Add support for HTTP filters in outbound policy #11083
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
Signed-off-by: Alex Leong <[email protected]>
mateiidavid
approved these changes
Jul 7, 2023
hawkw
approved these changes
Jul 7, 2023
policy-test/tests/outbound_api.rs
Outdated
Comment on lines
682
to
705
| k8s::policy::httproute::HttpRouteFilter::RequestHeaderModifier { | ||
| request_header_modifier: k8s_gateway_api::HttpRequestHeaderFilter { | ||
| set: Some(vec![k8s_gateway_api::HttpHeader { | ||
| name: "set".to_string(), | ||
| value: "set-value".to_string(), | ||
| }]), | ||
| add: Some(vec![k8s_gateway_api::HttpHeader { | ||
| name: "add".to_string(), | ||
| value: "add-value".to_string(), | ||
| }]), | ||
| remove: Some(vec!["remove".to_string()]), | ||
| }, | ||
| }, | ||
| k8s::policy::httproute::HttpRouteFilter::RequestRedirect { | ||
| request_redirect: k8s_gateway_api::HttpRequestRedirectFilter { | ||
| scheme: Some("http".to_string()), | ||
| hostname: Some("host".to_string()), | ||
| path: Some(k8s_gateway_api::HttpPathModifier::ReplacePrefixMatch { | ||
| replace_prefix_match: "/path".to_string(), | ||
| }), | ||
| port: Some(5555), | ||
| status_code: Some(302), | ||
| }, | ||
| }, |
There was a problem hiding this comment.
nit, take it or leave it: we could maybe have a function that returns these filters, since they're used in both tests?
There was a problem hiding this comment.
it occurs to me that there's probably some amount of code that can be shared between these tests and the outbound_api.rs tests, although that's probably worth exploring in a follow-up, rather than in this branch...i'd like to be able to update the tests in one place and ensure both the Gateway and Linkerd versions are being tested, but i also don't want to unnecessarily torture the code in the name of DRY...
Signed-off-by: Alex Leong <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
We add support for the RequestHeaderModifier and RequestRedirect HTTP filters. The policy controller reads these filters in any HttpRoute resource that it indexes (both policy.linkerd.io and gateway.networking.k8s.io) and returns them in the outbound policy API. These filters may be added at the route rule level and at the backend level.
We add outbound api tests for this behavior for both types of HttpRoute.
Incidentally we also fix a flaky test in the outbound api tests where a watch was being recreated partway through a test, leading to a race condition.