Skip to content

Commit

Permalink
Validate k8s_gateway_api::HttpRouteSpec
Browse files Browse the repository at this point in the history 
Signed-off-by: Takumi Sue <[email protected]>
  • Loading branch information
@mikutas
mikutas committed Jul 26, 2023
1 parent e9da7ea commit 7f9a7fc
Showing 1 changed file with 77 additions and 27 deletions.
104 changes: 77 additions & 27 deletions policy-controller/src/admission.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -123,6 +123,10 @@ impl Admission {
return self.admit_spec::<HttpRouteSpec>(req).await;
}

if is_kind::<k8s_gateway_api::HttpRoute>(&req) {
return self.admit_spec::<k8s_gateway_api::HttpRouteSpec>(req).await;
}

AdmissionResponse::invalid(format_args!(
"unsupported resource type: {}.{}.{}",
req.kind.group, req.kind.version, req.kind.kind
Expand Down Expand Up @@ -422,36 +426,35 @@ impl Validate<ServerAuthorizationSpec> for Admission {
}
}

#[async_trait::async_trait]
impl Validate<HttpRouteSpec> for Admission {
async fn validate(self, _ns: &str, _name: &str, spec: HttpRouteSpec) -> Result<()> {
use index::http_route;

fn validate_match(
httproute::HttpRouteMatch {
path,
headers,
query_params,
method,
}: httproute::HttpRouteMatch,
) -> Result<()> {
let _ = path.map(http_route::path_match).transpose()?;
let _ = method
.as_deref()
.map(core::http_route::Method::try_from)
.transpose()?;

for q in query_params.into_iter().flatten() {
http_route::query_param_match(q)?;
}
use index::http_route;
fn validate_match(
httproute::HttpRouteMatch {
path,
headers,
query_params,
method,
}: httproute::HttpRouteMatch,
) -> Result<()> {
let _ = path.map(http_route::path_match).transpose()?;
let _ = method
.as_deref()
.map(core::http_route::Method::try_from)
.transpose()?;

for q in query_params.into_iter().flatten() {
http_route::query_param_match(q)?;
}

for h in headers.into_iter().flatten() {
http_route::header_match(h)?;
}
for h in headers.into_iter().flatten() {
http_route::header_match(h)?;
}

Ok(())
}
Ok(())
}

#[async_trait::async_trait]
impl Validate<HttpRouteSpec> for Admission {
async fn validate(self, _ns: &str, _name: &str, spec: HttpRouteSpec) -> Result<()> {
fn validate_filter(filter: httproute::HttpRouteFilter) -> Result<()> {
match filter {
httproute::HttpRouteFilter::RequestHeaderModifier {
Expand Down Expand Up @@ -513,3 +516,50 @@ impl Validate<HttpRouteSpec> for Admission {
Ok(())
}
}

#[async_trait::async_trait]
impl Validate<k8s_gateway_api::HttpRouteSpec> for Admission{
async fn validate(self, _ns: &str, _name: &str, spec: k8s_gateway_api::HttpRouteSpec) -> Result<()> {

fn validate_filter(filter: k8s_gateway_api::HttpRouteFilter) -> Result<()> {
match filter {
k8s_gateway_api::HttpRouteFilter::RequestHeaderModifier {
request_header_modifier,
} => http_route::req_header_modifier(request_header_modifier).map(|_| ()),
k8s_gateway_api::HttpRouteFilter::RequestRedirect { request_redirect } => {
http_route::req_redirect(request_redirect).map(|_| ())
}
k8s_gateway_api::HttpRouteFilter::RequestMirror { .. } => {
Ok(())
}
k8s_gateway_api::HttpRouteFilter::URLRewrite { .. } => {
Ok(())
}
k8s_gateway_api::HttpRouteFilter::ExtensionRef { .. } => {
Ok(())
}
}
}

// Validate the rules in this spec.
// This is essentially equivalent to the indexer's conversion function
// from `HttpRouteSpec` to `InboundRouteBinding`, except that we don't
// actually allocate stuff in order to return an `InboundRouteBinding`.
for k8s_gateway_api::HttpRouteRule {
filters,
matches,
..
} in spec.rules.into_iter().flatten()
{
for m in matches.into_iter().flatten() {
validate_match(m)?;
}

for f in filters.into_iter().flatten() {
validate_filter(f)?;
}
}

Ok(())
}
}

0 comments on commit 7f9a7fc

Please sign in to comment.