect Filters and BackendRefs in same HTTPRoute Rules.
Which issue(s) this PR fixes:
Fixes #2148
Does this PR introduce a user-facing change?: