Skip to content

Commit

Permalink
feat: move validate envoy gateway (#2024)
Browse files Browse the repository at this point in the history
Signed-off-by: bitliu <[email protected]>
  • Loading branch information
Xunzhuo authored Oct 20, 2023
1 parent 75f08c4 commit ffd5418
Show file tree
Hide file tree
Showing 8 changed files with 529 additions and 504 deletions.
87 changes: 87 additions & 0 deletions api/v1alpha1/validation/envoygateway_validate.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,87 @@
// Copyright Envoy Gateway Authors
// SPDX-License-Identifier: Apache-2.0
// The full text of the Apache license is available in the LICENSE file at
// the root of the repo.

package validation

import (
"errors"
"fmt"
"net/url"

gwapiv1 "sigs.k8s.io/gateway-api/apis/v1"

"github.com/envoyproxy/gateway/api/v1alpha1"
)

// Validate validates the provided EnvoyGateway.
func ValidateEnvoyGateway(eg *v1alpha1.EnvoyGateway) error {
switch {
case eg == nil:
return errors.New("envoy gateway config is unspecified")
case eg.Gateway == nil:
return errors.New("gateway is unspecified")
case len(eg.Gateway.ControllerName) == 0:
return errors.New("gateway controllerName is unspecified")
case eg.Provider == nil:
return errors.New("provider is unspecified")
case eg.Provider.Type != v1alpha1.ProviderTypeKubernetes:
return fmt.Errorf("unsupported provider %v", eg.Provider.Type)
case eg.Logging != nil && len(eg.Logging.Level) != 0:
level := eg.Logging.Level
for component, logLevel := range level {
switch component {
case v1alpha1.LogComponentGatewayDefault,
v1alpha1.LogComponentProviderRunner,
v1alpha1.LogComponentGatewayAPIRunner,
v1alpha1.LogComponentXdsTranslatorRunner,
v1alpha1.LogComponentXdsServerRunner,
v1alpha1.LogComponentInfrastructureRunner,
v1alpha1.LogComponentGlobalRateLimitRunner:
switch logLevel {
case v1alpha1.LogLevelDebug, v1alpha1.LogLevelError, v1alpha1.LogLevelWarn, v1alpha1.LogLevelInfo:
default:
return errors.New("envoy gateway logging level invalid. valid options: info/debug/warn/error")
}
default:
return errors.New("envoy gateway logging components invalid. valid options: system/provider/gateway-api/xds-translator/xds-server/infrastructure")
}
}
case eg.RateLimit != nil:
if eg.RateLimit.Backend.Type != v1alpha1.RedisBackendType {
return fmt.Errorf("unsupported ratelimit backend %v", eg.RateLimit.Backend.Type)
}
if eg.RateLimit.Backend.Redis == nil || eg.RateLimit.Backend.Redis.URL == "" {
return fmt.Errorf("empty ratelimit redis settings")
}
if _, err := url.Parse(eg.RateLimit.Backend.Redis.URL); err != nil {
return fmt.Errorf("unknown ratelimit redis url format: %w", err)
}
case eg.ExtensionManager != nil:
if eg.ExtensionManager.Hooks == nil || eg.ExtensionManager.Hooks.XDSTranslator == nil {
return fmt.Errorf("registered extension has no hooks specified")
}

if len(eg.ExtensionManager.Hooks.XDSTranslator.Pre) == 0 && len(eg.ExtensionManager.Hooks.XDSTranslator.Post) == 0 {
return fmt.Errorf("registered extension has no hooks specified")
}

if eg.ExtensionManager.Service == nil {
return fmt.Errorf("extension service config is empty")
}

if eg.ExtensionManager.Service.TLS != nil {
certificateRefKind := eg.ExtensionManager.Service.TLS.CertificateRef.Kind

if certificateRefKind == nil {
return fmt.Errorf("certificateRef empty in extension service server TLS settings")
}

if *certificateRefKind != gwapiv1.Kind("Secret") {
return fmt.Errorf("unsupported extension server TLS certificateRef %v", certificateRefKind)
}
}
}
return nil
}
Loading

0 comments on commit ffd5418

Please sign in to comment.