diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization.clusters.yaml deleted file mode 100644 index bd69f5a844..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/authorization.clusters.yaml +++ /dev/null @@ -1,48 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: httproute/default/httproute-3/rule/0 - lbPolicy: LEAST_REQUEST - name: httproute/default/httproute-3/rule/0 - perConnectionBufferLimitBytes: 32768 - type: EDS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: httproute/default/httproute-1/rule/0 - lbPolicy: LEAST_REQUEST - name: httproute/default/httproute-1/rule/0 - perConnectionBufferLimitBytes: 32768 - type: EDS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: httproute/default/httproute-2/rule/0 - lbPolicy: LEAST_REQUEST - name: httproute/default/httproute-2/rule/0 - perConnectionBufferLimitBytes: 32768 - type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization.endpoints.yaml deleted file mode 100644 index 24596d841a..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/authorization.endpoints.yaml +++ /dev/null @@ -1,36 +0,0 @@ -- clusterName: httproute/default/httproute-3/rule/0 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 7.7.7.7 - portValue: 8080 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: httproute/default/httproute-3/rule/0/backend/0 -- clusterName: httproute/default/httproute-1/rule/0 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 7.7.7.7 - portValue: 8080 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: httproute/default/httproute-1/rule/0/backend/0 -- clusterName: httproute/default/httproute-2/rule/0 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 7.7.7.7 - portValue: 8080 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: httproute/default/httproute-2/rule/0/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml deleted file mode 100644 index 907d28f78b..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/authorization.listeners.yaml +++ /dev/null @@ -1,37 +0,0 @@ -- address: - socketAddress: - address: 0.0.0.0 - portValue: 10080 - defaultFilterChain: - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - name: envoy.filters.http.rbac - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBAC - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: envoy-gateway/gateway-1/http - serverHeaderTransformation: PASS_THROUGH - statPrefix: http-10080 - useRemoteAddress: true - name: envoy-gateway/gateway-1/http - name: envoy-gateway/gateway-1/http - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/authorization.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/authorization.routes.yaml deleted file mode 100644 index 141d60a15d..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/authorization.routes.yaml +++ /dev/null @@ -1,135 +0,0 @@ -- ignorePortInHostMatching: true - name: envoy-gateway/gateway-1/http - virtualHosts: - - domains: - - www.example.com - name: envoy-gateway/gateway-1/http/www_example_com - routes: - - match: - pathSeparatedPrefix: /test - name: httproute/default/httproute-3/rule/0/match/0/www_example_com - route: - cluster: httproute/default/httproute-3/rule/0 - upgradeConfigs: - - upgradeType: websocket - typedPerFilterConfig: - envoy.filters.http.rbac: - '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute - rbac: - matcher: - onNoMatch: - action: - name: default - typedConfig: - '@type': type.googleapis.com/envoy.config.rbac.v3.Action - action: DENY - name: DENY - - match: - pathSeparatedPrefix: /foo - name: httproute/default/httproute-1/rule/0/match/0/www_example_com - route: - cluster: httproute/default/httproute-1/rule/0 - upgradeConfigs: - - upgradeType: websocket - typedPerFilterConfig: - envoy.filters.http.rbac: - '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute - rbac: - matcher: - matcherList: - matchers: - - onMatch: - action: - name: deny-location-1 - typedConfig: - '@type': type.googleapis.com/envoy.config.rbac.v3.Action - action: DENY - name: DENY - predicate: - singlePredicate: - customMatch: - name: ip_matcher - typedConfig: - '@type': type.googleapis.com/envoy.extensions.matching.input_matchers.ip.v3.Ip - cidrRanges: - - addressPrefix: 192.168.1.0 - prefixLen: 24 - - addressPrefix: 192.168.2.0 - prefixLen: 24 - statPrefix: client_ip - input: - name: client_ip - typedConfig: - '@type': type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.SourceIPInput - - onMatch: - action: - name: deny-location-2 - typedConfig: - '@type': type.googleapis.com/envoy.config.rbac.v3.Action - action: DENY - name: DENY - predicate: - singlePredicate: - customMatch: - name: ip_matcher - typedConfig: - '@type': type.googleapis.com/envoy.extensions.matching.input_matchers.ip.v3.Ip - cidrRanges: - - addressPrefix: 10.75.1.0 - prefixLen: 24 - - addressPrefix: 10.75.2.0 - prefixLen: 24 - statPrefix: client_ip - input: - name: client_ip - typedConfig: - '@type': type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.SourceIPInput - onNoMatch: - action: - name: default - typedConfig: - '@type': type.googleapis.com/envoy.config.rbac.v3.Action - name: ALLOW - - match: - pathSeparatedPrefix: /bar - name: httproute/default/httproute-2/rule/0/match/0/www_example_com - route: - cluster: httproute/default/httproute-2/rule/0 - upgradeConfigs: - - upgradeType: websocket - typedPerFilterConfig: - envoy.filters.http.rbac: - '@type': type.googleapis.com/envoy.extensions.filters.http.rbac.v3.RBACPerRoute - rbac: - matcher: - matcherList: - matchers: - - onMatch: - action: - name: securitypolicy/envoy-gateway/policy-for-gateway/authorization/rule/0 - typedConfig: - '@type': type.googleapis.com/envoy.config.rbac.v3.Action - name: ALLOW - predicate: - singlePredicate: - customMatch: - name: ip_matcher - typedConfig: - '@type': type.googleapis.com/envoy.extensions.matching.input_matchers.ip.v3.Ip - cidrRanges: - - addressPrefix: 10.0.1.0 - prefixLen: 24 - - addressPrefix: 10.0.2.0 - prefixLen: 24 - statPrefix: client_ip - input: - name: client_ip - typedConfig: - '@type': type.googleapis.com/envoy.extensions.matching.common_inputs.network.v3.SourceIPInput - onNoMatch: - action: - name: default - typedConfig: - '@type': type.googleapis.com/envoy.config.rbac.v3.Action - action: DENY - name: DENY diff --git a/internal/xds/translator/testdata/out/xds-ir/backend-tls-skip-verify.secrets.yaml b/internal/xds/translator/testdata/out/xds-ir/backend-tls-skip-verify.secrets.yaml deleted file mode 100644 index 1f76e2cec2..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/backend-tls-skip-verify.secrets.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: policy-btls/default-ca - validationContext: - trustedCa: - filename: /etc/ssl/certs/ca-certificates.crt diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-stripped-host-port.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-stripped-host-port.clusters.yaml deleted file mode 100644 index 83e21e5828..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-stripped-host-port.clusters.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: first-route - name: first-route - perConnectionBufferLimitBytes: 32768 - type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/http-route-with-stripped-host-port.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/http-route-with-stripped-host-port.listeners.yaml deleted file mode 100644 index 1eae91bee8..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/http-route-with-stripped-host-port.listeners.yaml +++ /dev/null @@ -1,31 +0,0 @@ -- address: - socketAddress: - address: 0.0.0.0 - portValue: 10080 - defaultFilterChain: - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: first-listener - serverHeaderTransformation: PASS_THROUGH - statPrefix: http - upgradeConfigs: - - upgradeType: websocket - useRemoteAddress: true - name: first-listener - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.clusters.yaml deleted file mode 100644 index 2471dd8cb4..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.clusters.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: first-route-dest - lbPolicy: LEAST_REQUEST - name: first-route-dest - perConnectionBufferLimitBytes: 32768 - type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.endpoints.yaml deleted file mode 100644 index 9a6f5a46c9..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.endpoints.yaml +++ /dev/null @@ -1,24 +0,0 @@ -- clusterName: first-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 1.2.3.4 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: first-route-dest/backend/0 -- clusterName: second-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 4.5.6.7 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: second-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.listeners.yaml deleted file mode 100644 index 51c022c26f..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.listeners.yaml +++ /dev/null @@ -1,52 +0,0 @@ -- address: - socketAddress: - address: 0.0.0.0 - portValue: 10080 - drainType: MODIFY_ONLY - filterChains: - - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: first-listener - serverHeaderTransformation: PASS_THROUGH - statPrefix: https-10080 - useRemoteAddress: true - name: first-listener - transportSocket: - name: envoy.transport_sockets.tls - typedConfig: - '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext - commonTlsContext: - alpnProtocols: - - h2 - - http/1.1 - tlsCertificateSdsSecretConfigs: - - name: secret-1 - sdsConfig: - ads: {} - resourceApiVersion: V3 - - name: secret-2 - sdsConfig: - ads: {} - resourceApiVersion: V3 - name: first-listener - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.routes.yaml deleted file mode 100644 index 4a412b3576..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.routes.yaml +++ /dev/null @@ -1,18 +0,0 @@ -- ignorePortInHostMatching: true - name: first-listener - virtualHosts: - - domains: - - '*' - name: first-listener/* - routes: - - match: - headers: - - name: user - stringMatch: - exact: jason - prefix: / - name: first-route - route: - cluster: first-route-dest - upgradeConfigs: - - upgradeType: websocket diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.secrets.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.secrets.yaml deleted file mode 100644 index ad88ffe43c..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-empty-jsonpath.secrets.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- name: secret-1 - tlsCertificate: - certificateChain: - inlineBytes: Y2VydC1kYXRh - privateKey: - inlineBytes: a2V5LWRhdGE= -- name: secret-2 - tlsCertificate: - certificateChain: - inlineBytes: Y2VydC1kYXRh - privateKey: - inlineBytes: a2V5LWRhdGE= diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.clusters.yaml deleted file mode 100644 index 2471dd8cb4..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.clusters.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: first-route-dest - lbPolicy: LEAST_REQUEST - name: first-route-dest - perConnectionBufferLimitBytes: 32768 - type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.endpoints.yaml deleted file mode 100644 index 3b3f2d0907..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.endpoints.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- clusterName: first-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 1.2.3.4 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: first-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.listeners.yaml deleted file mode 100644 index 4aee3acf75..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.listeners.yaml +++ /dev/null @@ -1,63 +0,0 @@ -- address: - socketAddress: - address: 0.0.0.0 - portValue: 10080 - drainType: MODIFY_ONLY - filterChains: - - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - name: envoy.filters.http.ratelimit - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit - domain: eg-ratelimit - disableXEnvoyRatelimitedHeader: true - failureModeDeny: true - rateLimitService: - grpcService: - envoyGrpc: - clusterName: rate-limit-cluster - transportApiVersion: V3 - timeout: 1s - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: first-listener - serverHeaderTransformation: PASS_THROUGH - statPrefix: https - useRemoteAddress: true - transportSocket: - name: envoy.transport_sockets.tls - typedConfig: - '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext - commonTlsContext: - alpnProtocols: - - h2 - - http/1.1 - tlsCertificateSdsSecretConfigs: - - name: secret-1 - sdsConfig: - ads: {} - resourceApiVersion: V3 - - name: secret-2 - sdsConfig: - ads: {} - resourceApiVersion: V3 - name: first-listener - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.routes.yaml deleted file mode 100644 index 4a412b3576..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-add-op-without-value.routes.yaml +++ /dev/null @@ -1,18 +0,0 @@ -- ignorePortInHostMatching: true - name: first-listener - virtualHosts: - - domains: - - '*' - name: first-listener/* - routes: - - match: - headers: - - name: user - stringMatch: - exact: jason - prefix: / - name: first-route - route: - cluster: first-route-dest - upgradeConfigs: - - upgradeType: websocket diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.clusters.yaml deleted file mode 100644 index 2471dd8cb4..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.clusters.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: first-route-dest - lbPolicy: LEAST_REQUEST - name: first-route-dest - perConnectionBufferLimitBytes: 32768 - type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.endpoints.yaml deleted file mode 100644 index 3b3f2d0907..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.endpoints.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- clusterName: first-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 1.2.3.4 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: first-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.listeners.yaml deleted file mode 100644 index 17a4871056..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.listeners.yaml +++ /dev/null @@ -1,34 +0,0 @@ -- address: - socketAddress: - address: 0.0.0.0 - portValue: 10080 - defaultFilterChain: - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: first-listener - serverHeaderTransformation: PASS_THROUGH - statPrefix: http - useRemoteAddress: true - drainType: MODIFY_ONLY - name: first-listener - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.routes.yaml deleted file mode 100644 index 4a412b3576..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-invalid-patch.routes.yaml +++ /dev/null @@ -1,18 +0,0 @@ -- ignorePortInHostMatching: true - name: first-listener - virtualHosts: - - domains: - - '*' - name: first-listener/* - routes: - - match: - headers: - - name: user - stringMatch: - exact: jason - prefix: / - name: first-route - route: - cluster: first-route-dest - upgradeConfigs: - - upgradeType: websocket diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.clusters.yaml deleted file mode 100644 index 2471dd8cb4..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.clusters.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: first-route-dest - lbPolicy: LEAST_REQUEST - name: first-route-dest - perConnectionBufferLimitBytes: 32768 - type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.endpoints.yaml deleted file mode 100644 index 3b3f2d0907..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.endpoints.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- clusterName: first-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 1.2.3.4 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: first-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.listeners.yaml deleted file mode 100644 index 4aee3acf75..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.listeners.yaml +++ /dev/null @@ -1,63 +0,0 @@ -- address: - socketAddress: - address: 0.0.0.0 - portValue: 10080 - drainType: MODIFY_ONLY - filterChains: - - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - name: envoy.filters.http.ratelimit - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.ratelimit.v3.RateLimit - domain: eg-ratelimit - disableXEnvoyRatelimitedHeader: true - failureModeDeny: true - rateLimitService: - grpcService: - envoyGrpc: - clusterName: rate-limit-cluster - transportApiVersion: V3 - timeout: 1s - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: first-listener - serverHeaderTransformation: PASS_THROUGH - statPrefix: https - useRemoteAddress: true - transportSocket: - name: envoy.transport_sockets.tls - typedConfig: - '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.DownstreamTlsContext - commonTlsContext: - alpnProtocols: - - h2 - - http/1.1 - tlsCertificateSdsSecretConfigs: - - name: secret-1 - sdsConfig: - ads: {} - resourceApiVersion: V3 - - name: secret-2 - sdsConfig: - ads: {} - resourceApiVersion: V3 - name: first-listener - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.routes.yaml deleted file mode 100644 index 4a412b3576..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/jsonpatch-move-op-with-value.routes.yaml +++ /dev/null @@ -1,18 +0,0 @@ -- ignorePortInHostMatching: true - name: first-listener - virtualHosts: - - domains: - - '*' - name: first-listener/* - routes: - - match: - headers: - - name: user - stringMatch: - exact: jason - prefix: / - name: first-route - route: - cluster: first-route-dest - upgradeConfigs: - - upgradeType: websocket diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.clusters.yaml deleted file mode 100644 index 430e4ae82c..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.clusters.yaml +++ /dev/null @@ -1,42 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: third-route-dest - lbPolicy: LEAST_REQUEST - name: third-route-dest - perConnectionBufferLimitBytes: 32768 - type: EDS -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: - localityWeightedLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_ONLY - dnsRefreshRate: 30s - lbPolicy: LEAST_REQUEST - loadAssignment: - clusterName: securitypolicy/envoy-gateway/policy-for-gateway/0 - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: oauth.foo.com - portValue: 443 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: securitypolicy/envoy-gateway/policy-for-gateway/0/backend/0 - name: securitypolicy/envoy-gateway/policy-for-gateway/0 - perConnectionBufferLimitBytes: 32768 - respectDnsTtl: true - type: STRICT_DNS diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.endpoints.yaml deleted file mode 100644 index 6c69841c2a..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.endpoints.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- clusterName: third-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 1.2.3.4 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: third-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.listeners.yaml deleted file mode 100644 index 2d642e4375..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.listeners.yaml +++ /dev/null @@ -1,84 +0,0 @@ -- address: - socketAddress: - address: 0.0.0.0 - portValue: 10080 - defaultFilterChain: - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - disabled: true - name: envoy.filters.http.oauth2/securitypolicy/envoy-gateway/policy-for-gateway - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.oauth2.v3.OAuth2 - config: - statPrefix: securitypolicy/envoy-gateway/policy-for-gateway - authScopes: - - openid - authType: BASIC_AUTH - authorizationEndpoint: https://oauth.foo.com/oauth2/v2/auth - credentials: - clientId: client1.apps.googleusercontent.com - cookieNames: - bearerToken: AccessToken-b0a1b740 - idToken: IdToken-b0a1b740 - oauthExpires: OauthExpires-b0a1b740 - oauthHmac: OauthHMAC-b0a1b740 - oauthNonce: OauthNonce-b0a1b740 - refreshToken: RefreshToken-b0a1b740 - hmacSecret: - name: oauth2/hmac_secret/securitypolicy/envoy-gateway/policy-for-gateway - sdsConfig: - ads: {} - resourceApiVersion: V3 - tokenSecret: - name: oauth2/client_secret/securitypolicy/envoy-gateway/policy-for-gateway - sdsConfig: - ads: {} - resourceApiVersion: V3 - defaultExpiresIn: 1800s - defaultRefreshTokenExpiresIn: 86400s - forwardBearerToken: true - redirectPathMatcher: - path: - exact: /bar/oauth2/callback - redirectUri: https://www.example.com/bar/oauth2/callback - retryPolicy: - numRetries: 3 - retryBackOff: - baseInterval: 1s - maxInterval: 5s - retryOn: 5xx,gateway-error,reset - signoutPath: - path: - exact: /bar/logout - tokenEndpoint: - cluster: securitypolicy/envoy-gateway/policy-for-gateway/0 - timeout: 10s - uri: https://oauth.foo.com/token - useRefreshToken: true - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: first-listener - serverHeaderTransformation: PASS_THROUGH - statPrefix: http-10080 - useRemoteAddress: true - name: first-listener - name: first-listener - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.routes.yaml deleted file mode 100644 index b17df86476..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.routes.yaml +++ /dev/null @@ -1,18 +0,0 @@ -- ignorePortInHostMatching: true - name: first-listener - virtualHosts: - - domains: - - '*' - name: first-listener/* - routes: - - match: - path: baz - name: first-route - route: - cluster: third-route-dest - upgradeConfigs: - - upgradeType: websocket - typedPerFilterConfig: - envoy.filters.http.oauth2/securitypolicy/envoy-gateway/policy-for-gateway: - '@type': type.googleapis.com/envoy.config.route.v3.FilterConfig - config: {} diff --git a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.secrets.yaml b/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.secrets.yaml deleted file mode 100644 index 398ab6cef7..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/oidc-backencluster-provider.secrets.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- genericSecret: - secret: - inlineBytes: Y2xpZW50MTpzZWNyZXQK - name: oauth2/client_secret/securitypolicy/envoy-gateway/policy-for-gateway -- genericSecret: - secret: - inlineBytes: qrOYACHXoe7UEDI/raOjNSx+Z9ufXSc/22C3T6X/zPY= - name: oauth2/hmac_secret/securitypolicy/envoy-gateway/policy-for-gateway diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.clusters.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.clusters.yaml deleted file mode 100644 index 054f90bb71..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.clusters.yaml +++ /dev/null @@ -1,24 +0,0 @@ -- circuitBreakers: - thresholds: - - maxRetries: 1024 - commonLbConfig: {} - connectTimeout: 10s - dnsLookupFamily: V4_PREFERRED - edsClusterConfig: - edsConfig: - ads: {} - resourceApiVersion: V3 - serviceName: first-route-dest - ignoreHealthOnHostRemoval: true - lbPolicy: LEAST_REQUEST - loadBalancingPolicy: - policies: - - typedExtensionConfig: - name: envoy.load_balancing_policies.least_request - typedConfig: - '@type': type.googleapis.com/envoy.extensions.load_balancing_policies.least_request.v3.LeastRequest - localityLbConfig: - localityWeightedLbConfig: {} - name: first-route-dest - perConnectionBufferLimitBytes: 32768 - type: EDS diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.endpoints.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.endpoints.yaml deleted file mode 100644 index 3b3f2d0907..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.endpoints.yaml +++ /dev/null @@ -1,12 +0,0 @@ -- clusterName: first-route-dest - endpoints: - - lbEndpoints: - - endpoint: - address: - socketAddress: - address: 1.2.3.4 - portValue: 50000 - loadBalancingWeight: 1 - loadBalancingWeight: 1 - locality: - region: first-route-dest/backend/0 diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.listeners.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.listeners.yaml deleted file mode 100644 index 5dd5e46e3c..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.listeners.yaml +++ /dev/null @@ -1,35 +0,0 @@ -- address: - socketAddress: - address: '::' - portValue: 10080 - defaultFilterChain: - filters: - - name: envoy.filters.network.http_connection_manager - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager - commonHttpProtocolOptions: - headersWithUnderscoresAction: REJECT_REQUEST - http2ProtocolOptions: - initialConnectionWindowSize: 1048576 - initialStreamWindowSize: 65536 - maxConcurrentStreams: 100 - httpFilters: - - name: envoy.filters.http.router - typedConfig: - '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router - suppressEnvoyHeaders: true - mergeSlashes: true - normalizePath: true - pathWithEscapedSlashesAction: UNESCAPE_AND_REDIRECT - rds: - configSource: - ads: {} - resourceApiVersion: V3 - routeConfigName: first-listener - serverHeaderTransformation: PASS_THROUGH - statPrefix: http-10080 - useRemoteAddress: true - name: first-listener - maxConnectionsToAcceptPerSocketEvent: 1 - name: first-listener - perConnectionBufferLimitBytes: 32768 diff --git a/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.routes.yaml b/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.routes.yaml deleted file mode 100644 index 1eabe7a1b5..0000000000 --- a/internal/xds/translator/testdata/out/xds-ir/retry-reset-before-request.routes.yaml +++ /dev/null @@ -1,45 +0,0 @@ -- ignorePortInHostMatching: true - name: first-listener - virtualHosts: - - domains: - - '*' - name: first-listener/* - routes: - - match: - prefix: / - name: reset-before-request-route - route: - cluster: first-route-dest - retryPolicy: - hostSelectionRetryMaxAttempts: "5" - numRetries: 3 - perTryTimeout: 0.250s - retryBackOff: - baseInterval: 0.100s - maxInterval: 10s - retryHostPredicate: - - name: envoy.retry_host_predicates.previous_hosts - typedConfig: - '@type': type.googleapis.com/envoy.extensions.retry.host.previous_hosts.v3.PreviousHostsPredicate - retryOn: reset-before-request - upgradeConfigs: - - upgradeType: websocket - - domains: - - foo - name: first-listener/foo - routes: - - match: - prefix: / - name: mixed-triggers-route - route: - cluster: first-route-dest - retryPolicy: - hostSelectionRetryMaxAttempts: "5" - numRetries: 5 - retryHostPredicate: - - name: envoy.retry_host_predicates.previous_hosts - typedConfig: - '@type': type.googleapis.com/envoy.extensions.retry.host.previous_hosts.v3.PreviousHostsPredicate - retryOn: reset,reset-before-request,connect-failure - upgradeConfigs: - - upgradeType: websocket diff --git a/internal/xds/translator/translator_test.go b/internal/xds/translator/translator_test.go index 4e2110dce1..0ab4cb8db1 100644 --- a/internal/xds/translator/translator_test.go +++ b/internal/xds/translator/translator_test.go @@ -23,6 +23,7 @@ import ( "github.com/google/go-cmp/cmp/cmpopts" "github.com/stretchr/testify/require" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/util/sets" "k8s.io/utils/ptr" "sigs.k8s.io/yaml" @@ -130,6 +131,7 @@ func TestTranslateXds(t *testing.T) { inputFiles, err := filepath.Glob(filepath.Join("testdata", "in", "xds-ir", "*.yaml")) require.NoError(t, err) + keep := make(sets.Set[string]) for _, inputFile := range inputFiles { inputFileName := testName(inputFile) @@ -167,6 +169,7 @@ func TestTranslateXds(t *testing.T) { require.NoError(t, field.SetValue(e, "LastTransitionTime", metav1.NewTime(time.Time{}))) } if test.OverrideTestData() { + keep.Insert(inputFileName + ".envoypatchpolicies.yaml") out, err := yaml.Marshal(got) require.NoError(t, err) require.NoError(t, file.Write(string(out), filepath.Join("testdata", "out", "xds-ir", inputFileName+".envoypatchpolicies.yaml"))) @@ -193,6 +196,10 @@ func TestTranslateXds(t *testing.T) { clusters := tCtx.XdsResources[resourcev3.ClusterType] endpoints := tCtx.XdsResources[resourcev3.EndpointType] if test.OverrideTestData() { + keep.Insert(inputFileName + ".listeners.yaml") + keep.Insert(inputFileName + ".routes.yaml") + keep.Insert(inputFileName + ".clusters.yaml") + keep.Insert(inputFileName + ".endpoints.yaml") require.NoError(t, file.Write(requireResourcesToYAMLString(t, listeners), filepath.Join("testdata", "out", "xds-ir", inputFileName+".listeners.yaml"))) require.NoError(t, file.Write(requireResourcesToYAMLString(t, routes), filepath.Join("testdata", "out", "xds-ir", inputFileName+".routes.yaml"))) require.NoError(t, file.Write(requireResourcesToYAMLString(t, clusters), filepath.Join("testdata", "out", "xds-ir", inputFileName+".clusters.yaml"))) @@ -206,12 +213,36 @@ func TestTranslateXds(t *testing.T) { secrets, ok := tCtx.XdsResources[resourcev3.SecretType] if ok && len(secrets) > 0 { if test.OverrideTestData() { + keep.Insert(inputFileName + ".secrets.yaml") require.NoError(t, file.Write(requireResourcesToYAMLString(t, secrets), filepath.Join("testdata", "out", "xds-ir", inputFileName+".secrets.yaml"))) } require.Equal(t, requireTestDataOutFile(t, "xds-ir", inputFileName+".secrets.yaml"), requireResourcesToYAMLString(t, secrets)) } }) } + + if test.OverrideTestData() { + cleanupOutdatedTestData(t, filepath.Join("testdata", "out", "xds-ir"), keep) + } +} + +func cleanupOutdatedTestData(t *testing.T, dir string, keep sets.Set[string]) { + t.Helper() + entries, err := os.ReadDir(dir) + require.NoError(t, err) + for _, entry := range entries { + if entry.IsDir() { + continue + } + name := entry.Name() + if filepath.Ext(name) != ".yaml" { + continue + } + if _, ok := keep[name]; ok { + continue + } + require.NoError(t, os.Remove(filepath.Join(dir, name))) + } } func TestTranslateRateLimitConfig(t *testing.T) {