feat(MeshProxyPatch): allow policy to target MeshGateway resources (#…

…8044) Signed-off-by: Bart Smykla <bartek@smykla.com>
kumahq · Oct 13, 2023 · 55696b8 · 55696b8
1 parent ca85e8f
commit 55696b8
Show file tree

Hide file tree

Showing 3 changed files with 52 additions and 9 deletions.
diff --git a/pkg/plugins/policies/core/matchers/dataplane.go b/pkg/plugins/policies/core/matchers/dataplane.go
@@ -230,17 +230,20 @@ func listenersSelectedByMeshGatewayRef(
 	dpp *core_mesh.DataplaneResource,
 	gateway *core_mesh.MeshGatewayResource,
 ) []core_rules.InboundListener {
-	result := []core_rules.InboundListener{}
-	if name == gateway.GetMeta().GetName() {
-		for _, listener := range gateway.Spec.GetConf().GetListeners() {
-			if mesh_proto.TagSelector(tags).Matches(listener.GetTags()) {
-				result = append(result, core_rules.InboundListener{
-					Address: dpp.Spec.GetNetworking().GetAddress(),
-					Port:    listener.Port,
-				})
-			}
+	if gateway == nil || name != gateway.GetMeta().GetName() {
+		return nil
+	}
+
+	var result []core_rules.InboundListener
+	for _, listener := range gateway.Spec.GetConf().GetListeners() {
+		if mesh_proto.TagSelector(tags).Matches(listener.GetTags()) {
+			result = append(result, core_rules.InboundListener{
+				Address: dpp.Spec.GetNetworking().GetAddress(),
+				Port:    listener.Port,
+			})
 		}
 	}
+
 	return result
 }
 

diff --git a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go
@@ -37,6 +37,7 @@ func validateTop(targetRef common_api.TargetRef) validators.ValidationError {
 			common_api.MeshSubset,
 			common_api.MeshService,
 			common_api.MeshServiceSubset,
+			common_api.MeshGateway,
 		},
 	})
 	return targetRefErr

diff --git a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator_test.go
@@ -255,6 +255,45 @@ default:
         value: false
   - httpFilter:
       operation: Remove
+    `),
+			Entry("modifications for MeshGateway", `
+targetRef:
+  kind: MeshGateway
+  name: gateway
+default:
+  appendModifications:
+  - cluster:
+      operation: Patch
+      jsonPatches:
+        - op: replace
+          path: /foo/bar
+          value: baz
+        - op: replace
+          path: /foo
+          value:
+            bar: baz
+  - listener:
+      operation: Add
+      value: |
+        name: xyz
+        address:
+          socketAddress:
+            address: 192.168.0.1
+            portValue: 8080
+  - networkFilter:
+      operation: AddFirst
+      value: |
+        name: envoy.filters.network.tcp_proxy
+        typedConfig:
+          '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy
+          cluster: backend
+  - httpFilter:
+      operation: AddFirst
+      value: |
+        name: envoy.filters.http.router
+        typedConfig:
+          '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+          dynamicStats: false
     `),
 		)