From ee8c769fd3e869520c8696de7e07fdd111d7df4d Mon Sep 17 00:00:00 2001 From: jm96441n Date: Tue, 6 Jun 2023 14:17:59 -0400 Subject: [PATCH 1/3] Remove check for reference grant for route to gateway --- .../api-gateway/api_gateway_tenancy_test.go | 12 +- .../api-gateway/binding/binder_test.go | 24 +-- .../api-gateway/binding/reference_grant.go | 31 +--- .../binding/reference_grant_test.go | 158 ------------------ control-plane/api-gateway/binding/result.go | 15 +- .../api-gateway/binding/route_binding.go | 23 +-- control-plane/api-gateway/common/resources.go | 16 +- .../api-gateway/common/translation_test.go | 9 +- 8 files changed, 35 insertions(+), 253 deletions(-) diff --git a/acceptance/tests/api-gateway/api_gateway_tenancy_test.go b/acceptance/tests/api-gateway/api_gateway_tenancy_test.go index f2e6899094..434a581f75 100644 --- a/acceptance/tests/api-gateway/api_gateway_tenancy_test.go +++ b/acceptance/tests/api-gateway/api_gateway_tenancy_test.go @@ -19,6 +19,12 @@ import ( "time" terratestk8s "github.com/gruntwork-io/terratest/modules/k8s" + "github.com/stretchr/testify/require" + metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" + "sigs.k8s.io/controller-runtime/pkg/client" + gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + "github.com/hashicorp/consul-k8s/acceptance/framework/config" "github.com/hashicorp/consul-k8s/acceptance/framework/consul" "github.com/hashicorp/consul-k8s/acceptance/framework/environment" @@ -28,11 +34,6 @@ import ( "github.com/hashicorp/consul-k8s/control-plane/api/v1alpha1" "github.com/hashicorp/consul/api" "github.com/hashicorp/consul/sdk/testutil/retry" - "github.com/stretchr/testify/require" - metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/controller-runtime/pkg/client" - gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ) var ( @@ -174,7 +175,6 @@ func TestAPIGateway_Tenancy(t *testing.T) { // now create reference grants createReferenceGrant(t, k8sClient, "gateway-certificate", gatewayNamespace, certificateNamespace) - createReferenceGrant(t, k8sClient, "route-gateway", routeNamespace, gatewayNamespace) createReferenceGrant(t, k8sClient, "route-service", routeNamespace, serviceNamespace) // gateway updated with references allowed diff --git a/control-plane/api-gateway/binding/binder_test.go b/control-plane/api-gateway/binding/binder_test.go index 065290f56a..65cca94419 100644 --- a/control-plane/api-gateway/binding/binder_test.go +++ b/control-plane/api-gateway/binding/binder_test.go @@ -15,9 +15,6 @@ import ( logrtest "github.com/go-logr/logr/testing" "github.com/google/go-cmp/cmp" - "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" - "github.com/hashicorp/consul-k8s/control-plane/api/v1alpha1" - "github.com/hashicorp/consul/api" "github.com/stretchr/testify/require" corev1 "k8s.io/api/core/v1" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" @@ -25,6 +22,10 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" gwv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" + "github.com/hashicorp/consul-k8s/control-plane/api/v1alpha1" + "github.com/hashicorp/consul/api" ) func init() { @@ -34,9 +35,8 @@ func init() { } const ( - testGatewayClassName = "gateway-class" - testControllerName = "test-controller" - routeListenerReferenceGrantErrorMessage = `http-listener-allowed-selector: reference not permitted due to lack of ReferenceGrant; http-listener-default-same: reference not permitted due to lack of ReferenceGrant; http-listener-explicit-all-allowed: reference not permitted due to lack of ReferenceGrant; http-listener-explicit-allowed-same: reference not permitted due to lack of ReferenceGrant; http-listener-hostname: reference not permitted due to lack of ReferenceGrant; http-listener-mismatched-kind-allowed: reference not permitted due to lack of ReferenceGrant; http-listener-tls: reference not permitted due to lack of ReferenceGrant; tcp-listener-allowed-selector: reference not permitted due to lack of ReferenceGrant; tcp-listener-default-same: reference not permitted due to lack of ReferenceGrant; tcp-listener-explicit-all-allowed: reference not permitted due to lack of ReferenceGrant; tcp-listener-explicit-allowed-same: reference not permitted due to lack of ReferenceGrant; tcp-listener-mismatched-kind-allowed: reference not permitted due to lack of ReferenceGrant; tcp-listener-tls: reference not permitted due to lack of ReferenceGrant` + testGatewayClassName = "gateway-class" + testControllerName = "test-controller" ) var ( @@ -1113,9 +1113,9 @@ func TestBinder_BindingRulesKitchenSink(t *testing.T) { Message: "resolved backend references", }, { Type: "Accepted", - Status: metav1.ConditionFalse, - Reason: "NotAllowedByListeners", - Message: routeListenerReferenceGrantErrorMessage, + Status: metav1.ConditionTrue, + Reason: "Accepted", + Message: "route accepted", }, }}, }), @@ -1628,9 +1628,9 @@ func TestBinder_BindingRulesKitchenSink(t *testing.T) { Message: "resolved backend references", }, { Type: "Accepted", - Status: metav1.ConditionFalse, - Reason: "NotAllowedByListeners", - Message: routeListenerReferenceGrantErrorMessage, + Status: metav1.ConditionTrue, + Reason: "Accepted", + Message: "route accepted", }, }}, }), diff --git a/control-plane/api-gateway/binding/reference_grant.go b/control-plane/api-gateway/binding/reference_grant.go index 12c0f3b048..c2cc421a30 100644 --- a/control-plane/api-gateway/binding/reference_grant.go +++ b/control-plane/api-gateway/binding/reference_grant.go @@ -4,12 +4,13 @@ package binding import ( - "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gwv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" ) type referenceValidator struct { @@ -45,20 +46,6 @@ func (rv *referenceValidator) GatewayCanReferenceSecret(gateway gwv1beta1.Gatewa return rv.referenceAllowed(fromGK, fromNS, toGK, toNS, string(secretRef.Name)) } -func (rv *referenceValidator) HTTPRouteCanReferenceGateway(httproute gwv1beta1.HTTPRoute, parentRef gwv1beta1.ParentReference) bool { - fromNS := httproute.GetNamespace() - fromGK := metav1.GroupKind{ - Group: httproute.GroupVersionKind().Group, - Kind: httproute.GroupVersionKind().Kind, - } - - // Kind should default to Gateway if not set - // https://github.com/kubernetes-sigs/gateway-api/blob/v0.6.2/apis/v1beta1/shared_types.go#L48 - toNS, toGK := createValuesFromRef(parentRef.Namespace, parentRef.Group, parentRef.Kind, common.BetaGroup, common.KindGateway) - - return rv.referenceAllowed(fromGK, fromNS, toGK, toNS, string(parentRef.Name)) -} - func (rv *referenceValidator) HTTPRouteCanReferenceBackend(httproute gwv1beta1.HTTPRoute, backendRef gwv1beta1.BackendRef) bool { fromNS := httproute.GetNamespace() fromGK := metav1.GroupKind{ @@ -73,20 +60,6 @@ func (rv *referenceValidator) HTTPRouteCanReferenceBackend(httproute gwv1beta1.H return rv.referenceAllowed(fromGK, fromNS, toGK, toNS, string(backendRef.Name)) } -func (rv *referenceValidator) TCPRouteCanReferenceGateway(tcpRoute gwv1alpha2.TCPRoute, parentRef gwv1beta1.ParentReference) bool { - fromNS := tcpRoute.GetNamespace() - fromGK := metav1.GroupKind{ - Group: tcpRoute.GroupVersionKind().Group, - Kind: tcpRoute.GroupVersionKind().Kind, - } - - // Kind should default to Gateway if not set - // https://github.com/kubernetes-sigs/gateway-api/blob/v0.6.2/apis/v1beta1/shared_types.go#L48 - toNS, toGK := createValuesFromRef(parentRef.Namespace, parentRef.Group, parentRef.Kind, common.BetaGroup, common.KindGateway) - - return rv.referenceAllowed(fromGK, fromNS, toGK, toNS, string(parentRef.Name)) -} - func (rv *referenceValidator) TCPRouteCanReferenceBackend(tcpRoute gwv1alpha2.TCPRoute, backendRef gwv1beta1.BackendRef) bool { fromNS := tcpRoute.GetNamespace() fromGK := metav1.GroupKind{ diff --git a/control-plane/api-gateway/binding/reference_grant_test.go b/control-plane/api-gateway/binding/reference_grant_test.go index a325a2e927..12f01478fc 100644 --- a/control-plane/api-gateway/binding/reference_grant_test.go +++ b/control-plane/api-gateway/binding/reference_grant_test.go @@ -105,85 +105,6 @@ func TestGatewayCanReferenceSecret(t *testing.T) { } } -func TestHTTPRouteCanReferenceGateway(t *testing.T) { - t.Parallel() - - objName := gwv1beta1.ObjectName("mygateway") - - basicValidReferenceGrant := gwv1beta1.ReferenceGrant{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Namespace: ToNamespace, - }, - Spec: gwv1beta1.ReferenceGrantSpec{ - From: []gwv1beta1.ReferenceGrantFrom{ - { - Group: Group, - Kind: HTTPRouteKind, - Namespace: FromNamespace, - }, - }, - To: []gwv1beta1.ReferenceGrantTo{ - { - Group: Group, - Kind: GatewayKind, - Name: &objName, - }, - }, - }, - } - - gatewayRefGroup := gwv1beta1.Group(Group) - gatewayRefKind := gwv1beta1.Kind(GatewayKind) - gatewayRefNamespace := gwv1beta1.Namespace(ToNamespace) - - cases := map[string]struct { - canReference bool - err error - ctx context.Context - httpRoute gwv1beta1.HTTPRoute - gatewayRef gwv1beta1.ParentReference - k8sReferenceGrants []gwv1beta1.ReferenceGrant - }{ - "httproute allowed to gateway": { - canReference: true, - err: nil, - ctx: context.TODO(), - httpRoute: gwv1beta1.HTTPRoute{ - TypeMeta: metav1.TypeMeta{ - Kind: HTTPRouteKind, - APIVersion: Group + V1Beta1, - }, - ObjectMeta: metav1.ObjectMeta{ - Namespace: FromNamespace, - }, - Spec: gwv1beta1.HTTPRouteSpec{}, - Status: gwv1beta1.HTTPRouteStatus{}, - }, - gatewayRef: gwv1beta1.ParentReference{ - Group: &gatewayRefGroup, - Kind: &gatewayRefKind, - Namespace: &gatewayRefNamespace, - Name: objName, - SectionName: nil, - Port: nil, - }, - k8sReferenceGrants: []gwv1beta1.ReferenceGrant{ - basicValidReferenceGrant, - }, - }, - } - - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - rv := NewReferenceValidator(tc.k8sReferenceGrants) - canReference := rv.HTTPRouteCanReferenceGateway(tc.httpRoute, tc.gatewayRef) - - require.Equal(t, tc.canReference, canReference) - }) - } -} - func TestHTTPRouteCanReferenceBackend(t *testing.T) { t.Parallel() @@ -265,85 +186,6 @@ func TestHTTPRouteCanReferenceBackend(t *testing.T) { } } -func TestTCPRouteCanReferenceGateway(t *testing.T) { - t.Parallel() - - objName := gwv1beta1.ObjectName("mygateway") - - basicValidReferenceGrant := gwv1beta1.ReferenceGrant{ - TypeMeta: metav1.TypeMeta{}, - ObjectMeta: metav1.ObjectMeta{ - Namespace: ToNamespace, - }, - Spec: gwv1beta1.ReferenceGrantSpec{ - From: []gwv1beta1.ReferenceGrantFrom{ - { - Group: Group, - Kind: TCPRouteKind, - Namespace: FromNamespace, - }, - }, - To: []gwv1beta1.ReferenceGrantTo{ - { - Group: Group, - Kind: GatewayKind, - Name: &objName, - }, - }, - }, - } - - gatewayRefGroup := gwv1beta1.Group(Group) - gatewayRefKind := gwv1beta1.Kind(GatewayKind) - gatewayRefNamespace := gwv1beta1.Namespace(ToNamespace) - - cases := map[string]struct { - canReference bool - err error - ctx context.Context - tcpRoute gwv1alpha2.TCPRoute - gatewayRef gwv1beta1.ParentReference - k8sReferenceGrants []gwv1beta1.ReferenceGrant - }{ - "tcpRoute allowed to gateway": { - canReference: true, - err: nil, - ctx: context.TODO(), - tcpRoute: gwv1alpha2.TCPRoute{ - TypeMeta: metav1.TypeMeta{ - Kind: TCPRouteKind, - APIVersion: Group + V1Alpha2, - }, - ObjectMeta: metav1.ObjectMeta{ - Namespace: FromNamespace, - }, - Spec: gwv1alpha2.TCPRouteSpec{}, - Status: gwv1alpha2.TCPRouteStatus{}, - }, - gatewayRef: gwv1beta1.ParentReference{ - Group: &gatewayRefGroup, - Kind: &gatewayRefKind, - Namespace: &gatewayRefNamespace, - Name: objName, - SectionName: nil, - Port: nil, - }, - k8sReferenceGrants: []gwv1beta1.ReferenceGrant{ - basicValidReferenceGrant, - }, - }, - } - - for name, tc := range cases { - t.Run(name, func(t *testing.T) { - rv := NewReferenceValidator(tc.k8sReferenceGrants) - canReference := rv.TCPRouteCanReferenceGateway(tc.tcpRoute, tc.gatewayRef) - - require.Equal(t, tc.canReference, canReference) - }) - } -} - func TestTCPRouteCanReferenceBackend(t *testing.T) { t.Parallel() diff --git a/control-plane/api-gateway/binding/result.go b/control-plane/api-gateway/binding/result.go index 65198eeaf4..dd82cd55b5 100644 --- a/control-plane/api-gateway/binding/result.go +++ b/control-plane/api-gateway/binding/result.go @@ -10,21 +10,18 @@ import ( "strings" mapset "github.com/deckarep/golang-set" - "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" -) -var ( - // override function for tests. - timeFunc = metav1.Now + "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" ) -var ( - // This is used for any error related to a lack of proper reference grant creation. - errRefNotPermitted = errors.New("reference not permitted due to lack of ReferenceGrant") -) +// override function for tests. +var timeFunc = metav1.Now + +// This is used for any error related to a lack of proper reference grant creation. +var errRefNotPermitted = errors.New("reference not permitted due to lack of ReferenceGrant") var ( // Each of the below are specified in the Gateway spec under RouteConditionReason diff --git a/control-plane/api-gateway/binding/route_binding.go b/control-plane/api-gateway/binding/route_binding.go index 2a3be4884b..3eb04bbb68 100644 --- a/control-plane/api-gateway/binding/route_binding.go +++ b/control-plane/api-gateway/binding/route_binding.go @@ -5,13 +5,14 @@ package binding import ( mapset "github.com/deckarep/golang-set" - "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" - "github.com/hashicorp/consul/api" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gwv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/hashicorp/consul-k8s/control-plane/api-gateway/common" + "github.com/hashicorp/consul/api" ) // bindRoute contains the main logic for binding a route to a given gateway. @@ -104,14 +105,6 @@ func (r *Binder) bindRoute(route client.Object, boundCount map[gwv1beta1.Section var result bindResults for _, listener := range listenersFor(&r.config.Gateway, ref.SectionName) { - if !canReferenceGateway(route, ref, r.config.Resources) { - result = append(result, bindResult{ - section: listener.Name, - err: errRefNotPermitted, - }) - continue - } - if !routeKindIsAllowedForListener(supportedKindsForProtocol[listener.Protocol], groupKind) { result = append(result, bindResult{ section: listener.Name, @@ -382,16 +375,6 @@ func getRouteBackends(object client.Object) []gwv1beta1.BackendRef { return nil } -func canReferenceGateway(object client.Object, ref gwv1beta1.ParentReference, resources *common.ResourceMap) bool { - switch v := object.(type) { - case *gwv1beta1.HTTPRoute: - return resources.HTTPRouteCanReferenceGateway(*v, ref) - case *gwv1alpha2.TCPRoute: - return resources.TCPRouteCanReferenceGateway(*v, ref) - } - return false -} - func canReferenceBackend(object client.Object, ref gwv1beta1.BackendRef, resources *common.ResourceMap) bool { switch v := object.(type) { case *gwv1beta1.HTTPRoute: diff --git a/control-plane/api-gateway/common/resources.go b/control-plane/api-gateway/common/resources.go index 4cd3bfc3d2..b1bbede7ac 100644 --- a/control-plane/api-gateway/common/resources.go +++ b/control-plane/api-gateway/common/resources.go @@ -6,13 +6,14 @@ package common import ( mapset "github.com/deckarep/golang-set" "github.com/go-logr/logr" - "github.com/hashicorp/consul-k8s/control-plane/api/v1alpha1" - "github.com/hashicorp/consul/api" corev1 "k8s.io/api/core/v1" "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gwv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" + + "github.com/hashicorp/consul-k8s/control-plane/api/v1alpha1" + "github.com/hashicorp/consul/api" ) // ConsulUpdateOperation is an operation representing an @@ -61,9 +62,7 @@ func (k *KubernetesUpdates) Operations() []client.Object { type ReferenceValidator interface { GatewayCanReferenceSecret(gateway gwv1beta1.Gateway, secretRef gwv1beta1.SecretObjectReference) bool - HTTPRouteCanReferenceGateway(httproute gwv1beta1.HTTPRoute, parentRef gwv1beta1.ParentReference) bool HTTPRouteCanReferenceBackend(httproute gwv1beta1.HTTPRoute, backendRef gwv1beta1.BackendRef) bool - TCPRouteCanReferenceGateway(tcpRoute gwv1alpha2.TCPRoute, parentRef gwv1beta1.ParentReference) bool TCPRouteCanReferenceBackend(tcpRoute gwv1alpha2.TCPRoute, backendRef gwv1beta1.BackendRef) bool } @@ -467,7 +466,6 @@ func (s *ResourceMap) TranslateAndMutateTCPRoute(key types.NamespacedName, onUpd route, ok := s.tcpRouteGateways[consulKey] if !ok { - return } @@ -595,14 +593,6 @@ func (s *ResourceMap) HTTPRouteCanReferenceBackend(route gwv1beta1.HTTPRoute, re return s.referenceValidator.HTTPRouteCanReferenceBackend(route, ref) } -func (s *ResourceMap) HTTPRouteCanReferenceGateway(route gwv1beta1.HTTPRoute, ref gwv1beta1.ParentReference) bool { - return s.referenceValidator.HTTPRouteCanReferenceGateway(route, ref) -} - func (s *ResourceMap) TCPRouteCanReferenceBackend(route gwv1alpha2.TCPRoute, ref gwv1beta1.BackendRef) bool { return s.referenceValidator.TCPRouteCanReferenceBackend(route, ref) } - -func (s *ResourceMap) TCPRouteCanReferenceGateway(route gwv1alpha2.TCPRoute, ref gwv1beta1.ParentReference) bool { - return s.referenceValidator.TCPRouteCanReferenceGateway(route, ref) -} diff --git a/control-plane/api-gateway/common/translation_test.go b/control-plane/api-gateway/common/translation_test.go index 029e4affa7..2c735ad4ac 100644 --- a/control-plane/api-gateway/common/translation_test.go +++ b/control-plane/api-gateway/common/translation_test.go @@ -22,6 +22,7 @@ import ( gwv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" logrtest "github.com/go-logr/logr/testing" + "github.com/hashicorp/consul-k8s/control-plane/api/v1alpha1" "github.com/hashicorp/consul-k8s/control-plane/connect-inject/constants" "github.com/hashicorp/consul/api" @@ -32,15 +33,11 @@ type fakeReferenceValidator struct{} func (v fakeReferenceValidator) GatewayCanReferenceSecret(gateway gwv1beta1.Gateway, secretRef gwv1beta1.SecretObjectReference) bool { return true } -func (v fakeReferenceValidator) HTTPRouteCanReferenceGateway(httproute gwv1beta1.HTTPRoute, parentRef gwv1beta1.ParentReference) bool { - return true -} + func (v fakeReferenceValidator) HTTPRouteCanReferenceBackend(httproute gwv1beta1.HTTPRoute, backendRef gwv1beta1.BackendRef) bool { return true } -func (v fakeReferenceValidator) TCPRouteCanReferenceGateway(tcpRoute gwv1alpha2.TCPRoute, parentRef gwv1beta1.ParentReference) bool { - return true -} + func (v fakeReferenceValidator) TCPRouteCanReferenceBackend(tcpRoute gwv1alpha2.TCPRoute, backendRef gwv1beta1.BackendRef) bool { return true } From abc79e25865771a29c787aa3229a4e5ccacdf7aa Mon Sep 17 00:00:00 2001 From: jm96441n Date: Tue, 6 Jun 2023 15:02:47 -0400 Subject: [PATCH 2/3] Fix tenancy tests --- acceptance/tests/api-gateway/api_gateway_tenancy_test.go | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/acceptance/tests/api-gateway/api_gateway_tenancy_test.go b/acceptance/tests/api-gateway/api_gateway_tenancy_test.go index 434a581f75..838a93b981 100644 --- a/acceptance/tests/api-gateway/api_gateway_tenancy_test.go +++ b/acceptance/tests/api-gateway/api_gateway_tenancy_test.go @@ -146,7 +146,7 @@ func TestAPIGateway_Tenancy(t *testing.T) { require.EqualValues(r, 0, gateway.Status.Listeners[0].AttachedRoutes) checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, trueCondition("Accepted", "Accepted")) checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, falseCondition("Conflicted", "NoConflicts")) - checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, falseCondition("ResolvedRefs", "RefNotPermitted")) + checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, trueCondition("ResolvedRefs", "Accepted")) }) // since the sync operation should fail above, check that we don't have the entry in Consul. @@ -163,8 +163,8 @@ func TestAPIGateway_Tenancy(t *testing.T) { require.EqualValues(r, "gateway", httproute.Status.Parents[0].ParentRef.Name) require.NotNil(r, httproute.Status.Parents[0].ParentRef.Namespace) require.EqualValues(r, gatewayNamespace, *httproute.Status.Parents[0].ParentRef.Namespace) - checkStatusCondition(r, httproute.Status.Parents[0].Conditions, falseCondition("Accepted", "RefNotPermitted")) - checkStatusCondition(r, httproute.Status.Parents[0].Conditions, falseCondition("ResolvedRefs", "RefNotPermitted")) + checkStatusCondition(r, httproute.Status.Parents[0].Conditions, trueCondition("Accepted", "Accepted")) + checkStatusCondition(r, httproute.Status.Parents[0].Conditions, trueCondition("ResolvedRefs", "ResolvedRefs")) }) // since we're not bound to anything, check to make sure that the route doesn't get created in Consul. From b8937aff89c327f95b25aa0757716231fdc8afaf Mon Sep 17 00:00:00 2001 From: jm96441n Date: Tue, 6 Jun 2023 17:17:33 -0400 Subject: [PATCH 3/3] Final cleaning up of acceptance test --- acceptance/tests/api-gateway/api_gateway_tenancy_test.go | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/acceptance/tests/api-gateway/api_gateway_tenancy_test.go b/acceptance/tests/api-gateway/api_gateway_tenancy_test.go index 838a93b981..2f0005da80 100644 --- a/acceptance/tests/api-gateway/api_gateway_tenancy_test.go +++ b/acceptance/tests/api-gateway/api_gateway_tenancy_test.go @@ -143,10 +143,10 @@ func TestAPIGateway_Tenancy(t *testing.T) { checkStatusCondition(r, gateway.Status.Conditions, falseCondition("Synced", "SyncError")) require.Len(r, gateway.Status.Listeners, 1) - require.EqualValues(r, 0, gateway.Status.Listeners[0].AttachedRoutes) + require.EqualValues(r, 1, gateway.Status.Listeners[0].AttachedRoutes) checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, trueCondition("Accepted", "Accepted")) checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, falseCondition("Conflicted", "NoConflicts")) - checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, trueCondition("ResolvedRefs", "Accepted")) + checkStatusCondition(r, gateway.Status.Listeners[0].Conditions, falseCondition("ResolvedRefs", "RefNotPermitted")) }) // since the sync operation should fail above, check that we don't have the entry in Consul. @@ -164,12 +164,9 @@ func TestAPIGateway_Tenancy(t *testing.T) { require.NotNil(r, httproute.Status.Parents[0].ParentRef.Namespace) require.EqualValues(r, gatewayNamespace, *httproute.Status.Parents[0].ParentRef.Namespace) checkStatusCondition(r, httproute.Status.Parents[0].Conditions, trueCondition("Accepted", "Accepted")) - checkStatusCondition(r, httproute.Status.Parents[0].Conditions, trueCondition("ResolvedRefs", "ResolvedRefs")) + checkStatusCondition(r, httproute.Status.Parents[0].Conditions, falseCondition("ResolvedRefs", "RefNotPermitted")) }) - // since we're not bound to anything, check to make sure that the route doesn't get created in Consul. - checkConsulNotExists(t, consulClient, api.HTTPRoute, "route", namespaceForConsul(c.namespaceMirroring, routeNamespace)) - // we only sync validly referenced certificates over, so check to make sure it is not created. checkConsulNotExists(t, consulClient, api.InlineCertificate, "certificate", namespaceForConsul(c.namespaceMirroring, certificateNamespace))