Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Check for ReferenceGrants from GRPCRoutes to Services #2337

Merged
merged 1 commit into from
Aug 7, 2024

Conversation

kate-osborn
Copy link
Contributor

Proposed changes

Problem: ReferenceGrants that permit GRPCRoutes to reference Services in different namespaces are ignored by NGF., effectively preventing all cross-namespace routing for GRPC traffic.

Solution: Check for ReferenceGrants from GRPCRoutes to Services when validating GRPCRoutes. If a ReferenceGrant exists that permits the cross-namespace reference, allow it.

Testing: Verified that a GRPCRoute that references a Service in a different namespace is allowed if and only if a ReferenceGrant exits for that particular reference.

Closes #2333

Checklist

Before creating a PR, run through this checklist and mark each as complete.

  • I have read the CONTRIBUTING doc
  • I have added tests that prove my fix is effective or that my feature works
  • I have checked that all unit tests pass after adding my changes
  • I have updated necessary documentation
  • I have rebased my branch onto main
  • I will ensure my PR is targeting the main branch and pulling from my branch from my own fork

Release notes

If this PR introduces a change that affects users and needs to be mentioned in the release notes,
please add a brief note that summarizes the change.

Honor ReferenceGrants that allow GRPCRoutes to reference Services in different namespaces

@kate-osborn kate-osborn requested a review from a team as a code owner August 6, 2024 17:57
@github-actions github-actions bot added the bug Something isn't working label Aug 6, 2024
Copy link

codecov bot commented Aug 6, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 87.77%. Comparing base (9840a51) to head (3500d5e).

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #2337      +/-   ##
==========================================
+ Coverage   87.74%   87.77%   +0.03%     
==========================================
  Files          96       96              
  Lines        6830     6847      +17     
  Branches       50       50              
==========================================
+ Hits         5993     6010      +17     
  Misses        780      780              
  Partials       57       57              

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

Copy link
Contributor

@salonichf5 salonichf5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@kate-osborn kate-osborn force-pushed the fix/grpcroute-ref-grant branch from 3a1dc7b to 3500d5e Compare August 7, 2024 15:46
@kate-osborn kate-osborn enabled auto-merge (squash) August 7, 2024 15:53
@kate-osborn kate-osborn merged commit 7b5c6ab into nginxinc:main Aug 7, 2024
37 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working release-notes
Projects
Archived in project
Development

Successfully merging this pull request may close these issues.

ReferenceGrants are ignored by GRPCRoute
3 participants