update gateway translator tests

Author: npolshakova

projects/gateway2/api/applyconfiguration/api/v1alpha1/accessloggingservice.go

@@ -29,9 +29,9 @@ import (
 )
 
 // Helper function to convert AccessLogConfig to Envoy AccessLog
-func convertAccessLogConfig(ctx context.Context, config *v1alpha1.AccessLoggingConfig) []*v33.AccessLog {
+func convertAccessLogConfig(ctx context.Context, config *v1alpha1.AccessLoggingConfig) ([]*v33.AccessLog, error) {
 	if config == nil || len(config.AccessLog) == 0 {
-		return nil
+		return nil, nil
 	}
 
 	logger := contextutils.LoggerFrom(ctx).Desugar()
@@ -40,12 +40,20 @@ func convertAccessLogConfig(ctx context.Context, config *v1alpha1.AccessLoggingC
 	for _, log := range config.AccessLog {
 		var accessLogCfg v33.AccessLog
 
+		if log.FileSink != nil && log.GrpcService != nil {
+			return nil, eris.New("access log config cannot have both file sink and grpc service")
+		}
+
 		// Convert FileSink
 		if log.FileSink != nil {
 			fileCfg := &envoyalfile.FileAccessLog{
 				Path: log.FileSink.Path,
 			}
 
+			if log.FileSink.StringFormat != "" && log.FileSink.JsonFormat != nil {
+				return nil, eris.New("access log config cannot have both string format and json format")
+			}
+
 			// Handle output format
 			if log.FileSink.StringFormat != "" {
 				formatterExtensions, err := getFormatterExtensions()
@@ -80,17 +88,20 @@ func convertAccessLogConfig(ctx context.Context, config *v1alpha1.AccessLoggingC
 			accessLogCfg, err = NewAccessLogWithConfig(wellknown.FileAccessLog, fileCfg)
 			if err != nil {
 				logger.Error(fmt.Sprintf("error creating file access log config: %s", err.Error()))
+				return nil, err
 			}
 		} else if log.GrpcService != nil {
 			// Convert GrpcService
 			var cfg envoygrpc.HttpGrpcAccessLogConfig
 			err = copyGrpcSettings(&cfg, log.GrpcService)
 			if err != nil {
 				logger.Error(fmt.Sprintf("error converting grpc access log config: %s", err.Error()))
+				return nil, err
 			}
 			accessLogCfg, err = NewAccessLogWithConfig(wellknown.HTTPGRPCAccessLog, &cfg)
 			if err != nil {
 				logger.Error(fmt.Sprintf("error creating grpc access log config: %s", err.Error()))
+				return nil, err
 			}
 		}
 
@@ -127,7 +138,7 @@ func convertAccessLogConfig(ctx context.Context, config *v1alpha1.AccessLoggingC
 		results = append(results, &accessLogCfg)
 	}
 
-	return results
+	return results, nil
 }
 
 func translateFilter(logger *zap.Logger, filter *v1alpha1.FilterType) *v33.AccessLogFilter {

projects/gateway2/extensions2/plugins/httplistenerpolicy/access_logging_converter.go

@@ -105,7 +105,10 @@ func (p *httpListenerOptsPluginGwPass) ApplyHCM(
 
 	// translate access logging configuration
 	if policy.spec.AccessLoggingConfig != nil {
-		accessLog := convertAccessLogConfig(ctx, policy.spec.AccessLoggingConfig)
+		accessLog, err := convertAccessLogConfig(ctx, policy.spec.AccessLoggingConfig)
+		if err != nil {
+			return eris.Errorf("failed to convert access log config: %v", err)
+		}
 		if accessLog != nil {
 			out.AccessLog = append(out.GetAccessLog(), accessLog...)
 		}

projects/gateway2/extensions2/plugins/httplistenerpolicy/httplistener_plugin.go

@@ -0,0 +1,248 @@
+clusters:
+- connectTimeout: 5s
+  edsClusterConfig:
+    edsConfig:
+      ads: {}
+      resourceApiVersion: V3
+  metadata: {}
+  name: kube_default_kubernetes_443
+  transportSocketMatches:
+  - match:
+      tlsMode: istio
+    name: tlsMode-istio
+    transportSocket:
+      name: envoy.transport_sockets.tls
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+        commonTlsContext:
+          alpnProtocols:
+          - istio
+          tlsCertificateSdsSecretConfigs:
+          - name: istio_server_cert
+            sdsConfig:
+              apiConfigSource:
+                apiType: GRPC
+                grpcServices:
+                - envoyGrpc:
+                    clusterName: gateway_proxy_sds
+                setNodeOnFirstMessageOnly: true
+                transportApiVersion: V3
+              resourceApiVersion: V3
+          tlsParams: {}
+          validationContextSdsSecretConfig:
+            name: istio_validation_context
+            sdsConfig:
+              apiConfigSource:
+                apiType: GRPC
+                grpcServices:
+                - envoyGrpc:
+                    clusterName: gateway_proxy_sds
+                setNodeOnFirstMessageOnly: true
+                transportApiVersion: V3
+              resourceApiVersion: V3
+        sni: outbound_.443_._.kubernetes.default.svc.cluster.local
+  - match: {}
+    name: tlsMode-disabled
+    transportSocket:
+      name: envoy.transport_sockets.raw_buffer
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.transport_sockets.raw_buffer.v3.RawBuffer
+  type: EDS
+- connectTimeout: 5s
+  edsClusterConfig:
+    edsConfig:
+      ads: {}
+      resourceApiVersion: V3
+  metadata: {}
+  name: kube_gwtest_reviews_8080
+  transportSocketMatches:
+  - match:
+      tlsMode: istio
+    name: tlsMode-istio
+    transportSocket:
+      name: envoy.transport_sockets.tls
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.transport_sockets.tls.v3.UpstreamTlsContext
+        commonTlsContext:
+          alpnProtocols:
+          - istio
+          tlsCertificateSdsSecretConfigs:
+          - name: istio_server_cert
+            sdsConfig:
+              apiConfigSource:
+                apiType: GRPC
+                grpcServices:
+                - envoyGrpc:
+                    clusterName: gateway_proxy_sds
+                setNodeOnFirstMessageOnly: true
+                transportApiVersion: V3
+              resourceApiVersion: V3
+          tlsParams: {}
+          validationContextSdsSecretConfig:
+            name: istio_validation_context
+            sdsConfig:
+              apiConfigSource:
+                apiType: GRPC
+                grpcServices:
+                - envoyGrpc:
+                    clusterName: gateway_proxy_sds
+                setNodeOnFirstMessageOnly: true
+                transportApiVersion: V3
+              resourceApiVersion: V3
+        sni: outbound_.8080_._.reviews.gwtest.svc.cluster.local
+  - match: {}
+    name: tlsMode-disabled
+    transportSocket:
+      name: envoy.transport_sockets.raw_buffer
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.transport_sockets.raw_buffer.v3.RawBuffer
+  type: EDS
+endpoints:
+- clusterName: kube_gwtest_reviews_8080
+  endpoints:
+  - lbEndpoints:
+    - endpoint:
+        address:
+          socketAddress:
+            address: 10.244.1.11
+            portValue: 8080
+      loadBalancingWeight: 1
+    loadBalancingWeight: 1
+listeners:
+- address:
+    socketAddress:
+      address: '::'
+      ipv4Compat: true
+      portValue: 8080
+  filterChains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        accessLog:
+        - filter:
+            extensionFilter:
+              name: envoy.access_loggers.extension_filters.cel
+              typedConfig:
+                '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter
+                expression: request.headers['test'].contains('cool-beans')
+          name: envoy.access_loggers.http_grpc
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig
+            commonConfig:
+              grpcService:
+                envoyGrpc:
+                  clusterName: test-accesslog-service
+              logName: test-accesslog-service
+              transportApiVersion: V3
+        - filter:
+            extensionFilter:
+              name: envoy.access_loggers.extension_filters.cel
+              typedConfig:
+                '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter
+                expression: request.headers['test'].contains('cool-beans')
+          name: envoy.access_loggers.http_grpc
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig
+            commonConfig:
+              grpcService:
+                envoyGrpc:
+                  clusterName: test-accesslog-service
+              logName: test-accesslog-service
+              transportApiVersion: V3
+        httpFilters:
+        - name: envoy.filters.http.router
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        mergeSlashes: true
+        normalizePath: true
+        rds:
+          configSource:
+            ads: {}
+            resourceApiVersion: V3
+          routeConfigName: http
+        statPrefix: http
+    name: http
+  name: http
+- address:
+    socketAddress:
+      address: '::'
+      ipv4Compat: true
+      portValue: 8081
+  filterChains:
+  - filters:
+    - name: envoy.filters.network.http_connection_manager
+      typedConfig:
+        '@type': type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager
+        accessLog:
+        - filter:
+            extensionFilter:
+              name: envoy.access_loggers.extension_filters.cel
+              typedConfig:
+                '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter
+                expression: request.headers['test'].contains('cool-beans')
+          name: envoy.access_loggers.http_grpc
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig
+            commonConfig:
+              grpcService:
+                envoyGrpc:
+                  clusterName: test-accesslog-service
+              logName: test-accesslog-service
+              transportApiVersion: V3
+        - filter:
+            extensionFilter:
+              name: envoy.access_loggers.extension_filters.cel
+              typedConfig:
+                '@type': type.googleapis.com/envoy.extensions.access_loggers.filters.cel.v3.ExpressionFilter
+                expression: request.headers['test'].contains('cool-beans')
+          name: envoy.access_loggers.http_grpc
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.access_loggers.grpc.v3.HttpGrpcAccessLogConfig
+            commonConfig:
+              grpcService:
+                envoyGrpc:
+                  clusterName: test-accesslog-service
+              logName: test-accesslog-service
+              transportApiVersion: V3
+        httpFilters:
+        - name: envoy.filters.http.router
+          typedConfig:
+            '@type': type.googleapis.com/envoy.extensions.filters.http.router.v3.Router
+        mergeSlashes: true
+        normalizePath: true
+        rds:
+          configSource:
+            ads: {}
+            resourceApiVersion: V3
+          routeConfigName: other
+        statPrefix: http
+    name: other
+  name: other
+routes:
+- ignorePortInHostMatching: true
+  name: http
+  virtualHosts:
+  - domains:
+    - www.example.com
+    name: http~www_example_com
+    routes:
+    - match:
+        prefix: /
+      name: http~www_example_com-route-0-httproute-reviews-gwtest-0-0-matcher-0
+      route:
+        cluster: kube_gwtest_reviews_8080
+        clusterNotFoundResponseCode: INTERNAL_SERVER_ERROR
+- ignorePortInHostMatching: true
+  name: other
+  virtualHosts:
+  - domains:
+    - www.example.com
+    name: other~www_example_com
+    routes:
+    - match:
+        prefix: /
+      name: other~www_example_com-route-0-httproute-reviews-gwtest-0-0-matcher-0
+      route:
+        cluster: kube_gwtest_reviews_8080
+        clusterNotFoundResponseCode: INTERNAL_SERVER_ERROR