Update higress ingress annotation (#49)

alibaba · Nov 10, 2022 · da93352 · da93352
1 parent 268c733
commit da93352
Show file tree

Hide file tree

Showing 23 changed files with 86 additions and 1,427 deletions.
diff --git a/.gitignore b/.gitignore
@@ -1,5 +1,6 @@
 external
 out
+*.out
 *.tgz
 *.wasm
 .idea/

diff --git a/pkg/ingress/config/ingress_config_test.go b/pkg/ingress/config/ingress_config_test.go
@@ -182,8 +182,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 					},
 					AnnotationsConfig: &annotations.Ingress{
 						DownstreamTLS: &annotations.DownstreamTLSConfig{
-							TlsMinVersion: annotations.TLSProtocolVersion("TLSv1.1"),
-							CipherSuites:  []string{"ECDHE-RSA-AES128-GCM-SHA256", "AES256-SHA"},
+							CipherSuites: []string{"ECDHE-RSA-AES128-GCM-SHA256", "AES256-SHA"},
 						},
 					},
 				},
@@ -249,8 +248,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 					},
 					AnnotationsConfig: &annotations.Ingress{
 						DownstreamTLS: &annotations.DownstreamTLSConfig{
-							TlsMinVersion: annotations.TLSProtocolVersion("TLSv1.2"),
-							CipherSuites:  []string{"ECDHE-RSA-AES128-GCM-SHA256"},
+							CipherSuites: []string{"ECDHE-RSA-AES128-GCM-SHA256"},
 						},
 					},
 				},
@@ -284,10 +282,9 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								},
 								Hosts: []string{"foo.com"},
 								Tls: &networking.ServerTLSSettings{
-									Mode:               networking.ServerTLSSettings_SIMPLE,
-									CredentialName:     "kubernetes-ingress://ingress-v1beta1__/wakanda/foo-com",
-									MinProtocolVersion: networking.ServerTLSSettings_TLSV1_1,
-									CipherSuites:       []string{"ECDHE-RSA-AES128-GCM-SHA256", "AES256-SHA"},
+									Mode:           networking.ServerTLSSettings_SIMPLE,
+									CredentialName: "kubernetes-ingress://ingress-v1beta1__/wakanda/foo-com",
+									CipherSuites:   []string{"ECDHE-RSA-AES128-GCM-SHA256", "AES256-SHA"},
 								},
 							},
 						},
@@ -321,10 +318,9 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								},
 								Hosts: []string{"test.com"},
 								Tls: &networking.ServerTLSSettings{
-									Mode:               networking.ServerTLSSettings_SIMPLE,
-									CredentialName:     "kubernetes-ingress://ingress-v1beta1__/wakanda/test-com",
-									MinProtocolVersion: networking.ServerTLSSettings_TLSV1_1,
-									CipherSuites:       []string{"ECDHE-RSA-AES128-GCM-SHA256", "AES256-SHA"},
+									Mode:           networking.ServerTLSSettings_SIMPLE,
+									CredentialName: "kubernetes-ingress://ingress-v1beta1__/wakanda/test-com",
+									CipherSuites:   []string{"ECDHE-RSA-AES128-GCM-SHA256", "AES256-SHA"},
 								},
 							},
 						},
@@ -466,8 +462,7 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 					},
 					AnnotationsConfig: &annotations.Ingress{
 						DownstreamTLS: &annotations.DownstreamTLSConfig{
-							TlsMinVersion: annotations.TLSProtocolVersion("TLSv1.2"),
-							CipherSuites:  []string{"ECDHE-RSA-AES128-GCM-SHA256"},
+							CipherSuites: []string{"ECDHE-RSA-AES128-GCM-SHA256"},
 						},
 					},
 				},
@@ -501,10 +496,9 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								},
 								Hosts: []string{"foo.com"},
 								Tls: &networking.ServerTLSSettings{
-									Mode:               networking.ServerTLSSettings_SIMPLE,
-									CredentialName:     "kubernetes-ingress://ingress-v1__/wakanda/foo-com",
-									MinProtocolVersion: networking.ServerTLSSettings_TLSV1_2,
-									CipherSuites:       []string{"ECDHE-RSA-AES128-GCM-SHA256"},
+									Mode:           networking.ServerTLSSettings_SIMPLE,
+									CredentialName: "kubernetes-ingress://ingress-v1__/wakanda/foo-com",
+									CipherSuites:   []string{"ECDHE-RSA-AES128-GCM-SHA256"},
 								},
 							},
 						},
@@ -538,10 +532,9 @@ func TestConvertGatewaysForIngress(t *testing.T) {
 								},
 								Hosts: []string{"test.com"},
 								Tls: &networking.ServerTLSSettings{
-									Mode:               networking.ServerTLSSettings_SIMPLE,
-									CredentialName:     "kubernetes-ingress://ingress-v1__/wakanda/test-com",
-									MinProtocolVersion: networking.ServerTLSSettings_TLSV1_2,
-									CipherSuites:       []string{"ECDHE-RSA-AES128-GCM-SHA256"},
+									Mode:           networking.ServerTLSSettings_SIMPLE,
+									CredentialName: "kubernetes-ingress://ingress-v1__/wakanda/test-com",
+									CipherSuites:   []string{"ECDHE-RSA-AES128-GCM-SHA256"},
 								},
 							},
 						},

diff --git a/pkg/ingress/kube/annotations/annotations.go b/pkg/ingress/kube/annotations/annotations.go
@@ -54,16 +54,10 @@ type Ingress struct {
 
 	IPAccessControl *IPAccessControlConfig
 
-	HeaderControl *HeaderControlConfig
-
-	Timeout *TimeoutConfig
-
 	Retry *RetryConfig
 
 	LoadBalance *LoadBalanceConfig
 
-	localRateLimit *localRateLimitConfig
-
 	Fallback *FallbackConfig
 
 	Auth *AuthConfig
@@ -105,22 +99,6 @@ func (i *Ingress) NeedTrafficPolicy() bool {
 		i.LoadBalance != nil
 }
 
-func (i *Ingress) MergeHostIPAccessControlIfNotExist(ac *IPAccessControlConfig) {
-	if i.IPAccessControl != nil && i.IPAccessControl.Domain != nil {
-		return
-	}
-
-	if ac != nil && ac.Domain != nil {
-		if i.IPAccessControl == nil {
-			i.IPAccessControl = &IPAccessControlConfig{
-				Domain: ac.Domain,
-			}
-		} else {
-			i.IPAccessControl.Domain = ac.Domain
-		}
-	}
-}
-
 type AnnotationHandler interface {
 	Parser
 	GatewayHandler
@@ -147,11 +125,8 @@ func NewAnnotationHandlerManager() AnnotationHandler {
 			rewrite{},
 			upstreamTLS{},
 			ipAccessControl{},
-			headerControl{},
-			timeout{},
 			retry{},
 			loadBalance{},
-			localRateLimit{},
 			fallback{},
 			auth{},
 		},
@@ -166,10 +141,7 @@ func NewAnnotationHandlerManager() AnnotationHandler {
 			redirect{},
 			rewrite{},
 			ipAccessControl{},
-			headerControl{},
-			timeout{},
 			retry{},
-			localRateLimit{},
 			fallback{},
 		},
 		trafficPolicyHandlers: []TrafficPolicyHandler{

diff --git a/pkg/ingress/kube/annotations/auth_test.go b/pkg/ingress/kube/annotations/auth_test.go
@@ -68,8 +68,8 @@ func TestAuthParse(t *testing.T) {
 		},
 		{
 			input: map[string]string{
-				buildNginxAnnotationKey(authType):    defaultAuthType,
-				buildMSEAnnotationKey(authSecretAnn): "foo/bar",
+				buildNginxAnnotationKey(authType):        defaultAuthType,
+				buildHigressAnnotationKey(authSecretAnn): "foo/bar",
 			},
 			secret: &v1.Secret{
 				ObjectMeta: metav1.ObjectMeta{
@@ -96,7 +96,7 @@ func TestAuthParse(t *testing.T) {
 		{
 			input: map[string]string{
 				buildNginxAnnotationKey(authType):          defaultAuthType,
-				buildMSEAnnotationKey(authSecretAnn):       "foo/bar",
+				buildHigressAnnotationKey(authSecretAnn):   "foo/bar",
 				buildNginxAnnotationKey(authSecretTypeAnn): string(authMapAuthSecretType),
 			},
 			secret: &v1.Secret{
@@ -125,7 +125,7 @@ func TestAuthParse(t *testing.T) {
 		{
 			input: map[string]string{
 				buildNginxAnnotationKey(authType):          defaultAuthType,
-				buildMSEAnnotationKey(authSecretAnn):       "bar",
+				buildHigressAnnotationKey(authSecretAnn):   "bar",
 				buildNginxAnnotationKey(authSecretTypeAnn): string(authFileAuthSecretType),
 			},
 			secret: &v1.Secret{

diff --git a/pkg/ingress/kube/annotations/canary.go b/pkg/ingress/kube/annotations/canary.go
@@ -106,8 +106,6 @@ func ApplyByWeight(canary, route *networking.HTTPRoute, canaryIngress *Ingress)
 	// We will process total weight in the end.
 	route.Route = append(route.Route, canary.Route[0])
 
-	// canary route use the header control applied on itself.
-	headerControl{}.ApplyRoute(canary, canaryIngress)
 	// Move route level to destination level
 	canary.Route[0].Headers = canary.Headers
 
@@ -168,10 +166,6 @@ func ApplyByHeader(canary, route *networking.HTTPRoute, canaryIngress *Ingress)
 		}
 	}
 
-	canary.Headers = nil
-	// canary route use the header control applied on itself.
-	headerControl{}.ApplyRoute(canary, canaryIngress)
-
 	// First add normal route cluster
 	canary.Route[0].FallbackClusters = append(canary.Route[0].FallbackClusters,
 		route.Route[0].Destination.DeepCopy())

diff --git a/pkg/ingress/kube/annotations/canary_test.go b/pkg/ingress/kube/annotations/canary_test.go
@@ -166,89 +166,3 @@ func TestApplyWeight(t *testing.T) {
 		t.Fatal("Should be equal")
 	}
 }
-
-func TestApplyHeader(t *testing.T) {
-	route := &networking.HTTPRoute{
-		Headers: &networking.Headers{
-			Request: &networking.Headers_HeaderOperations{
-				Add: map[string]string{
-					"normal": "true",
-				},
-			},
-		},
-		Route: []*networking.HTTPRouteDestination{
-			{
-				Destination: &networking.Destination{
-					Host: "normal",
-					Port: &networking.PortSelector{
-						Number: 80,
-					},
-				},
-			},
-		},
-	}
-
-	canary := &networking.HTTPRoute{
-		Headers: &networking.Headers{
-			Request: &networking.Headers_HeaderOperations{
-				Add: map[string]string{
-					"canary": "true",
-				},
-			},
-		},
-		Route: []*networking.HTTPRouteDestination{
-			{
-				Destination: &networking.Destination{
-					Host: "canary",
-					Port: &networking.PortSelector{
-						Number: 80,
-					},
-				},
-			},
-		},
-	}
-
-	ApplyByHeader(canary, route, &Ingress{
-		Canary: &CanaryConfig{},
-		HeaderControl: &HeaderControlConfig{
-			Request: &HeaderOperation{
-				Add: map[string]string{
-					"canary": "true",
-				},
-			},
-		},
-	})
-
-	expect := &networking.HTTPRoute{
-		Headers: &networking.Headers{
-			Request: &networking.Headers_HeaderOperations{
-				Add: map[string]string{
-					"canary": "true",
-				},
-			},
-			Response: &networking.Headers_HeaderOperations{},
-		},
-		Route: []*networking.HTTPRouteDestination{
-			{
-				Destination: &networking.Destination{
-					Host: "canary",
-					Port: &networking.PortSelector{
-						Number: 80,
-					},
-				},
-				FallbackClusters: []*networking.Destination{
-					{
-						Host: "normal",
-						Port: &networking.PortSelector{
-							Number: 80,
-						},
-					},
-				},
-			},
-		},
-	}
-
-	if !reflect.DeepEqual(canary, expect) {
-		t.Fatal("Should be equal")
-	}
-}
diff --git a/pkg/ingress/kube/annotations/cors_test.go b/pkg/ingress/kube/annotations/cors_test.go
@@ -131,9 +131,9 @@ func TestCorsParse(t *testing.T) {
 		},
 		{
 			input: Annotations{
-				buildMSEAnnotationKey(enableCors):         "true",
+				buildHigressAnnotationKey(enableCors):     "true",
 				buildNginxAnnotationKey(allowOrigin):      "https://origin-site.com:4443, http://origin-site.com, https://example.org:1199",
-				buildMSEAnnotationKey(allowMethods):       "GET, PUT",
+				buildHigressAnnotationKey(allowMethods):   "GET, PUT",
 				buildNginxAnnotationKey(allowHeaders):     "foo,bar",
 				buildNginxAnnotationKey(allowCredentials): "false",
 				buildNginxAnnotationKey(maxAge):           "100",

diff --git a/pkg/ingress/kube/annotations/default_backend_test.go b/pkg/ingress/kube/annotations/default_backend_test.go
@@ -73,7 +73,7 @@ func TestFallbackParse(t *testing.T) {
 		},
 		{
 			input: map[string]string{
-				buildMSEAnnotationKey(annDefaultBackend): "app",
+				buildHigressAnnotationKey(annDefaultBackend): "app",
 			},
 			expect: &FallbackConfig{
 				DefaultBackend: model.NamespacedName{
@@ -85,13 +85,13 @@ func TestFallbackParse(t *testing.T) {
 		},
 		{
 			input: map[string]string{
-				buildMSEAnnotationKey(annDefaultBackend): "foo/app",
+				buildHigressAnnotationKey(annDefaultBackend): "foo/app",
 			},
 		},
 		{
 			input: map[string]string{
-				buildMSEAnnotationKey(annDefaultBackend): "test/app",
-				buildNginxAnnotationKey(customHTTPError): "404,503",
+				buildHigressAnnotationKey(annDefaultBackend): "test/app",
+				buildNginxAnnotationKey(customHTTPError):     "404,503",
 			},
 			expect: &FallbackConfig{
 				DefaultBackend: model.NamespacedName{
@@ -104,8 +104,8 @@ func TestFallbackParse(t *testing.T) {
 		},
 		{
 			input: map[string]string{
-				buildMSEAnnotationKey(annDefaultBackend): "test/app",
-				buildNginxAnnotationKey(customHTTPError): "404,5ac",
+				buildHigressAnnotationKey(annDefaultBackend): "test/app",
+				buildNginxAnnotationKey(customHTTPError):     "404,5ac",
 			},
 			expect: &FallbackConfig{
 				DefaultBackend: model.NamespacedName{