Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make gwctl ReferenceGrant aware. Capture any errors observed while constructing the resource graph. #3029

Merged
merged 9 commits into from
May 2, 2024
Merged

Make gwctl ReferenceGrant aware. Capture any errors observed while constructing the resource graph. #3029

merged 9 commits into from
May 2, 2024

Conversation

gauravkghildiyal
Copy link
Member

@gauravkghildiyal gauravkghildiyal commented Apr 27, 2024
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

  • Use ReferenceGrants to determine if a cross-namespace reference from HTTPRoute
    to a Backend is valid.
  • Capture incorrect reference errors (like reference not found or not permitted)
    in the resourceModel. This will be available for consumption by the views.

Which issue(s) this PR fixes:

Fixes #3039

Does this PR introduce a user-facing change?:

gwctl now displays "incorrect" or "not-found" reference errors. It also uses ReferenceGrants to validate if a reference is correct or not (incorrect reference errors are made visible to the user)

/area gwctl

@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. release-note Denotes a PR that will be considered when it comes time to generate release notes. area/gwctl cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. labels Apr 27, 2024
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: gauravkghildiyal

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 27, 2024
@k8s-ci-robot k8s-ci-robot added the size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. label Apr 27, 2024
@gauravkghildiyal
Copy link
Member Author

/cc @mlavacca

@gauravkghildiyal
Copy link
Member Author

/retest

@gauravkghildiyal gauravkghildiyal force-pushed the reference-analysis branch 2 times, most recently from 22b3fab to f33488c Compare May 1, 2024 21:41
@k8s-ci-robot k8s-ci-robot added size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files. and removed size/XL Denotes a PR that changes 500-999 lines, ignoring generated files. labels May 1, 2024
robscott
robscott reviewed May 2, 2024
View reviewed changes
Copy link
Member

@robscott robscott left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for all the work on this @gauravkghildiyal!

gwctl/cmd/describe.go Outdated Show resolved Hide resolved
gwctl/pkg/resourcediscovery/discoverer.go Outdated Show resolved Hide resolved
gwctl/pkg/resourcediscovery/discoverer.go Show resolved Hide resolved
gwctl/pkg/resourcediscovery/resourcemodel.go Outdated Show resolved Hide resolved
gwctl/pkg/resourcediscovery/discoverer.go Show resolved Hide resolved
gwctl/pkg/resourcediscovery/discoverer.go
Comment on lines +318 to +381
// Ensure that if this is a cross namespace reference, then it is accepted
// through some ReferenceGrant.
if httpRoute.GetNamespace() != backendRef.Namespace {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not a blocker for this PR, but I think it would be very helpful to have a more generic RefGrant library that both gwctl and Gateway implementations can use. This has some of the foundational bits for this, but it would just need to be structured differently if that were a goal.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice idea. I'll try to come up with something more generic separately and will bring it up for discussion.

gauravkghildiyal
gauravkghildiyal commented May 2, 2024
View reviewed changes
Copy link
Member Author

@gauravkghildiyal gauravkghildiyal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks a bunch for the review, @robscott!

gwctl/pkg/resourcediscovery/discoverer.go Outdated Show resolved Hide resolved
gwctl/cmd/describe.go Outdated Show resolved Hide resolved
gwctl/pkg/resourcediscovery/discoverer.go Show resolved Hide resolved
gwctl/pkg/resourcediscovery/discoverer.go
Comment on lines +318 to +381
// Ensure that if this is a cross namespace reference, then it is accepted
// through some ReferenceGrant.
if httpRoute.GetNamespace() != backendRef.Namespace {
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice idea. I'll try to come up with something more generic separately and will bring it up for discussion.

gwctl/pkg/resourcediscovery/discoverer.go Show resolved Hide resolved
@robscott
Copy link
Member

robscott commented May 2, 2024

Thanks @gauravkghildiyal!

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label May 2, 2024
@gauravkghildiyal
Copy link
Member Author

/retest

@k8s-ci-robot k8s-ci-robot merged commit 654dde5 into kubernetes-sigs:main May 2, 2024
8 checks passed
@gauravkghildiyal gauravkghildiyal deleted the reference-analysis branch May 2, 2024 21:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@robscott robscott robscott left review comments

@thockin thockin Awaiting requested review from thockin

@mlavacca mlavacca Awaiting requested review from mlavacca

Assignees

@robscott robscott

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/gwctl cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. release-note Denotes a PR that will be considered when it comes time to generate release notes. size/XXL Denotes a PR that changes 1000+ lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[gwctl] Panic on describe subcommand
3 participants
@gauravkghildiyal @k8s-ci-robot @robscott