Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: implement Lua EnvoyExtensionPolicy #5171

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: implement Lua EnvoyExtensionPolicy #5171

wants to merge 1 commit into from
+2,671 −22

Conversation

rudrakhp
Copy link
Contributor

What type of PR is this?

feat: implement Lua feature in EnvoyExtensionPolicy

What this PR does / why we need it:
Implement API introduced in #4932

Which issue(s) this PR fixes:

Related #4627

Release Notes: No

@rudrakhp rudrakhp requested a review from a team as a code owner January 28, 2025 18:54
@rudrakhp
Copy link
Contributor Author

@arkodg @zhaohuabing Wanted to get an initial buy in regarding the approach while I add more unit tests and E2E, please do review. Thanks!

@codecov Codecov
Copy link

codecov bot commented Jan 28, 2025
edited
Loading

Codecov Report

Attention: Patch coverage is 65.07177% with 73 lines in your changes missing coverage. Please review.

Project coverage is 66.88%. Comparing base (48459d4) to head (8e967bb).
Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
internal/xds/translator/lua.go 69.69% 20 Missing and 10 partials ⚠️
internal/gatewayapi/envoyextensionpolicy.go 63.88% 23 Missing and 3 partials ⚠️
internal/provider/kubernetes/controller.go 0.00% 13 Missing and 1 partial ⚠️
internal/gatewayapi/luavalidator/lua_validator.go 87.50% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #5171      +/-   ##
==========================================
+ Coverage   66.85%   66.88%   +0.02%     
==========================================
  Files         210      212       +2     
  Lines       32998    33207     +209     
==========================================
+ Hits        22061    22209     +148     
- Misses       9595     9645      +50     
- Partials     1342     1353      +11

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@arkodg
Copy link
Contributor

arkodg commented Jan 28, 2025

hey @rudrakhp the code looks great !

please feel free to continue with unit tests and e2e

@rudrakhp rudrakhp force-pushed the feat_lua_extension branch 24 times, most recently from b256946 to 9e01f0e Compare February 3, 2025 04:59
@rudrakhp rudrakhp force-pushed the feat_lua_extension branch 9 times, most recently from c83a97b to db990b9 Compare February 3, 2025 11:53
arkodg
arkodg reviewed Feb 4, 2025
View reviewed changes
api/v1alpha1/lua_types.go
// +optional
// +unionMember
ValueRef *gwapiv1.LocalObjectReference `json:"valueRef,omitempty"`
ValueRef *gwapiv1.SecretObjectReference `json:"valueRef,omitempty"`
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

any reason why this is secret ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SecretObjectReference is not only for Secret. It's for referring to any K8s object, by default it's Secret type. Here is it's documentation:

// SecretObjectReference identifies an API object including its namespace,
// defaulting to Secret.
//
// The API object must be valid in the cluster; the Group and Kind must
// be registered in the cluster for this reference to be valid.
//
// References to objects with invalid Group and Kind are not valid, and must
// be rejected by the implementation, with appropriate Conditions set
// on the containing object.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reason for preferring this is to reuse the function for processing config maps:

gateway/internal/provider/kubernetes/controller.go

Lines 753 to 764 in 54ca51b

// processConfigMapRef adds the referenced ConfigMap to the resourceTree if it's valid.
// - If it exists in the same namespace as the owner.
// - If it exists in a different namespace, and there is a ReferenceGrant.
func (r *gatewayAPIReconciler) processConfigMapRef(
ctx context.Context,
resourceMap *resourceMappings,
resourceTree *resource.Resources,
ownerKind string,
ownerNS string,
ownerName string,
configMapRef gwapiv1.SecretObjectReference,
) error {

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

check out the code flow for

gateway/api/v1alpha1/shared_types.go

Line 746 in 36fdc0b

ValueRef *gwapiv1.LocalObjectReference `json:"valueRef,omitempty"`

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@arkodg will do. One additional caveat here is LocalObjectReference let's you locate resources in same namespace only, do we want to have that restriction?

// LocalObjectReference contains enough information to let you locate the
// referenced object inside the same namespace.

@denniskniep denniskniep mentioned this pull request Feb 5, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@arkodg arkodg arkodg left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@rudrakhp @arkodg