Make gwctl ReferenceGrant aware. Capture any errors observed while co…

…nstructing the resource graph. (#3029) * Do not calculate effective policy for the Gateway if the GatewayClass is incorrect. For now, we only calculate effective policy once the references are corrected. * Use ReferenceGrants to determine if a cross-namespace reference from HTTPRoute to a Backend is valid. * Move ObjRef to common package with no internal dependency * Capture incorrect reference errors (like reference not found or not permitted) in the resourceModel. This will be available for consumption by the views. * fix backends printer test to work with reference grants. Also minimize test surface. * fixup! Use ReferenceGrants to determine if a cross-namespace reference from HTTPRoute to a Backend is valid. * fix: Correct the error message when we fail to parse label selector * fixup! Use ReferenceGrants to determine if a cross-namespace reference from HTTPRoute to a Backend is valid. * fixup! Do not calculate effective policy for the Gateway if the GatewayClass is incorrect.
kubernetes-sigs · May 2, 2024 · 654dde5 · 654dde5
1 parent cd175ec
commit 654dde5
Show file tree

Hide file tree

Showing 12 changed files with 891 additions and 434 deletions.
diff --git a/gwctl/cmd/describe.go b/gwctl/cmd/describe.go
@@ -122,7 +122,7 @@ func runDescribe(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "httproute", "httproutes":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{
@@ -142,7 +142,7 @@ func runDescribe(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "gateway", "gateways":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{
@@ -162,7 +162,7 @@ func runDescribe(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "gatewayclass", "gatewayclasses":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{
@@ -181,7 +181,7 @@ func runDescribe(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "backend", "backends":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{
@@ -201,7 +201,7 @@ func runDescribe(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "namespace", "namespaces", "ns":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{

diff --git a/gwctl/cmd/get.go b/gwctl/cmd/get.go
@@ -104,7 +104,7 @@ func runGet(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "namespace", "namespaces", "ns":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		resourceModel, err = discoverer.DiscoverResourcesForNamespace(resourcediscovery.Filter{Labels: selector})
@@ -117,7 +117,7 @@ func runGet(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "gateway", "gateways":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{Namespace: ns, Labels: selector}
@@ -134,7 +134,7 @@ func runGet(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "gatewayclass", "gatewayclasses":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{Namespace: ns, Labels: selector}
@@ -161,7 +161,7 @@ func runGet(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "httproute", "httproutes":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{Namespace: ns, Labels: selector}
@@ -178,7 +178,7 @@ func runGet(cmd *cobra.Command, args []string, params *utils.CmdParams) {
 	case "backend", "backends":
 		selector, err := labels.Parse(labelSelector)
 		if err != nil {
-			fmt.Fprintf(os.Stderr, "Unable to find resources that match the label selector \"%s\": %v\n", labelSelector, err)
+			fmt.Fprintf(os.Stderr, "Failed to parse label selector %q: %v\n", labelSelector, err)
 			os.Exit(1)
 		}
 		filter := resourcediscovery.Filter{Namespace: ns, Labels: selector}

diff --git a/gwctl/pkg/common/testhelpers.go b/gwctl/pkg/common/testhelpers.go
@@ -22,6 +22,8 @@ import (
 	"strings"
 
 	"github.com/google/go-cmp/cmp"
+	corev1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 )
 
 // YamlString defines a custom type for wrapping yaml texts. It makes use of
@@ -71,3 +73,14 @@ func (src JSONString) CmpDiff(tgt JSONString) (diff string, err error) {
 
 	return cmp.Diff(srcMap, targetMap), nil
 }
+
+func NamespaceForTest(name string) *corev1.Namespace {
+	return &corev1.Namespace{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: name,
+		},
+		Status: corev1.NamespaceStatus{
+			Phase: corev1.NamespaceActive,
+		},
+	}
+}
diff --git a/gwctl/pkg/common/types.go b/gwctl/pkg/common/types.go
@@ -0,0 +1,26 @@
+/*
+Copyright 2024 The Kubernetes Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+package common
+
+// ObjRef defines a reference to a Kubernetes resource, using plain strings for
+// easier comparison.
+type ObjRef struct {
+	Group     string `json:",omitempty"`
+	Kind      string `json:",omitempty"`
+	Name      string `json:",omitempty"`
+	Namespace string `json:",omitempty"`
+}