diff --git a/api/v1alpha1/backend_types.go b/api/v1alpha1/backend_types.go index e4f31879d4..50e37c5867 100644 --- a/api/v1alpha1/backend_types.go +++ b/api/v1alpha1/backend_types.go @@ -115,6 +115,10 @@ type FQDNEndpoint struct { // https://www.envoyproxy.io/docs/envoy/latest/api-v3/config/core/v3/address.proto#config-core-v3-pipe type UnixSocket struct { // Path defines the unix domain socket path of the backend endpoint. + // The path length must not exceed 108 characters. + // + // +kubebuilder:validation:MinLength=1 + // +kubebuilder:validation:MaxLength=108 Path string `json:"path"` } diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backends.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backends.yaml index 4663f4085d..addd1cbfbe 100644 --- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backends.yaml +++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backends.yaml @@ -119,8 +119,11 @@ spec: description: Unix defines the unix domain socket endpoint properties: path: - description: Path defines the unix domain socket path of - the backend endpoint. + description: |- + Path defines the unix domain socket path of the backend endpoint. + The path length must not exceed 108 characters. + maxLength: 108 + minLength: 1 type: string required: - path diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml index a81b8b7c93..8c9a018202 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml @@ -118,8 +118,11 @@ spec: description: Unix defines the unix domain socket endpoint properties: path: - description: Path defines the unix domain socket path of - the backend endpoint. + description: |- + Path defines the unix domain socket path of the backend endpoint. + The path length must not exceed 108 characters. + maxLength: 108 + minLength: 1 type: string required: - path diff --git a/site/content/en/latest/api/extension_types.md b/site/content/en/latest/api/extension_types.md index 8743039e01..0ccbf24804 100644 --- a/site/content/en/latest/api/extension_types.md +++ b/site/content/en/latest/api/extension_types.md @@ -4757,7 +4757,7 @@ _Appears in:_ | Field | Type | Required | Default | Description | | --- | --- | --- | --- | --- | -| `path` | _string_ | true | | Path defines the unix domain socket path of the backend endpoint. | +| `path` | _string_ | true | | Path defines the unix domain socket path of the backend endpoint.
The path length must not exceed 108 characters. | #### Wasm diff --git a/test/cel-validation/backend_test.go b/test/cel-validation/backend_test.go index a29c36169d..097c68799e 100644 --- a/test/cel-validation/backend_test.go +++ b/test/cel-validation/backend_test.go @@ -16,7 +16,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/utils/ptr" - gwapiv1 "sigs.k8s.io/gateway-api/apis/v1" egv1a1 "github.com/envoyproxy/gateway/api/v1alpha1" ) @@ -276,28 +275,20 @@ func TestBackend(t *testing.T) { wantErrors: []string{"DynamicResolver type cannot have endpoints and appProtocols specified"}, }, { - desc: "tls settings on non-dynamic resolver", + desc: "Invalid Unix socket path length", mutate: func(backend *egv1a1.Backend) { backend.Spec = egv1a1.BackendSpec{ AppProtocols: []egv1a1.AppProtocolType{egv1a1.AppProtocolTypeH2C}, Endpoints: []egv1a1.BackendEndpoint{ { - FQDN: &egv1a1.FQDNEndpoint{ - Hostname: "example.com", - Port: 443, - }, - }, - }, - TLS: &egv1a1.BackendTLSSettings{ - CACertificateRefs: []gwapiv1.LocalObjectReference{ - { - Name: "ca-certificate", + Unix: &egv1a1.UnixSocket{ + Path: "/path/to/a/very/long/unix/socket/path/that/exceeds/the/maximum/allowed/length/of/108/characters/and/should/fail/validation.sock", }, }, }, } }, - wantErrors: []string{"TLS settings can only be specified for DynamicResolver backends"}, + wantErrors: []string{"spec.endpoints[0].unix.path: Too long: may not be more than 108 bytes"}, }, } diff --git a/test/helm/gateway-crds-helm/all.out.yaml b/test/helm/gateway-crds-helm/all.out.yaml index 5f20bbedfa..23754e8f3a 100644 --- a/test/helm/gateway-crds-helm/all.out.yaml +++ b/test/helm/gateway-crds-helm/all.out.yaml @@ -17431,8 +17431,11 @@ spec: description: Unix defines the unix domain socket endpoint properties: path: - description: Path defines the unix domain socket path of - the backend endpoint. + description: |- + Path defines the unix domain socket path of the backend endpoint. + The path length must not exceed 108 characters. + maxLength: 108 + minLength: 1 type: string required: - path diff --git a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml index bd81062b65..8073e4d091 100644 --- a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml +++ b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml @@ -119,8 +119,11 @@ spec: description: Unix defines the unix domain socket endpoint properties: path: - description: Path defines the unix domain socket path of - the backend endpoint. + description: |- + Path defines the unix domain socket path of the backend endpoint. + The path length must not exceed 108 characters. + maxLength: 108 + minLength: 1 type: string required: - path