From d24262204c14fb639bdaf867e8fd2b01474efad7 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 10:04:36 -0600 Subject: [PATCH 01/20] Update github/codeql-action action to v3.26.8 (#2581) | datasource | package | from | to | | ----------- | -------------------- | ------- | ------- | | github-tags | github/codeql-action | v3.26.7 | v3.26.8 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/scorecards.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 73cff8db70..5f3c2bd6ec 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -170,7 +170,7 @@ jobs: fail-build: false - name: Upload scan result to GitHub Security tab - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 continue-on-error: true with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 11523008c3..1b470170cc 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -64,6 +64,6 @@ jobs: # queries: security-extended,security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index f1d2e15edb..6013f205ea 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -60,6 +60,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7 + uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 with: sarif_file: results.sarif From 35f2b91637f5d42427e903b0fffb98d508e22a26 Mon Sep 17 00:00:00 2001 From: bjee19 <139261241+bjee19@users.noreply.github.com> Date: Thu, 19 Sep 2024 09:26:09 -0700 Subject: [PATCH 02/20] Add description for enabling experimental features (#2546) Problem: There is insufficient documentation on enabling experimental features in our guides. Solution: Add an includes description for enabling experimental features that we can use for any guides on experimental features. Also updated gateway api compatibility document. Testing: Locally generated the documentation through Hugo and it works. --- .../securing-backend-traffic.md | 8 +- .../traffic-management/tls-passthrough.md | 8 +- ...stall-gateway-api-experimental-features.md | 24 ++++ .../install-gateway-api-resources.md | 12 +- .../overview/gateway-api-compatibility.md | 108 +++++++++++------- 5 files changed, 111 insertions(+), 49 deletions(-) create mode 100644 site/content/includes/installation/install-gateway-api-experimental-features.md diff --git a/site/content/how-to/traffic-management/securing-backend-traffic.md b/site/content/how-to/traffic-management/securing-backend-traffic.md index 7073143591..7fac297ca6 100644 --- a/site/content/how-to/traffic-management/securing-backend-traffic.md +++ b/site/content/how-to/traffic-management/securing-backend-traffic.md @@ -12,9 +12,15 @@ Learn how to encrypt HTTP traffic between NGINX Gateway Fabric and your backend In this guide, we will show how to specify the TLS configuration of the connection from the Gateway to a backend pod/s via the Service API object using a [BackendTLSPolicy](https://gateway-api.sigs.k8s.io/api-types/backendtlspolicy/). This covers the use-case where the service or backend owner is doing their own TLS and NGINX Gateway Fabric needs to know how to connect to this backend pod that has its own certificate over HTTPS. +## Note on Gateway API Experimental Features + +{{< important >}} BackendTLSPolicy is a Gateway API resource from the experimental release channel. {{< /important >}} + +{{}} + ## Before you begin -- [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric. Please note that the Gateway APIs from the experimental channel are required, and NGF must be deployed with the `--gateway-api-experimental-features` flag. +- [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric with experimental features enabled. - Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text diff --git a/site/content/how-to/traffic-management/tls-passthrough.md b/site/content/how-to/traffic-management/tls-passthrough.md index 53395fbc20..8ade7ff8bb 100644 --- a/site/content/how-to/traffic-management/tls-passthrough.md +++ b/site/content/how-to/traffic-management/tls-passthrough.md @@ -11,9 +11,15 @@ Learn how to use TLSRoutes to configure TLS Passthrough load-balancing with NGIN In this guide, we will show how to configure TLS passthrough for your application, using a [TLSRoute](https://gateway-api.sigs.k8s.io/reference/spec/#gateway.networking.k8s.io/v1alpha2.TLSRoute). +## Note on Gateway API Experimental Features + +{{< important >}} TLSRoute is a Gateway API resource from the experimental release channel. {{< /important >}} + +{{}} + ## Before you begin -- [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric. +- [Install]({{< relref "installation/" >}}) NGINX Gateway Fabric with experimental features enabled. - Save the public IP address and port of NGINX Gateway Fabric into shell variables: ```text diff --git a/site/content/includes/installation/install-gateway-api-experimental-features.md b/site/content/includes/installation/install-gateway-api-experimental-features.md new file mode 100644 index 0000000000..27e1170027 --- /dev/null +++ b/site/content/includes/installation/install-gateway-api-experimental-features.md @@ -0,0 +1,24 @@ +--- +title: "Install NGINX Gateway Fabric with experimental features" +docs: "DOCS-000" +--- + +To use Gateway API experimental resources, the Gateway API resources from the experimental channel must be installed before deploying NGINX Gateway Fabric. Additionally, NGINX Gateway Fabric must have experimental features enabled. + +{{< caution >}}As noted in the [Gateway API documentation](https://gateway-api.sigs.k8s.io/guides/#install-experimental-channel), future releases of the Gateway API can include breaking changes to experimental resources and fields. {{}} + +To install the Gateway API resources from the experimental channel, run the following: + +```shell +kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl apply -f - +``` + +{{< note >}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`. {{}} + +To enable experimental features on NGINX Gateway Fabric: + +Using Helm: Set `nginxGateway.gwAPIExperimentalFeatures.enable` to true. An example can be found +in the [Installation with Helm]({{< relref "installation/installing-ngf/helm.md#custom-installation-options" >}}) guide. + +Using Kubernetes manifests: Add the `--gateway-api-experimental-features` command-line flag to the deployment manifest args. +An example can be found in the [Installation with Kubernetes manifests]({{< relref "installation/installing-ngf/manifests.md#3-deploy-nginx-gateway-fabric" >}}) guide. diff --git a/site/content/includes/installation/install-gateway-api-resources.md b/site/content/includes/installation/install-gateway-api-resources.md index 68af60d99e..109b6f4fd6 100644 --- a/site/content/includes/installation/install-gateway-api-resources.md +++ b/site/content/includes/installation/install-gateway-api-resources.md @@ -2,7 +2,7 @@ docs: "DOCS-1438" --- -{{}}The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/README.md#technical-specifications).{{}} +{{< note >}} The [Gateway API resources](https://github.com/kubernetes-sigs/gateway-api) from the standard channel must be installed before deploying NGINX Gateway Fabric. If they are already installed in your cluster, please ensure they are the correct version as supported by the NGINX Gateway Fabric - [see the Technical Specifications](https://github.com/nginxinc/nginx-gateway-fabric/blob/v1.4.0/README.md#technical-specifications). {{}} To install the Gateway API resources, run the following: @@ -10,11 +10,15 @@ To install the Gateway API resources, run the following: kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.4.0" | kubectl apply -f - ``` -{{}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`.{{}} +{{< note >}}If you plan to use the `edge` version of NGINX Gateway Fabric, you can replace the version in `ref` with `main`, for example `ref=main`.{{}} -Alternatively, you can install the Gateway API resources from the experimental channel. We support a subset of the -additional features provided by the experimental channel. To install from the experimental channel, run the following: +Alternatively, you can install the Gateway API resources from the experimental channel. +Installing Gateway API resources from the experimental channel includes everything in the standard release channel plus additional experimental resources and fields. +NGINX Gateway Fabric currently supports a subset of the additional features provided by the experimental channel. +To install from the experimental channel, run the following: ```shell kubectl kustomize "https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/experimental?ref=v1.4.0" | kubectl apply -f - ``` + +{{< note >}} To learn more about what Gateway API resources NGINX Gateway Fabric currently supports, visit our [Gateway API Compatibility]({{< relref "overview/gateway-api-compatibility.md" >}}) document. {{}} diff --git a/site/content/overview/gateway-api-compatibility.md b/site/content/overview/gateway-api-compatibility.md index e7405e5a47..b0a344e0a6 100644 --- a/site/content/overview/gateway-api-compatibility.md +++ b/site/content/overview/gateway-api-compatibility.md @@ -10,18 +10,20 @@ Learn which Gateway API resources NGINX Gateway Fabric supports and to which lev ## Summary {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -|---------------------------------------|--------------------|------------------------|---------------------------------------|-------------| -| [GatewayClass](#gatewayclass) | Supported | Not supported | Supported | v1 | -| [Gateway](#gateway) | Supported | Partially supported | Not supported | v1 | -| [HTTPRoute](#httproute) | Supported | Partially supported | Not supported | v1 | -| [ReferenceGrant](#referencegrant) | Supported | N/A | Not supported | v1beta1 | -| [GRPCRoute](#grpcroute) | Supported | Partially supported | Not supported | v1 | -| [TLSRoute](#tlsroute) | Supported | Not supported | Not supported | v1alpha2 | -| [TCPRoute](#tcproute) | Not supported | Not supported | Not supported | N/A | -| [UDPRoute](#udproute) | Not supported | Not supported | Not supported | N/A | -| [BackendTLSPolicy](#backendtlspolicy) | Supported | Supported | Not supported | v1alpha3 | -| [Custom policies](#custom-policies) | N/A | N/A | Supported | N/A | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|---------------------------------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| [GatewayClass](#gatewayclass) | Supported | Not supported | Supported | v1 | Standard | +| [Gateway](#gateway) | Supported | Partially supported | Not supported | v1 | Standard | +| [HTTPRoute](#httproute) | Supported | Partially supported | Not supported | v1 | Standard | +| [GRPCRoute](#grpcroute) | Supported | Partially supported | Not supported | v1 | Standard | +| [ReferenceGrant](#referencegrant) | Supported | N/A | Not supported | v1beta1 | Standard | +| [TLSRoute](#tlsroute) | Supported | Not supported | Not supported | v1alpha2 | Experimental | +| [TCPRoute](#tcproute) | Not supported | Not supported | Not supported | v1alpha2 | Experimental | +| [UDPRoute](#udproute) | Not supported | Not supported | Not supported | v1alpha2 | Experimental | +| [BackendTLSPolicy](#backendtlspolicy) | Supported | Supported | Not supported | v1alpha3 | Experimental | +| [Custom policies](#custom-policies) | N/A | N/A | Supported | N/A | N/A | + {{< /bootstrap-table >}} --- @@ -36,7 +38,7 @@ Gateway API features has three [support levels](https://gateway-api.sigs.k8s.io/ - _Not supported_. The resource or field is not yet supported. It will become partially or fully supported in future releases. -{{< note >}} It's possible that NGINX Gateway Fabric will never support some resources or fields of the Gateway API. They will be documented on a case by case basis. NGINX Gateway Fabric doesn't support any features from the experimental release channel. {{< /note >}} +{{< note >}} It's possible that NGINX Gateway Fabric will never support some resources or fields of the Gateway API. They will be documented on a case by case basis. {{< /note >}} --- @@ -49,9 +51,11 @@ For a description of each field, visit the [Gateway API documentation](https://g ### GatewayClass {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level| API Version | -| ------------ | ------------------ | ---------------------- | ----------------------------------- | ----------- | -| GatewayClass | Supported | Not supported | Supported | v1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|--------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| GatewayClass | Supported | Not supported | Supported | v1 | Standard | + {{< /bootstrap-table >}} NGINX Gateway Fabric supports a single GatewayClass resource configured with the `--gatewayclass` flag of the [static-mode]({{< relref "/reference/cli-help.md#static-mode">}}) command. @@ -77,9 +81,11 @@ NGINX Gateway Fabric supports a single GatewayClass resource configured with the ### Gateway {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| -------- | ------------------ | -----------------------------| ------------------------------------- | ----------- | -| Gateway | Supported | Partially supported | Not supported | v1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| Gateway | Supported | Partially supported | Not supported | v1 | Standard | + {{< /bootstrap-table >}} NGINX Gateway Fabric supports a single Gateway resource. The Gateway resource must reference NGINX Gateway Fabric's corresponding GatewayClass. @@ -140,9 +146,11 @@ See the [static-mode]({{< relref "/reference/cli-help.md#static-mode">}}) comman ### HTTPRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| --------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| HTTPRoute | Supported | Partially supported | Not supported | v1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|-----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| HTTPRoute | Supported | Partially supported | Not supported | v1 | Standard | + {{< /bootstrap-table >}} **Fields**: @@ -190,9 +198,11 @@ See the [static-mode]({{< relref "/reference/cli-help.md#static-mode">}}) comman ### GRPCRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| --------- | ------------------- | -----------------------------| ------------------------------------- | ----------- | -| GRPCRoute | Supported | Partially supported | Not supported | v1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|-----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| GRPCRoute | Supported | Partially supported | Not supported | v1 | Standard | + {{< /bootstrap-table >}} **Fields**: @@ -234,9 +244,11 @@ See the [static-mode]({{< relref "/reference/cli-help.md#static-mode">}}) comman ### ReferenceGrant {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| -------------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| ReferenceGrant | Supported | N/A | Not supported | v1beta1 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| ReferenceGrant | Supported | N/A | Not supported | v1beta1 | Standard | + {{< /bootstrap-table >}} Fields: @@ -256,9 +268,11 @@ Fields: ### TLSRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -|----------|--------------------|------------------------|---------------------------------------|-------------| -| TLSRoute | Supported | Not supported | Not supported | v1alpha2 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| TLSRoute | Supported | Not supported | Not supported | v1alpha2 | Experimental | + {{< /bootstrap-table >}} **Fields**: @@ -294,9 +308,11 @@ Fields: ### TCPRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| -------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| TCPRoute | Not supported | Not supported | Not supported | N/A | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| TCPRoute | Not supported | Not supported | Not supported | v1alpha2 | Experimental | + {{< /bootstrap-table >}} --- @@ -304,9 +320,11 @@ Fields: ### UDPRoute {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| -------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| UDPRoute | Not supported | Not supported | Not supported | N/A | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|----------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| UDPRoute | Not supported | Not supported | Not supported | v1alpha2 | Experimental | + {{< /bootstrap-table >}} --- @@ -314,9 +332,11 @@ Fields: ### BackendTLSPolicy {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| ---------------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| BackendTLSPolicy | Supported | Supported | Not supported | v1alpha3 | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|------------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| BackendTLSPolicy | Supported | Supported | Not supported | v1alpha3 | Experimental | + {{< /bootstrap-table >}} Fields: @@ -346,9 +366,11 @@ Fields: ### Custom Policies {{< bootstrap-table "table table-striped table-bordered" >}} -| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | -| --------------- | ------------------ | ---------------------- | ------------------------------------- | ----------- | -| Custom policies | N/A | N/A | Supported | N/A | + +| Resource | Core Support Level | Extended Support Level | Implementation-Specific Support Level | API Version | API Release Channel | +|-----------------|--------------------|------------------------|---------------------------------------|-------------|---------------------| +| Custom policies | N/A | N/A | Supported | N/A | N/A | + {{< /bootstrap-table >}} Custom policies are NGINX Gateway Fabric-specific CRDs (Custom Resource Definitions) that support features such as tracing, and client connection settings. These important data-plane features are not part of the Gateway API specifications. From 059c58f03e63a45219feb5c6cf475b886af87f22 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 11:35:14 -0600 Subject: [PATCH 03/20] Update actions/setup-node action to v4.0.4 (#2582) | datasource | package | from | to | | ----------- | ------------------ | ------ | ------ | | github-tags | actions/setup-node | v4.0.3 | v4.0.4 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/ci.yml | 2 +- .github/workflows/lint.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5f207e4805..535fd87623 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -113,7 +113,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js Environment - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 with: node-version-file: .nvmrc diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index e36848aab6..c89b056af9 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -50,7 +50,7 @@ jobs: uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 - name: Setup Node.js Environment - uses: actions/setup-node@1e60f620b9541d16bece96c5465dc8ee9832be0b # v4.0.3 + uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 with: node-version-file: .nvmrc From 11f7fcb690f948cf17fee736a8c52180bcf91f25 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 19 Sep 2024 15:03:42 -0600 Subject: [PATCH 04/20] Update Helm release opentelemetry-collector to v0.106.0 (#2583) | datasource | package | from | to | | ---------- | ----------------------- | ------- | ------- | | helm | opentelemetry-collector | 0.105.1 | 0.106.0 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- tests/framework/collector.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/framework/collector.go b/tests/framework/collector.go index 8b27bd6d69..7d8debc70b 100644 --- a/tests/framework/collector.go +++ b/tests/framework/collector.go @@ -12,7 +12,7 @@ const ( collectorChartReleaseName = "otel-collector" //nolint:lll // renovate: datasource=helm depName=opentelemetry-collector registryUrl=https://open-telemetry.github.io/opentelemetry-helm-charts - collectorChartVersion = "0.105.1" + collectorChartVersion = "0.106.0" ) // InstallCollector installs the otel-collector. From dacb4763a7e97d7a61e2bc092fe6bef566d6c05e Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Fri, 20 Sep 2024 16:37:22 +0000 Subject: [PATCH 05/20] Update contributor-assistant/github-action action to v2.5.2 (#2586) | datasource | package | from | to | | ----------- | ----------------------------------- | ------ | ------ | | github-tags | contributor-assistant/github-action | v2.5.1 | v2.5.2 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/f5-cla.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5-cla.yml index de0dbc8a55..649a95d422 100644 --- a/.github/workflows/f5-cla.yml +++ b/.github/workflows/f5-cla.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Run F5 Contributor License Agreement (CLA) assistant if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@f41946747f85d28e9a738f4f38dbcc74b69c7e0e # v2.5.1 + uses: contributor-assistant/github-action@fdca7a016082d9130c3cd91a236ddf956ec35f1d # v2.5.2 with: # Any pull request targeting the following branch will trigger a CLA check. branch: "main" From 42994cbe26aa13eb081d006d6ece7a82b4030e3e Mon Sep 17 00:00:00 2001 From: nginx-aoife <50101789+nginx-aoife@users.noreply.github.com> Date: Mon, 23 Sep 2024 13:05:01 +0100 Subject: [PATCH 06/20] docs-fix-broken-url (#2585) --- .../includes/installation/expose-nginx-gateway-fabric.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/includes/installation/expose-nginx-gateway-fabric.md b/site/content/includes/installation/expose-nginx-gateway-fabric.md index 316b22b6ef..bfa704c3ef 100644 --- a/site/content/includes/installation/expose-nginx-gateway-fabric.md +++ b/site/content/includes/installation/expose-nginx-gateway-fabric.md @@ -50,4 +50,4 @@ There are two options for accessing NGINX Gateway Fabric depending on the type o NGINX Gateway Fabric uses the created service to update the **Addresses** field in the **Gateway Status** resource. Using a **LoadBalancer** service sets this field to the IP address and/or hostname of that service. Without a service, the pod IP address is used. -This gateway is associated with the NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a **GatewayClass** with the name **nginx**. NGINX Gateway Fabric will only configure gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag](/docs/cli-help.md#static-mode). +This gateway is associated with the NGINX Gateway Fabric through the **gatewayClassName** field. The default installation of NGINX Gateway Fabric creates a **GatewayClass** with the name **nginx**. NGINX Gateway Fabric will only configure gateways with a **gatewayClassName** of **nginx** unless you change the name via the `--gatewayclass` [command-line flag]({{< relref "reference/cli-help.md#static-mode">}}). From 8cab563e4fd8c0f1351d0504079e83193c3f967f Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 08:50:14 -0700 Subject: [PATCH 07/20] Update contributor-assistant/github-action action to v2.6.0 (#2589) | datasource | package | from | to | | ----------- | ----------------------------------- | ------ | ------ | | github-tags | contributor-assistant/github-action | v2.5.2 | v2.6.0 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/f5-cla.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5-cla.yml index 649a95d422..a1c34f8964 100644 --- a/.github/workflows/f5-cla.yml +++ b/.github/workflows/f5-cla.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Run F5 Contributor License Agreement (CLA) assistant if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@fdca7a016082d9130c3cd91a236ddf956ec35f1d # v2.5.2 + uses: contributor-assistant/github-action@b1522fa982419e79591a92e1267de463a281cdb7 # v2.6.0 with: # Any pull request targeting the following branch will trigger a CLA check. branch: "main" From 2bfa5d96f7bf04ba9b9840a7f24c9696c814cd05 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 14:44:13 -0600 Subject: [PATCH 08/20] Update Helm release opentelemetry-collector to v0.106.1 (#2590) | datasource | package | from | to | | ---------- | ----------------------- | ------- | ------- | | helm | opentelemetry-collector | 0.106.0 | 0.106.1 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- tests/framework/collector.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/framework/collector.go b/tests/framework/collector.go index 7d8debc70b..9b8f7561b7 100644 --- a/tests/framework/collector.go +++ b/tests/framework/collector.go @@ -12,7 +12,7 @@ const ( collectorChartReleaseName = "otel-collector" //nolint:lll // renovate: datasource=helm depName=opentelemetry-collector registryUrl=https://open-telemetry.github.io/opentelemetry-helm-charts - collectorChartVersion = "0.106.0" + collectorChartVersion = "0.106.1" ) // InstallCollector installs the otel-collector. From 0ade9ede5c5be1eb7137308c08c7c17608515ca8 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Mon, 23 Sep 2024 15:00:34 -0700 Subject: [PATCH 09/20] Update jacobtomlinson/gha-find-replace action to v3.0.4 (#2591) | datasource | package | from | to | | ----------- | ------------------------------- | ----- | ------ | | github-tags | jacobtomlinson/gha-find-replace | 3.0.3 | v3.0.4 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/release-pr.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index b2a47cf103..30757540ac 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -47,7 +47,7 @@ jobs: echo "current_version=$(yq '.version' > $GITHUB_OUTPUT - name: Find and Replace - uses: jacobtomlinson/gha-find-replace@099c88fbf2a7da26b083521a8bfa13e4f0886b97 # v3.0.3 + uses: jacobtomlinson/gha-find-replace@1dcd8b008d15ef0862ae785c76d1419cca930e15 # v3.0.4 with: find: ${{ steps.vars.outputs.current_version }} replace: ${{ inputs.version }} @@ -55,7 +55,7 @@ jobs: regex: false - name: Find and Replace - uses: jacobtomlinson/gha-find-replace@099c88fbf2a7da26b083521a8bfa13e4f0886b97 # v3.0.3 + uses: jacobtomlinson/gha-find-replace@1dcd8b008d15ef0862ae785c76d1419cca930e15 # v3.0.4 with: find: "edge" replace: ${{ inputs.version }} @@ -63,7 +63,7 @@ jobs: regex: false - name: Find and Replace - uses: jacobtomlinson/gha-find-replace@099c88fbf2a7da26b083521a8bfa13e4f0886b97 # v3.0.3 + uses: jacobtomlinson/gha-find-replace@1dcd8b008d15ef0862ae785c76d1419cca930e15 # v3.0.4 with: find: ${{ steps.vars.outputs.current_version }} replace: ${{ inputs.version }} @@ -71,7 +71,7 @@ jobs: regex: false - name: Find and Replace - uses: jacobtomlinson/gha-find-replace@099c88fbf2a7da26b083521a8bfa13e4f0886b97 # v3.0.3 + uses: jacobtomlinson/gha-find-replace@1dcd8b008d15ef0862ae785c76d1419cca930e15 # v3.0.4 with: find: "Always" replace: "IfNotPresent" From 5388f4759808e46a10fa04f2205e9cfa3eff7fe4 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 09:02:22 -0600 Subject: [PATCH 10/20] Bump rollup from 4.21.2 to 4.22.4 in /internal/mode/static/nginx/modules in the npm_and_yarn group across 1 directory (#2595) Bump rollup Bumps the npm_and_yarn group with 1 update in the /internal/mode/static/nginx/modules directory: [rollup](https://github.com/rollup/rollup). Updates `rollup` from 4.21.2 to 4.22.4 - [Release notes](https://github.com/rollup/rollup/releases) - [Changelog](https://github.com/rollup/rollup/blob/master/CHANGELOG.md) - [Commits](https://github.com/rollup/rollup/compare/v4.21.2...v4.22.4) --- updated-dependencies: - dependency-name: rollup dependency-type: indirect dependency-group: npm_and_yarn ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .../static/nginx/modules/package-lock.json | 151 ++++++++---------- 1 file changed, 67 insertions(+), 84 deletions(-) diff --git a/internal/mode/static/nginx/modules/package-lock.json b/internal/mode/static/nginx/modules/package-lock.json index ef28ebb29f..d831ee84b0 100644 --- a/internal/mode/static/nginx/modules/package-lock.json +++ b/internal/mode/static/nginx/modules/package-lock.json @@ -570,224 +570,208 @@ } }, "node_modules/@rollup/rollup-android-arm-eabi": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.21.2.tgz", - "integrity": "sha512-fSuPrt0ZO8uXeS+xP3b+yYTCBUd05MoSp2N/MFOgjhhUhMmchXlpTQrTpI8T+YAwAQuK7MafsCOxW7VrPMrJcg==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm-eabi/-/rollup-android-arm-eabi-4.22.4.tgz", + "integrity": "sha512-Fxamp4aEZnfPOcGA8KSNEohV8hX7zVHOemC8jVBoBUHu5zpJK/Eu3uJwt6BMgy9fkvzxDaurgj96F/NiLukF2w==", "cpu": [ "arm" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "android" ] }, "node_modules/@rollup/rollup-android-arm64": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.21.2.tgz", - "integrity": "sha512-xGU5ZQmPlsjQS6tzTTGwMsnKUtu0WVbl0hYpTPauvbRAnmIvpInhJtgjj3mcuJpEiuUw4v1s4BimkdfDWlh7gA==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-android-arm64/-/rollup-android-arm64-4.22.4.tgz", + "integrity": "sha512-VXoK5UMrgECLYaMuGuVTOx5kcuap1Jm8g/M83RnCHBKOqvPPmROFJGQaZhGccnsFtfXQ3XYa4/jMCJvZnbJBdA==", "cpu": [ "arm64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "android" ] }, "node_modules/@rollup/rollup-darwin-arm64": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.21.2.tgz", - "integrity": "sha512-99AhQ3/ZMxU7jw34Sq8brzXqWH/bMnf7ZVhvLk9QU2cOepbQSVTns6qoErJmSiAvU3InRqC2RRZ5ovh1KN0d0Q==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-arm64/-/rollup-darwin-arm64-4.22.4.tgz", + "integrity": "sha512-xMM9ORBqu81jyMKCDP+SZDhnX2QEVQzTcC6G18KlTQEzWK8r/oNZtKuZaCcHhnsa6fEeOBionoyl5JsAbE/36Q==", "cpu": [ "arm64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "darwin" ] }, "node_modules/@rollup/rollup-darwin-x64": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.21.2.tgz", - "integrity": "sha512-ZbRaUvw2iN/y37x6dY50D8m2BnDbBjlnMPotDi/qITMJ4sIxNY33HArjikDyakhSv0+ybdUxhWxE6kTI4oX26w==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-darwin-x64/-/rollup-darwin-x64-4.22.4.tgz", + "integrity": "sha512-aJJyYKQwbHuhTUrjWjxEvGnNNBCnmpHDvrb8JFDbeSH3m2XdHcxDd3jthAzvmoI8w/kSjd2y0udT+4okADsZIw==", "cpu": [ "x64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "darwin" ] }, "node_modules/@rollup/rollup-linux-arm-gnueabihf": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.21.2.tgz", - "integrity": "sha512-ztRJJMiE8nnU1YFcdbd9BcH6bGWG1z+jP+IPW2oDUAPxPjo9dverIOyXz76m6IPA6udEL12reYeLojzW2cYL7w==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-gnueabihf/-/rollup-linux-arm-gnueabihf-4.22.4.tgz", + "integrity": "sha512-j63YtCIRAzbO+gC2L9dWXRh5BFetsv0j0va0Wi9epXDgU/XUi5dJKo4USTttVyK7fGw2nPWK0PbAvyliz50SCQ==", "cpu": [ "arm" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-arm-musleabihf": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.21.2.tgz", - "integrity": "sha512-flOcGHDZajGKYpLV0JNc0VFH361M7rnV1ee+NTeC/BQQ1/0pllYcFmxpagltANYt8FYf9+kL6RSk80Ziwyhr7w==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm-musleabihf/-/rollup-linux-arm-musleabihf-4.22.4.tgz", + "integrity": "sha512-dJnWUgwWBX1YBRsuKKMOlXCzh2Wu1mlHzv20TpqEsfdZLb3WoJW2kIEsGwLkroYf24IrPAvOT/ZQ2OYMV6vlrg==", "cpu": [ "arm" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-arm64-gnu": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.21.2.tgz", - "integrity": "sha512-69CF19Kp3TdMopyteO/LJbWufOzqqXzkrv4L2sP8kfMaAQ6iwky7NoXTp7bD6/irKgknDKM0P9E/1l5XxVQAhw==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-gnu/-/rollup-linux-arm64-gnu-4.22.4.tgz", + "integrity": "sha512-AdPRoNi3NKVLolCN/Sp4F4N1d98c4SBnHMKoLuiG6RXgoZ4sllseuGioszumnPGmPM2O7qaAX/IJdeDU8f26Aw==", "cpu": [ "arm64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-arm64-musl": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.21.2.tgz", - "integrity": "sha512-48pD/fJkTiHAZTnZwR0VzHrao70/4MlzJrq0ZsILjLW/Ab/1XlVUStYyGt7tdyIiVSlGZbnliqmult/QGA2O2w==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-arm64-musl/-/rollup-linux-arm64-musl-4.22.4.tgz", + "integrity": "sha512-Gl0AxBtDg8uoAn5CCqQDMqAx22Wx22pjDOjBdmG0VIWX3qUBHzYmOKh8KXHL4UpogfJ14G4wk16EQogF+v8hmA==", "cpu": [ "arm64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-powerpc64le-gnu": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.21.2.tgz", - "integrity": "sha512-cZdyuInj0ofc7mAQpKcPR2a2iu4YM4FQfuUzCVA2u4HI95lCwzjoPtdWjdpDKyHxI0UO82bLDoOaLfpZ/wviyQ==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-powerpc64le-gnu/-/rollup-linux-powerpc64le-gnu-4.22.4.tgz", + "integrity": "sha512-3aVCK9xfWW1oGQpTsYJJPF6bfpWfhbRnhdlyhak2ZiyFLDaayz0EP5j9V1RVLAAxlmWKTDfS9wyRyY3hvhPoOg==", "cpu": [ "ppc64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-riscv64-gnu": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.21.2.tgz", - "integrity": "sha512-RL56JMT6NwQ0lXIQmMIWr1SW28z4E4pOhRRNqwWZeXpRlykRIlEpSWdsgNWJbYBEWD84eocjSGDu/XxbYeCmwg==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-riscv64-gnu/-/rollup-linux-riscv64-gnu-4.22.4.tgz", + "integrity": "sha512-ePYIir6VYnhgv2C5Xe9u+ico4t8sZWXschR6fMgoPUK31yQu7hTEJb7bCqivHECwIClJfKgE7zYsh1qTP3WHUA==", "cpu": [ "riscv64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-s390x-gnu": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.21.2.tgz", - "integrity": "sha512-PMxkrWS9z38bCr3rWvDFVGD6sFeZJw4iQlhrup7ReGmfn7Oukrr/zweLhYX6v2/8J6Cep9IEA/SmjXjCmSbrMQ==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-s390x-gnu/-/rollup-linux-s390x-gnu-4.22.4.tgz", + "integrity": "sha512-GqFJ9wLlbB9daxhVlrTe61vJtEY99/xB3C8e4ULVsVfflcpmR6c8UZXjtkMA6FhNONhj2eA5Tk9uAVw5orEs4Q==", "cpu": [ "s390x" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-x64-gnu": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.21.2.tgz", - "integrity": "sha512-B90tYAUoLhU22olrafY3JQCFLnT3NglazdwkHyxNDYF/zAxJt5fJUB/yBoWFoIQ7SQj+KLe3iL4BhOMa9fzgpw==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-gnu/-/rollup-linux-x64-gnu-4.22.4.tgz", + "integrity": "sha512-87v0ol2sH9GE3cLQLNEy0K/R0pz1nvg76o8M5nhMR0+Q+BBGLnb35P0fVz4CQxHYXaAOhE8HhlkaZfsdUOlHwg==", "cpu": [ "x64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-linux-x64-musl": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.21.2.tgz", - "integrity": "sha512-7twFizNXudESmC9oneLGIUmoHiiLppz/Xs5uJQ4ShvE6234K0VB1/aJYU3f/4g7PhssLGKBVCC37uRkkOi8wjg==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-linux-x64-musl/-/rollup-linux-x64-musl-4.22.4.tgz", + "integrity": "sha512-UV6FZMUgePDZrFjrNGIWzDo/vABebuXBhJEqrHxrGiU6HikPy0Z3LfdtciIttEUQfuDdCn8fqh7wiFJjCNwO+g==", "cpu": [ "x64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "linux" ] }, "node_modules/@rollup/rollup-win32-arm64-msvc": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.21.2.tgz", - "integrity": "sha512-9rRero0E7qTeYf6+rFh3AErTNU1VCQg2mn7CQcI44vNUWM9Ze7MSRS/9RFuSsox+vstRt97+x3sOhEey024FRQ==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-arm64-msvc/-/rollup-win32-arm64-msvc-4.22.4.tgz", + "integrity": "sha512-BjI+NVVEGAXjGWYHz/vv0pBqfGoUH0IGZ0cICTn7kB9PyjrATSkX+8WkguNjWoj2qSr1im/+tTGRaY+4/PdcQw==", "cpu": [ "arm64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "win32" ] }, "node_modules/@rollup/rollup-win32-ia32-msvc": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.21.2.tgz", - "integrity": "sha512-5rA4vjlqgrpbFVVHX3qkrCo/fZTj1q0Xxpg+Z7yIo3J2AilW7t2+n6Q8Jrx+4MrYpAnjttTYF8rr7bP46BPzRw==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-ia32-msvc/-/rollup-win32-ia32-msvc-4.22.4.tgz", + "integrity": "sha512-SiWG/1TuUdPvYmzmYnmd3IEifzR61Tragkbx9D3+R8mzQqDBz8v+BvZNDlkiTtI9T15KYZhP0ehn3Dld4n9J5g==", "cpu": [ "ia32" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "win32" ] }, "node_modules/@rollup/rollup-win32-x64-msvc": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.21.2.tgz", - "integrity": "sha512-6UUxd0+SKomjdzuAcp+HAmxw1FlGBnl1v2yEPSabtx4lBfdXHDVsW7+lQkgz9cNFJGY3AWR7+V8P5BqkD9L9nA==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/@rollup/rollup-win32-x64-msvc/-/rollup-win32-x64-msvc-4.22.4.tgz", + "integrity": "sha512-j8pPKp53/lq9lMXN57S8cFz0MynJk8OWNuUnXct/9KCpKU7DgU3bYMJhwWmcqC0UU29p8Lr0/7KEVcaM6bf47Q==", "cpu": [ "x64" ], "dev": true, - "license": "MIT", "optional": true, "os": [ "win32" @@ -1550,11 +1534,10 @@ } }, "node_modules/rollup": { - "version": "4.21.2", - "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.21.2.tgz", - "integrity": "sha512-e3TapAgYf9xjdLvKQCkQTnbTKd4a6jwlpQSJJFokHGaX2IVjoEqkIIhiQfqsi0cdwlOD+tQGuOd5AJkc5RngBw==", + "version": "4.22.4", + "resolved": "https://registry.npmjs.org/rollup/-/rollup-4.22.4.tgz", + "integrity": "sha512-vD8HJ5raRcWOyymsR6Z3o6+RzfEPCnVLMFJ6vRslO1jt4LO6dUo5Qnpg7y4RkZFM2DMe3WUirkI5c16onjrc6A==", "dev": true, - "license": "MIT", "dependencies": { "@types/estree": "1.0.5" }, @@ -1566,22 +1549,22 @@ "npm": ">=8.0.0" }, "optionalDependencies": { - "@rollup/rollup-android-arm-eabi": "4.21.2", - "@rollup/rollup-android-arm64": "4.21.2", - "@rollup/rollup-darwin-arm64": "4.21.2", - "@rollup/rollup-darwin-x64": "4.21.2", - "@rollup/rollup-linux-arm-gnueabihf": "4.21.2", - "@rollup/rollup-linux-arm-musleabihf": "4.21.2", - "@rollup/rollup-linux-arm64-gnu": "4.21.2", - "@rollup/rollup-linux-arm64-musl": "4.21.2", - "@rollup/rollup-linux-powerpc64le-gnu": "4.21.2", - "@rollup/rollup-linux-riscv64-gnu": "4.21.2", - "@rollup/rollup-linux-s390x-gnu": "4.21.2", - "@rollup/rollup-linux-x64-gnu": "4.21.2", - "@rollup/rollup-linux-x64-musl": "4.21.2", - "@rollup/rollup-win32-arm64-msvc": "4.21.2", - "@rollup/rollup-win32-ia32-msvc": "4.21.2", - "@rollup/rollup-win32-x64-msvc": "4.21.2", + "@rollup/rollup-android-arm-eabi": "4.22.4", + "@rollup/rollup-android-arm64": "4.22.4", + "@rollup/rollup-darwin-arm64": "4.22.4", + "@rollup/rollup-darwin-x64": "4.22.4", + "@rollup/rollup-linux-arm-gnueabihf": "4.22.4", + "@rollup/rollup-linux-arm-musleabihf": "4.22.4", + "@rollup/rollup-linux-arm64-gnu": "4.22.4", + "@rollup/rollup-linux-arm64-musl": "4.22.4", + "@rollup/rollup-linux-powerpc64le-gnu": "4.22.4", + "@rollup/rollup-linux-riscv64-gnu": "4.22.4", + "@rollup/rollup-linux-s390x-gnu": "4.22.4", + "@rollup/rollup-linux-x64-gnu": "4.22.4", + "@rollup/rollup-linux-x64-musl": "4.22.4", + "@rollup/rollup-win32-arm64-msvc": "4.22.4", + "@rollup/rollup-win32-ia32-msvc": "4.22.4", + "@rollup/rollup-win32-x64-msvc": "4.22.4", "fsevents": "~2.3.2" } }, From 56380b35861bbccae8700195a381f1287be77478 Mon Sep 17 00:00:00 2001 From: Saylor Berman Date: Tue, 24 Sep 2024 18:48:30 +0300 Subject: [PATCH 11/20] Fix relative link in docs (#2596) Problem: One of our relative links was incorrect and causing docs to fail to build. Solution: Fix link. --- site/content/overview/resource-validation.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site/content/overview/resource-validation.md b/site/content/overview/resource-validation.md index 0111b7f724..382bf9cf2d 100644 --- a/site/content/overview/resource-validation.md +++ b/site/content/overview/resource-validation.md @@ -52,7 +52,7 @@ More information on CEL in Kubernetes can be found [here](https://kubernetes.io/ This step catches the following cases of invalid values: -- Valid values from the Gateway API perspective but not supported by NGINX Gateway Fabric yet. For example, a feature in an HTTPRoute routing rule. For the list of supported features see [Gateway API Compatibility]({{< relref "/gateway-api-compatibility.md" >}}) doc. +- Valid values from the Gateway API perspective but not supported by NGINX Gateway Fabric yet. For example, a feature in an HTTPRoute routing rule. For the list of supported features see [Gateway API Compatibility]({{< relref "gateway-api-compatibility.md" >}}) doc. - Valid values from the Gateway API perspective, but invalid for NGINX, because NGINX has stricter validation requirements for certain fields. These values will cause NGINX to fail to reload or operate erroneously. - Invalid values (both from the Gateway API and NGINX perspectives) that were not rejected because Step 1 was bypassed. Similar to the previous case, these values will cause NGINX to fail to reload or operate erroneously. - Malicious values that inject unrestricted NGINX config into the NGINX configuration (similar to an SQL injection attack). From dc3a925c7762662e3e5d52b0b2d365c58298493d Mon Sep 17 00:00:00 2001 From: Derek F Date: Tue, 24 Sep 2024 09:17:27 -0700 Subject: [PATCH 12/20] Use correct indentation in lifecyce examples (#2588) Problem: The Helm chart example configuration for configuring lifecycle.preStop uses a misleading indentation that can confuse users. Solution: Updated the Helm chart's README by fixing the indentation of the example code block. --- charts/nginx-gateway-fabric/README.md | 30 ++++++++++---------- charts/nginx-gateway-fabric/README.md.gotmpl | 30 ++++++++++---------- 2 files changed, 30 insertions(+), 30 deletions(-) diff --git a/charts/nginx-gateway-fabric/README.md b/charts/nginx-gateway-fabric/README.md index 9ca6cb9073..11497d608a 100644 --- a/charts/nginx-gateway-fabric/README.md +++ b/charts/nginx-gateway-fabric/README.md @@ -191,23 +191,23 @@ being performed on NGF), you may need to configure delayed termination on the NG ```yaml nginxGateway: - <...> - lifecycle: - preStop: - exec: - command: - - /usr/bin/gateway - - sleep - - --duration=40s # This flag is optional, the default is 30s + <...> + lifecycle: + preStop: + exec: + command: + - /usr/bin/gateway + - sleep + - --duration=40s # This flag is optional, the default is 30s nginx: - <...> - lifecycle: - preStop: - exec: - command: - - /bin/sleep - - "40" + <...> + lifecycle: + preStop: + exec: + command: + - /bin/sleep + - "40" ``` 2. Ensure the `terminationGracePeriodSeconds` matches or exceeds the `sleep` value from the `preStopHook` (the default diff --git a/charts/nginx-gateway-fabric/README.md.gotmpl b/charts/nginx-gateway-fabric/README.md.gotmpl index 438fa67db6..04aac3eaf7 100644 --- a/charts/nginx-gateway-fabric/README.md.gotmpl +++ b/charts/nginx-gateway-fabric/README.md.gotmpl @@ -189,23 +189,23 @@ being performed on NGF), you may need to configure delayed termination on the NG ```yaml nginxGateway: - <...> - lifecycle: - preStop: - exec: - command: - - /usr/bin/gateway - - sleep - - --duration=40s # This flag is optional, the default is 30s + <...> + lifecycle: + preStop: + exec: + command: + - /usr/bin/gateway + - sleep + - --duration=40s # This flag is optional, the default is 30s nginx: - <...> - lifecycle: - preStop: - exec: - command: - - /bin/sleep - - "40" + <...> + lifecycle: + preStop: + exec: + command: + - /bin/sleep + - "40" ``` 2. Ensure the `terminationGracePeriodSeconds` matches or exceeds the `sleep` value from the `preStopHook` (the default From 79636f4f4b8b89b48c167f1245b85768df967c5b Mon Sep 17 00:00:00 2001 From: Luca Comellini Date: Tue, 24 Sep 2024 11:42:13 -0700 Subject: [PATCH 13/20] Fix unchecked type assertions (#2580) --- .golangci.yml | 2 ++ internal/framework/status/updater.go | 9 ++++++++- internal/mode/static/manager.go | 14 ++++++++++++-- internal/mode/static/status/status_setters.go | 6 +++--- tests/framework/request.go | 15 +++++++++++++-- 5 files changed, 38 insertions(+), 8 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 6006102037..1b496f0326 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -37,6 +37,7 @@ linters-settings: - name: string-of-int - name: superfluous-else - name: time-naming + - name: unchecked-type-assertion - name: unexported-return - name: unnecessary-stmt - name: unreachable-code @@ -70,6 +71,7 @@ linters: - errname - errorlint - fatcontext + - forcetypeassert - ginkgolinter - gocheckcompilerdirectives - gochecksumtype diff --git a/internal/framework/status/updater.go b/internal/framework/status/updater.go index 903975d805..ccfd0fb120 100644 --- a/internal/framework/status/updater.go +++ b/internal/framework/status/updater.go @@ -3,6 +3,7 @@ package status import ( "context" "errors" + "fmt" "time" "github.com/go-logr/logr" @@ -53,6 +54,8 @@ type Updater struct { logger logr.Logger } +var ErrFailedAssert = errors.New("type assertion failed") + // NewUpdater creates a new Updater. func NewUpdater(c client.Client, logger logr.Logger) *Updater { return &Updater{ @@ -87,7 +90,11 @@ func (u *Updater) writeStatuses( resourceType ngftypes.ObjectType, statusSetter Setter, ) { - obj := resourceType.DeepCopyObject().(client.Object) + copiedObject := resourceType.DeepCopyObject() + obj, ok := copiedObject.(client.Object) + if !ok { + panic(fmt.Errorf("object is not a client.Object: %w", ErrFailedAssert)) + } err := wait.ExponentialBackoffWithContext( ctx, diff --git a/internal/mode/static/manager.go b/internal/mode/static/manager.go index d4671e2464..f246821853 100644 --- a/internal/mode/static/manager.go +++ b/internal/mode/static/manager.go @@ -200,10 +200,20 @@ func StartManager(cfg config.Config) error { ngxruntimeCollector = collectors.NewManagerMetricsCollector(constLabels) handlerCollector = collectors.NewControllerCollector(constLabels) + + ngxruntimeCollector, ok := ngxruntimeCollector.(prometheus.Collector) + if !ok { + return fmt.Errorf("ngxruntimeCollector is not a prometheus.Collector: %w", status.ErrFailedAssert) + } + handlerCollector, ok := handlerCollector.(prometheus.Collector) + if !ok { + return fmt.Errorf("handlerCollector is not a prometheus.Collector: %w", status.ErrFailedAssert) + } + metrics.Registry.MustRegister( ngxCollector, - ngxruntimeCollector.(prometheus.Collector), - handlerCollector.(prometheus.Collector), + ngxruntimeCollector, + handlerCollector, ) } diff --git a/internal/mode/static/status/status_setters.go b/internal/mode/static/status/status_setters.go index dc64490502..2c4a6c2ac4 100644 --- a/internal/mode/static/status/status_setters.go +++ b/internal/mode/static/status/status_setters.go @@ -82,7 +82,7 @@ func gwStatusEqual(prev, cur gatewayv1.GatewayStatus) bool { func newHTTPRouteStatusSetter(status gatewayv1.HTTPRouteStatus, gatewayCtlrName string) frameworkStatus.Setter { return func(object client.Object) (wasSet bool) { - hr := object.(*gatewayv1.HTTPRoute) + hr := helpers.MustCastObject[*gatewayv1.HTTPRoute](object) // keep all the parent statuses that belong to other controllers for _, os := range hr.Status.Parents { @@ -103,7 +103,7 @@ func newHTTPRouteStatusSetter(status gatewayv1.HTTPRouteStatus, gatewayCtlrName func newTLSRouteStatusSetter(status v1alpha2.TLSRouteStatus, gatewayCtlrName string) frameworkStatus.Setter { return func(object client.Object) (wasSet bool) { - tr := object.(*v1alpha2.TLSRoute) + tr := helpers.MustCastObject[*v1alpha2.TLSRoute](object) // keep all the parent statuses that belong to other controllers for _, os := range tr.Status.Parents { @@ -124,7 +124,7 @@ func newTLSRouteStatusSetter(status v1alpha2.TLSRouteStatus, gatewayCtlrName str func newGRPCRouteStatusSetter(status gatewayv1.GRPCRouteStatus, gatewayCtlrName string) frameworkStatus.Setter { return func(object client.Object) (wasSet bool) { - gr := object.(*gatewayv1.GRPCRoute) + gr := helpers.MustCastObject[*gatewayv1.GRPCRoute](object) // keep all the parent statuses that belong to other controllers for _, os := range gr.Status.Parents { diff --git a/tests/framework/request.go b/tests/framework/request.go index 48705321a1..add4c99951 100644 --- a/tests/framework/request.go +++ b/tests/framework/request.go @@ -4,6 +4,7 @@ import ( "bytes" "context" "crypto/tls" + "errors" "fmt" "io" "net" @@ -41,7 +42,12 @@ func Post(url, address string, body io.Reader, timeout time.Duration) (*http.Res func makeRequest(method, url, address string, body io.Reader, timeout time.Duration) (*http.Response, error) { dialer := &net.Dialer{} - http.DefaultTransport.(*http.Transport).DialContext = func( + transport, ok := http.DefaultTransport.(*http.Transport) + if !ok { + return nil, errors.New("transport is not of type *http.Transport") + } + + transport.DialContext = func( ctx context.Context, network, addr string, @@ -61,7 +67,12 @@ func makeRequest(method, url, address string, body io.Reader, timeout time.Durat var resp *http.Response if strings.HasPrefix(url, "https") { - customTransport := http.DefaultTransport.(*http.Transport).Clone() + transport, ok := http.DefaultTransport.(*http.Transport) + if !ok { + return nil, errors.New("transport is not of type *http.Transport") + } + + customTransport := transport.Clone() // similar to how in our examples with https requests we run our curl command // we turn off verification of the certificate, we do the same here customTransport.TLSClientConfig = &tls.Config{InsecureSkipVerify: true} //nolint:gosec // for https test traffic From 574b6e5ce9bc7adccd0908f18297350924f443a6 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Tue, 24 Sep 2024 15:04:22 -0600 Subject: [PATCH 14/20] Update github/codeql-action action to v3.26.9 (#2600) | datasource | package | from | to | | ----------- | -------------------- | ------- | ------- | | github-tags | github/codeql-action | v3.26.8 | v3.26.9 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- .github/workflows/codeql-analysis.yml | 4 ++-- .github/workflows/scorecards.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5f3c2bd6ec..e7cf99437a 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -170,7 +170,7 @@ jobs: fail-build: false - name: Upload scan result to GitHub Security tab - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 continue-on-error: true with: sarif_file: ${{ steps.scan.outputs.sarif }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 1b470170cc..4a11b25f1a 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -52,7 +52,7 @@ jobs: # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL - uses: github/codeql-action/init@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/init@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: languages: ${{ matrix.language }} build-mode: ${{ matrix.build-mode }} @@ -64,6 +64,6 @@ jobs: # queries: security-extended,security-and-quality - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/analyze@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: category: "/language:${{matrix.language}}" diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6013f205ea..bb97341e80 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -60,6 +60,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@294a9d92911152fe08befb9ec03e240add280cb3 # v3.26.8 + uses: github/codeql-action/upload-sarif@461ef6c76dfe95d5c364de2f431ddbd31a417628 # v3.26.9 with: sarif_file: results.sarif From 3af2393c42bef28755888290191e0e0b2652517b Mon Sep 17 00:00:00 2001 From: Saylor Berman Date: Wed, 25 Sep 2024 22:31:12 +0300 Subject: [PATCH 15/20] Reorder release notes labels (#2599) Problem: Many of our test changes also include markdown file changes, and the docs label is prioritized in our release notes over tests. This means that the docs sections of the notes often contained many tests changes. Solution: Prioritize the test label first over docs to hopefully better organize release notes. --- .github/release.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/release.yml b/.github/release.yml index 93dc93427c..df1d17cb2e 100644 --- a/.github/release.yml +++ b/.github/release.yml @@ -15,12 +15,12 @@ changelog: - title: πŸ“¦ Helm Chart labels: - helm-chart - - title: πŸ“ Documentation - labels: - - documentation - title: πŸ§ͺ Tests labels: - tests + - title: πŸ“ Documentation + labels: + - documentation - title: 🧹 Tech debt labels: - tech-debt From 731ad907b9702ac8b42cf8a9fe671acef3159013 Mon Sep 17 00:00:00 2001 From: Saylor Berman Date: Wed, 25 Sep 2024 23:00:37 +0300 Subject: [PATCH 16/20] Add crossplane framework for testing (#2522) Problem: We want a way to verify nginx configuration reliably in our tests. This is especially useful when introducing new policies, without the desire for testing nginx functionality directly. Solution: Added a framework for getting the nginx config and passing through crossplane into a structured JSON format for easier parsing. Because we now use a local container for crossplane in our functional tests, we'll only support running these tests in a kind cluster. --- .github/workflows/functional.yml | 4 +- .../mode/static/nginx/config/generator.go | 1 + tests/Makefile | 17 +- tests/README.md | 40 +--- tests/framework/crossplane.go | 225 ++++++++++++++++++ tests/framework/crossplane/Dockerfile | 23 ++ .../crossplane/cmd/crossplane/main.go | 33 +++ tests/framework/crossplane/go.mod | 14 ++ tests/framework/crossplane/go.sum | 30 +++ tests/framework/resourcemanager.go | 59 ++++- tests/scripts/remote-scripts/run-tests.sh | 7 - tests/scripts/run-tests-gcp-vm.sh | 21 +- tests/suite/client_settings_test.go | 115 ++++++++- tests/suite/system_suite_test.go | 1 + 14 files changed, 524 insertions(+), 66 deletions(-) create mode 100644 tests/framework/crossplane.go create mode 100644 tests/framework/crossplane/Dockerfile create mode 100644 tests/framework/crossplane/cmd/crossplane/main.go create mode 100644 tests/framework/crossplane/go.mod create mode 100644 tests/framework/crossplane/go.sum delete mode 100755 tests/scripts/remote-scripts/run-tests.sh diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml index 8e8d050dc1..bcc9ab4088 100644 --- a/.github/workflows/functional.yml +++ b/.github/workflows/functional.yml @@ -118,7 +118,7 @@ jobs: run: | ngf_prefix=ghcr.io/nginxinc/nginx-gateway-fabric ngf_tag=${{ steps.ngf-meta.outputs.version }} - make test${{ inputs.image == 'plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} GINKGO_LABEL=telemetry GW_SERVICE_TYPE=LoadBalancer CI=true + make test${{ inputs.image == 'plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} GINKGO_LABEL=telemetry GW_SERVICE_TYPE=LoadBalancer CLUSTER_NAME=${{ github.run_id }} CI=true working-directory: ./tests - name: Run functional graceful-recovery tests @@ -132,5 +132,5 @@ jobs: run: | ngf_prefix=ghcr.io/nginxinc/nginx-gateway-fabric ngf_tag=${{ steps.ngf-meta.outputs.version }} - make test${{ inputs.image == 'plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} GW_SERVICE_TYPE=LoadBalancer CI=true + make test${{ inputs.image == 'plus' && '-with-plus' || ''}} PREFIX=${ngf_prefix} TAG=${ngf_tag} GW_SERVICE_TYPE=LoadBalancer CLUSTER_NAME=${{ github.run_id }} CI=true working-directory: ./tests diff --git a/internal/mode/static/nginx/config/generator.go b/internal/mode/static/nginx/config/generator.go index be2877bf29..6e2e88194f 100644 --- a/internal/mode/static/nginx/config/generator.go +++ b/internal/mode/static/nginx/config/generator.go @@ -49,6 +49,7 @@ const ( ) // ConfigFolders is a list of folders where NGINX configuration files are stored. +// Volumes here also need to be added to our crossplane ephemeral test container. var ConfigFolders = []string{httpFolder, secretsFolder, includesFolder, modulesIncludesFolder, streamFolder} // Generator generates NGINX configuration files. diff --git a/tests/Makefile b/tests/Makefile index abc4aa3ec3..21618725fb 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -12,6 +12,7 @@ GW_SERVICE_TYPE = NodePort## Service type to use for the gateway GW_SVC_GKE_INTERNAL = false NGF_VERSION ?= edge## NGF version to be tested PULL_POLICY = Never## Pull policy for the images +NGINX_CONF_DIR = internal/mode/static/nginx/conf PROVISIONER_MANIFEST = conformance/provisioner/provisioner.yaml SUPPORTED_EXTENDED_FEATURES = HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRoutePortRedirect,HTTPRouteSchemeRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,GatewayPort8080,HTTPRouteResponseHeaderModification STANDARD_CONFORMANCE_PROFILES = GATEWAY-HTTP,GATEWAY-GRPC @@ -38,6 +39,10 @@ update-go-modules: ## Update the gateway-api go modules to latest main version build-test-runner-image: ## Build conformance test runner image docker build -t $(CONFORMANCE_PREFIX):$(CONFORMANCE_TAG) -f conformance/Dockerfile . +.PHONY: build-crossplane-image +build-crossplane-image: ## Build the crossplane image + docker build --build-arg NGINX_CONF_DIR=$(NGINX_CONF_DIR) -t nginx-crossplane:latest -f framework/crossplane/Dockerfile .. + .PHONY: run-conformance-tests run-conformance-tests: ## Run conformance tests kind load docker-image $(CONFORMANCE_PREFIX):$(CONFORMANCE_TAG) --name $(CLUSTER_NAME) @@ -80,9 +85,6 @@ ifeq ($(PLUS_ENABLED),true) NGINX_PREFIX := $(NGINX_PLUS_PREFIX) endif -.PHONY: setup-gcp-and-run-tests -setup-gcp-and-run-tests: create-gke-router create-and-setup-vm run-tests-on-vm ## Create and setup a GKE router and GCP VM for tests and run the functional tests - .PHONY: setup-gcp-and-run-nfr-tests setup-gcp-and-run-nfr-tests: create-gke-router create-and-setup-vm nfr-test ## Create and setup a GKE router and GCP VM for tests and run the NFR tests @@ -102,13 +104,9 @@ create-gke-router: ## Create a GKE router to allow egress traffic from private n sync-files-to-vm: ## Syncs your local NGF files with the NGF repo on the VM ./scripts/sync-files-to-vm.sh -.PHONY: run-tests-on-vm -run-tests-on-vm: ## Run the functional tests on a GCP VM - ./scripts/run-tests-gcp-vm.sh - .PHONY: nfr-test nfr-test: ## Run the NFR tests on a GCP VM - NFR=true CI=$(CI) ./scripts/run-tests-gcp-vm.sh + CI=$(CI) ./scripts/run-tests-gcp-vm.sh .PHONY: start-longevity-test start-longevity-test: export START_LONGEVITY=true @@ -130,7 +128,8 @@ stop-longevity-test: nfr-test ## Stop the longevity test and collects results --is-gke-internal-lb=$(GW_SVC_GKE_INTERNAL) .PHONY: test -test: ## Runs the functional tests on your default k8s cluster +test: build-crossplane-image ## Runs the functional tests on your kind k8s cluster + kind load docker-image nginx-crossplane:latest --name $(CLUSTER_NAME) go run github.com/onsi/ginkgo/v2/ginkgo --randomize-all --randomize-suites --keep-going --fail-on-pending \ --trace -r -v --buildvcs --force-newlines $(GITHUB_OUTPUT) \ --label-filter "functional" $(GINKGO_FLAGS) ./suite -- \ diff --git a/tests/README.md b/tests/README.md index 62531de3e2..297bf8aece 100644 --- a/tests/README.md +++ b/tests/README.md @@ -28,10 +28,8 @@ This directory contains the tests for NGINX Gateway Fabric. The tests are divide - [System Testing](#system-testing) - [Logging in tests](#logging-in-tests) - [Step 1 - Run the tests](#step-1---run-the-tests) - - [1a - Run the functional tests locally](#1a---run-the-functional-tests-locally) - - [1b - Run the tests on a GKE cluster from a GCP VM](#1b---run-the-tests-on-a-gke-cluster-from-a-gcp-vm) - - [Functional Tests](#functional-tests) - - [NFR tests](#nfr-tests) + - [Run the functional tests locally](#run-the-functional-tests-locally) + - [Run the NFR tests on a GKE cluster from a GCP VM](#run-the-nfr-tests-on-a-gke-cluster-from-a-gcp-vm) - [Longevity testing](#longevity-testing) - [Common test amendments](#common-test-amendments) - [Step 2 - Cleanup](#step-2---cleanup) @@ -47,7 +45,7 @@ This directory contains the tests for NGINX Gateway Fabric. The tests are divide - [yq](https://github.com/mikefarah/yq/#install) - Make. -If running NFR tests, or running functional tests in GKE: +If running NFR tests: - The [gcloud CLI](https://cloud.google.com/sdk/docs/install) - A GKE cluster (if `master-authorized-networks` is enabled, please set `ADD_VM_IP_AUTH_NETWORKS=true` in your vars.env file) @@ -59,9 +57,7 @@ All the commands below are executed from the `tests` directory. You can see all ### Step 1 - Create a Kubernetes cluster -This can be done in a cloud provider of choice, or locally using `kind`. - -**Important**: NFR tests can only be run on a GKE cluster. +**Important**: Functional/conformance tests can only be run on a `kind` cluster. NFR tests can only be run on a GKE cluster. To create a local `kind` cluster: @@ -237,7 +233,7 @@ When running locally, the tests create a port-forward from your NGF Pod to local test framework. Traffic is sent over this port. If running on a GCP VM targeting a GKE cluster, the tests will create an internal LoadBalancer service which will receive the test traffic. -**Important**: NFR tests can only be run on a GKE cluster. +**Important**: Functional tests can only be run on a `kind` cluster. NFR tests can only be run on a GKE cluster. Directory structure is as follows: @@ -252,7 +248,7 @@ To log in the tests, use the `GinkgoWriter` interface described here: https://on ### Step 1 - Run the tests -#### 1a - Run the functional tests locally +#### Run the functional tests locally ```makefile make test TAG=$(whoami) @@ -273,9 +269,7 @@ To run the telemetry test: make test TAG=$(whoami) GINKGO_LABEL=telemetry ``` -#### 1b - Run the tests on a GKE cluster from a GCP VM - -This step only applies if you are running the NFR tests, or would like to run the functional tests on a GKE cluster from a GCP based VM. +#### Run the NFR tests on a GKE cluster from a GCP VM Before running the below `make` commands, copy the `scripts/vars.env-example` file to `scripts/vars.env` and populate the required env vars. `GKE_SVC_ACCOUNT` needs to be the name of a service account that has Kubernetes admin permissions. @@ -292,7 +286,7 @@ To just set up the VM with no router (this will not run the tests): make create-and-setup-vm ``` -Otherwise, you can set up the VM, router, and run the tests with a single command. See the options in the sections below. +Otherwise, you can set up the VM, router, and run the tests with a single command. See the options below. By default, the tests run using the version of NGF that was `git cloned` during the setup. If you want to make incremental changes and copy your local changes to the VM to test, you can run @@ -301,22 +295,6 @@ incremental changes and copy your local changes to the VM to test, you can run make sync-files-to-vm ``` -#### Functional Tests - -To set up the GCP environment with the router and VM and then run the tests, run the following command: - -```makefile -make setup-gcp-and-run-tests -``` - -To use an existing VM to run the tests, run the following - -```makefile -make run-tests-on-vm -``` - -#### NFR tests - To set up the GCP environment with the router and VM and then run the tests, run the following command: ```makefile @@ -374,7 +352,7 @@ or to pass a specific flag, e.g. run a specific test, use the GINKGO_FLAGS varia make test TAG=$(whoami) GINKGO_FLAGS='-ginkgo.focus "writes the system info to a results file"' ``` -> Note: if filtering on NFR tests (or functional tests on GKE), set the filter in the appropriate field in your `vars.env` file. +> Note: if filtering on NFR tests, set the filter in the appropriate field in your `vars.env` file. If you are running the tests in GCP, add your required label/ flags to `scripts/var.env`. diff --git a/tests/framework/crossplane.go b/tests/framework/crossplane.go new file mode 100644 index 0000000000..d186e47606 --- /dev/null +++ b/tests/framework/crossplane.go @@ -0,0 +1,225 @@ +package framework + +import ( + "context" + "encoding/json" + "fmt" + "net/http" + "strings" + "time" + + core "k8s.io/api/core/v1" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/client-go/kubernetes" + "k8s.io/client-go/kubernetes/scheme" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/remotecommand" +) + +// ExpectedNginxField contains an nginx directive key and value, +// and the expected file, server, and location block that it should exist in. +type ExpectedNginxField struct { + // Directive is the directive name. + Directive string + // Value is the value for the directive. Can be the full value or a substring. If it's a substring, + // then ValueSubstringAllowed should be true. + Value string + // File is the file name that should contain the directive. Can be a full filename or a substring. + File string + // Location is the location name that the directive should exist in. + Location string + // Servers are the server names that the directive should exist in. + Servers []string + // ValueSubstringAllowed allows the expected value to be a substring of the real value. + // This makes it easier for cases when real values are complex file names or contain things we + // don't care about, and we just want to check if a substring exists. + ValueSubstringAllowed bool +} + +// ValidateNginxFieldExists accepts the nginx config and the configuration for the expected field, +// and returns whether or not that field exists where it should. +func ValidateNginxFieldExists(conf *Payload, expFieldCfg ExpectedNginxField) error { + for _, config := range conf.Config { + if !strings.Contains(config.File, expFieldCfg.File) { + continue + } + + for _, directive := range config.Parsed { + if len(expFieldCfg.Servers) == 0 { + if expFieldCfg.fieldFound(directive) { + return nil + } + continue + } + + for _, serverName := range expFieldCfg.Servers { + if directive.Directive == "server" && getServerName(directive.Block) == serverName { + for _, serverDirective := range directive.Block { + if expFieldCfg.Location == "" && expFieldCfg.fieldFound(serverDirective) { + return nil + } else if serverDirective.Directive == "location" && + fieldExistsInLocation(serverDirective, expFieldCfg) { + return nil + } + } + } + } + } + } + + b, err := json.Marshal(conf) + if err != nil { + return fmt.Errorf("error marshaling nginx config: %w", err) + } + + return fmt.Errorf("field not found; expected: %+v\nNGINX conf: %s", expFieldCfg, string(b)) +} + +func getServerName(serverBlock Directives) string { + for _, directive := range serverBlock { + if directive.Directive == "server_name" { + return directive.Args[0] + } + } + + return "" +} + +func (e ExpectedNginxField) fieldFound(directive *Directive) bool { + arg := strings.Join(directive.Args, " ") + + valueMatch := arg == e.Value + if e.ValueSubstringAllowed { + valueMatch = strings.Contains(arg, e.Value) + } + + return directive.Directive == e.Directive && valueMatch +} + +func fieldExistsInLocation(locationDirective *Directive, expFieldCfg ExpectedNginxField) bool { + // location could start with '=', so get the last element which is the path + loc := locationDirective.Args[len(locationDirective.Args)-1] + if loc == expFieldCfg.Location { + for _, directive := range locationDirective.Block { + if expFieldCfg.fieldFound(directive) { + return true + } + } + } + + return false +} + +// injectCrossplaneContainer adds an ephemeral container that contains crossplane for parsing +// nginx config. It attaches to the nginx container and shares volumes with it. +func injectCrossplaneContainer( + k8sClient kubernetes.Interface, + timeout time.Duration, + ngfPodName, + namespace string, +) error { + ctx, cancel := context.WithTimeout(context.Background(), timeout) + defer cancel() + + pod := &core.Pod{ + ObjectMeta: metav1.ObjectMeta{ + Name: ngfPodName, + Namespace: namespace, + }, + Spec: core.PodSpec{ + EphemeralContainers: []core.EphemeralContainer{ + { + TargetContainerName: "nginx", + EphemeralContainerCommon: core.EphemeralContainerCommon{ + Name: "crossplane", + Image: "nginx-crossplane:latest", + ImagePullPolicy: "Never", + Stdin: true, + VolumeMounts: []core.VolumeMount{ + { + MountPath: "/etc/nginx/conf.d", + Name: "nginx-conf", + }, + { + MountPath: "/etc/nginx/stream-conf.d", + Name: "nginx-stream-conf", + }, + { + MountPath: "/etc/nginx/module-includes", + Name: "module-includes", + }, + { + MountPath: "/etc/nginx/secrets", + Name: "nginx-secrets", + }, + { + MountPath: "/etc/nginx/includes", + Name: "nginx-includes", + }, + }, + }, + }, + }, + }, + } + + podClient := k8sClient.CoreV1().Pods(namespace) + if _, err := podClient.UpdateEphemeralContainers(ctx, ngfPodName, pod, metav1.UpdateOptions{}); err != nil { + return fmt.Errorf("error adding ephemeral container: %w", err) + } + + return nil +} + +// createCrossplaneExecutor creates the executor for the crossplane command. +func createCrossplaneExecutor( + k8sClient kubernetes.Interface, + k8sConfig *rest.Config, + ngfPodName, + namespace string, +) (remotecommand.Executor, error) { + cmd := []string{"./crossplane", "/etc/nginx/nginx.conf"} + opts := &core.PodExecOptions{ + Command: cmd, + Container: "crossplane", + Stdout: true, + Stderr: true, + } + + req := k8sClient.CoreV1().RESTClient().Post(). + Resource("pods"). + SubResource("exec"). + Name(ngfPodName). + Namespace(namespace). + VersionedParams(opts, scheme.ParameterCodec) + + exec, err := remotecommand.NewSPDYExecutor(k8sConfig, http.MethodPost, req.URL()) + if err != nil { + return nil, fmt.Errorf("error creating executor: %w", err) + } + + return exec, nil +} + +// The following types are copied from https://github.com/nginxinc/nginx-go-crossplane, +// with unnecessary fields stripped out. +type Payload struct { + Config []Config `json:"config"` +} + +type Config struct { + File string `json:"file"` + Parsed Directives `json:"parsed"` +} + +type Directive struct { + Comment *string `json:"comment,omitempty"` + Directive string `json:"directive"` + File string `json:"file,omitempty"` + Args []string `json:"args"` + Includes []int `json:"includes,omitempty"` + Block Directives `json:"block,omitempty"` + Line int `json:"line"` +} + +type Directives []*Directive diff --git a/tests/framework/crossplane/Dockerfile b/tests/framework/crossplane/Dockerfile new file mode 100644 index 0000000000..07b069f505 --- /dev/null +++ b/tests/framework/crossplane/Dockerfile @@ -0,0 +1,23 @@ +# syntax=docker/dockerfile:1.10 +FROM golang:1.23-alpine AS builder + +WORKDIR / +ARG DIR=tests/framework/crossplane + +COPY ${DIR}/go.mod ${DIR}/go.sum . +RUN go mod download + +COPY ${DIR}/cmd/crossplane . +RUN go build -o crossplane + +FROM alpine + +WORKDIR /crossplane +ARG NGINX_CONF_DIR + +COPY ${NGINX_CONF_DIR}/nginx.conf /etc/nginx/nginx.conf +COPY --from=builder /crossplane . + +USER 101:1001 + +ENTRYPOINT ["sh"] diff --git a/tests/framework/crossplane/cmd/crossplane/main.go b/tests/framework/crossplane/cmd/crossplane/main.go new file mode 100644 index 0000000000..e7ba749e24 --- /dev/null +++ b/tests/framework/crossplane/cmd/crossplane/main.go @@ -0,0 +1,33 @@ +package main + +import ( + "encoding/json" + "errors" + "fmt" + "os" + + crossplane "github.com/nginxinc/nginx-go-crossplane" +) + +// This binary accepts a single argument, the path of the base nginx config, and prints out the JSON representation +// of the full nginx config, in crossplane format. +// See https://github.com/nginxinc/nginx-go-crossplane for more info. +func main() { + if len(os.Args) != 2 { + panic(errors.New("must have exactly one argument, the path of the base nginx config")) + } + + path := os.Args[1] + + payload, err := crossplane.Parse(path, &crossplane.ParseOptions{}) + if err != nil { + panic(err) + } + + b, err := json.Marshal(payload) + if err != nil { + panic(err) + } + + fmt.Println(string(b)) +} diff --git a/tests/framework/crossplane/go.mod b/tests/framework/crossplane/go.mod new file mode 100644 index 0000000000..6b988bae84 --- /dev/null +++ b/tests/framework/crossplane/go.mod @@ -0,0 +1,14 @@ +module github.com/nginxinc/nginx-gateway-fabric/tests/framework/crossplane + +go 1.23.1 + +require github.com/nginxinc/nginx-go-crossplane v0.4.63 + +require ( + github.com/jstemmer/go-junit-report v1.0.0 // indirect + github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 // indirect + golang.org/x/mod v0.19.0 // indirect + golang.org/x/sync v0.7.0 // indirect + golang.org/x/text v0.16.0 // indirect + golang.org/x/tools v0.23.0 // indirect +) diff --git a/tests/framework/crossplane/go.sum b/tests/framework/crossplane/go.sum new file mode 100644 index 0000000000..89581ecd59 --- /dev/null +++ b/tests/framework/crossplane/go.sum @@ -0,0 +1,30 @@ +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/google/go-cmp v0.6.0 h1:ofyhxvXcZhMsU5ulbFiLKl/XBFqE1GSq7atu8tAmTRI= +github.com/google/go-cmp v0.6.0/go.mod h1:17dUlkBOakJ0+DkrSSNjCkIjxS6bF9zb3elmeNGIjoY= +github.com/jstemmer/go-junit-report v1.0.0 h1:8X1gzZpR+nVQLAht+L/foqOeX2l9DTZoaIPbEQHxsds= +github.com/jstemmer/go-junit-report v1.0.0/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk= +github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1 h1:NicmruxkeqHjDv03SfSxqmaLuisddudfP3h5wdXFbhM= +github.com/maxbrunsfeld/counterfeiter/v6 v6.8.1/go.mod h1:eyp4DdUJAKkr9tvxR3jWhw2mDK7CWABMG5r9uyaKC7I= +github.com/nginxinc/nginx-go-crossplane v0.4.63 h1:nx5e+EXzPepWVM3YsTEhcs8kp8XDTK1BCzPTTmdgK1E= +github.com/nginxinc/nginx-go-crossplane v0.4.63/go.mod h1:b7L/JSru3rvbbxVJxBgkePkNvC+LXo/IWE4iJJJvUUw= +github.com/onsi/gomega v1.30.0 h1:hvMK7xYz4D3HapigLTeGdId/NcfQx1VHMJc60ew99+8= +github.com/onsi/gomega v1.30.0/go.mod h1:9sxs+SwGrKI0+PWe4Fxa9tFQQBG5xSsSbMXOI8PPpoQ= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/sclevine/spec v1.4.0 h1:z/Q9idDcay5m5irkZ28M7PtQM4aOISzOpj4bUPkDee8= +github.com/sclevine/spec v1.4.0/go.mod h1:LvpgJaFyvQzRvc1kaDs0bulYwzC70PbiYjC4QnFHkOM= +github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= +github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= +golang.org/x/sync v0.7.0 h1:YsImfSBoP9QPYL0xyKJPq0gcaJdG3rInoqxTWbfQu9M= +golang.org/x/sync v0.7.0/go.mod h1:Czt+wKu1gCyEFDUtn0jG5QVvpJ6rzVqr5aXyt9drQfk= +golang.org/x/text v0.16.0 h1:a94ExnEXNtEwYLGJSIUxnWoxoRz/ZcCsV63ROupILh4= +golang.org/x/text v0.16.0/go.mod h1:GhwF1Be+LQoKShO3cGOHzqOgRrGaYc9AvblQOmPVHnI= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= +gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA= +gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/tests/framework/resourcemanager.go b/tests/framework/resourcemanager.go index 1cb0a5065b..434a5ecaed 100644 --- a/tests/framework/resourcemanager.go +++ b/tests/framework/resourcemanager.go @@ -23,6 +23,7 @@ import ( "bytes" "context" "embed" + "encoding/json" "errors" "fmt" "io" @@ -31,8 +32,6 @@ import ( "strings" "time" - "k8s.io/client-go/util/retry" - apps "k8s.io/api/apps/v1" core "k8s.io/api/core/v1" apierrors "k8s.io/apimachinery/pkg/api/errors" @@ -42,6 +41,9 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "k8s.io/apimachinery/pkg/util/yaml" "k8s.io/client-go/kubernetes" + "k8s.io/client-go/rest" + "k8s.io/client-go/tools/remotecommand" + "k8s.io/client-go/util/retry" "sigs.k8s.io/controller-runtime/pkg/client" v1 "sigs.k8s.io/gateway-api/apis/v1" ) @@ -50,6 +52,7 @@ import ( type ResourceManager struct { K8sClient client.Client ClientGoClient kubernetes.Interface // used when k8sClient is not enough + K8sConfig *rest.Config FS embed.FS TimeoutConfig TimeoutConfig } @@ -812,3 +815,55 @@ func (rm *ResourceManager) WaitForGatewayObservedGeneration( }, ) } + +// GetNginxConfig uses crossplane to get the nginx configuration and convert it to JSON. +func (rm *ResourceManager) GetNginxConfig(ngfPodName, namespace string) (*Payload, error) { + if err := injectCrossplaneContainer( + rm.ClientGoClient, + rm.TimeoutConfig.UpdateTimeout, + ngfPodName, + namespace, + ); err != nil { + return nil, err + } + + exec, err := createCrossplaneExecutor(rm.ClientGoClient, rm.K8sConfig, ngfPodName, namespace) + if err != nil { + return nil, err + } + + ctx, cancel := context.WithTimeout(context.Background(), rm.TimeoutConfig.RequestTimeout) + defer cancel() + + buf := &bytes.Buffer{} + errBuf := &bytes.Buffer{} + + if err := wait.PollUntilContextCancel( + ctx, + 500*time.Millisecond, + true, /* poll immediately */ + func(ctx context.Context) (bool, error) { + if err := exec.StreamWithContext(ctx, remotecommand.StreamOptions{ + Stdout: buf, + Stderr: errBuf, + }); err != nil { + return false, nil //nolint:nilerr // we want to retry if there's an error + } + + if errBuf.String() != "" { + return false, nil + } + + return true, nil + }, + ); err != nil { + return nil, fmt.Errorf("could not connect to ephemeral container: %w", err) + } + + conf := &Payload{} + if err := json.Unmarshal(buf.Bytes(), conf); err != nil { + return nil, fmt.Errorf("error unmarshaling nginx config: %w", err) + } + + return conf, nil +} diff --git a/tests/scripts/remote-scripts/run-tests.sh b/tests/scripts/remote-scripts/run-tests.sh deleted file mode 100755 index a15ea5cbc2..0000000000 --- a/tests/scripts/remote-scripts/run-tests.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/usr/bin/env bash - -set -e - -source "${HOME}"/vars.env - -cd nginx-gateway-fabric/tests && make test CI=${CI} TAG="${TAG}" PREFIX="${PREFIX}" NGINX_PREFIX="${NGINX_PREFIX}" NGINX_PLUS_PREFIX="${NGINX_PLUS_PREFIX}" PLUS_ENABLED="${PLUS_ENABLED}" GINKGO_LABEL="${GINKGO_LABEL}" GINKGO_FLAGS="${GINKGO_FLAGS}" PULL_POLICY=Always GW_SERVICE_TYPE=LoadBalancer GW_SVC_GKE_INTERNAL=true NGF_VERSION="${NGF_VERSION}" diff --git a/tests/scripts/run-tests-gcp-vm.sh b/tests/scripts/run-tests-gcp-vm.sh index 77dc6f4761..42a6d85c45 100755 --- a/tests/scripts/run-tests-gcp-vm.sh +++ b/tests/scripts/run-tests-gcp-vm.sh @@ -6,18 +6,13 @@ SCRIPT_DIR=$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd) source scripts/vars.env -SCRIPT=run-tests.sh -if [ "${NFR}" = "true" ]; then - SCRIPT=run-nfr-tests.sh -fi - gcloud compute scp --zone "${GKE_CLUSTER_ZONE}" --project="${GKE_PROJECT}" "${SCRIPT_DIR}"/vars.env username@"${RESOURCE_NAME}":~ gcloud compute ssh --zone "${GKE_CLUSTER_ZONE}" --project="${GKE_PROJECT}" username@"${RESOURCE_NAME}" \ --command="export START_LONGEVITY=${START_LONGEVITY} &&\ export STOP_LONGEVITY=${STOP_LONGEVITY} &&\ export CI=${CI} &&\ - bash -s" <"${SCRIPT_DIR}"/remote-scripts/${SCRIPT} + bash -s" <"${SCRIPT_DIR}"/remote-scripts/run-nfr-tests.sh retcode=$? if [ ${retcode} -ne 0 ]; then @@ -25,14 +20,12 @@ if [ ${retcode} -ne 0 ]; then exit 1 fi -if [ "${NFR}" = "true" ]; then - ## Use rsync if running locally (faster); otherwise if in the pipeline don't download an SSH config - if [ "${CI}" = "false" ]; then - gcloud compute config-ssh --ssh-config-file ngf-gcp.ssh >/dev/null - rsync -ave 'ssh -F ngf-gcp.ssh' username@"${RESOURCE_NAME}"."${GKE_CLUSTER_ZONE}"."${GKE_PROJECT}":~/nginx-gateway-fabric/tests/results . - else - gcloud compute scp --zone "${GKE_CLUSTER_ZONE}" --project="${GKE_PROJECT}" --recurse username@"${RESOURCE_NAME}":~/nginx-gateway-fabric/tests/results . - fi +## Use rsync if running locally (faster); otherwise if in the pipeline don't download an SSH config +if [ "${CI}" = "false" ]; then + gcloud compute config-ssh --ssh-config-file ngf-gcp.ssh >/dev/null + rsync -ave 'ssh -F ngf-gcp.ssh' username@"${RESOURCE_NAME}"."${GKE_CLUSTER_ZONE}"."${GKE_PROJECT}":~/nginx-gateway-fabric/tests/results . +else + gcloud compute scp --zone "${GKE_CLUSTER_ZONE}" --project="${GKE_PROJECT}" --recurse username@"${RESOURCE_NAME}":~/nginx-gateway-fabric/tests/results . fi ## If tearing down the longevity test, we need to collect logs from gcloud and add to the results diff --git a/tests/suite/client_settings_test.go b/tests/suite/client_settings_test.go index baffadb0ef..b5e5a8ec48 100644 --- a/tests/suite/client_settings_test.go +++ b/tests/suite/client_settings_test.go @@ -91,9 +91,122 @@ var _ = Describe("ClientSettingsPolicy", Ordered, Label("functional", "cspolicy" } }) + Context("nginx config", func() { + var conf *framework.Payload + filePrefix := fmt.Sprintf("/etc/nginx/includes/ClientSettingsPolicy_%s", namespace) + + BeforeAll(func() { + podNames, err := framework.GetReadyNGFPodNames(k8sClient, ngfNamespace, releaseName, timeoutConfig.GetTimeout) + Expect(err).ToNot(HaveOccurred()) + Expect(podNames).To(HaveLen(1)) + + ngfPodName := podNames[0] + + conf, err = resourceManager.GetNginxConfig(ngfPodName, ngfNamespace) + Expect(err).ToNot(HaveOccurred()) + }) + + DescribeTable("is set properly for", + func(expCfgs []framework.ExpectedNginxField) { + for _, expCfg := range expCfgs { + Expect(framework.ValidateNginxFieldExists(conf, expCfg)).To(Succeed()) + } + }, + Entry("gateway policy", []framework.ExpectedNginxField{ + { + Directive: "include", + Value: fmt.Sprintf("%s_gw-csp.conf", filePrefix), + File: "http.conf", + Servers: []string{"*.example.com", "cafe.example.com"}, + }, + { + Directive: "client_max_body_size", + Value: "1000", + File: fmt.Sprintf("%s_gw-csp.conf", filePrefix), + }, + { + Directive: "client_body_timeout", + Value: "30s", + File: fmt.Sprintf("%s_gw-csp.conf", filePrefix), + }, + { + Directive: "keepalive_requests", + Value: "100", + File: fmt.Sprintf("%s_gw-csp.conf", filePrefix), + }, + { + Directive: "keepalive_time", + Value: "5s", + File: fmt.Sprintf("%s_gw-csp.conf", filePrefix), + }, + { + Directive: "keepalive_timeout", + Value: "2s 1s", + File: fmt.Sprintf("%s_gw-csp.conf", filePrefix), + }, + }), + Entry("coffee route policy", []framework.ExpectedNginxField{ + { + Directive: "include", + Value: fmt.Sprintf("%s_coffee-route-csp.conf", filePrefix), + File: "http.conf", + Servers: []string{"cafe.example.com"}, + Location: "/coffee", + }, + { + Directive: "client_max_body_size", + Value: "2000", + File: fmt.Sprintf("%s_coffee-route-csp.conf", filePrefix), + }, + }), + Entry("tea route policy", []framework.ExpectedNginxField{ + { + Directive: "include", + Value: fmt.Sprintf("%s_tea-route-csp.conf", filePrefix), + File: "http.conf", + Servers: []string{"cafe.example.com"}, + Location: "/tea", + }, + { + Directive: "keepalive_requests", + Value: "200", + File: fmt.Sprintf("%s_tea-route-csp.conf", filePrefix), + }, + }), + Entry("soda route policy", []framework.ExpectedNginxField{ + { + Directive: "include", + Value: fmt.Sprintf("%s_soda-route-csp.conf", filePrefix), + File: "http.conf", + Servers: []string{"cafe.example.com"}, + Location: "/soda", + }, + { + Directive: "client_max_body_size", + Value: "3000", + File: fmt.Sprintf("%s_soda-route-csp.conf", filePrefix), + }, + }), + Entry("grpc route policy", []framework.ExpectedNginxField{ + { + Directive: "include", + Value: fmt.Sprintf("%s_grpc-route-csp.conf", filePrefix), + File: "http.conf", + Servers: []string{"*.example.com"}, + Location: "/helloworld.Greeter/SayHello", + }, + { + Directive: "client_max_body_size", + Value: "0", + File: fmt.Sprintf("%s_grpc-route-csp.conf", filePrefix), + }, + }), + ) + }) + // We only test that the client_max_body_size directive in this test is propagated correctly. // This is because we can easily verify this directive by sending requests with different sized payloads. - DescribeTable("the settings are propagated to the nginx config", + DescribeTable("client_max_body_size requests work as expected", func(uri string, byteLengthOfRequestBody, expStatus int) { url := baseURL + uri diff --git a/tests/suite/system_suite_test.go b/tests/suite/system_suite_test.go index 5bd0747a7a..525933fe2c 100644 --- a/tests/suite/system_suite_test.go +++ b/tests/suite/system_suite_test.go @@ -128,6 +128,7 @@ func setup(cfg setupConfig, extraInstallArgs ...string) { resourceManager = framework.ResourceManager{ K8sClient: k8sClient, ClientGoClient: clientGoClient, + K8sConfig: k8sConfig, FS: manifests, TimeoutConfig: timeoutConfig, } From 88269accb505d58567fde59dec3830cf963dc968 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Wed, 25 Sep 2024 15:37:28 -0700 Subject: [PATCH 17/20] Update actions/checkout action to v4.2.0 (#2605) | datasource | package | from | to | | ----------- | ---------------- | ------ | ------ | | github-tags | actions/checkout | v4.1.7 | v4.2.0 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/build.yml | 2 +- .github/workflows/ci.yml | 10 +++++----- .github/workflows/codeql-analysis.yml | 2 +- .github/workflows/conformance.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/fossa.yml | 2 +- .github/workflows/functional.yml | 2 +- .github/workflows/helm.yml | 4 ++-- .github/workflows/labeler.yml | 2 +- .github/workflows/lint.yml | 12 ++++++------ .github/workflows/mend.yml | 2 +- .github/workflows/nfr.yml | 4 ++-- .github/workflows/release-pr.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/update-docker-images.yml | 4 ++-- 15 files changed, 27 insertions(+), 27 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index e7cf99437a..7b838bb062 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -35,7 +35,7 @@ jobs: - 5000:5000 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ inputs.tag != '' && format('refs/tags/v{0}', inputs.tag) || github.ref }} diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 535fd87623..beebdce2fa 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -35,7 +35,7 @@ jobs: helm_changes: ${{ steps.filter.outputs.charts }} steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -79,7 +79,7 @@ jobs: needs: vars steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -110,7 +110,7 @@ jobs: needs: vars steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Node.js Environment uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 @@ -135,7 +135,7 @@ jobs: issues: write # for goreleaser/goreleaser-action to close milestone steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -290,7 +290,7 @@ jobs: packages: write # for helm to push to GHCR steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Login to GitHub Container Registry uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 4a11b25f1a..2dd552292f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -48,7 +48,7 @@ jobs: # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages. steps: - name: Checkout repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL diff --git a/.github/workflows/conformance.yml b/.github/workflows/conformance.yml index bf9d74b5ae..5a9f0a2ec8 100644 --- a/.github/workflows/conformance.yml +++ b/.github/workflows/conformance.yml @@ -30,7 +30,7 @@ jobs: DOCKER_BUILD_SUMMARY: false steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 7a04d230d8..5551ac9f5c 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write steps: - name: "Checkout Repository" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: "Dependency Review" uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4 diff --git a/.github/workflows/fossa.yml b/.github/workflows/fossa.yml index edde60b63b..3eb2dc6736 100644 --- a/.github/workflows/fossa.yml +++ b/.github/workflows/fossa.yml @@ -19,7 +19,7 @@ jobs: if: ${{ github.event.repository.fork == false }} steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Scan uses: fossas/fossa-action@09bcf127dc0ccb4b5a023f6f906728878e8610ba # v1.4.0 diff --git a/.github/workflows/functional.yml b/.github/workflows/functional.yml index bcc9ab4088..a876b9778b 100644 --- a/.github/workflows/functional.yml +++ b/.github/workflows/functional.yml @@ -25,7 +25,7 @@ jobs: DOCKER_BUILD_SUMMARY: false steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/helm.yml b/.github/workflows/helm.yml index 6b76f48c9c..d38e5ccb3e 100644 --- a/.github/workflows/helm.yml +++ b/.github/workflows/helm.yml @@ -20,7 +20,7 @@ jobs: if: ${{ github.event_name != 'schedule' }} steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -124,7 +124,7 @@ jobs: if: ${{ github.event_name == 'schedule' }} steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index 9cda1a2c4c..0dbdfad850 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -12,7 +12,7 @@ jobs: pull-requests: write runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + - uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: sparse-checkout: | labeler.yml diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index c89b056af9..990dd2f3ef 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -29,7 +29,7 @@ jobs: directory: [., tests] # we need to run golangci-lint for every module https://github.com/golangci/golangci-lint/issues/828 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Golang Environment uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5.0.2 @@ -47,7 +47,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Setup Node.js Environment uses: actions/setup-node@0a44ba7841725637a19e28fa30b79a866c81b0a6 # v4.0.4 @@ -75,7 +75,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Lint Actions uses: reviewdog/action-actionlint@05c9d7bef25a46caf572df3497afa7082fc111df # v1.55.0 @@ -87,7 +87,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Lint Markdown uses: DavidAnson/markdownlint-cli2-action@db43aef879112c3119a410d69f66701e0d530809 # v17.0.0 @@ -101,7 +101,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -124,7 +124,7 @@ jobs: runs-on: ubuntu-22.04 steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Lint YAML uses: reviewdog/action-yamllint@e09f07780388032a624e9eb44a23fd1bbb4052cc # v1.19.0 diff --git a/.github/workflows/mend.yml b/.github/workflows/mend.yml index c42c025d5a..b87dcd7d16 100644 --- a/.github/workflows/mend.yml +++ b/.github/workflows/mend.yml @@ -26,7 +26,7 @@ jobs: if: ${{ github.event.repository.fork == false }} steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download agent run: curl -LJO https://github.com/whitesource/unified-agent-distribution/releases/latest/download/wss-unified-agent.jar diff --git a/.github/workflows/nfr.yml b/.github/workflows/nfr.yml index b28f83a99f..9e7e5e5336 100644 --- a/.github/workflows/nfr.yml +++ b/.github/workflows/nfr.yml @@ -71,7 +71,7 @@ jobs: type: ${{ fromJson(needs.vars.outputs.types) }} steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Authenticate to Google Cloud id: auth @@ -151,7 +151,7 @@ jobs: needs: [vars, setup-and-run-tests] steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 - name: Download Artifacts uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 diff --git a/.github/workflows/release-pr.yml b/.github/workflows/release-pr.yml index 30757540ac..8275ff0d0e 100644 --- a/.github/workflows/release-pr.yml +++ b/.github/workflows/release-pr.yml @@ -29,7 +29,7 @@ jobs: echo "branch=release-$version" >> $GITHUB_OUTPUT - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: ${{ steps.branch.outputs.branch }} diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index bb97341e80..849b4113d5 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -29,7 +29,7 @@ jobs: steps: - name: "Checkout code" - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: persist-credentials: false diff --git a/.github/workflows/update-docker-images.yml b/.github/workflows/update-docker-images.yml index 194dcc439f..1ad5be6a6f 100644 --- a/.github/workflows/update-docker-images.yml +++ b/.github/workflows/update-docker-images.yml @@ -24,7 +24,7 @@ jobs: nginx_version: ${{ steps.nginx.outputs.nginx_version }} steps: - name: Checkout Repository - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: fetch-depth: 0 @@ -35,7 +35,7 @@ jobs: echo "tag=${tag//v}" >> $GITHUB_OUTPUT - name: Checkout Repository at ${{ steps.ngf.outputs.tag }} - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 + uses: actions/checkout@d632683dd7b4114ad314bca15554477dd762a938 # v4.2.0 with: ref: refs/tags/v${{ steps.ngf.outputs.tag }} From d490d7ee4e5cb0a50d30c6c35c3eba96aa279131 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 09:49:12 -0600 Subject: [PATCH 18/20] Update contributor-assistant/github-action action to v2.6.1 (#2609) | datasource | package | from | to | | ----------- | ----------------------------------- | ------ | ------ | | github-tags | contributor-assistant/github-action | v2.6.0 | v2.6.1 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .github/workflows/f5-cla.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/f5-cla.yml b/.github/workflows/f5-cla.yml index a1c34f8964..874ad62c14 100644 --- a/.github/workflows/f5-cla.yml +++ b/.github/workflows/f5-cla.yml @@ -28,7 +28,7 @@ jobs: steps: - name: Run F5 Contributor License Agreement (CLA) assistant if: (github.event.comment.body == 'recheck' || github.event.comment.body == 'I have hereby read the F5 CLA and agree to its terms') || github.event_name == 'pull_request_target' - uses: contributor-assistant/github-action@b1522fa982419e79591a92e1267de463a281cdb7 # v2.6.0 + uses: contributor-assistant/github-action@ca4a40a7d1004f18d9960b404b97e5f30a505a08 # v2.6.1 with: # Any pull request targeting the following branch will trigger a CLA check. branch: "main" From 57676d9a4c20a188e968090c302f463bb0f1324c Mon Sep 17 00:00:00 2001 From: salonichf5 <146118978+salonichf5@users.noreply.github.com> Date: Thu, 26 Sep 2024 10:30:04 -0600 Subject: [PATCH 19/20] Fix unit tests to avoid data race in pipelines (#2602) Fix unit tests to avoid data race in pipelines Problem: Users want to parallelize unit tests without having data race issues Solution: Modify unit tests to be independent of variables, maps/structs to avoid data race when tests run in parallel. --- docs/developer/testing.md | 2 + .../mode/static/state/graph/policies_test.go | 228 ++++++++---------- .../state/graph/reference_grant_test.go | 29 +-- 3 files changed, 110 insertions(+), 149 deletions(-) diff --git a/docs/developer/testing.md b/docs/developer/testing.md index 205ae8f37b..7804930ff3 100644 --- a/docs/developer/testing.md +++ b/docs/developer/testing.md @@ -36,6 +36,8 @@ the [Counterfeiter](https://github.com/maxbrunsfeld/counterfeiter) tool. Counter implementations of internal and public interfaces, allowing us to isolate and control dependencies during testing. It simplifies the process of mocking and stubbing, making our tests more robust and flexible. +**Parallelize unit tests**: In general, all tests should be designed to run in parallel for faster execution and help uncover bugs. For standard Go tests, this requires adding `t.Parallel()` to every test and subtest. Ginkgo tests, on the other hand, automatically run in parallel without the need for additional configuration. If a component under test requires sequential execution, you can run tests sequentially by using an [ordered container](https://onsi.github.io/ginkgo/#ordered-containers) for Ginkgo tests or by omitting `t.Parallel()` from the go test or subtest. In such cases, it’s essential to include a comment explaining why parallel execution is not possible. + By combining BDD style tests, unit tests, and mock generation, we aim to achieve a comprehensive and maintainable testing strategy. This approach enables us to ensure the correctness, reliability, and flexibility of our codebase while promoting efficient refactoring and continuous development. diff --git a/internal/mode/static/state/graph/policies_test.go b/internal/mode/static/state/graph/policies_test.go index 499b7e8386..340d3f10f0 100644 --- a/internal/mode/static/state/graph/policies_test.go +++ b/internal/mode/static/state/graph/policies_test.go @@ -25,60 +25,20 @@ var testNs = "test" func TestAttachPolicies(t *testing.T) { t.Parallel() policyGVK := schema.GroupVersionKind{Group: "Group", Version: "Version", Kind: "Policy"} - - gwPolicyKey := createTestPolicyKey(policyGVK, "gw-policy") - gwPolicy := &Policy{ - Valid: true, - Source: &policiesfakes.FakePolicy{}, - TargetRefs: []PolicyTargetRef{ - { - Kind: kinds.Gateway, - Group: v1.GroupName, - Nsname: types.NamespacedName{Namespace: testNs, Name: "gateway"}, - }, - { - Kind: kinds.Gateway, - Group: v1.GroupName, - Nsname: types.NamespacedName{Namespace: testNs, Name: "gateway2"}, // ignored - }, - }, - } - - routePolicyKey := createTestPolicyKey(policyGVK, "route-policy") - routePolicy := &Policy{ - Valid: true, - Source: &policiesfakes.FakePolicy{}, - TargetRefs: []PolicyTargetRef{ - { - Kind: kinds.HTTPRoute, - Group: v1.GroupName, - Nsname: types.NamespacedName{Namespace: testNs, Name: "hr-route"}, - }, - { - Kind: kinds.HTTPRoute, - Group: v1.GroupName, - Nsname: types.NamespacedName{Namespace: testNs, Name: "hr2-route"}, - }, - }, - } - - grpcRoutePolicyKey := createTestPolicyKey(policyGVK, "grpc-route-policy") - grpcRoutePolicy := &Policy{ - Valid: true, - Source: &policiesfakes.FakePolicy{}, - TargetRefs: []PolicyTargetRef{ - { - Kind: kinds.GRPCRoute, + createPolicy := func(targetRefsNames []string, refKind v1.Kind) *Policy { + targetRefs := make([]PolicyTargetRef, 0, len(targetRefsNames)) + for _, name := range targetRefsNames { + targetRefs = append(targetRefs, PolicyTargetRef{ + Kind: refKind, Group: v1.GroupName, - Nsname: types.NamespacedName{Namespace: testNs, Name: "grpc-route"}, - }, - }, - } - - ngfPolicies := map[PolicyKey]*Policy{ - gwPolicyKey: gwPolicy, - routePolicyKey: routePolicy, - grpcRoutePolicyKey: grpcRoutePolicy, + Nsname: types.NamespacedName{Namespace: testNs, Name: name}, + }) + } + return &Policy{ + Valid: true, + Source: &policiesfakes.FakePolicy{}, + TargetRefs: targetRefs, + } } createRouteKey := func(name string, routeType RouteType) RouteKey { @@ -88,77 +48,40 @@ func TestAttachPolicies(t *testing.T) { } } - newGraph := func() *Graph { - return &Graph{ - Gateway: &Gateway{ - Source: &v1.Gateway{ - ObjectMeta: metav1.ObjectMeta{ - Name: "gateway", - Namespace: testNs, - }, + createGateway := func(name string) *Gateway { + return &Gateway{ + Source: &v1.Gateway{ + ObjectMeta: metav1.ObjectMeta{ + Name: name, + Namespace: testNs, }, - Valid: true, }, - Routes: map[RouteKey]*L7Route{ - createRouteKey("hr-route", RouteTypeHTTP): { - Source: &v1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ - Name: "hr-route", - Namespace: testNs, - }, - }, - ParentRefs: []ParentRef{ - { - Attachment: &ParentRefAttachmentStatus{ - Attached: true, - }, - }, - }, - Valid: true, - Attachable: true, - }, - createRouteKey("hr2-route", RouteTypeHTTP): { - Source: &v1.HTTPRoute{ - ObjectMeta: metav1.ObjectMeta{ - Name: "hr2-route", - Namespace: testNs, - }, - }, - ParentRefs: []ParentRef{ - { - Attachment: &ParentRefAttachmentStatus{ - Attached: true, - }, - }, + Valid: true, + } + } + + createRoutesForGraph := func(routes map[string]RouteType) map[RouteKey]*L7Route { + routesMap := make(map[RouteKey]*L7Route, len(routes)) + for routeName, routeType := range routes { + routesMap[createRouteKey(routeName, routeType)] = &L7Route{ + Source: &v1.HTTPRoute{ + ObjectMeta: metav1.ObjectMeta{ + Name: routeName, + Namespace: testNs, }, - Valid: true, - Attachable: true, }, - createRouteKey("grpc-route", RouteTypeGRPC): { - Source: &v1alpha2.GRPCRoute{ - ObjectMeta: metav1.ObjectMeta{ - Name: "grpc-route", - Namespace: testNs, - }, - }, - ParentRefs: []ParentRef{ - { - Attachment: &ParentRefAttachmentStatus{ - Attached: true, - }, + ParentRefs: []ParentRef{ + { + Attachment: &ParentRefAttachmentStatus{ + Attached: true, }, }, - Valid: true, - Attachable: true, }, - }, - - NGFPolicies: ngfPolicies, + Valid: true, + Attachable: true, + } } - } - - newModifiedGraph := func(mod func(g *Graph) *Graph) *Graph { - return mod(newGraph()) + return routesMap } expectNoPolicyAttachment := func(g *WithT, graph *Graph) { @@ -192,30 +115,63 @@ func TestAttachPolicies(t *testing.T) { } tests := []struct { - graph *Graph - expect func(g *WithT, graph *Graph) - name string + gateway *Gateway + routes map[RouteKey]*L7Route + ngfPolicies map[PolicyKey]*Policy + expect func(g *WithT, graph *Graph) + name string }{ { name: "nil Gateway", - graph: newModifiedGraph(func(g *Graph) *Graph { - g.Gateway = nil - return g - }), + routes: createRoutesForGraph( + map[string]RouteType{ + "hr1-route": RouteTypeHTTP, + "hr2-route": RouteTypeHTTP, + "grpc-route": RouteTypeGRPC, + }, + ), + ngfPolicies: map[PolicyKey]*Policy{ + createTestPolicyKey(policyGVK, "gw-policy"): createPolicy([]string{"gateway", "gateway1"}, kinds.Gateway), + createTestPolicyKey(policyGVK, "route-policy"): createPolicy( + []string{"hr1-route", "hr2-route"}, + kinds.HTTPRoute, + ), + createTestPolicyKey(policyGVK, "grpc-route-policy"): createPolicy([]string{"grpc-route"}, kinds.GRPCRoute), + }, expect: expectNoPolicyAttachment, }, { - name: "nil routes", - graph: newModifiedGraph(func(g *Graph) *Graph { - g.Routes = nil - return g - }), + name: "nil routes", + gateway: createGateway("gateway"), + ngfPolicies: map[PolicyKey]*Policy{ + createTestPolicyKey(policyGVK, "gw-policy1"): createPolicy([]string{"gateway", "gateway1"}, kinds.Gateway), + createTestPolicyKey(policyGVK, "route-policy1"): createPolicy( + []string{"hr1-route", "hr2-route"}, + kinds.HTTPRoute, + ), + createTestPolicyKey(policyGVK, "grpc-route-policy1"): createPolicy([]string{"grpc-route"}, kinds.GRPCRoute), + }, expect: expectGatewayPolicyAttachment, }, { - name: "normal", - graph: newGraph(), - expect: expectPolicyAttachment, + name: "normal", + routes: createRoutesForGraph( + map[string]RouteType{ + "hr-1": RouteTypeHTTP, + "hr-2": RouteTypeHTTP, + "grpc-1": RouteTypeGRPC, + }, + ), + ngfPolicies: map[PolicyKey]*Policy{ + createTestPolicyKey(policyGVK, "gw-policy2"): createPolicy([]string{"gateway2", "gateway3"}, kinds.Gateway), + createTestPolicyKey(policyGVK, "route-policy2"): createPolicy( + []string{"hr-1", "hr-2"}, + kinds.HTTPRoute, + ), + createTestPolicyKey(policyGVK, "grpc-route-policy2"): createPolicy([]string{"grpc-1"}, kinds.GRPCRoute), + }, + gateway: createGateway("gateway2"), + expect: expectPolicyAttachment, }, } @@ -224,8 +180,14 @@ func TestAttachPolicies(t *testing.T) { t.Parallel() g := NewWithT(t) - test.graph.attachPolicies("nginx-gateway") - test.expect(g, test.graph) + graph := &Graph{ + Gateway: test.gateway, + Routes: test.routes, + NGFPolicies: test.ngfPolicies, + } + + graph.attachPolicies("nginx-gateway") + test.expect(g, graph) }) } } diff --git a/internal/mode/static/state/graph/reference_grant_test.go b/internal/mode/static/state/graph/reference_grant_test.go index 618cba181d..cb9f780a1d 100644 --- a/internal/mode/static/state/graph/reference_grant_test.go +++ b/internal/mode/static/state/graph/reference_grant_test.go @@ -345,63 +345,57 @@ func TestRefAllowedFrom(t *testing.T) { }, } - resolver := newReferenceGrantResolver(refGrants) - refAllowedFromGRPCRoute := resolver.refAllowedFrom(fromGRPCRoute(grNs)) - refAllowedFromHTTPRoute := resolver.refAllowedFrom(fromHTTPRoute(hrNs)) - refAllowedFromTLSRoute := resolver.refAllowedFrom(fromTLSRoute(trNs)) - refAllowedFromGateway := resolver.refAllowedFrom(fromGateway(gwNs)) - tests := []struct { name string - refAllowedFrom func(resource toResource) bool + refAllowedFrom fromResource toResource toResource expAllowed bool }{ { name: "ref allowed from gateway to secret", - refAllowedFrom: refAllowedFromGateway, + refAllowedFrom: fromGateway(gwNs), toResource: toSecret(allowedGatewayNsName), expAllowed: true, }, { name: "ref not allowed from gateway to secret", - refAllowedFrom: refAllowedFromGateway, + refAllowedFrom: fromGateway(gwNs), toResource: toSecret(notAllowedNsName), expAllowed: false, }, { name: "ref allowed from httproute to service", - refAllowedFrom: refAllowedFromHTTPRoute, + refAllowedFrom: fromHTTPRoute(hrNs), toResource: toService(allowedHTTPRouteNsName), expAllowed: true, }, { name: "ref not allowed from httproute to service", - refAllowedFrom: refAllowedFromHTTPRoute, + refAllowedFrom: fromHTTPRoute(hrNs), toResource: toService(notAllowedNsName), expAllowed: false, }, { name: "ref allowed from grpcroute to service", - refAllowedFrom: refAllowedFromGRPCRoute, + refAllowedFrom: fromGRPCRoute(grNs), toResource: toService(allowedGRPCRouteNsName), expAllowed: true, }, { name: "ref not allowed from grpcroute to service", - refAllowedFrom: refAllowedFromGRPCRoute, + refAllowedFrom: fromGRPCRoute(grNs), toResource: toService(notAllowedNsName), expAllowed: false, }, { name: "ref allowed from tlsroute to service", - refAllowedFrom: refAllowedFromTLSRoute, + refAllowedFrom: fromTLSRoute(trNs), toResource: toService(allowedTLSRouteNsName), expAllowed: true, }, { name: "ref not allowed from tlsroute to service", - refAllowedFrom: refAllowedFromTLSRoute, + refAllowedFrom: fromTLSRoute(trNs), toResource: toService(notAllowedNsName), expAllowed: false, }, @@ -411,8 +405,11 @@ func TestRefAllowedFrom(t *testing.T) { t.Run(test.name, func(t *testing.T) { t.Parallel() + resolver := newReferenceGrantResolver(refGrants) + refAllowed := resolver.refAllowedFrom(test.refAllowedFrom) + g := NewWithT(t) - g.Expect(test.refAllowedFrom(test.toResource)).To(Equal(test.expAllowed)) + g.Expect(refAllowed(test.toResource)).To(Equal(test.expAllowed)) }) } } From 365bd3f4b011264e6c702d2f303121ac7e15fc82 Mon Sep 17 00:00:00 2001 From: "renovate[bot]" <29139614+renovate[bot]@users.noreply.github.com> Date: Thu, 26 Sep 2024 16:49:30 +0000 Subject: [PATCH 20/20] Update pre-commit hook gitleaks/gitleaks to v8.19.3 (#2610) | datasource | package | from | to | | ----------- | ----------------- | ------- | ------- | | github-tags | gitleaks/gitleaks | v8.19.2 | v8.19.3 | Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com> --- .pre-commit-config.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 160247d8b5..ff2a31f28e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -27,7 +27,7 @@ repos: exclude: (^examples/|^docs/|.*_test.go$) - repo: https://github.com/gitleaks/gitleaks - rev: v8.19.2 + rev: v8.19.3 hooks: - id: gitleaks