From e6906d490a194c39b4ea94e32c2c98a2dbf78b96 Mon Sep 17 00:00:00 2001 From: Sarthak Agrawal Date: Tue, 23 Jul 2024 13:41:00 -0600 Subject: [PATCH] fix dataplane tests --- .../static/state/dataplane/configuration.go | 7 +- .../state/dataplane/configuration_test.go | 79 ++++++++++++++++++- .../mode/static/state/graph/route_common.go | 8 +- 3 files changed, 87 insertions(+), 7 deletions(-) diff --git a/internal/mode/static/state/dataplane/configuration.go b/internal/mode/static/state/dataplane/configuration.go index e72ff27e7..4c1bbfbf3 100644 --- a/internal/mode/static/state/dataplane/configuration.go +++ b/internal/mode/static/state/dataplane/configuration.go @@ -46,7 +46,7 @@ func BuildConfiguration( upstreams := buildUpstreams(ctx, g.Gateway.Listeners, serviceResolver, baseHTTPConfig.IPFamily) httpServers, sslServers := buildServers(g, generator) passthroughServers := buildPassthroughServers(g) - streamUpstreams := buildStreamUpstreams(ctx, g.Gateway.Listeners, serviceResolver) + streamUpstreams := buildStreamUpstreams(ctx, g.Gateway.Listeners, serviceResolver, baseHTTPConfig.IPFamily) backendGroups := buildBackendGroups(append(httpServers, sslServers...)) keyPairs := buildSSLKeyPairs(g.ReferencedSecrets, g.Gateway.Listeners) certBundles := buildCertBundles(g.ReferencedCaCertConfigMaps, backendGroups) @@ -114,6 +114,7 @@ func buildStreamUpstreams( ctx context.Context, listeners []*graph.Listener, resolver resolver.ServiceResolver, + ipFamily IPFamilyType, ) []Upstream { // There can be duplicate upstreams if multiple routes reference the same upstream. // We use a map to deduplicate them. @@ -144,7 +145,9 @@ func buildStreamUpstreams( var errMsg string - eps, err := resolver.Resolve(ctx, br.SvcNsName, br.ServicePort) + allowedAddressType := getAllowedAddressType(ipFamily) + + eps, err := resolver.Resolve(ctx, br.SvcNsName, br.ServicePort, allowedAddressType) if err != nil { errMsg = err.Error() } diff --git a/internal/mode/static/state/dataplane/configuration_test.go b/internal/mode/static/state/dataplane/configuration_test.go index d0f1c49d4..2f89e79b4 100644 --- a/internal/mode/static/state/dataplane/configuration_test.go +++ b/internal/mode/static/state/dataplane/configuration_test.go @@ -408,6 +408,47 @@ func TestBuildConfiguration(t *testing.T) { pathAndType{path: "/valid", pathType: prefix}, pathAndType{path: invalidMatchesPath, pathType: prefix}, ) + tlsTR1 := graph.L4Route{ + Spec: graph.L4RouteSpec{ + Hostnames: []v1.Hostname{"app.example.com", "cafe.example.com"}, + BackendRef: graph.BackendRef{ + SvcNsName: types.NamespacedName{ + Namespace: "default", + Name: "secure-app", + }, + ServicePort: apiv1.ServicePort{ + Name: "https", + Protocol: "TCP", + Port: 8443, + TargetPort: intstr.IntOrString{ + Type: intstr.Int, + IntVal: 8443, + }, + }, + Valid: true, + }, + }, + Valid: true, + } + + tlsTR2 := graph.L4Route{ + Spec: graph.L4RouteSpec{ + Hostnames: []v1.Hostname{"test.example.com"}, + BackendRef: graph.BackendRef{}, + }, + Valid: true, + } + + TR1Key := graph.L4RouteKey{NamespacedName: types.NamespacedName{ + Namespace: "default", + Name: "secure-app", + }} + + TR2Key := graph.L4RouteKey{NamespacedName: types.NamespacedName{ + Namespace: "default", + Name: "secure-app2", + }} + httpsHR7, expHTTPSHR7Groups, httpsRouteHR7 := createTestResources( "https-hr-7", "foo.example.com", // same as httpsHR3 @@ -596,6 +637,13 @@ func TestBuildConfiguration(t *testing.T) { }, } + listener443_2 := v1.Listener{ + Name: "listener-443-2", + Hostname: (*v1.Hostname)(helpers.GetPointer("*.example.com")), + Port: 443, + Protocol: v1.TLSProtocolType, + } + listener8443 := v1.Listener{ Name: "listener-8443", Hostname: nil, @@ -1522,11 +1570,26 @@ func TestBuildConfiguration(t *testing.T) { }, ResolvedSecret: &secret1NsName, }, + { + Name: "listener-443-2", + Source: listener443_2, + Valid: true, + Routes: map[graph.RouteKey]*graph.L7Route{}, + L4Routes: map[graph.L4RouteKey]*graph.L4Route{ + TR1Key: &tlsTR1, + TR2Key: &tlsTR2, + }, + ResolvedSecret: &secret1NsName, + }, }...) g.Routes = map[graph.RouteKey]*graph.L7Route{ graph.CreateRouteKey(hr6): routeHR6, graph.CreateRouteKey(httpsHR6): httpsRouteHR6, } + g.L4Routes = map[graph.L4RouteKey]*graph.L4Route{ + TR1Key: &tlsTR1, + TR2Key: &tlsTR2, + } g.ReferencedSecrets = map[types.NamespacedName]*graph.Secret{ secret1NsName: secret1, } @@ -1577,6 +1640,19 @@ func TestBuildConfiguration(t *testing.T) { }...) conf.Upstreams = []Upstream{fooUpstream} conf.BackendGroups = []BackendGroup{expHR6Groups[0], expHTTPSHR6Groups[0]} + conf.StreamUpstreams = []Upstream{ + { + Endpoints: fooEndpoints, + Name: "default_secure-app_8443", + }, + } + conf.TLSPassthroughServers = []Layer4VirtualServer{ + { + Hostname: "app.example.com", + UpstreamName: "default_secure-app_8443", + Port: 443, + }, + } return conf }), msg: "one http and one https listener with routes with valid and invalid rules", @@ -3217,6 +3293,7 @@ func TestGetAllowedAddressType(t *testing.T) { }) } } + func TestCreatePassthroughServers(t *testing.T) { testGraph := graph.Graph{ Gateway: &graph.Gateway{ @@ -3409,7 +3486,7 @@ func TestBuildStreamUpstreams(t *testing.T) { fakeResolver := resolverfakes.FakeServiceResolver{} fakeResolver.ResolveReturns(nil, errors.New("error")) - streamUpstreams := buildStreamUpstreams(context.Background(), testGraph.Gateway.Listeners, &fakeResolver) + streamUpstreams := buildStreamUpstreams(context.Background(), testGraph.Gateway.Listeners, &fakeResolver, Dual) expectedStreamUpstreams := []Upstream{ { diff --git a/internal/mode/static/state/graph/route_common.go b/internal/mode/static/state/graph/route_common.go index e73441045..c6b6e9144 100644 --- a/internal/mode/static/state/graph/route_common.go +++ b/internal/mode/static/state/graph/route_common.go @@ -272,15 +272,15 @@ func buildTLSRoute( refPath := field.NewPath("spec").Child("rules").Index(0).Child("backendRefs").Index(0) - svcNsName, svcPort, err := getServiceAndPortFromRef( + _, svcPort, err := getIPFamilyAndPortFromRef( gtr.Spec.Rules[0].BackendRefs[0], - r.Source.GetNamespace(), + types.NamespacedName{Namespace: r.Source.GetNamespace(), Name: r.Source.GetName()}, services, refPath, ) if err != nil { backendRef = BackendRef{ - SvcNsName: svcNsName, + SvcNsName: types.NamespacedName{Namespace: r.Source.GetNamespace(), Name: r.Source.GetName()}, ServicePort: svcPort, Valid: false, } @@ -291,7 +291,7 @@ func buildTLSRoute( } backendRef = BackendRef{ - SvcNsName: svcNsName, + SvcNsName: types.NamespacedName{Namespace: r.Source.GetNamespace(), Name: r.Source.GetName()}, ServicePort: svcPort, Valid: true, }