Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

init CEL validation #2059

Merged
merged 10 commits into from
Oct 26, 2023
Merged
Show file tree
Hide file tree
Changes from 7 commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
241 changes: 118 additions & 123 deletions .github/workflows/build_and_test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,172 +2,167 @@ name: Build and Test
on:
push:
branches:
- "main"
- "release/v*"
- "main"
zirain marked this conversation as resolved.
Show resolved Hide resolved
- "release/v*"
paths-ignore:
- "**/*.png"
- "**/*.png"
pull_request:
branches:
- "main"
- "release/v*"
- "main"
- "release/v*"
paths-ignore:
- "**/*.png"
- "**/*.png"
jobs:
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps
# Generate the install manifests first so it can checked
# for errors while running `make -k lint`
- run: make generate-manifests
- run: make lint-deps
- run: make -k lint
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps
# Generate the install manifests first so it can checked
# for errors while running `make -k lint`
- run: make generate-manifests
- run: make lint-deps
- run: make -k lint

gen-check:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps
- run: make -k gen-check
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps
- run: make -k gen-check

license-check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps
- run: make -k licensecheck
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps
- run: make -k licensecheck

coverage-test:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

# test
- name: Run Coverage Tests
run: make go.test.coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
fail_ci_if_error: true
files: ./coverage.xml
name: codecov-envoy-gateway
verbose: true
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

# test
- name: Run Coverage Tests
run: make go.test.coverage
- name: Upload coverage to Codecov
uses: codecov/codecov-action@v3
with:
fail_ci_if_error: true
files: ./coverage.xml
name: codecov-envoy-gateway
verbose: true

build:
runs-on: ubuntu-latest
needs: [lint, gen-check, license-check, coverage-test]
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

- name: Build EG Multiarch Binaries
run: make build-multiarch PLATFORMS="linux_amd64 linux_arm64"
- name: Build EG Multiarch Binaries
run: make build-multiarch PLATFORMS="linux_amd64 linux_arm64"

- name: Upload EG Binaries
uses: actions/upload-artifact@v3
with:
name: envoy-gateway
path: bin/
- name: Upload EG Binaries
uses: actions/upload-artifact@v3
with:
name: envoy-gateway
path: bin/

conformance-test:
runs-on: ubuntu-latest
needs: [build]
strategy:
matrix:
version: [ v1.26.6, v1.27.3, v1.28.0 ]
version: [v1.26.6, v1.27.3, v1.28.0]
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@v3
with:
name: envoy-gateway
path: bin/

- name: Give Privileges To EG Binaries
run: |
chmod +x bin/linux/amd64/envoy-gateway
chmod +x bin/linux/arm64/envoy-gateway

# conformance
- name: Run Standard Conformance Tests
env:
KIND_NODE_TAG: ${{ matrix.version }}
IMAGE_PULL_POLICY: IfNotPresent
run: make conformance
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

# conformance
- name: Run Standard Conformance Tests
env:
KIND_NODE_TAG: ${{ matrix.version }}
IMAGE_PULL_POLICY: IfNotPresent
run: make conformance

kube-test:
runs-on: ubuntu-latest
needs: [build]
strategy:
matrix:
version: [v1.26.6, v1.27.3, v1.28.0]
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

# CRD Validation Tests
- name: Run Validation Tests
env:
KIND_NODE_TAG: ${{ matrix.version }}
IMAGE_PULL_POLICY: IfNotPresent
run: make kube-test

e2e-test:
runs-on: ubuntu-latest
needs: [build]
strategy:
matrix:
version: [ v1.26.6, v1.27.3, v1.28.0 ]
version: [v1.26.6, v1.27.3, v1.28.0]
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@v3
with:
name: envoy-gateway
path: bin/

- name: Give Privileges To EG Binaries
run: |
chmod +x bin/linux/amd64/envoy-gateway
chmod +x bin/linux/arm64/envoy-gateway

# E2E
- name: Run E2E Tests
env:
KIND_NODE_TAG: ${{ matrix.version }}
IMAGE_PULL_POLICY: IfNotPresent
run: make e2e
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

# E2E
- name: Run E2E Tests
env:
KIND_NODE_TAG: ${{ matrix.version }}
IMAGE_PULL_POLICY: IfNotPresent
run: make e2e

publish:
runs-on: ubuntu-latest
needs: [conformance-test, e2e-test]
steps:
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@v3
with:
name: envoy-gateway
path: bin/

- name: Give Privileges To EG Binaries
run: |
chmod +x bin/linux/amd64/envoy-gateway
chmod +x bin/linux/arm64/envoy-gateway

# build and push image
- name: Login to DockerHub
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

- name: Setup Multiarch Environment
if: github.event_name == 'push'
run: make image.multiarch.setup

- name: Build and Push EG Commit Image
if: github.event_name == 'push'
# tag is set to the short SHA of the commit
run: make image.push.multiarch PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev

- name: Build and Push EG Latest Image
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# tag is set to `latest` when pushing to main branch
run: make image.push.multiarch TAG=latest PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev

- name: Build and Push EG Latest Helm Chart
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# use `0.0.0` as the default latest version.
run: OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=v0.0.0-latest TAG=latest make helm-package helm-push
- uses: actions/checkout@v4
- uses: ./tools/github-actions/setup-deps

- name: Download EG Binaries
uses: actions/download-artifact@v3
with:
name: envoy-gateway
path: bin/

- name: Give Privileges To EG Binaries
run: |
chmod +x bin/linux/amd64/envoy-gateway
chmod +x bin/linux/arm64/envoy-gateway

# build and push image
- name: Login to DockerHub
if: github.event_name == 'push'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}

- name: Setup Multiarch Environment
if: github.event_name == 'push'
run: make image.multiarch.setup

- name: Build and Push EG Commit Image
if: github.event_name == 'push'
# tag is set to the short SHA of the commit
run: make image.push.multiarch PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev

- name: Build and Push EG Latest Image
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# tag is set to `latest` when pushing to main branch
run: make image.push.multiarch TAG=latest PLATFORMS="linux_amd64 linux_arm64" IMAGE=envoyproxy/gateway-dev

- name: Build and Push EG Latest Helm Chart
if: github.event_name == 'push' && github.ref == 'refs/heads/main'
# use `0.0.0` as the default latest version.
run: OCI_REGISTRY=oci://docker.io/envoyproxy CHART_VERSION=v0.0.0-latest TAG=latest make helm-package helm-push
2 changes: 1 addition & 1 deletion api/v1alpha1/validation/envoyproxy_validate.go
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ import (
_ "github.com/envoyproxy/gateway/internal/xds/extensions" // register the generated types to support protojson unmarshalling
)

// Validate validates the provided EnvoyProxy.
// ValidateEnvoyProxy validates the provided EnvoyProxy.
func ValidateEnvoyProxy(proxy *egv1a1.EnvoyProxy) error {
var errs []error
if proxy == nil {
Expand Down
89 changes: 89 additions & 0 deletions test/validation/envoyproxy_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
// Copyright Envoy Gateway Authors
// SPDX-License-Identifier: Apache-2.0
// The full text of the Apache license is available in the LICENSE file at
// the root of the repo.

//go:build validation
// +build validation

package validation

import (
"context"
"fmt"
"strings"
"testing"
"time"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"

egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
)

func TestEnvoyProxyProvider(t *testing.T) {
ctx := context.Background()
baseEnvoyProxy := egv1a1.EnvoyProxy{
ObjectMeta: metav1.ObjectMeta{
Name: "proxy",
Namespace: metav1.NamespaceDefault,
},
Spec: egv1a1.EnvoyProxySpec{},
}

cases := []struct {
desc string
mutate func(envoy *egv1a1.EnvoyProxy)
mutateStatus func(envoy *egv1a1.EnvoyProxy)
wantErrors []string
}{
{
desc: "nil provider",
mutate: func(envoy *egv1a1.EnvoyProxy) {

},
wantErrors: []string{},
},
{
desc: "unsupported provider",
mutate: func(envoy *egv1a1.EnvoyProxy) {
envoy.Spec = egv1a1.EnvoyProxySpec{
Provider: &egv1a1.EnvoyProxyProvider{
Type: "foo",
},
}
},
wantErrors: []string{"Unsupported value: \"foo\": supported values: \"Kubernetes\""},
},
}

for _, tc := range cases {
t.Run(tc.desc, func(t *testing.T) {
proxy := baseEnvoyProxy.DeepCopy()
proxy.Name = fmt.Sprintf("proxy-%v", time.Now().UnixNano())

if tc.mutate != nil {
tc.mutate(proxy)
}
err := c.Create(ctx, proxy)

if tc.mutateStatus != nil {
tc.mutateStatus(proxy)
err = c.Status().Update(ctx, proxy)
}

if (len(tc.wantErrors) != 0) != (err != nil) {
t.Fatalf("Unexpected response while creating EnvoyProxy; got err=\n%v\n;want error=%v", err, tc.wantErrors != nil)
}

var missingErrorStrings []string
for _, wantError := range tc.wantErrors {
if !strings.Contains(strings.ToLower(err.Error()), strings.ToLower(wantError)) {
missingErrorStrings = append(missingErrorStrings, wantError)
}
}
if len(missingErrorStrings) != 0 {
t.Errorf("Unexpected response while creating EnvoyProxy; got err=\n%v\n;missing strings within error=%q", err, missingErrorStrings)
}
})
}
}
Loading