Fix per-app middleware injection #114
Conversation
rbarry82
requested review from
Abuelodelanada,
simskij,
dstathis,
PietroPasotti and
sed-i
| @@ -566,13 +566,8 @@ def _generate_per_app_config(self, data: "RequirerData_IPA") -> Tuple[dict, str] | |||
| } | |||
| } | |||
|
|
|||
| middlewares = self._generate_middleware_config(data, prefix) | |||
| if middlewares: | |||
| router_cfg["middlewares"] = list(middlewares.keys()) | |||
There was a problem hiding this comment.
The difference here is pretty marginal, but if you look below, the additional selector of traefik_router_name is necessary for this to actually work.
|
Works: http:
middlewares:
juju-sidecar-noprefix-ing-catalogue:
stripPrefix:
forceSlash: false
prefixes:
- /ing-catalogue
routers:
juju-ing-catalogue-router:
entryPoints:
- web
middlewares:
- juju-sidecar-noprefix-ing-catalogue
rule: PathPrefix(`/ing-catalogue`)
service: juju-ing-catalogue-service
services:
juju-ing-catalogue-service:
loadBalancer:
servers:
- url: http://catalogue-0.catalogue-endpoints.ing.svc.cluster.local:80 Does not work: This is, incidentally, kind of a reason to distrust unit tests arbitrarily. This "passed" despite being wrong because the helper method always used per-unit. |
|
As kind of an aside here, this is an excellent example of where scenario-based-testing is not a sufficient replacement for integration testing against the "real" workload, unless the expected results from the scenarios are tested against something similar to the Loki server tests. It feels somewhat like overkill to spawn threads for "fake" servers in tests, but it's still much faster than integration tests, the ongoing maintenance is reasonably low considering how infrequently workload versions (or major versions with API changes, anyway) are changed, and it's significantly more reflective of something like a "real" operation than just unit testing. There's an entire separate design discussion which needs to be had about whether or not IPA is actually doing what we think it should be doing, because the intention was probably not "ingress per leader". Similarly, there's one to be had around whether there's a good reason why subdomain/host-based routing and path-based routing are orthogonal, because there's no reason these cannot be combined. And with TLS coming Soon™️ , whether there's a reason we're limiting Lastly, I'll repeat the "good engineers write bugs (because nobody writes perfect code, and good engineers have high output)" mantra, but it doesn't seem that excessively "fluent" test names are helping us. "Excessively long" may seem subjective, so I'll put it as "long enough that the web-based diff in GH truncates them": Despite the very, very long names of the tests which don't add any meaningful "metadata" which isn't in the first few lines of the test definition anyway, none of the The side-effects from the hardcoded helper which nobody noticed earlier (including me) resulted in both:
I repeatedly missed this in code review also. This issue is probably the first time I've really walked through the code in the charm (hence the other design discussions to be had), and it's easy enough to gloss over it for everyone. This assertion in particular kind of feels wrong in a "spidey-sense" kind of way. Any development workflow which involved actually running the action against an IPA relation would not see a '/0 I'll try to do a better job of reviewing PRs like I'm learning a foreign language, or expecting there to be an off-by-one error, or some other metaphor. Or maybe just be less comfortable with the code. It's becoming very easy to look at a PR and say "tests are green, testcases were modified, the actual logic looks ok, so the tests are probably 👌", and for me, at least, walking into any given PR without that level of comfort will make it more likely that at least my set (among the many eyes reviewing) may spot it. |
Issue
The indentation rules for
stripPrefixfor per-app ingress were incorrect, and inconsistent with per-unit ingressing.Solution
Fix the indentation, so it works as expected.
As part of this, extract the "common" configuration block generation logic to a new function (only the actual
PathPrefixand list of LB servers once "ingress" is reworked to no longer be only "ingress per leader, which is the only configured LB, whether intentionally or not") to avoid this kind of frustrating indentation error.Rework the unit tests somewhat so the
*_per_apptests actually test per-app.Finally, fix requirer-side fetching of
urlin IPA.Additional information
It's pretty annoying unintended behavior from Traefik that a value which is at the wrong level of indentation successfully parses, but does not apply, so long as it can be deserialized/unmarshaled into a
map[str][]string, but this actually breaks if the "entire"middlewaresblock is moved, because amap[str]interface{}(or whatever the backing datatype/struct the middleware configs are supposed to be unmarshalled into) does not, and Traefik would actually fail to route to the charm completely rather than just silently ignoring the "intended" middleware block.Release Notes
Fix per-app middleware injection. Unify configuration block generation.