Skip to content
This repository has been archived by the owner on Jul 11, 2023. It is now read-only.

feat(*): ignore invalid traffic targets #4177

Merged
merged 1 commit into from
Oct 1, 2021

Conversation

michelleN
Copy link
Contributor

  • ignores invalid traffic targets when building envoy config
  • provides extra guarantee that even if invalid traffic targets
    exist in cluster before OSM is installed, OSM will ignore them

resovles #4116

Signed-off-by: Michelle Noorali [email protected]

Description:

Testing done:

Affected area:

Functional Area
New Functionality [ ]
CI System [ ]
CLI Tool [ ]
Certificate Management [ ]
Control Plane [ ]
Demo [ ]
Documentation [ ]
Egress [ ]
Ingress [ ]
Install [ ]
Networking [ ]
Observability [ ]
Performance [ ]
SMI Policy [ ]
Security [ ]
Sidecar Injection [ ]
Tests [ ]
Upgrade [ ]
Other [ ]

Please answer the following questions with yes/no.

  1. Does this change contain code from or inspired by another project?

    • Did you notify the maintainers and provide attribution?
  2. Is this a breaking change?

@michelleN michelleN requested a review from a team as a code owner September 27, 2021 23:47
@codecov-commenter
Copy link

codecov-commenter commented Sep 28, 2021

Codecov Report

Merging #4177 (9982f20) into main (f262ef5) will decrease coverage by 0.00%.
The diff coverage is 86.20%.

Impacted file tree graph

@@            Coverage Diff             @@
##             main    #4177      +/-   ##
==========================================
- Coverage   69.91%   69.91%   -0.01%     
==========================================
  Files         212      212              
  Lines       11615    11631      +16     
==========================================
+ Hits         8121     8132      +11     
- Misses       3441     3447       +6     
+ Partials       53       52       -1     
Flag Coverage Δ
unittests 69.91% <86.20%> (-0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
pkg/smi/client.go 83.02% <81.81%> (+0.19%) ⬆️
pkg/catalog/egress.go 85.49% <100.00%> (ø)
pkg/catalog/inbound_traffic_policies.go 93.43% <100.00%> (ø)
pkg/catalog/traffictarget.go 89.77% <100.00%> (-0.23%) ⬇️
pkg/validator/patch.go 87.50% <0.00%> (-8.34%) ⬇️
pkg/injector/webhook.go 90.28% <0.00%> (-2.72%) ⬇️
pkg/reconciler/mutating_webhook_handler.go 86.11% <0.00%> (-2.47%) ⬇️
pkg/reconciler/validating_webhook_handler.go 86.11% <0.00%> (-2.47%) ⬇️
pkg/reconciler/crd_handler.go 82.92% <0.00%> (-2.08%) ⬇️
pkg/errcode/errcode.go 100.00% <0.00%> (ø)
... and 6 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f262ef5...9982f20. Read the comment docs.

@michelleN michelleN marked this pull request as draft September 28, 2021 00:56
@michelleN michelleN force-pushed the traffictarget branch 3 times, most recently from 264be65 to b6cb7a0 Compare September 28, 2021 16:26
@michelleN michelleN marked this pull request as ready for review September 28, 2021 16:43
@michelleN michelleN marked this pull request as draft September 28, 2021 16:59
@michelleN michelleN marked this pull request as ready for review September 28, 2021 22:02
Copy link
Contributor

@draychev draychev left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm

@@ -870,156 +870,3 @@ func TestListInboundTrafficTargetsWithRoutes(t *testing.T) {
})
}
}

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is it true that this test was defacto moved from pkg/catalog/traffictarget_test.go to pkg/smi/client_test.go ?

@@ -280,6 +291,10 @@ func (c *client) ListTrafficTargets(options ...TrafficTargetListOption) []*smiAc
continue
}

if !isValidTrafficTarget(trafficTarget) {
continue
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would it make sense to log.Trace().Msgf() the fact that we found an invalid traffic target?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have a prometheus counter for invalid TrafficTargets? That might be a really good counter to add.
I took the liberty to create the following issue for this #4187

Comment on lines 321 to 323
if rules == nil {
return false
}
if len(rules) == 0 {
return false
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was curious if this could be collapsed. (Not proposing we do - just curious.)
It looks like len(rules) could cover both cases: https://play.golang.org/p/LzR_HKKywFj
image

_, err = fakeClientSet.smiTrafficTargetClientSet.AccessV1alpha3().TrafficTargets("random-namespace").Create(context.TODO(), trafficTargetWithNamespaceMismatch, metav1.CreateOptions{})
Expect(err).ToNot(HaveOccurred())

_, err = fakeClientSet.smiTrafficTargetClientSet.AccessV1alpha3().TrafficTargets(testNamespaceName).Create(context.TODO(), trafficTargetWithInvalidRuleKind, metav1.CreateOptions{})
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Am I correct that we expect this line to not create a new TrafficTarget because it is invalid. So then a few lines below when we list the traffic targets - the count will still be 1?
I wonder if a comment here would help disambiguate this.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I updated these tests to make things clearer

@@ -261,6 +346,15 @@ var _ = Describe("When listing TrafficTargets", func() {

_, err := fakeClientSet.smiTrafficTargetClientSet.AccessV1alpha3().TrafficTargets(testNamespaceName).Create(context.TODO(), trafficTarget, metav1.CreateOptions{})
Expect(err).ToNot(HaveOccurred())

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michelleN would it be possible to add new tests for these new changes instead of updating the existing ones. I plan on refactoring the existing tests to address issues in the pub-sub usage (already have locally). If it's a separate function, would be much easier for me to incorporate those changes without accidentally leaving them out as a part of the cleanup.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

sure thing. done.

+ ignores invalid traffic targets when building envoy config
+ provides extra guarantee that even if invalid traffic targets
exist in cluster before OSM is installed, OSM will ignore them

resovles openservicemesh#4116

Signed-off-by: Michelle Noorali <[email protected]>
@@ -135,7 +135,7 @@ func (mc *MeshCatalog) buildHTTPRouteConfigs(egressPolicy *policyV1alpha1.Egress
var httpRouteMatches []trafficpolicy.HTTPRouteMatch
httpMatchSpecified := false
for _, match := range egressPolicy.Spec.Matches {
if match.APIGroup != nil && *match.APIGroup == smiSpecs.SchemeGroupVersion.String() && match.Kind == httpRouteGroupKind {
if match.APIGroup != nil && *match.APIGroup == smiSpecs.SchemeGroupVersion.String() && match.Kind == smi.HTTPRouteGroupKind {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@@ -91,7 +77,7 @@ func (mc *MeshCatalog) getAllowedDirectionalServiceAccounts(svcIdentity identity
for _, trafficTarget := range allTrafficTargets {
spec := trafficTarget.Spec

if spec.Destination.Kind != serviceAccountKind {
if spec.Destination.Kind != smi.ServiceAccountKind {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@michelleN michelleN merged commit ae5c9d8 into openservicemesh:main Oct 1, 2021
@michelleN michelleN deleted the traffictarget branch October 1, 2021 19:05
snehachhabria pushed a commit to snehachhabria/osm that referenced this pull request Oct 14, 2021
+ ignores invalid traffic targets when building envoy config
+ provides extra guarantee that even if invalid traffic targets
exist in cluster before OSM is installed, OSM will ignore them

resovles openservicemesh#4116

Signed-off-by: Michelle Noorali <[email protected]>
Signed-off-by: Sneha Chhabria <[email protected]>
allenlsy pushed a commit to allenlsy/osm that referenced this pull request Dec 28, 2021
+ ignores invalid traffic targets when building envoy config
+ provides extra guarantee that even if invalid traffic targets
exist in cluster before OSM is installed, OSM will ignore them

resovles openservicemesh#4116

Signed-off-by: Michelle Noorali <[email protected]>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants