Skip to content

Commit

Permalink
bug: fix printable for ir xds (envoyproxy#2512)
Browse files Browse the repository at this point in the history
* bug: fix printable for ir xds

Signed-off-by: Arko Dasgupta <[email protected]>

* fix test

Signed-off-by: Arko Dasgupta <[email protected]>

---------

Signed-off-by: Arko Dasgupta <[email protected]>
Co-authored-by: zirain <[email protected]>
  • Loading branch information
arkodg and zirain authored Jan 27, 2024
1 parent b33f09b commit 93361a6
Show file tree
Hide file tree
Showing 4 changed files with 38 additions and 11 deletions.
8 changes: 2 additions & 6 deletions internal/gatewayapi/runner/runner.go
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,6 @@ import (

"k8s.io/apimachinery/pkg/runtime/schema"
v1 "sigs.k8s.io/gateway-api/apis/v1"
"sigs.k8s.io/yaml"

"github.com/envoyproxy/gateway/api/v1alpha1"
"github.com/envoyproxy/gateway/internal/envoygateway/config"
Expand Down Expand Up @@ -78,11 +77,6 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) {
// Translate to IR
result := t.Translate(val)

yamlXdsIR, _ := yaml.Marshal(&result.XdsIR)
r.Logger.WithValues("output", "xds-ir").Info(string(yamlXdsIR))
yamlInfraIR, _ := yaml.Marshal(&result.InfraIR)
r.Logger.WithValues("output", "infra-ir").Info(string(yamlInfraIR))

var curKeys, newKeys []string
// Get current IR keys
for key := range r.InfraIR.LoadAll() {
Expand All @@ -92,6 +86,7 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) {
// Publish the IRs.
// Also validate the ir before sending it.
for key, val := range result.InfraIR {
r.Logger.WithValues("infra-ir", key).Info(val.YAMLString())
if err := val.Validate(); err != nil {
r.Logger.Error(err, "unable to validate infra ir, skipped sending it")
errChan <- err
Expand All @@ -102,6 +97,7 @@ func (r *Runner) subscribeAndTranslate(ctx context.Context) {
}

for key, val := range result.XdsIR {
r.Logger.WithValues("xds-ir", key).Info(val.YAMLString())
if err := val.Validate(); err != nil {
r.Logger.Error(err, "unable to validate xds ir, skipped sending it")
errChan <- err
Expand Down
6 changes: 6 additions & 0 deletions internal/ir/infra.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,7 @@ import (

"golang.org/x/exp/slices"
utilerrors "k8s.io/apimachinery/pkg/util/errors"
"sigs.k8s.io/yaml"

"github.com/envoyproxy/gateway/api/v1alpha1"
)
Expand All @@ -28,6 +29,11 @@ type Infra struct {
Proxy *ProxyInfra `json:"proxy" yaml:"proxy"`
}

func (i Infra) YAMLString() string {
y, _ := yaml.Marshal(&i)
return string(y)
}

// ProxyInfra defines managed proxy infrastructure.
// +k8s:deepcopy-gen=true
type ProxyInfra struct {
Expand Down
19 changes: 15 additions & 4 deletions internal/ir/xds.go
Original file line number Diff line number Diff line change
Expand Up @@ -13,11 +13,11 @@ import (
"reflect"

"golang.org/x/exp/slices"

apiextensionsv1 "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/apis/meta/v1/unstructured"
"k8s.io/apimachinery/pkg/util/validation"
"sigs.k8s.io/yaml"

egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1"
egv1a1validation "github.com/envoyproxy/gateway/api/v1alpha1/validation"
Expand Down Expand Up @@ -57,6 +57,8 @@ var (
ErrHCHTTPExpectedStatusesInvalid = errors.New("field HTTPHealthChecker.ExpectedStatuses should be specified")
ErrHealthCheckPayloadInvalid = errors.New("one of Text, Binary fields must be set in payload")
ErrHTTPStatusInvalid = errors.New("HTTPStatus should be in [200,600)")

redacted = []byte("[redacted]")
)

// Xds holds the intermediate representation of a Gateway and is
Expand Down Expand Up @@ -155,20 +157,29 @@ func (x Xds) GetUDPListener(name string) *UDPListener {
return nil
}

func (x Xds) YAMLString() string {
y, _ := yaml.Marshal(x.Printable())
return string(y)
}

// Printable returns a deep copy of the resource that can be safely logged.
func (x Xds) Printable() *Xds {
out := x.DeepCopy()
for _, listener := range out.HTTP {
// Omit field
listener.TLS = nil
if listener.TLS != nil {
for i := range listener.TLS.Certificates {
listener.TLS.Certificates[i].PrivateKey = redacted
}
}

for _, route := range listener.Routes {
// Omit field
if route.OIDC != nil {
route.OIDC.ClientSecret = []byte{}
route.OIDC.ClientSecret = redacted
}
if route.BasicAuth != nil {
route.BasicAuth.Users = []byte{}
route.BasicAuth.Users = redacted
}
}
}
Expand Down
16 changes: 15 additions & 1 deletion internal/ir/xds_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,20 @@ var (
}}},
Routes: []*HTTPRoute{&happyHTTPRoute},
}
redactedHappyHTTPSListener = HTTPListener{
Name: "happy",
Address: "0.0.0.0",
Port: 80,
Hostnames: []string{"example.com"},
TLS: &TLSConfig{
Certificates: []TLSCertificate{{

Name: "happy",
ServerCertificate: []byte{1, 2, 3},
PrivateKey: redacted,
}}},
Routes: []*HTTPRoute{&happyHTTPRoute},
}
invalidAddrHTTPListener = HTTPListener{
Name: "invalid-addr",
Address: "1.0.0",
Expand Down Expand Up @@ -1217,7 +1231,7 @@ func TestPrintable(t *testing.T) {
HTTP: []*HTTPListener{&happyHTTPSListener},
},
want: &Xds{
HTTP: []*HTTPListener{&happyHTTPListener},
HTTP: []*HTTPListener{&redactedHappyHTTPSListener},
},
},
}
Expand Down

0 comments on commit 93361a6

Please sign in to comment.