fix: Validate requestRedirect with backendrefs

[slayer321]

What type of PR is this?

/kind bug
/kind test
What this PR does / why we need it:
Validate and Prevent Redirect Filters and BackendRefs in same HTTPRoute Rules.
Which issue(s) this PR fixes:

Fixes #2148

Does this PR introduce a user-facing change?:

Webhook validation now ensures that BackendRefs can not be specified in the same HTTPRoute rule as a Redirect filter

[k8s-ci-robot]

Welcome @slayer321!

It looks like this is your first PR to kubernetes-sigs/gateway-api 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/gateway-api has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. 😃

[k8s-ci-robot]

Hi @slayer321. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[gyohuangxin]

/ok-to-test

[gyohuangxin]

@slayer321 The job failed due to a error:

./hack/invalid-examples/v1beta1/httproute/invalid-request-redirect-with-backendref.yaml
  16:19     error    no new line character at the end of file  (new-line-at-end-of-file)
[0;31mTest FAILED: hack/../hack/verify-yamllint.sh 
make: *** [Makefile:114: verify] Error 1

[gyohuangxin]

LGTM, thanks!

[arkodg]

why has this changed ?

[slayer321]

The same reason that I mentioned for v1beta1 changes.

[robscott]

@slayer321 do you happen to have a link handy to that comment or can you just copy it here? Not finding the context easily and also have the same question.

[slayer321]

I was taking about this comment #2161 (comment)

[arkodg]

why has this changed ?

[slayer321]

So, as in this issue we need to validate that BackendRefs is not used when Redirect Filters are used in httpRoute.
In this example as we can see that we are using Redirect Filters and then in the for loops we have BackendRefs as well.

After I added a check of it inside validation/httproute.go. The test started failing so I made the errCount as 1 .

[arkodg]

ah thanks for the clarification, didnt go through at the entire file earlier 🙈
would be good to add a positive test case, maybe as a new standalone function that ensures thats when the Redirect filter exists and no backendRefs are set, validation is successful

[slayer321]

maybe I didn't get it. so for new we already have a standalone function which checks if Redirect filter exists then no backendRefs should be set.

[arkodg]

was referring to a standalone alone test TestValidateRequestRedirectFiltersWithNoBackendRef
anyways this is a good to have and is non blocking

[slayer321]

make sense. I have added standalone test as you mentioned for both the cases where backendref is added and not added.

[arkodg]

is filter, needed ?

[slayer321]

If you are asking if filter needed inside the field.Invalid function. So yeah I think we can change to gatewayv1b1.HTTPRouteFilterRequestRedirect .. as it will be more specific.

errs = append(errs, field.Invalid(path.Child("filters"), gatewayv1b1.HTTPRouteFilterRequestRedirect, "RequestRedirect filter is not allowed with backendRefs"))

[arkodg]

thanks, yeah +1 to this change

[arkodg]

LGTM thanks !

[slayer321]

Hi, as api-verify CI is failing so I tried running the golangci-lint run command .. but it is just showing Killed

sachinmaurya@sachin:~/go/src/github.com/gateway-api (test-request-route-w-backend-ref)$ golangci-lint run 
WARN [runner] The linter 'structcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused. 
WARN [runner] The linter 'deadcode' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused. 
WARN [runner] The linter 'varcheck' is deprecated (since v1.49.0) due to: The owner seems to have abandoned the linter.  Replaced by unused. 
Killed

What can be the reason for that 🤔

[arkodg]

golangci-lint run

@slayer321 can you rebase to main and try ./hack/verify-golint.sh ?

[slayer321]

I tried it but still got below error

sachinmaurya@sachin:~/go/src/github.com/gateway-api (test-request-route-w-backend-ref)$ ./hack/verify-golint.sh
level=warning msg="[runner] Can't run linter goanalysis_metalinter: musttag: running `go list all`: exit status 1"
level=error msg="Running error: 1 error occurred:\n\t* can't run linter goanalysis_metalinter: musttag: running `go list all`: exit status 1\n\n"

After looking for it , I found that there where many similar errors but nothing same as this one. most of them says that we need to run go build.
has anyone else faced the similar error while working on this project or is it some issue with my local setup.

[gyohuangxin]

@slayer321 I don't have idea about it. Even if you can't run the ./hack/verify-golint.sh in your environment, you can find the details from the CI job logs: https://prow.k8s.io/view/gs/kubernetes-jenkins/pr-logs/pull/kubernetes-sigs_gateway-api/2161/pull-gateway-api-verify/1676963399549849600

[robscott]

/release-note "Webhook validation now ensures that BackendRefs can not be specified in the same HTTPRoute rule as a Redirect filter"

[robscott]

/release-note-edit Webhook validation now ensures that BackendRefs can not be specified in the same HTTPRoute rule as a Redirect filter

[robscott]

Thanks @slayer321!

/lgtm
/approve

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: arkodg, gyohuangxin, robscott, slayer321

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [robscott]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment