From 55696b85b6d0682fe55e7322df7b240d34d6468f Mon Sep 17 00:00:00 2001 From: Bart Smykla Date: Fri, 13 Oct 2023 10:12:56 +0200 Subject: [PATCH] feat(MeshProxyPatch): allow policy to target MeshGateway resources (#8044) Signed-off-by: Bart Smykla --- .../policies/core/matchers/dataplane.go | 21 +++++----- .../meshproxypatch/api/v1alpha1/validator.go | 1 + .../api/v1alpha1/validator_test.go | 39 +++++++++++++++++++ 3 files changed, 52 insertions(+), 9 deletions(-) diff --git a/pkg/plugins/policies/core/matchers/dataplane.go b/pkg/plugins/policies/core/matchers/dataplane.go index 24a6f088775f..7e43582dd129 100644 --- a/pkg/plugins/policies/core/matchers/dataplane.go +++ b/pkg/plugins/policies/core/matchers/dataplane.go @@ -230,17 +230,20 @@ func listenersSelectedByMeshGatewayRef( dpp *core_mesh.DataplaneResource, gateway *core_mesh.MeshGatewayResource, ) []core_rules.InboundListener { - result := []core_rules.InboundListener{} - if name == gateway.GetMeta().GetName() { - for _, listener := range gateway.Spec.GetConf().GetListeners() { - if mesh_proto.TagSelector(tags).Matches(listener.GetTags()) { - result = append(result, core_rules.InboundListener{ - Address: dpp.Spec.GetNetworking().GetAddress(), - Port: listener.Port, - }) - } + if gateway == nil || name != gateway.GetMeta().GetName() { + return nil + } + + var result []core_rules.InboundListener + for _, listener := range gateway.Spec.GetConf().GetListeners() { + if mesh_proto.TagSelector(tags).Matches(listener.GetTags()) { + result = append(result, core_rules.InboundListener{ + Address: dpp.Spec.GetNetworking().GetAddress(), + Port: listener.Port, + }) } } + return result } diff --git a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go index 651298db480b..382b95536efe 100644 --- a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go +++ b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator.go @@ -37,6 +37,7 @@ func validateTop(targetRef common_api.TargetRef) validators.ValidationError { common_api.MeshSubset, common_api.MeshService, common_api.MeshServiceSubset, + common_api.MeshGateway, }, }) return targetRefErr diff --git a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator_test.go b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator_test.go index 685d3be6ad59..e7d2710895a7 100644 --- a/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator_test.go +++ b/pkg/plugins/policies/meshproxypatch/api/v1alpha1/validator_test.go @@ -255,6 +255,45 @@ default: value: false - httpFilter: operation: Remove + `), + Entry("modifications for MeshGateway", ` +targetRef: + kind: MeshGateway + name: gateway +default: + appendModifications: + - cluster: + operation: Patch + jsonPatches: + - op: replace + path: /foo/bar + value: baz + - op: replace + path: /foo + value: + bar: baz + - listener: + operation: Add + value: | + name: xyz + address: + socketAddress: + address: 192.168.0.1 + portValue: 8080 + - networkFilter: + operation: AddFirst + value: | + name: envoy.filters.network.tcp_proxy + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.network.tcp_proxy.v3.TcpProxy + cluster: backend + - httpFilter: + operation: AddFirst + value: | + name: envoy.filters.http.router + typedConfig: + '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router + dynamicStats: false `), )