Fix TestE2E/RateLimitBasedJwtClaims test (#2097)

* Revert "Skip RateLimitBasedJwtClaimsTest test (#2096)" This reverts commit ef7a2a4. fix e2e test Signed-off-by: huabing zhao <zhaohuabing@gmail.com> * fix XValidation Signed-off-by: huabing zhao <zhaohuabing@gmail.com> --------- Signed-off-by: huabing zhao <zhaohuabing@gmail.com>
envoyproxy · Oct 28, 2023 · f301527 · f301527
1 parent 4cb4547
commit f301527
Show file tree

Hide file tree

Showing 15 changed files with 18 additions and 21 deletions.
diff --git a/api/v1alpha1/securitypolicy_types.go b/api/v1alpha1/securitypolicy_types.go
@@ -37,7 +37,7 @@ type SecurityPolicy struct {
 // SecurityPolicySpec defines the desired state of SecurityPolicy.
 type SecurityPolicySpec struct {
 	// +kubebuilder:validation:XValidation:rule="self.group == 'gateway.networking.k8s.io'", message="this policy can only have a targetRef.group of gateway.networking.k8s.io"
-	// +kubebuilder:validation:XValidation:rule="self.kind == 'Gateway'", message="this policy can only have a targetRef.kind of Gateway"
+	// +kubebuilder:validation:XValidation:rule="self.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute']", message="this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute"
 	// +kubebuilder:validation:XValidation:rule="!has(self.sectionName)",message="this policy does not yet support the sectionName field"
 	//
 	// TargetRef is the name of the Gateway resource this policy

diff --git a/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml b/charts/gateway-helm/crds/generated/gateway.envoyproxy.io_securitypolicies.yaml
@@ -238,8 +238,8 @@ spec:
                 x-kubernetes-validations:
                 - message: this policy can only have a targetRef.group of gateway.networking.k8s.io
                   rule: self.group == 'gateway.networking.k8s.io'
-                - message: this policy can only have a targetRef.kind of Gateway
-                  rule: self.kind == 'Gateway'
+                - message: this policy can only have a targetRef.kind of Gateway/HTTPRoute/GRPCRoute
+                  rule: self.kind in ['Gateway', 'HTTPRoute', 'GRPCRoute']
                 - message: this policy does not yet support the sectionName field
                   rule: '!has(self.sectionName)'
             required:

diff --git a/examples/kubernetes/jwt/grpc-jwt.yaml b/examples/kubernetes/jwt/grpc-jwt.yaml
@@ -11,7 +11,7 @@ spec:
     providers:
     - name: example
       remoteJWKS:
-        uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+        uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
 ---
 apiVersion: gateway.networking.k8s.io/v1alpha2
 kind: GRPCRoute

diff --git a/examples/kubernetes/jwt/jwt.yaml b/examples/kubernetes/jwt/jwt.yaml
@@ -11,7 +11,7 @@ spec:
     providers:
     - name: example
       remoteJWKS:
-        uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+        uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute

diff --git a/internal/cmd/egctl/testdata/translate/in/jwt-single-route-single-match-to-xds.yaml b/internal/cmd/egctl/testdata/translate/in/jwt-single-route-single-match-to-xds.yaml
@@ -83,7 +83,7 @@ spec:
     providers:
       - name: example
         remoteJWKS:
-          uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+          uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
 ---
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute

diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.json
@@ -397,7 +397,7 @@
                                       "httpUri": {
                                         "cluster": "raw_githubusercontent_com_443",
                                         "timeout": "5s",
-                                        "uri": "https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json"
+                                        "uri": "https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json"
                                       },
                                       "retryPolicy": {}
                                     }

diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.all.yaml
@@ -238,7 +238,7 @@ xds:
                             httpUri:
                               cluster: raw_githubusercontent_com_443
                               timeout: 5s
-                              uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+                              uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
                             retryPolicy: {}
                       requirementMap:
                         httproute/envoy-gateway-system/backend/rule/0/match/0/www_example_com:

diff --git a/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml b/internal/cmd/egctl/testdata/translate/out/jwt-single-route-single-match-to-xds.listener.yaml
@@ -54,7 +54,7 @@ xds:
                           httpUri:
                             cluster: raw_githubusercontent_com_443
                             timeout: 5s
-                            uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+                            uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
                           retryPolicy: {}
                     requirementMap:
                       httproute/envoy-gateway-system/backend/rule/0/match/0/www_example_com:

diff --git a/site/content/en/latest/design/rate-limit.md b/site/content/en/latest/design/rate-limit.md
@@ -232,7 +232,7 @@ spec:
     providers:
       - name: example
         remoteJWKS:
-          uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+          uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
         claimToHeaders:
       - claim: name
         header: custom-request-header

diff --git a/site/content/en/latest/design/security-policy.md b/site/content/en/latest/design/security-policy.md
@@ -73,7 +73,7 @@ spec:
     providers:
     - name: example
       remoteJWKS:
-        uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+        uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
   targetRef:
     group: gateway.networking.k8s.io
     kind: Gateway

diff --git a/site/content/en/latest/user/rate-limit.md b/site/content/en/latest/user/rate-limit.md
@@ -607,7 +607,7 @@ spec:
   jwtProviders:
   - name: example
     remoteJWKS:
-      uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+      uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
     claimToHeaders:
     - claim: name
       header: x-claim-name

diff --git a/site/content/en/v0.5.0/design/rate-limit.md b/site/content/en/v0.5.0/design/rate-limit.md
@@ -228,7 +228,7 @@ spec:
   jwtProviders:
   - name: example
     remoteJWKS:
-      uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+      uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
     claimToHeaders:
     - claim: name
       header: custom-request-header

diff --git a/site/content/en/v0.5.0/user/rate-limit.md b/site/content/en/v0.5.0/user/rate-limit.md
@@ -590,7 +590,7 @@ spec:
   jwtProviders:
   - name: example
     remoteJWKS:
-      uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+      uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
     claimToHeaders:
     - claim: name
       header: x-claim-name

diff --git a/test/e2e/e2e_test.go b/test/e2e/e2e_test.go
@@ -41,12 +41,9 @@ func TestE2E(t *testing.T) {
 		*flags.GatewayClassName, *flags.CleanupBaseResources, *flags.ShowDebug, *flags.SupportedFeatures, *flags.ExemptFeatures)
 
 	cSuite := suite.New(suite.Options{
-		Client:           client,
-		GatewayClassName: *flags.GatewayClassName,
-		Debug:            *flags.ShowDebug,
-		SkipTests: []string{
-			tests.RateLimitBasedJwtClaimsTest.ShortName,
-		},
+		Client:               client,
+		GatewayClassName:     *flags.GatewayClassName,
+		Debug:                *flags.ShowDebug,
 		CleanupBaseResources: *flags.CleanupBaseResources,
 		FS:                   &Manifests,
 	})

diff --git a/test/e2e/testdata/ratelimit-based-jwt-claims.yaml b/test/e2e/testdata/ratelimit-based-jwt-claims.yaml
@@ -13,7 +13,7 @@ spec:
     providers:
     - name: example
       remoteJWKS:
-        uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/authn/jwks.json
+        uri: https://raw.githubusercontent.com/envoyproxy/gateway/main/examples/kubernetes/jwt/jwks.json
       claimToHeaders:
       - claim: name
         header: x-claim-name