Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: fix the CEL definitions to allow policies that use target selectors without explicit targetRefs #3904

Merged

Conversation

liorokman
Copy link
Contributor

Fixes #3901

without explicit targetRefs

Signed-off-by: Lior Okman <[email protected]>
@liorokman liorokman requested a review from a team as a code owner July 19, 2024 20:13
Copy link

codecov bot commented Jul 19, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 67.43%. Comparing base (9c31f4b) to head (5705be2).

Additional details and impacted files
@@           Coverage Diff           @@
##             main    #3904   +/-   ##
=======================================
  Coverage   67.43%   67.43%           
=======================================
  Files         182      182           
  Lines       22433    22433           
=======================================
  Hits        15128    15128           
  Misses       6217     6217           
  Partials     1088     1088           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@liorokman
Copy link
Contributor Author

/retest

1 similar comment
@guydc
Copy link
Contributor

guydc commented Jul 19, 2024

/retest

@guydc guydc added this to the v1.1.0 milestone Jul 19, 2024
Copy link
Contributor

@guydc guydc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, Thanks!

@@ -34,7 +34,7 @@ type ClientTrafficPolicy struct {
Status gwapiv1a2.PolicyStatus `json:"status,omitempty"`
}

// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs))", message="either targetRef or targetRefs must be used"
// +kubebuilder:validation:XValidation:rule="(has(self.targetRef) && !has(self.targetRefs)) || (!has(self.targetRef) && has(self.targetRefs)) || (has(self.targetSelectors) && self.targetSelectors.size() > 0) ", message="either targetRef or targetRefs must be used"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

does this mean a user can specify targetRefs and targetSelectors at the same time ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yes.

Copy link
Member

@Xunzhuo Xunzhuo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch

@arkodg arkodg merged commit 7c080fe into envoyproxy:main Jul 20, 2024
20 of 24 checks passed
@liorokman liorokman deleted the targetselectors-without-targetrefs branch July 20, 2024 15:13
@sadovnikov
Copy link
Contributor

Thanks! 👍

guydc pushed a commit to guydc/gateway that referenced this pull request Jul 22, 2024
…ors without explicit targetRefs (envoyproxy#3904)

Fix the CEL definitions to allow policies that use target selectors
without explicit targetRefs

Signed-off-by: Lior Okman <[email protected]>
guydc pushed a commit to guydc/gateway that referenced this pull request Jul 22, 2024
…ors without explicit targetRefs (envoyproxy#3904)

Fix the CEL definitions to allow policies that use target selectors
without explicit targetRefs

Signed-off-by: Lior Okman <[email protected]>
guydc added a commit that referenced this pull request Jul 23, 2024
* fix quickstart link in helm chart (#3793)

Signed-off-by: Huabing Zhao <[email protected]>

* build(deps): bump golang.org/x/sys from 0.21.0 to 0.22.0 (#3780)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0.
- [Commits](golang/sys@v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* build(deps): bump distroless/static from `e9ac71e` to `8dd8d3c` in /tools/docker/envoy-gateway (#3778)

build(deps): bump distroless/static in /tools/docker/envoy-gateway

Bumps distroless/static from `e9ac71e` to `8dd8d3c`.

---
updated-dependencies:
- dependency-name: distroless/static
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Xunzhuo <[email protected]>

* build(deps): bump fortio.org/log from 1.12.2 to 1.14.0 (#3782)

Bumps [fortio.org/log](https://github.com/fortio/log) from 1.12.2 to 1.14.0.
- [Release notes](https://github.com/fortio/log/releases)
- [Commits](fortio/log@v1.12.2...v1.14.0)

---
updated-dependencies:
- dependency-name: fortio.org/log
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* build(deps): bump google.golang.org/grpc from 1.64.0 to 1.65.0 (#3783)

Bumps [google.golang.org/grpc](https://github.com/grpc/grpc-go) from 1.64.0 to 1.65.0.
- [Release notes](https://github.com/grpc/grpc-go/releases)
- [Commits](grpc/grpc-go@v1.64.0...v1.65.0)

---
updated-dependencies:
- dependency-name: google.golang.org/grpc
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* docs: move release-notes out of version (#3765)

* move release-notes out of version

Signed-off-by: zirain <[email protected]>

* fix

Signed-off-by: zirain <[email protected]>

* update release-notes

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* ci: update cherry-pick v1.1.0 (#3803)

Signed-off-by: Guy Daich <[email protected]>

* doc: how to build a wasm image (#3806)

* docs for building wasm images

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

* minor change

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

* Use Wasm instead of WASM (#3812)

* Use Wasm instead of WASM

Signed-off-by: Takeshi Yoneda <[email protected]>

* part2

Signed-off-by: Takeshi Yoneda <[email protected]>

---------

Signed-off-by: Takeshi Yoneda <[email protected]>

* docs: generate v1.1.0-rc.1 release note (#3794)

* chore: release-notes-docs be part of generate (#3815)

* fix: enable client timeout test (#3811)

* enable client timeout test

Signed-off-by: Guy Daich <[email protected]>

* fix target of policy

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Guy Daich <[email protected]>

* chore: add benchmark report into release artifacts (#3756)

* add benchmark report save dir

Signed-off-by: shawnh2 <[email protected]>

* add benchmark report to latest release

Signed-off-by: shawnh2 <[email protected]>

* separate benchmark-test push and pull_request event

Signed-off-by: shawnh2 <[email protected]>

* add benchmark report to release workflow

Signed-off-by: shawnh2 <[email protected]>

* fix lint and update doc

Signed-off-by: shawnh2 <[email protected]>

* move out resource limit unit

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* docs: fix grafana link (#3818)

Signed-off-by: zirain <[email protected]>

* e2e: make sure ALS server is ready (#3816)

Signed-off-by: zirain <[email protected]>

* Revert "docs: fix grafana link" (#3822)

Revert "docs: fix grafana link (#3818)"

This reverts commit 0af2f9f.

Signed-off-by: zirain <[email protected]>

* feat: support target selectors on Envoy Gateway Extension Server policies (#3800)

* Support target selectors on Envoy Gateway Extension Server policies

Signed-off-by: Lior Okman <[email protected]>

* Fixed the linter errors

Signed-off-by: Lior Okman <[email protected]>

---------

Signed-off-by: Lior Okman <[email protected]>

* docs: updating the documentation for Extension Servers and adding an example extension server (#3788)

* Updating the documentation for Extension Servers and adding an example
extension server.

Signed-off-by: Lior Okman <[email protected]>

* Make the docs linter happy

Signed-off-by: Lior Okman <[email protected]>

* Add license headers to every new source file, and make the yaml linter
ignore the extension-server chart

Signed-off-by: Lior Okman <[email protected]>

* Add the boilerplate license for generated files.

Signed-off-by: Lior Okman <[email protected]>

---------

Signed-off-by: Lior Okman <[email protected]>

* docs for ip allowlist/denylist (#3784)

* docs for ip whitelisting/blacklisting

Signed-off-by: Huabing Zhao <[email protected]>

* replace terms based on CNCF INI doc

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* docs: gRPC Access Log Service (ALS) sink (#3768)

* docs: gRPC Access Log Service (ALS) sink

Signed-off-by: zirain <[email protected]>

* ignore githubusercontent.com

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* docs: update v1.1.0-rc.1 release notes (#3821)

update v1.1.0-rc.1 release notes

Signed-off-by: Guy Daich <[email protected]>

* docs: add task for wasm extensions (#3796)

* docs for wasm extensions

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

* minor change

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* community: promote shawnh2 to maintainer and move qicz to emeritus (#3760)

Signed-off-by: bitliu <[email protected]>

* chore: report a translate error to errChan to make it observed correctly (#3827)

Signed-off-by: Kensei Nakada <[email protected]>

* chore: upgrade to golang v1.22.5 (#3829)

* chore: golang v1.22.5

Signed-off-by: Kensei Nakada <[email protected]>

* chore: update golang version in example manifest

Signed-off-by: Kensei Nakada <[email protected]>

---------

Signed-off-by: Kensei Nakada <[email protected]>
Co-authored-by: zirain <[email protected]>

* chore: add `make lint.fix-golint` to address auto fixable lint issues (#3828)

* chore: add make lint.fix to address auto fixable lint issues

Signed-off-by: Kensei Nakada <[email protected]>

* chore: rename to lint.fix-golint

Signed-off-by: Kensei Nakada <[email protected]>

* chore: golang v1.22.5

Signed-off-by: Kensei Nakada <[email protected]>

* fix: correct a mistake on the name

Signed-off-by: Kensei Nakada <[email protected]>

---------

Signed-off-by: Kensei Nakada <[email protected]>

* docs: patch field within EnvoyService (#3820)

* add docs for patching field within EnvoyService

Signed-off-by: shawnh2 <[email protected]>

* update path service example

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>

* accesslog: remove ALS gRPC initialMetadata (#3751)

remove ALS gRPC initialMetadata

Signed-off-by: zirain <[email protected]>

* docs: add fixed links to the current version of eg docs  (#3819)

* rename v1.0.2 to docs

Signed-off-by: Huabing Zhao <[email protected]>

* retain v1.0.2 directory to avoid dead links

Signed-off-by: Huabing Zhao <[email protected]>

* fix link

Signed-off-by: Huabing Zhao <[email protected]>

* fix link

Signed-off-by: Huabing Zhao <[email protected]>

* copy v1.0.2 to docs in make file

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* test auto copy

Signed-off-by: Huabing Zhao <[email protected]>

* copy latest version docs to docs directory

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: zirain <[email protected]>

* fix: backendtls minversion (#3835)

fix backendtls

Signed-off-by: Guy Daich <[email protected]>

* fix: enable use-client-protocol test (#3825)

* enable use-client-protocol test

Signed-off-by: Guy Daich <[email protected]>

* add retries to basic auth tests

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Guy Daich <[email protected]>

* fix: backendtls client cert (#3839)

fix backendtls client cert

Signed-off-by: Guy Daich <[email protected]>

* fix: prevent xdsIR updates from overwriting RateLimit configs from other xdsIR (#3771)

* fix: prevent xdsIR updates from overwriting RateLimit configs from other xdsIR

Signed-off-by: Kensei Nakada <[email protected]>

* fix: handle deletion events appropriately

Signed-off-by: Kensei Nakada <[email protected]>

* test: add a unit test for subscribeAndTranslate

Signed-off-by: Kensei Nakada <[email protected]>

* chore: sort import order

Signed-off-by: Kensei Nakada <[email protected]>

---------

Signed-off-by: Kensei Nakada <[email protected]>
Co-authored-by: zirain <[email protected]>

* docs: use v[x.y] instead of v[x.y.z] (#3836)

* docs: use vx.y instead of vx.y.z

Signed-off-by: zirain <[email protected]>

* fix deadlink

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* e2e: fix basic auth flaky (#3833)

Signed-off-by: zirain <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* design: add wasm extension supports OCI image code source (#3313)

* desing docs for wasm oci support

Signed-off-by: huabing zhao <[email protected]>

* fix lint

Signed-off-by: huabing zhao <[email protected]>

* Update site/content/en/contributions/design/wasm-extension.md

Co-authored-by: Arko Dasgupta <[email protected]>
Signed-off-by: Huabing Zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* authn consideration

Signed-off-by: huabing zhao <[email protected]>

* address comments

Signed-off-by: huabing zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* minor wording

Signed-off-by: huabing zhao <[email protected]>

* restrict access to priave images

Signed-off-by: huabing zhao <[email protected]>

* minor change

Signed-off-by: Huabing Zhao <[email protected]>

* move image to /img

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: huabing zhao <[email protected]>
Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* fix: enable upgrade test (#3764)

adapt upgrade test to v1.1

Signed-off-by: Guy Daich <[email protected]>
Co-authored-by: zirain <[email protected]>

* chore: go mod tidy (#3842)

Signed-off-by: zirain <[email protected]>

* fix flaky authorization tests (#3844)

Signed-off-by: Huabing Zhao <[email protected]>

* build(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (#3849)

Bumps [golang.org/x/net](https://github.com/golang/net) from 0.26.0 to 0.27.0.
- [Commits](golang/net@v0.26.0...v0.27.0)

---
updated-dependencies:
- dependency-name: golang.org/x/net
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump fortio.org/fortio from 1.65.0 to 1.66.0 (#3848)

Bumps [fortio.org/fortio](https://github.com/fortio/fortio) from 1.65.0 to 1.66.0.
- [Release notes](https://github.com/fortio/fortio/releases)
- [Commits](fortio/fortio@v1.65.0...v1.66.0)

---
updated-dependencies:
- dependency-name: fortio.org/fortio
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump helm.sh/helm/v3 from 3.15.2 to 3.15.3 (#3850)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.15.2 to 3.15.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](helm/helm@v3.15.2...v3.15.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: move UDP test resources out of the base (#3857)

delay the creation for non-shared udp test resources

Signed-off-by: Huabing Zhao <[email protected]>

* chore: replace targetRef with targetRefs in e2e (#3858)

* docs: Remove the older versions from linkinator ignore list (#3846)

* upgrade hugo and postcss-cli

Signed-off-by: zirain <[email protected]>

* fix deadlink

Signed-off-by: zirain <[email protected]>

* remove linkinator timeout

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* build(deps): bump aquasecurity/trivy-action from 0.23.0 to 0.24.0 (#3854)

Bumps [aquasecurity/trivy-action](https://github.com/aquasecurity/trivy-action) from 0.23.0 to 0.24.0.
- [Release notes](https://github.com/aquasecurity/trivy-action/releases)
- [Commits](aquasecurity/trivy-action@7c2007b...6e7b7d1)

---
updated-dependencies:
- dependency-name: aquasecurity/trivy-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github.com/norwoodj/helm-docs from 1.13.0 to 1.14.2 in /tools/src/helm-docs (#3847)

build(deps): bump github.com/norwoodj/helm-docs in /tools/src/helm-docs

Bumps [github.com/norwoodj/helm-docs](https://github.com/norwoodj/helm-docs) from 1.13.0 to 1.14.2.
- [Release notes](https://github.com/norwoodj/helm-docs/releases)
- [Changelog](https://github.com/norwoodj/helm-docs/blob/master/CHANGELOG.md)
- [Commits](norwoodj/helm-docs@v1.13.0...v1.14.2)

---
updated-dependencies:
- dependency-name: github.com/norwoodj/helm-docs
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* chore: move connection limit test resources out of the base (#3859)

* delay the creation for non-shared test resources

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

* build(deps): bump actions/setup-node from 4.0.2 to 4.0.3 (#3853)

Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/actions/setup-node/releases)
- [Commits](actions/setup-node@60edb5d...1e60f62)

---
updated-dependencies:
- dependency-name: actions/setup-node
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump google/osv-scanner-action from 1.8.1 to 1.8.2 (#3851)

Bumps [google/osv-scanner-action](https://github.com/google/osv-scanner-action) from 1.8.1 to 1.8.2.
- [Release notes](https://github.com/google/osv-scanner-action/releases)
- [Commits](google/osv-scanner-action@3c399db...7ac94f9)

---
updated-dependencies:
- dependency-name: google/osv-scanner-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>

* build(deps): bump actions/setup-go from 5.0.1 to 5.0.2 in /tools/github-actions/setup-deps (#3855)

build(deps): bump actions/setup-go in /tools/github-actions/setup-deps

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 5.0.1 to 5.0.2.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](actions/setup-go@cdcb360...0a12ed9)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 3.25.11 to 3.25.12 (#3852)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.12.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@b611370...4fa2a79)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>

* docs: add backend tls docs (#3843)

* add backend tls docs

Signed-off-by: Guy Daich <[email protected]>

* fix links

Signed-off-by: Guy Daich <[email protected]>

* add gateway paramsref

Signed-off-by: Guy Daich <[email protected]>

* nit

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Guy Daich <[email protected]>

* chore: move zipkin test resources out of the base (#3864)

move zipkin test resources out of the base

Signed-off-by: Huabing Zhao <[email protected]>

* chore: move tcp test resources out of the base (#3863)

move tcp test resources out of the base

Signed-off-by: Huabing Zhao <[email protected]>

* docs: create concepts docs page and diagram (#3808)

* Adding concept page with visual to docs site

Signed-off-by: Erica Hughberg <[email protected]>

* Fix EnvoyGatewayPatchPolicy to EnvoyPatchPolicy

Signed-off-by: Erica Hughberg <[email protected]>

* Fix ordering of columns and adding links.

Signed-off-by: Erica Hughberg <[email protected]>

* Adding to v1.0.2 as well

Signed-off-by: Erica Hughberg <[email protected]>

* Fixing links

Signed-off-by: Erica Hughberg <[email protected]>

* Added Backend resource to concept overview

Signed-off-by: Erica Hughberg <[email protected]>

* Tidy up and update docs for 1.0.2

Signed-off-by: Erica Hughberg <[email protected]>

* Update arrow from Route to route targets

Signed-off-by: Erica Hughberg <[email protected]>

* fix: wrong path & title and add diagram

Signed-off-by: bitliu <[email protected]>

---------

Signed-off-by: Erica Hughberg <[email protected]>
Signed-off-by: bitliu <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* benchmark: enable prometheus to scrape metrics from (#3772)

* chore: move backend tls test resources out of the base (#3862)

* move backend tls test resources out of the base

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* add notice

Signed-off-by: Huabing Zhao <[email protected]>

* fix test

Signed-off-by: Huabing Zhao <[email protected]>

* fix test

Signed-off-by: Huabing Zhao <[email protected]>

* print response body for debugging

Signed-off-by: Huabing Zhao <[email protected]>

* print policy for debugging

Signed-off-by: Huabing Zhao <[email protected]>

* increase timeout

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

* chore: remove cherrypicker action (#3831)

Signed-off-by: zirain <[email protected]>

* chore: update linkinator comment (#3870)

Signed-off-by: zirain <[email protected]>

* chore: make format as part of gen-check (#3877)

Signed-off-by: zirain <[email protected]>

* chore: update LINKINATOR_IGNORE (#3879)

* chore: update LINKINATOR_IGNORE

Signed-off-by: zirain <[email protected]>

* remove example.com

Signed-off-by: zirain <[email protected]>

* Revert "remove example.com"

This reverts commit 0c6e44c.

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* return 500 error for failed SecurityPolicies to avoid unauthorized access to xRoutes (#3869)

* return 500 error to avoid unauthorized access to xRoutes

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

* address comments

Signed-off-by: Huabing Zhao <[email protected]>

* add e2e test for failed SecurityPolicy

Signed-off-by: Huabing Zhao <[email protected]>

* add e2e test for failed SecurityPolicy

Signed-off-by: Huabing Zhao <[email protected]>

* add e2e test for failed SecurityPolicy

Signed-off-by: Huabing Zhao <[email protected]>

* add e2e test for failed SecurityPolicy

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* fix lint

Signed-off-by: Huabing Zhao <[email protected]>

* rename

Signed-off-by: Huabing Zhao <[email protected]>

* rename

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* lint: update yamllint and codespell skip  (#3882)

* lint: update yamllint and codespell skip

Signed-off-by: zirain <[email protected]>

* end with newline

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* e2e: increase test timeout (#3883)

Signed-off-by: zirain <[email protected]>

* chore: client mtls test (#3874)

client mtls test

Signed-off-by: Guy Daich <[email protected]>

* fix: nil pointer err during hash load balancing build (#3886)

fix nil pointer err in buildHashPolicy

Signed-off-by: shawnh2 <[email protected]>

* fix override issue for EEP (#3881)

* add test for empty policies

Signed-off-by: Huabing Zhao <[email protected]>

* add test for eep

Signed-off-by: Huabing Zhao <[email protected]>

* add teset for eep

Signed-off-by: Huabing Zhao <[email protected]>

* fix eep override issue

Signed-off-by: Huabing Zhao <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>

* accesslog: fix different CelMatches on AccessLog (#3885)

* accesslog: fix different CelMatches on AccessLog

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

* text

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>
Co-authored-by: Guy Daich <[email protected]>

* rm gateway-api translation error message from direct response (#3878)

* Responding back with an error message around translation errors
may leak info to internet facing external clients around ingress
internals

Signed-off-by: Arko Dasgupta <[email protected]>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* GetParentReferences should use namespace from RouteContext (#3876)

* GetParentReferences should use namespace from RouteContext

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

* add test

Signed-off-by: zirain <[email protected]>

* fix test

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

* add negative case

Signed-off-by: zirain <[email protected]>

* address review comment

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* Add e2e test for load balancing (#3868)

* update api doc and e2e test env for lb

Signed-off-by: shawnh2 <[email protected]>

* add e2e test for round robin lb

Signed-off-by: shawnh2 <[email protected]>

* fix gen-check

Signed-off-by: shawnh2 <[email protected]>

* add e2e test for source ip consistent hash lb

Signed-off-by: shawnh2 <[email protected]>

* add e2e test for header consistent hash lb

Signed-off-by: shawnh2 <[email protected]>

* add e2e test for cookie consistent hash lb

Signed-off-by: shawnh2 <[email protected]>

* add deployment only for lb test case

Signed-off-by: shawnh2 <[email protected]>

* rename deployment for different test setup

Signed-off-by: shawnh2 <[email protected]>

* wait deployment to have available replicas

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>
Co-authored-by: zirain <[email protected]>

* egctl: introduce `egctl x collect` (#3775)

* e2e: add e2e test for cookie based consistent hash load balancing (#3890)

* add e2e test for cookie based consistent hash load balancing

Signed-off-by: shawnh2 <[email protected]>

* fix lint

Signed-off-by: shawnh2 <[email protected]>

* lower the round robin lb test boundary

Signed-off-by: shawnh2 <[email protected]>

* add case for generated cookie

Signed-off-by: shawnh2 <[email protected]>

* fix lint

Signed-off-by: shawnh2 <[email protected]>

* remove response dump

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>

* enable HTTPRouteBackendRequestHeaderModifier test (#3891)

* enable HTTPRouteBackendRequestHeaderModifier test

already supported with #3246

Signed-off-by: Arko Dasgupta <[email protected]>

* make testdata

Signed-off-by: Arko Dasgupta <[email protected]>

---------

Signed-off-by: Arko Dasgupta <[email protected]>

* disable writing into GatewayClass.Status.SupportedFeatures

disable until the field moves from experiemental to stable
so status writes for a GatewayClass dont fail when the datatypes differ

Signed-off-by: Arko Dasgupta <[email protected]>

* comment out test snippet

Signed-off-by: Arko Dasgupta <[email protected]>

* validate for reconcile should check reference from EnvoyProxy (#3895)

validateEndpointSliceForReconcile should check reference from EnvoyProxy

Signed-off-by: zirain <[email protected]>

* chore: add grafonnet dashboards support (#3785)

* add grafonnet lib and support for resources monitor dashboard

Signed-off-by: shawnh2 <[email protected]>

* update helm-generate to support grafonnet generate dashboards

Signed-off-by: shawnh2 <[email protected]>

* update doc

Signed-off-by: shawnh2 <[email protected]>

* fix doc-lint and osv-scan

Signed-off-by: shawnh2 <[email protected]>

* fix tools path

Signed-off-by: shawnh2 <[email protected]>

* resolve conflicts

Signed-off-by: shawnh2 <[email protected]>

* fix gen-check

Signed-off-by: shawnh2 <[email protected]>

* fix doc-lint

Signed-off-by: shawnh2 <[email protected]>

---------

Signed-off-by: shawnh2 <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* add startupProbe to all provisioned containers (#3893)

* This ensures the readinessProbe kicks in only after the container has
  started
* max startup time is 300s - 30 (failureThreshold) x 10 (periodSeconds).
After this the container is killed and the `restartPolicy` kicks in
https://kubernetes.io/docs/concepts/configuration/liveness-readiness-startup-probes/#startup-probe

Fixes: #3511

Signed-off-by: Arko Dasgupta <[email protected]>

* e2e: move als test resources out of the base (#3884)

Signed-off-by: zirain <[email protected]>

* e2e: fix ZipkinTracing flaky (#3899)

* e2e: make sure OTel-collector is ready

Signed-off-by: zirain <[email protected]>

* fix gen

Signed-off-by: zirain <[email protected]>

* fix retry

Signed-off-by: zirain <[email protected]>

* remove infrastructure.parametersRef from all-namespace

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

* fix bad request

Signed-off-by: zirain <[email protected]>

* increase time of one cycle

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* doc: add load balancing usage (#3903)

add load balancing usage

Signed-off-by: shawnh2 <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>

* fix: typos in release notes (#3909)

Signed-off-by: bitliu <[email protected]>

* fix: fix the CEL definitions to allow policies that use target selectors without explicit targetRefs (#3904)

Fix the CEL definitions to allow policies that use target selectors
without explicit targetRefs

Signed-off-by: Lior Okman <[email protected]>

* feat(logger): Add tlog for better test logging (#3913)

Add tlog.Logf() logger

Signed-off-by: Manoramsharma <[email protected]>

* e2e: add hook to debug OIDC fail (#3914)

* e2e: refactor and improve lb test (#3912)

* e2e: refactor and improve lb test

Signed-off-by: zirain <[email protected]>

* tlog

Signed-off-by: zirain <[email protected]>

* update

Signed-off-by: zirain <[email protected]>

* lint

Signed-off-by: zirain <[email protected]>

* nit

Signed-off-by: zirain <[email protected]>

---------

Signed-off-by: zirain <[email protected]>

* tools: remove sphinx (#3927)

Signed-off-by: zirain <[email protected]>

* release v1.1.0 (#3932)

* release v1.1.0

Signed-off-by: Guy Daich <[email protected]>

* update release notes with delta from v1.1.0-rc.1

Signed-off-by: Guy Daich <[email protected]>

* fix lint

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Guy Daich <[email protected]>

---------

Signed-off-by: Huabing Zhao <[email protected]>
Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: zirain <[email protected]>
Signed-off-by: Guy Daich <[email protected]>
Signed-off-by: Takeshi Yoneda <[email protected]>
Signed-off-by: shawnh2 <[email protected]>
Signed-off-by: Lior Okman <[email protected]>
Signed-off-by: bitliu <[email protected]>
Signed-off-by: Kensei Nakada <[email protected]>
Signed-off-by: huabing zhao <[email protected]>
Signed-off-by: Erica Hughberg <[email protected]>
Signed-off-by: Arko Dasgupta <[email protected]>
Signed-off-by: Manoramsharma <[email protected]>
Co-authored-by: Huabing Zhao <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: zirain <[email protected]>
Co-authored-by: Xunzhuo <[email protected]>
Co-authored-by: Takeshi Yoneda <[email protected]>
Co-authored-by: sh2 <[email protected]>
Co-authored-by: Lior Okman <[email protected]>
Co-authored-by: Kensei Nakada <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]>
Co-authored-by: Erica Hughberg <[email protected]>
Co-authored-by: Arko Dasgupta <[email protected]>
Co-authored-by: Manoramsharma <[email protected]>
Demacr pushed a commit to Demacr/gateway that referenced this pull request Jul 26, 2024
…ors without explicit targetRefs (envoyproxy#3904)

Fix the CEL definitions to allow policies that use target selectors
without explicit targetRefs

Signed-off-by: Lior Okman <[email protected]>
Signed-off-by: Karandashov Daniil <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Creation of SecurityPolicy with targetSelectors fails
5 participants