fix dataplane tests

internal/mode/static/state/dataplane/configuration.go

@@ -46,7 +46,7 @@ func BuildConfiguration(
 	upstreams := buildUpstreams(ctx, g.Gateway.Listeners, serviceResolver, baseHTTPConfig.IPFamily)
 	httpServers, sslServers := buildServers(g, generator)
 	passthroughServers := buildPassthroughServers(g)
-	streamUpstreams := buildStreamUpstreams(ctx, g.Gateway.Listeners, serviceResolver)
+	streamUpstreams := buildStreamUpstreams(ctx, g.Gateway.Listeners, serviceResolver, baseHTTPConfig.IPFamily)
 	backendGroups := buildBackendGroups(append(httpServers, sslServers...))
 	keyPairs := buildSSLKeyPairs(g.ReferencedSecrets, g.Gateway.Listeners)
 	certBundles := buildCertBundles(g.ReferencedCaCertConfigMaps, backendGroups)
@@ -114,6 +114,7 @@ func buildStreamUpstreams(
 	ctx context.Context,
 	listeners []*graph.Listener,
 	resolver resolver.ServiceResolver,
+	ipFamily IPFamilyType,
 ) []Upstream {
 	// There can be duplicate upstreams if multiple routes reference the same upstream.
 	// We use a map to deduplicate them.
@@ -144,7 +145,9 @@ func buildStreamUpstreams(
 
 			var errMsg string
 
-			eps, err := resolver.Resolve(ctx, br.SvcNsName, br.ServicePort)
+			allowedAddressType := getAllowedAddressType(ipFamily)
+
+			eps, err := resolver.Resolve(ctx, br.SvcNsName, br.ServicePort, allowedAddressType)
 			if err != nil {
 				errMsg = err.Error()
 			}

internal/mode/static/state/dataplane/configuration_test.go

@@ -408,6 +408,47 @@ func TestBuildConfiguration(t *testing.T) {
 		pathAndType{path: "/valid", pathType: prefix}, pathAndType{path: invalidMatchesPath, pathType: prefix},
 	)
 
+	tlsTR1 := graph.L4Route{
+		Spec: graph.L4RouteSpec{
+			Hostnames: []v1.Hostname{"app.example.com", "cafe.example.com"},
+			BackendRef: graph.BackendRef{
+				SvcNsName: types.NamespacedName{
+					Namespace: "default",
+					Name:      "secure-app",
+				},
+				ServicePort: apiv1.ServicePort{
+					Name:     "https",
+					Protocol: "TCP",
+					Port:     8443,
+					TargetPort: intstr.IntOrString{
+						Type:   intstr.Int,
+						IntVal: 8443,
+					},
+				},
+				Valid: true,
+			},
+		},
+		Valid: true,
+	}
+
+	tlsTR2 := graph.L4Route{
+		Spec: graph.L4RouteSpec{
+			Hostnames:  []v1.Hostname{"test.example.com"},
+			BackendRef: graph.BackendRef{},
+		},
+		Valid: true,
+	}
+
+	TR1Key := graph.L4RouteKey{NamespacedName: types.NamespacedName{
+		Namespace: "default",
+		Name:      "secure-app",
+	}}
+
+	TR2Key := graph.L4RouteKey{NamespacedName: types.NamespacedName{
+		Namespace: "default",
+		Name:      "secure-app2",
+	}}
+
 	httpsHR7, expHTTPSHR7Groups, httpsRouteHR7 := createTestResources(
 		"https-hr-7",
 		"foo.example.com", // same as httpsHR3
@@ -596,6 +637,13 @@ func TestBuildConfiguration(t *testing.T) {
 		},
 	}
 
+	listener443_2 := v1.Listener{
+		Name:     "listener-443-2",
+		Hostname: (*v1.Hostname)(helpers.GetPointer("*.example.com")),
+		Port:     443,
+		Protocol: v1.TLSProtocolType,
+	}
+
 	listener8443 := v1.Listener{
 		Name:     "listener-8443",
 		Hostname: nil,
@@ -1522,11 +1570,26 @@ func TestBuildConfiguration(t *testing.T) {
 						},
 						ResolvedSecret: &secret1NsName,
 					},
+					{
+						Name:   "listener-443-2",
+						Source: listener443_2,
+						Valid:  true,
+						Routes: map[graph.RouteKey]*graph.L7Route{},
+						L4Routes: map[graph.L4RouteKey]*graph.L4Route{
+							TR1Key: &tlsTR1,
+							TR2Key: &tlsTR2,
+						},
+						ResolvedSecret: &secret1NsName,
+					},
 				}...)
 				g.Routes = map[graph.RouteKey]*graph.L7Route{
 					graph.CreateRouteKey(hr6):      routeHR6,
 					graph.CreateRouteKey(httpsHR6): httpsRouteHR6,
 				}
+				g.L4Routes = map[graph.L4RouteKey]*graph.L4Route{
+					TR1Key: &tlsTR1,
+					TR2Key: &tlsTR2,
+				}
 				g.ReferencedSecrets = map[types.NamespacedName]*graph.Secret{
 					secret1NsName: secret1,
 				}
@@ -1577,6 +1640,19 @@ func TestBuildConfiguration(t *testing.T) {
 				}...)
 				conf.Upstreams = []Upstream{fooUpstream}
 				conf.BackendGroups = []BackendGroup{expHR6Groups[0], expHTTPSHR6Groups[0]}
+				conf.StreamUpstreams = []Upstream{
+					{
+						Endpoints: fooEndpoints,
+						Name:      "default_secure-app_8443",
+					},
+				}
+				conf.TLSPassthroughServers = []Layer4VirtualServer{
+					{
+						Hostname:     "app.example.com",
+						UpstreamName: "default_secure-app_8443",
+						Port:         443,
+					},
+				}
 				return conf
 			}),
 			msg: "one http and one https listener with routes with valid and invalid rules",
@@ -3217,6 +3293,7 @@ func TestGetAllowedAddressType(t *testing.T) {
 		})
 	}
 }
+
 func TestCreatePassthroughServers(t *testing.T) {
 	testGraph := graph.Graph{
 		Gateway: &graph.Gateway{
@@ -3409,7 +3486,7 @@ func TestBuildStreamUpstreams(t *testing.T) {
 	fakeResolver := resolverfakes.FakeServiceResolver{}
 	fakeResolver.ResolveReturns(nil, errors.New("error"))
 
-	streamUpstreams := buildStreamUpstreams(context.Background(), testGraph.Gateway.Listeners, &fakeResolver)
+	streamUpstreams := buildStreamUpstreams(context.Background(), testGraph.Gateway.Listeners, &fakeResolver, Dual)
 
 	expectedStreamUpstreams := []Upstream{
 		{

internal/mode/static/state/graph/route_common.go

@@ -272,15 +272,15 @@ func buildTLSRoute(
 
 	refPath := field.NewPath("spec").Child("rules").Index(0).Child("backendRefs").Index(0)
 
-	svcNsName, svcPort, err := getServiceAndPortFromRef(
+	_, svcPort, err := getIPFamilyAndPortFromRef(
 		gtr.Spec.Rules[0].BackendRefs[0],
-		r.Source.GetNamespace(),
+		types.NamespacedName{Namespace: r.Source.GetNamespace(), Name: r.Source.GetName()},
 		services,
 		refPath,
 	)
 	if err != nil {
 		backendRef = BackendRef{
-			SvcNsName:   svcNsName,
+			SvcNsName:   types.NamespacedName{Namespace: r.Source.GetNamespace(), Name: r.Source.GetName()},
 			ServicePort: svcPort,
 			Valid:       false,
 		}
@@ -291,7 +291,7 @@ func buildTLSRoute(
 	}
 
 	backendRef = BackendRef{
-		SvcNsName:   svcNsName,
+		SvcNsName:   types.NamespacedName{Namespace: r.Source.GetNamespace(), Name: r.Source.GetName()},
 		ServicePort: svcPort,
 		Valid:       true,
 	}