Skip to content

[release-1.6] cherry-pick for v1.6.1#7663

Closed
zhaohuabing wants to merge 9 commits intoenvoyproxy:release/v1.6from
zhaohuabing:cherry-pick/v1.6.1
Closed

[release-1.6] cherry-pick for v1.6.1#7663
zhaohuabing wants to merge 9 commits intoenvoyproxy:release/v1.6from
zhaohuabing:cherry-pick/v1.6.1

Conversation

@zhaohuabing
Copy link
Copy Markdown
Member

… (#7460)

fix: oid authentication endpoint was overriden by discovered value

(cherry picked from commit 50dcb15)

What type of PR is this?

What this PR does / why we need it:

Which issue(s) this PR fixes:

Fixes #

Release Notes: Yes/No

…envoyproxy#7460)

fix: oid authentication endpoint was overriden by discovered value

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
(cherry picked from commit 50dcb15)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
@zhaohuabing zhaohuabing requested a review from a team as a code owner December 5, 2025 02:42
@zhaohuabing zhaohuabing marked this pull request as draft December 5, 2025 02:42
…invalid (envoyproxy#7488)

* do not return 500 for all requests when part of BackendRefs are invalid

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: Huabing (Robin) Zhao <zhaohuabing@gmail.com>
(cherry picked from commit 2899416)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
@codecov
Copy link
Copy Markdown

codecov bot commented Dec 5, 2025

Codecov Report

❌ Patch coverage is 80.32787% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 72.30%. Comparing base (62dbfcb) to head (3be33de).
⚠️ Report is 3 commits behind head on release/v1.6.

Files with missing lines Patch % Lines
internal/gatewayapi/securitypolicy.go 70.00% 2 Missing and 4 partials ⚠️
internal/gatewayapi/route.go 84.00% 3 Missing and 1 partial ⚠️
internal/gatewayapi/envoyextensionpolicy.go 33.33% 1 Missing and 1 partial ⚠️
Additional details and impacted files
@@              Coverage Diff              @@
##           release/v1.6    #7663   +/-   ##
=============================================
  Coverage         72.30%   72.30%           
=============================================
  Files               231      231           
  Lines             34071    34095   +24     
=============================================
+ Hits              24634    24654   +20     
- Misses             7663     7666    +3     
- Partials           1774     1775    +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

rajsinghtech and others added 7 commits December 5, 2025 10:51
…es (envoyproxy#7536)

* fix: prevent skeleton route status entries for unmanaged GatewayClasses

When processing policies (EnvoyExtensionPolicy, SecurityPolicy), the translator
was calling GetRouteParentContext for ALL parentRefs in a route, even those
referencing gateways with different GatewayClasses not managed by this translator.

GetRouteParentContext creates a skeleton RouteParentStatus entry with just the
controllerName when called on a parentRef that hasn't been processed yet. Since
all GatewayClass instances share the same controller name, these skeleton entries
persisted in status without conditions.

The fix checks if a parentRef context already exists before attempting to apply
policy configuration to it. If the context doesn't exist, it means this parentRef
wasn't processed by this translator and should be skipped.

Signed-off-by: Raj Singh <raj@tailscale.com>

* fix: also prevent skeleton entries in BackendTrafficPolicy processing

The same issue exists in BackendTrafficPolicy route processing - calling
GetRouteParentContext for all parentRefs creates skeleton status entries.

Apply the same fix: check if parentRef context exists before adding to list.

Signed-off-by: Raj Singh <raj@tailscale.com>

---------

Signed-off-by: Raj Singh <raj@tailscale.com>
(cherry picked from commit ff13742)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: cong <q1875486458@gmail.com>
(cherry picked from commit 7cb5f72)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
use fixed duration for cpu rate

Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
(cherry picked from commit 536486f)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
* chore: bump golang.org/x/crypto

Signed-off-by: zirain <zirain2009@gmail.com>

* fix gen

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>
(cherry picked from commit 70fa59a)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
…ss (envoyproxy#7611)

* fix: filter Gateway by controller in findOwningGateway

Prevent cross-controller Gateway mutations by validating GatewayClass

Signed-off-by: Sudipto Baral <sudiptobaral.me@gmail.com>
(cherry picked from commit ba8e0e2)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
* fix: use default when namespace is unset

Signed-off-by: zirain <zirain2009@gmail.com>

* fix

Signed-off-by: zirain <zirain2009@gmail.com>

* fix test

Signed-off-by: zirain <zirain2009@gmail.com>

---------

Signed-off-by: zirain <zirain2009@gmail.com>
(cherry picked from commit be2cc73)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
Signed-off-by: zirain <zirain2009@gmail.com>
(cherry picked from commit 0fa26d7)
Signed-off-by: Huabing Zhao <zhaohuabing@gmail.com>
@zhaohuabing zhaohuabing closed this Dec 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants