diff --git a/api/v1alpha1/backend_types.go b/api/v1alpha1/backend_types.go index 09456ad67f..004accc858 100644 --- a/api/v1alpha1/backend_types.go +++ b/api/v1alpha1/backend_types.go @@ -117,7 +117,7 @@ type UnixSocket struct { // Path defines the unix domain socket path of the backend endpoint. // The path length must not exceed 108 characters. // - // +kubebuilder:validation:MaxLength=108 + // +kubebuilder:validation:XValidation:rule="size(self) <= 108",message="unix domain socket path must not exceed 108 characters" Path string `json:"path"` } diff --git a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backends.yaml b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backends.yaml index 01c84fcf13..2a55fa397b 100644 --- a/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backends.yaml +++ b/charts/gateway-crds-helm/templates/generated/gateway.envoyproxy.io_backends.yaml @@ -122,8 +122,10 @@ spec: description: |- Path defines the unix domain socket path of the backend endpoint. The path length must not exceed 108 characters. - maxLength: 108 type: string + x-kubernetes-validations: + - message: unix domain socket path must not exceed 108 characters + rule: size(self) <= 108 required: - path type: object diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml index 9d44ded873..8b45debdc6 100644 --- a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml +++ b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_backends.yaml @@ -121,8 +121,10 @@ spec: description: |- Path defines the unix domain socket path of the backend endpoint. The path length must not exceed 108 characters. - maxLength: 108 type: string + x-kubernetes-validations: + - message: unix domain socket path must not exceed 108 characters + rule: size(self) <= 108 required: - path type: object diff --git a/internal/gatewayapi/testdata/gateway-with-multiple-https-listeners-with-overlapping-hostnames-and-certs-merged-gateways.out.yaml b/internal/gatewayapi/testdata/gateway-with-multiple-https-listeners-with-overlapping-hostnames-and-certs-merged-gateways.out.yaml index f768e82020..ec8dab8c2c 100644 --- a/internal/gatewayapi/testdata/gateway-with-multiple-https-listeners-with-overlapping-hostnames-and-certs-merged-gateways.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-multiple-https-listeners-with-overlapping-hostnames-and-certs-merged-gateways.out.yaml @@ -191,12 +191,21 @@ xdsIR: port: 10443 routes: - destination: + metadata: + kind: HTTPRoute + name: httproute-1 + namespace: envoy-gateway name: httproute/envoy-gateway/httproute-1/rule/0 settings: - addressType: IP endpoints: - host: 7.7.7.7 port: 8080 + metadata: + kind: Service + name: service-1 + namespace: envoy-gateway + sectionName: "8080" name: httproute/envoy-gateway/httproute-1/rule/0/backend/0 protocol: HTTP weight: 1 diff --git a/internal/gatewayapi/testdata/gateway-with-multiple-https-listeners-with-overlapping-hostnames-merged-gateways.out.yaml b/internal/gatewayapi/testdata/gateway-with-multiple-https-listeners-with-overlapping-hostnames-merged-gateways.out.yaml index 0bb6b6492d..a6f72a2c85 100644 --- a/internal/gatewayapi/testdata/gateway-with-multiple-https-listeners-with-overlapping-hostnames-merged-gateways.out.yaml +++ b/internal/gatewayapi/testdata/gateway-with-multiple-https-listeners-with-overlapping-hostnames-merged-gateways.out.yaml @@ -227,12 +227,21 @@ xdsIR: port: 10443 routes: - destination: + metadata: + kind: HTTPRoute + name: httproute-1 + namespace: envoy-gateway name: httproute/envoy-gateway/httproute-1/rule/0 settings: - addressType: IP endpoints: - host: 7.7.7.7 port: 8080 + metadata: + kind: Service + name: service-1 + namespace: envoy-gateway + sectionName: "8080" name: httproute/envoy-gateway/httproute-1/rule/0/backend/0 protocol: HTTP weight: 1 diff --git a/test/cel-validation/backend_test.go b/test/cel-validation/backend_test.go index 357d8167f9..10c79511e7 100644 --- a/test/cel-validation/backend_test.go +++ b/test/cel-validation/backend_test.go @@ -312,6 +312,7 @@ func TestBackend(t *testing.T) { desc: "Invalid Unix socket path length", mutate: func(backend *egv1a1.Backend) { backend.Spec = egv1a1.BackendSpec{ + Type: ptr.To(egv1a1.BackendTypeEndpoints), AppProtocols: []egv1a1.AppProtocolType{egv1a1.AppProtocolTypeH2C}, Endpoints: []egv1a1.BackendEndpoint{ { @@ -322,7 +323,7 @@ func TestBackend(t *testing.T) { }, } }, - wantErrors: []string{"spec.endpoints[0].unix.path: Too long: may not be more than 108 bytes"}, + wantErrors: []string{`spec.endpoints[0].unix.path: Invalid value: "string": unix domain socket path must not exceed 108 characters`}, }, } diff --git a/test/helm/gateway-crds-helm/all.out.yaml b/test/helm/gateway-crds-helm/all.out.yaml index a26fa51d7b..114df2f1d0 100644 --- a/test/helm/gateway-crds-helm/all.out.yaml +++ b/test/helm/gateway-crds-helm/all.out.yaml @@ -17434,8 +17434,10 @@ spec: description: |- Path defines the unix domain socket path of the backend endpoint. The path length must not exceed 108 characters. - maxLength: 108 type: string + x-kubernetes-validations: + - message: unix domain socket path must not exceed 108 characters + rule: size(self) <= 108 required: - path type: object diff --git a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml index 25add1f7ab..adfb9237a2 100644 --- a/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml +++ b/test/helm/gateway-crds-helm/envoy-gateway-crds.out.yaml @@ -122,8 +122,10 @@ spec: description: |- Path defines the unix domain socket path of the backend endpoint. The path length must not exceed 108 characters. - maxLength: 108 type: string + x-kubernetes-validations: + - message: unix domain socket path must not exceed 108 characters + rule: size(self) <= 108 required: - path type: object diff --git a/tools/make/golang.mk b/tools/make/golang.mk index 70ca58a019..491f077161 100644 --- a/tools/make/golang.mk +++ b/tools/make/golang.mk @@ -78,7 +78,7 @@ go.test.cel: manifests # Run the CEL validation tests echo "Run CEL Validation on k8s $$ver"; \ go clean -testcache; \ KUBEBUILDER_ASSETS="$$(go tool setup-envtest use $$ver -p path)" \ - go test ./test/cel-validation --tags celvalidation -race; \ + go test ./test/cel-validation --tags celvalidation -race || exit 1; \ done .PHONY: go.clean diff --git a/tools/make/kube.mk b/tools/make/kube.mk index cdd2b1f7f4..2ecf50f6f5 100644 --- a/tools/make/kube.mk +++ b/tools/make/kube.mk @@ -1,10 +1,10 @@ # ENVTEST_K8S_VERSION refers to the version of kubebuilder assets to be downloaded by envtest binary. # To know the available versions check: # - https://github.com/kubernetes-sigs/controller-tools/blob/main/envtest-releases.yaml -ENVTEST_K8S_VERSION ?= 1.29.4 +ENVTEST_K8S_VERSION ?= 1.29.5 # Need run cel validation across multiple versions of k8s # TODO: zhaohuabing update kubebuilder assets to 1.33.0 when available -ENVTEST_K8S_VERSIONS ?= 1.29.4 1.30.3 1.31.0 1.32.0 +ENVTEST_K8S_VERSIONS ?= 1.29.5 1.30.3 1.31.0 1.32.0 # GATEWAY_API_VERSION refers to the version of Gateway API CRDs. # For more details, see https://gateway-api.sigs.k8s.io/guides/getting-started/#installing-gateway-api