Merge branch 'main' into hosts-fqdn-4

* main: v2alpha1 CORS and Hosts (kyma-project#1157) gomod(deps): bump github.com/gardener/external-dns-management (kyma-project#1162) chore: add oathkeeper log collection (kyma-project#1164) Add rules validation for v2alpha1 (kyma-project#1156) Update security scanner config (kyma-project#1163) bug: increase retry attempts for ory scenarios (kyma-project#1160) Replace all context TODO (kyma-project#1158) Bump cypress from 13.12.0 to 13.13.0 in /tests/ui/tests (kyma-project#1144) feat: more log gathering in int test jobs (kyma-project#1154) gomod(deps): bump golang.org/x/net from 0.26.0 to 0.27.0 (kyma-project#1145) Remove blank spaces (kyma-project#1152) # Conflicts: # internal/validation/v2alpha1/v2alpha1.go # internal/validation/v2alpha1/v2alpha1_test.go
mluk-sap · Jul 16, 2024 · f6227f4 · f6227f4
2 parents 6802529 + 34e5a44
commit f6227f4
Show file tree

Hide file tree

Showing 59 changed files with 3,344 additions and 1,849 deletions.
diff --git a/.github/actions/integration-test-gardener/action.yaml b/.github/actions/integration-test-gardener/action.yaml
@@ -58,6 +58,23 @@ runs:
       run: |
         EXPORT_RESULT=true \
         ${{ inputs.script }}
+    - shell: bash
+      name: gather deployment logs
+      if: failure()
+      run: |
+        mkdir logs
+        (kubectl logs -n kyma-system deployments/istio-controller-manager || true) > logs/istio-controller-manager.log
+        (kubectl logs -n kyma-system deployments/api-gateway-controller-manager || true) > logs/api-gateway-controller-manager.log
+        (kubectl logs -n istio-system deployments/istio-ingressgateway || true) > logs/istio-ingressgateway.log
+        (kubectl logs -n istio-system deployments/istiod || true) > logs/istiod.log
+        (kubectl get --all-namespaces apirules.gateway.kyma-project.io -oyaml || true) > logs/apirules-dump.yaml
+        (kubectl get --all-namespaces apigateways.operator.kyma-project.io -oyaml || true) > logs/gateway-dump.yaml
+    - name: Uploads logs
+      uses: actions/upload-artifact@v4
+      if: failure()
+      with:
+        name: logs-${{ github.job }}
+        path: logs/
     - name: Uploads artifacts
       uses: actions/upload-artifact@v4
       with:

diff --git a/.github/actions/integration-tests/action.yaml b/.github/actions/integration-tests/action.yaml
@@ -45,8 +45,27 @@ runs:
       run: |
         EXPORT_RESULT=true \
         make install-istio deploy test-integration
+    - shell: bash
+      name: gather deployment logs
+      if: failure()
+      run: |
+        mkdir logs
+        (kubectl logs -n kyma-system deployments/istio-controller-manager || true) > logs/istio-controller-manager.log
+        (kubectl logs -n kyma-system deployments/api-gateway-controller-manager || true) > logs/api-gateway-controller-manager.log
+        (kubectl logs -n istio-system deployments/istio-ingressgateway || true) > logs/istio-ingressgateway.log
+        (kubectl logs -n istio-system deployments/istiod || true) > logs/istiod.log
+        (kubectl logs -n kyma-system deployments/ory-oathkeeper || true) > logs/ory-oathkeeper.log
+        (kubectl get --all-namespaces apirules.gateway.kyma-project.io -oyaml || true) > logs/apirules-dump.yaml
+        (kubectl get --all-namespaces apigateways.operator.kyma-project.io -oyaml || true) > logs/gateway-dump.yaml
+        (kubectl get -n kyma-system deployment ory-oathkeeper -oyaml || true) > logs/ory-oathkeeper-dump.yaml
     - name: Uploads artifacts
       uses: actions/upload-artifact@v4
       with:
         name: html-reports-${{ github.job }}
         path: tests/integration/reports/
+    - name: Uploads logs
+      uses: actions/upload-artifact@v4
+      if: failure()
+      with:
+        name: logs-${{ github.job }}
+        path: logs/
diff --git a/apis/gateway/v2alpha1/rule.go b/apis/gateway/v2alpha1/rule.go
@@ -7,3 +7,12 @@ func (r *Rule) ContainsAccessStrategyJwt() bool {
 func (r *Rule) ContainsNoAuth() bool {
 	return r.NoAuth != nil
 }
+
+func ConvertHttpMethodsToStrings(methods []HttpMethod) []string {
+	strings := make([]string, len(methods))
+	for i, method := range methods {
+		strings[i] = string(method)
+	}
+
+	return strings
+}
diff --git a/controllers/gateway/api_controller_integration_test.go b/controllers/gateway/api_controller_integration_test.go
diff --git a/controllers/gateway/apirule_controller_status_integration_test.go b/controllers/gateway/apirule_controller_status_integration_test.go
@@ -38,8 +38,8 @@ var _ = Describe("Resource status", Serial, func() {
 			svc := testService(serviceName, testNamespace, testServicePort)
 
 			// when
-			Expect(c.Create(context.TODO(), svc)).Should(Succeed())
-			Expect(c.Create(context.TODO(), instance)).Should(Succeed())
+			Expect(c.Create(context.Background(), svc)).Should(Succeed())
+			Expect(c.Create(context.Background(), instance)).Should(Succeed())
 			defer func() {
 				apiRuleTeardown(instance)
 				serviceTeardown(svc)
@@ -48,7 +48,7 @@ var _ = Describe("Resource status", Serial, func() {
 			// then
 			Eventually(func(g Gomega) {
 				created := gatewayv1beta1.APIRule{}
-				g.Expect(c.Get(context.TODO(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
+				g.Expect(c.Get(context.Background(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
 				g.Expect(created.Status.APIRuleStatus).NotTo(BeNil())
 				g.Expect(created.Status.APIRuleStatus.Code).To(Equal(gatewayv1beta1.StatusOK))
 				g.Expect(created.Status.VirtualServiceStatus.Code).To(Equal(gatewayv1beta1.StatusOK))
@@ -77,8 +77,8 @@ var _ = Describe("Resource status", Serial, func() {
 			svc := testService(serviceName, testNamespace, testServicePort)
 
 			// when
-			Expect(c.Create(context.TODO(), svc)).Should(Succeed())
-			Expect(c.Create(context.TODO(), instance)).Should(Succeed())
+			Expect(c.Create(context.Background(), svc)).Should(Succeed())
+			Expect(c.Create(context.Background(), instance)).Should(Succeed())
 			defer func() {
 				apiRuleTeardown(instance)
 				serviceTeardown(svc)
@@ -87,7 +87,7 @@ var _ = Describe("Resource status", Serial, func() {
 			// then
 			Eventually(func(g Gomega) {
 				created := gatewayv1beta1.APIRule{}
-				Expect(c.Get(context.TODO(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
+				Expect(c.Get(context.Background(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
 
 				g.Expect(created.Status.APIRuleStatus).NotTo(BeNil())
 				g.Expect(created.Status.APIRuleStatus.Code).To(Equal(gatewayv1beta1.StatusError))
@@ -123,8 +123,8 @@ var _ = Describe("Resource status", Serial, func() {
 			svc := testService(serviceName, testNamespace, testServicePort)
 
 			// when
-			Expect(c.Create(context.TODO(), svc)).Should(Succeed())
-			Expect(c.Create(context.TODO(), instance)).Should(Succeed())
+			Expect(c.Create(context.Background(), svc)).Should(Succeed())
+			Expect(c.Create(context.Background(), instance)).Should(Succeed())
 			defer func() {
 				apiRuleTeardown(instance)
 				serviceTeardown(svc)
@@ -133,7 +133,7 @@ var _ = Describe("Resource status", Serial, func() {
 			// then
 			Eventually(func(g Gomega) {
 				created := gatewayv1beta1.APIRule{}
-				Expect(c.Get(context.TODO(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
+				Expect(c.Get(context.Background(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
 				g.Expect(created.Status.APIRuleStatus).NotTo(BeNil())
 				g.Expect(created.Status.APIRuleStatus.Code).To(Equal(gatewayv1beta1.StatusOK))
 				g.Expect(created.Status.VirtualServiceStatus.Code).To(Equal(gatewayv1beta1.StatusOK))
@@ -161,8 +161,8 @@ var _ = Describe("Resource status", Serial, func() {
 			svc := testService(serviceName, testNamespace, testServicePort)
 
 			// when
-			Expect(c.Create(context.TODO(), svc)).Should(Succeed())
-			Expect(c.Create(context.TODO(), instance)).Should(Succeed())
+			Expect(c.Create(context.Background(), svc)).Should(Succeed())
+			Expect(c.Create(context.Background(), instance)).Should(Succeed())
 			defer func() {
 				apiRuleTeardown(instance)
 				serviceTeardown(svc)
@@ -171,7 +171,7 @@ var _ = Describe("Resource status", Serial, func() {
 			// then
 			Eventually(func(g Gomega) {
 				created := gatewayv1beta1.APIRule{}
-				Expect(c.Get(context.TODO(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
+				Expect(c.Get(context.Background(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
 				g.Expect(created.Status.APIRuleStatus).NotTo(BeNil())
 				g.Expect(created.Status.APIRuleStatus.Code).To(Equal(gatewayv1beta1.StatusError))
 				g.Expect(created.Status.APIRuleStatus.Description).To(ContainSubstring("Multiple validation errors:"))

diff --git a/controllers/gateway/apirule_controller_validation_integration_test.go b/controllers/gateway/apirule_controller_validation_integration_test.go
@@ -352,8 +352,8 @@ func testConfigWithServiceAndHost(serviceName string, host string, accessStrateg
 	svc := testService(serviceName, testNamespace, testServicePort)
 
 	// when
-	Expect(c.Create(context.TODO(), svc)).Should(Succeed())
-	Expect(c.Create(context.TODO(), instance)).Should(Succeed())
+	Expect(c.Create(context.Background(), svc)).Should(Succeed())
+	Expect(c.Create(context.Background(), instance)).Should(Succeed())
 	defer func() {
 		apiRuleTeardown(instance)
 		serviceTeardown(svc)
@@ -362,7 +362,7 @@ func testConfigWithServiceAndHost(serviceName string, host string, accessStrateg
 	// then
 	Eventually(func(g Gomega) {
 		created := gatewayv1beta1.APIRule{}
-		g.Expect(c.Get(context.TODO(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
+		g.Expect(c.Get(context.Background(), client.ObjectKey{Name: apiRuleName, Namespace: testNamespace}, &created)).Should(Succeed())
 		g.Expect(created.Status.APIRuleStatus).NotTo(BeNil())
 		g.Expect(created.Status.APIRuleStatus.Code).To(Equal(expectedStatusCode))
 		for _, expected := range expectedValidationErrors {

diff --git a/controllers/gateway/apirule_timeout_integration_test.go b/controllers/gateway/apirule_timeout_integration_test.go
@@ -45,8 +45,8 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				svc := testService(serviceName, testNamespace, testServicePort)
 
 				// when
-				Expect(c.Create(context.TODO(), svc)).Should(Succeed())
-				Expect(c.Create(context.TODO(), apiRule)).Should(Succeed())
+				Expect(c.Create(context.Background(), svc)).Should(Succeed())
+				Expect(c.Create(context.Background(), apiRule)).Should(Succeed())
 				defer func() {
 					apiRuleTeardown(apiRule)
 					serviceTeardown(svc)
@@ -59,7 +59,7 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				By("Verifying created virtual service")
 				vsList := networkingv1beta1.VirtualServiceList{}
 				Eventually(func(g Gomega) {
-					g.Expect(c.List(context.TODO(), &vsList, matchingLabels)).Should(Succeed())
+					g.Expect(c.List(context.Background(), &vsList, matchingLabels)).Should(Succeed())
 					g.Expect(vsList.Items).To(HaveLen(1))
 
 					vs := vsList.Items[0]
@@ -103,8 +103,8 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				svc := testService(serviceName, testNamespace, testServicePort)
 
 				// when
-				Expect(c.Create(context.TODO(), svc)).Should(Succeed())
-				Expect(c.Create(context.TODO(), apiRule)).Should(Succeed())
+				Expect(c.Create(context.Background(), svc)).Should(Succeed())
+				Expect(c.Create(context.Background(), apiRule)).Should(Succeed())
 				defer func() {
 					apiRuleTeardown(apiRule)
 					serviceTeardown(svc)
@@ -117,7 +117,7 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				By("Verifying created virtual service")
 				vsList := networkingv1beta1.VirtualServiceList{}
 				Eventually(func(g Gomega) {
-					g.Expect(c.List(context.TODO(), &vsList, matchingLabels)).Should(Succeed())
+					g.Expect(c.List(context.Background(), &vsList, matchingLabels)).Should(Succeed())
 					g.Expect(vsList.Items).To(HaveLen(1))
 
 					vs := vsList.Items[0]
@@ -136,8 +136,8 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				svc := testService(serviceName, testNamespace, testServicePort)
 
 				// when
-				Expect(c.Create(context.TODO(), svc)).Should(Succeed())
-				Expect(c.Create(context.TODO(), apiRule)).Should(Succeed())
+				Expect(c.Create(context.Background(), svc)).Should(Succeed())
+				Expect(c.Create(context.Background(), apiRule)).Should(Succeed())
 				defer func() {
 					apiRuleTeardown(apiRule)
 					serviceTeardown(svc)
@@ -150,7 +150,7 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				By("Verifying created virtual service")
 				vsList := networkingv1beta1.VirtualServiceList{}
 				Eventually(func(g Gomega) {
-					g.Expect(c.List(context.TODO(), &vsList, matchingLabels)).Should(Succeed())
+					g.Expect(c.List(context.Background(), &vsList, matchingLabels)).Should(Succeed())
 					g.Expect(vsList.Items).To(HaveLen(1))
 
 					vs := vsList.Items[0]
@@ -212,7 +212,7 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				apiRule.Spec.Timeout = &timeout
 
 				// when
-				err := c.Create(context.TODO(), apiRule)
+				err := c.Create(context.Background(), apiRule)
 
 				// then
 				Expect(err).Should(HaveOccurred())
@@ -228,7 +228,7 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				apiRule := testApiRule(apiRuleName, testNamespace, serviceName, testNamespace, serviceHost, testServicePort, []gatewayv1beta1.Rule{rule})
 
 				// when
-				err := c.Create(context.TODO(), apiRule)
+				err := c.Create(context.Background(), apiRule)
 
 				// then
 				Expect(err).Should(HaveOccurred())
@@ -289,7 +289,7 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				apiRule.Spec.Timeout = &timeout
 
 				// when
-				err := c.Create(context.TODO(), apiRule)
+				err := c.Create(context.Background(), apiRule)
 
 				// then
 				Expect(err).Should(HaveOccurred())
@@ -305,7 +305,7 @@ var _ = Describe("APIRule timeout", Serial, func() {
 				apiRule := testApiRule(apiRuleName, testNamespace, serviceName, testNamespace, serviceHost, testServicePort, []gatewayv1beta1.Rule{rule})
 
 				// when
-				err := c.Create(context.TODO(), apiRule)
+				err := c.Create(context.Background(), apiRule)
 
 				// then
 				Expect(err).Should(HaveOccurred())

diff --git a/controllers/gateway/config_map.go b/controllers/gateway/config_map.go
@@ -14,7 +14,6 @@ const (
 )
 
 func (r *APIRuleReconciler) reconcileConfigMap(ctx context.Context, isCMReconcile bool) (finishReconciliation bool) {
-	r.Log.Info("Starting ConfigMap reconciliation")
 	err := r.Config.ReadFromConfigMap(ctx, r.Client)
 	if err != nil {
 		if apierrs.IsNotFound(err) {
@@ -25,7 +24,9 @@ func (r *APIRuleReconciler) reconcileConfigMap(ctx context.Context, isCMReconcil
 			r.Config.Reset()
 		}
 	}
+
 	if isCMReconcile {
+		r.Log.Info("Starting ConfigMap reconciliation")
 		configValidationFailures := validation.ValidateConfig(r.Config)
 		r.Log.Info("ConfigMap changed", "config", r.Config)
 		if len(configValidationFailures) > 0 {

diff --git a/controllers/gateway/suite_test.go b/controllers/gateway/suite_test.go
@@ -84,7 +84,7 @@ func TestAPIs(t *testing.T) {
 
 var _ = BeforeSuite(func(specCtx SpecContext) {
 	logf.SetLogger(zap.New(zap.UseDevMode(true), zap.WriteTo(GinkgoWriter)))
-	ctx, cancel = context.WithCancel(context.TODO())
+	ctx, cancel = context.WithCancel(context.Background())
 
 	By("Bootstrapping test environment")
 	testEnv = &envtest.Environment{
@@ -121,13 +121,13 @@ var _ = BeforeSuite(func(specCtx SpecContext) {
 		ObjectMeta: metav1.ObjectMeta{Name: testNamespace},
 		Spec:       corev1.NamespaceSpec{},
 	}
-	Expect(c.Create(context.TODO(), ns)).Should(Succeed())
+	Expect(c.Create(context.Background(), ns)).Should(Succeed())
 
 	nsKyma := &corev1.Namespace{
 		ObjectMeta: metav1.ObjectMeta{Name: helpers.CM_NS},
 		Spec:       corev1.NamespaceSpec{},
 	}
-	Expect(c.Create(context.TODO(), nsKyma)).Should(Succeed())
+	Expect(c.Create(context.Background(), nsKyma)).Should(Succeed())
 
 	cm := &corev1.ConfigMap{
 		ObjectMeta: metav1.ObjectMeta{
@@ -138,7 +138,7 @@ var _ = BeforeSuite(func(specCtx SpecContext) {
 			helpers.CM_KEY: fmt.Sprintf("jwtHandler: %s", helpers.JWT_HANDLER_ORY),
 		},
 	}
-	Expect(c.Create(context.TODO(), cm)).Should(Succeed())
+	Expect(c.Create(context.Background(), cm)).Should(Succeed())
 
 	reconcilerConfig := gateway.ApiRuleReconcilerConfiguration{
 		OathkeeperSvcAddr:         testOathkeeperSvcURL,
@@ -214,30 +214,30 @@ var _ = ReportAfterSuite("custom reporter", func(report types.Report) {
 func shouldHaveVirtualServices(g Gomega, apiRuleName, testNamespace string, len int) {
 	matchingLabels := matchingLabelsFunc(apiRuleName, testNamespace)
 	list := securityv1beta1.RequestAuthenticationList{}
-	g.Expect(c.List(context.TODO(), &list, matchingLabels)).Should(Succeed())
+	g.Expect(c.List(context.Background(), &list, matchingLabels)).Should(Succeed())
 	g.Expect(list.Items).To(HaveLen(len))
 }
 
 // shouldHaveRequestAuthentications verifies that the expected number of request authentications exists for the APIRule
 func shouldHaveRequestAuthentications(g Gomega, apiRuleName, testNamespace string, len int) {
 	matchingLabels := matchingLabelsFunc(apiRuleName, testNamespace)
 	list := securityv1beta1.RequestAuthenticationList{}
-	g.Expect(c.List(context.TODO(), &list, matchingLabels)).Should(Succeed())
+	g.Expect(c.List(context.Background(), &list, matchingLabels)).Should(Succeed())
 	g.Expect(list.Items).To(HaveLen(len))
 }
 
 // shouldHaveAuthorizationPolicies verifies that the expected number of authorization policies exists for the APIRule
 func shouldHaveAuthorizationPolicies(g Gomega, apiRuleName, testNamespace string, len int) {
 	matchingLabels := matchingLabelsFunc(apiRuleName, testNamespace)
 	list := securityv1beta1.AuthorizationPolicyList{}
-	g.Expect(c.List(context.TODO(), &list, matchingLabels)).Should(Succeed())
+	g.Expect(c.List(context.Background(), &list, matchingLabels)).Should(Succeed())
 	g.Expect(list.Items).To(HaveLen(len))
 }
 
 // shouldHaveRules verifies that the expected number of rules exists for the APIRule
 func shouldHaveRules(g Gomega, apiRuleName, testNamespace string, len int) {
 	matchingLabels := matchingLabelsFunc(apiRuleName, testNamespace)
 	list := rulev1alpha1.RuleList{}
-	g.Expect(c.List(context.TODO(), &list, matchingLabels)).Should(Succeed())
+	g.Expect(c.List(context.Background(), &list, matchingLabels)).Should(Succeed())
 	g.Expect(list.Items).To(HaveLen(len))
 }