fix: existing clusters and secretes

Signed-off-by: Huabing Zhao <[email protected]>
envoyproxy · Nov 12, 2024 · bda736c · bda736c
1 parent ec56a83
commit bda736c
Show file tree

Hide file tree

Showing 9 changed files with 16 additions and 21 deletions.
diff --git a/internal/xds/translator/accesslog.go b/internal/xds/translator/accesslog.go
@@ -6,7 +6,6 @@
 package translator
 
 import (
-	"errors"
 	"sort"
 	"strings"
 
@@ -545,7 +544,7 @@ func processClusterForAccessLog(tCtx *types.ResourceVersionTable, al *ir.AccessL
 			backendConnection: traffic.BackendConnection,
 			dns:               traffic.DNS,
 			http2Settings:     traffic.HTTP2,
-		}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+		}); err != nil {
 			return err
 		}
 	}
@@ -573,7 +572,7 @@ func processClusterForAccessLog(tCtx *types.ResourceVersionTable, al *ir.AccessL
 			backendConnection: traffic.BackendConnection,
 			dns:               traffic.DNS,
 			http2Settings:     traffic.HTTP2,
-		}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+		}); err != nil {
 			return err
 		}
 	}

diff --git a/internal/xds/translator/extauth.go b/internal/xds/translator/extauth.go
@@ -226,14 +226,12 @@ func (*extAuth) patchResources(tCtx *types.ResourceVersionTable,
 		}
 		if route.Security.ExtAuth.HTTP != nil {
 			if err := createExtServiceXDSCluster(
-				&route.Security.ExtAuth.HTTP.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil && !errors.Is(
-				err, ErrXdsClusterExists) {
+				&route.Security.ExtAuth.HTTP.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil {
 				errs = errors.Join(errs, err)
 			}
 		} else {
 			if err := createExtServiceXDSCluster(
-				&route.Security.ExtAuth.GRPC.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil && !errors.Is(
-				err, ErrXdsClusterExists) {
+				&route.Security.ExtAuth.GRPC.Destination, route.Security.ExtAuth.Traffic, tCtx); err != nil {
 				errs = errors.Join(errs, err)
 			}
 		}

diff --git a/internal/xds/translator/extproc.go b/internal/xds/translator/extproc.go
@@ -173,8 +173,7 @@ func (*extProc) patchResources(tCtx *types.ResourceVersionTable,
 		for i := range route.EnvoyExtensions.ExtProcs {
 			ep := route.EnvoyExtensions.ExtProcs[i]
 			if err := createExtServiceXDSCluster(
-				&ep.Destination, ep.Traffic, tCtx); err != nil && !errors.Is(
-				err, ErrXdsClusterExists) {
+				&ep.Destination, ep.Traffic, tCtx); err != nil {
 				errs = errors.Join(errs, err)
 			}
 		}

diff --git a/internal/xds/translator/oidc.go b/internal/xds/translator/oidc.go
@@ -310,8 +310,7 @@ func createOAuthServerClusters(tCtx *types.ResourceVersionTable,
 		// If the OIDC provider has a destination, use it.
 		if oidc.Provider.Destination != nil && len(oidc.Provider.Destination.Settings) > 0 {
 			if err := createExtServiceXDSCluster(
-				oidc.Provider.Destination, oidc.Provider.Traffic, tCtx); err != nil && !errors.Is(
-				err, ErrXdsClusterExists) {
+				oidc.Provider.Destination, oidc.Provider.Traffic, tCtx); err != nil {
 				errs = errors.Join(errs, err)
 			}
 		} else {
@@ -372,11 +371,11 @@ func createOAuth2TokenEndpointCluster(tCtx *types.ResourceVersionTable,
 		clusterArgs.tSocket = tSocket
 	}
 
-	if err = addXdsCluster(tCtx, clusterArgs); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+	if err = addXdsCluster(tCtx, clusterArgs); err != nil {
 		return err
 	}
 
-	return err
+	return nil
 }
 
 // createOAuth2Secrets creates OAuth2 client and HMAC secrets from the provided

diff --git a/internal/xds/translator/ratelimit.go b/internal/xds/translator/ratelimit.go
@@ -7,7 +7,6 @@ package translator
 
 import (
 	"bytes"
-	"errors"
 	"net/url"
 	"strconv"
 	"strings"
@@ -498,7 +497,7 @@ func (t *Translator) createRateLimitServiceCluster(tCtx *types.ResourceVersionTa
 		tSocket:      tSocket,
 		endpointType: EndpointTypeDNS,
 		metrics:      metrics,
-	}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+	}); err != nil {
 		return err
 	}
 

diff --git a/internal/xds/translator/tracing.go b/internal/xds/translator/tracing.go
@@ -6,7 +6,6 @@
 package translator
 
 import (
-	"errors"
 	"fmt"
 	"sort"
 
@@ -191,7 +190,7 @@ func processClusterForTracing(tCtx *types.ResourceVersionTable, tracing *ir.Trac
 		backendConnection: traffic.BackendConnection,
 		dns:               traffic.DNS,
 		http2Settings:     traffic.HTTP2,
-	}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+	}); err != nil {
 		return err
 	}
 	return nil

diff --git a/internal/xds/translator/translator.go b/internal/xds/translator/translator.go
@@ -788,10 +788,12 @@ func addXdsSecret(tCtx *types.ResourceVersionTable, secret *tlsv3.Secret) error
 	return nil
 }
 
+// addXdsCluster adds a xds cluster with args.
+// If the cluster already exists, it skips adding the cluster and returns
 func addXdsCluster(tCtx *types.ResourceVersionTable, args *xdsClusterArgs) error {
 	// Return early if cluster with the same name exists
 	if c := findXdsCluster(tCtx, args.name); c != nil {
-		return ErrXdsClusterExists
+		return nil
 	}
 
 	xdsCluster := buildXdsCluster(args)

diff --git a/internal/xds/translator/utils.go b/internal/xds/translator/utils.go
@@ -162,7 +162,7 @@ func createExtServiceXDSCluster(rd *ir.RouteDestination, traffic *ir.TrafficFeat
 		endpointType:      endpointType,
 		dns:               traffic.DNS,
 		http2Settings:     traffic.HTTP2,
-	}); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+	}); err != nil {
 		return err
 	}
 	return nil
@@ -198,7 +198,7 @@ func addClusterFromURL(url string, tCtx *types.ResourceVersionTable) error {
 		clusterArgs.tSocket = tSocket
 	}
 
-	if err = addXdsCluster(tCtx, clusterArgs); err != nil && !errors.Is(err, ErrXdsClusterExists) {
+	if err = addXdsCluster(tCtx, clusterArgs); err != nil {
 		return err
 	}
 	return nil

diff --git a/release-notes/current.yaml b/release-notes/current.yaml
@@ -14,7 +14,7 @@ new features: |
 
 # Fixes for bugs identified in previous versions.
 bug fixes: |
-  Add a bug fix here
+  Fixed xDS translation failed when oidc, jwt, and authorization are specified in the same SecurityPolicy
 
 # Enhancements that improve performance.
 performance improvements: |