fix(translator): Fix panic with request mirror + grpcroute #6875
+242
−9
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
AndyMoreland
force-pushed
the
fix/6874-fix-request-mirror
branch
2 times, most recently
from
0261526 to
da5dfd6
Compare
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #6875 +/- ##
==========================================
- Coverage 71.10% 71.08% -0.03%
==========================================
Files 225 225
Lines 39859 39868 +9
==========================================
- Hits 28343 28340 -3
- Misses 9848 9857 +9
- Partials 1668 1671 +3 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
AndyMoreland
force-pushed
the
fix/6874-fix-request-mirror
branch
from
c2e5f76 to
fea450c
Compare
arkodg
reviewed
Aug 30, 2025
internal/gatewayapi/filters.go
Outdated
| return nil | ||
| } | ||
|
|
||
| func (t *Translator) processRequestMirrorFilter( |
There was a problem hiding this comment.
can we eliminate this ?
validateBackendRef already accepts a backend interface
gateway/internal/gatewayapi/validate.go
Line 29 in c181d47
There was a problem hiding this comment.
@arkodg I think we need some kind of split in the concrete type of the iface approximately here, because validateBackendRefFilters needs GRPCRoutes to have a GRPCRouteFilter-containing-backendref, and HTTPRoutes to have an HTTPRouteFilter-containing-backendref -- the panic was caused by the existing unification causing the downstream cast to fail.
There was a problem hiding this comment.
(I'm not a go expert or familiar with the types in play, but this was the smallest code diff way I found to avoid the unchecked cast panic)
|
@AndyMoreland e.g. var mirrorBackendRef BackendRefContext
routeType := GetRouteType(filterContext.Route)
if routeType == resource.KindGRPCRoute {
mirrorBackendRef = gwapiv1.GRPCBackendRef{
BackendRef: gwapiv1.BackendRef{
BackendObjectReference: mirrorBackend,
Weight: &weight,
},
}
} else {
mirrorBackendRef = gwapiv1.HTTPBackendRef{
BackendRef: gwapiv1.BackendRef{
BackendObjectReference: mirrorBackend,
Weight: &weight,
},
}
}
// This sets the status on the HTTPRoute, should the usage be changed so that the status message reflects that the backendRef is from the filter?
filterNs := filterContext.Route.GetNamespace()
serviceNamespace := NamespaceDerefOr(mirrorBackend.Namespace, filterNs)
err = t.validateBackendRef(mirrorBackendRef, filterContext.Route,
resources, serviceNamespace, routeType) |
|
+1 to #6875 (comment) |
Signed-off-by: Andrew Moreland <andy@andymoreland.com>
Signed-off-by: Andrew Moreland <andy@andymoreland.com>
Signed-off-by: Andrew Moreland <andy@andymoreland.com>
Signed-off-by: Andrew Moreland <andy@andymoreland.com>
Signed-off-by: Andrew Moreland <andy@andymoreland.com>
The validateBackendRefFilters function casts the Filters field to the specific filter type (HTTPRouteFilter vs GRPCRouteFilter) based on the routeKind. Using the wrong wrapper type causes a type assertion panic, so we must keep the typed wrappers despite the duplication. Signed-off-by: Andrew Moreland <andy@andymoreland.com>
Simplified the RequestMirror filter processing by: - Getting RouteType directly from filterContext - Creating appropriate BackendRef type (HTTP or gRPC) based on RouteType - Consolidating logic into single processRequestMirrorFilter function - Keeping processGRPCRequestMirrorFilter as a delegate for compatibility This approach follows the review feedback and maintains the fix for GRPCRoute panic while simplifying the code structure. Signed-off-by: Andrew Moreland <andy@andymoreland.com>
AndyMoreland
force-pushed
the
fix/6874-fix-request-mirror
branch
from
521204e to
4740589
Compare
|
I've applied the suggested change |
ProcessGRPCFilters now calls processRequestMirrorFilter directly since it already handles both HTTP and gRPC routes based on RouteType. Signed-off-by: Andrew Moreland <andy@andymoreland.com>
arkodg
reviewed
Sep 2, 2025
|
thanks for addressing the comments @AndyMoreland, added one minor comment |
Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Signed-off-by: Andrew Moreland <andy@andymo.org>
|
I've merged your suggestion |
zirain
approved these changes
Sep 2, 2025
shawnh2
pushed a commit
to shawnh2/gateway
that referenced
this pull request
Oct 15, 2025
…y#6875) Signed-off-by: Andrew Moreland <andy@andymoreland.com>
shawnh2
pushed a commit
to shawnh2/gateway
that referenced
this pull request
Oct 15, 2025
…y#6875) Signed-off-by: Andrew Moreland <andy@andymoreland.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com>
arkodg
added a commit
that referenced
this pull request
Oct 15, 2025
* fix(xds-server): clear snapshot on stream close (#6618) * fix(xds-server): clear snapshot on stream close Signed-off-by: Zachary Vacura <zvacura@digitalocean.com> * check if there are other active connections before clearning the snapshot Signed-off-by: Zachary Vacura <zvacura@digitalocean.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * bug: disable x-envoy-ratelimited by default (#7110) * bug: disable x-envoy-ratelimited by default * can be enabled with `enableEnvoyHeaders` in CTP Relates to #7034 Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix tests and release note Signed-off-by: Arko Dasgupta <arko@tetrate.io> * fix testdata Signed-off-by: Arko Dasgupta <arko@tetrate.io> --------- Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix(translator): Fix panic with request mirror + grpcroute (#6875) Signed-off-by: Andrew Moreland <andy@andymoreland.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix: bug in overlap detection of cert SANs (#7234) Signed-off-by: shawnh2 <shawnhxh@outlook.com> * bump golang for crypto/x509 reggression (#7236) Signed-off-by: zirain <zirain2009@gmail.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> * fix gen-check Signed-off-by: shawnh2 <shawnhxh@outlook.com> --------- Signed-off-by: Zachary Vacura <zvacura@digitalocean.com> Signed-off-by: shawnh2 <shawnhxh@outlook.com> Signed-off-by: Arko Dasgupta <arko@tetrate.io> Signed-off-by: Andrew Moreland <andy@andymoreland.com> Signed-off-by: zirain <zirain2009@gmail.com> Co-authored-by: Zach Vacura <zach@hackzzila.com> Co-authored-by: Arko Dasgupta <arkodg@users.noreply.github.com> Co-authored-by: Andrew Moreland <andy@andymo.org> Co-authored-by: Rudrakh Panigrahi <rudrakh97@gmail.com> Co-authored-by: zirain <zirain2009@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
This fixes an unconditional panic when the RequestMirror filter is used with GRPCRoutes
Which issue(s) this PR fixes:
Fixes #6874
Release Notes: No