From 9c3534ad0acc5d2439642201b37a304bfca5a985 Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Fri, 24 Oct 2025 15:56:07 +0100 Subject: [PATCH 1/4] Update GatewayAPI to v1.4.0 --- README.md | 2 +- apis/v1alpha1/clientsettingspolicy_types.go | 6 +- apis/v1alpha1/observabilitypolicy_types.go | 6 +- apis/v1alpha1/policy_methods.go | 22 +- apis/v1alpha1/upstreamsettingspolicy_types.go | 6 +- apis/v1alpha1/zz_generated.deepcopy.go | 16 +- apis/v1alpha2/observabilitypolicy_types.go | 6 +- apis/v1alpha2/policy_methods.go | 8 +- apis/v1alpha2/zz_generated.deepcopy.go | 8 +- .../templates/clusterrole.yaml | 4 +- cmd/gateway/validation.go | 2 +- ...eway.nginx.org_clientsettingspolicies.yaml | 36 ++- ...teway.nginx.org_observabilitypolicies.yaml | 72 +++++- ...ay.nginx.org_upstreamsettingspolicies.yaml | 36 ++- .../experimental/kustomization.yaml | 2 +- .../gateway-api/standard/kustomization.yaml | 2 +- deploy/azure/deploy.yaml | 2 + deploy/crds.yaml | 144 +++++++++++- deploy/default/deploy.yaml | 2 + deploy/inference-nginx-plus/deploy.yaml | 2 + deploy/inference/deploy.yaml | 2 + deploy/nginx-plus/deploy.yaml | 2 + deploy/nodeport/deploy.yaml | 2 + deploy/openshift/deploy.yaml | 2 + .../snippets-filters-nginx-plus/deploy.yaml | 2 + deploy/snippets-filters/deploy.yaml | 2 + go.mod | 20 +- go.sum | 40 ++-- internal/controller/manager.go | 28 ++- internal/controller/manager_test.go | 17 +- .../policies/clientsettings/validator_test.go | 5 +- .../policies/observability/validator_test.go | 9 +- .../policies/policiesfakes/fake_policy.go | 54 ++--- .../nginx/config/policies/policy.go | 9 +- .../upstreamsettings/validator_test.go | 10 +- internal/controller/provisioner/objects.go | 2 +- internal/controller/state/change_processor.go | 5 +- .../controller/state/change_processor_test.go | 42 ++-- .../controller/state/conditions/conditions.go | 55 ++--- .../state/dataplane/configuration.go | 8 +- .../state/dataplane/configuration_test.go | 42 ++-- .../controller/state/dataplane/convert.go | 2 +- .../controller/state/graph/backend_refs.go | 5 +- .../state/graph/backend_refs_test.go | 60 +++-- .../state/graph/backend_tls_policy.go | 23 +- .../state/graph/backend_tls_policy_test.go | 206 +++++++++--------- internal/controller/state/graph/gateway.go | 4 +- .../state/graph/gateway_listener.go | 2 +- .../state/graph/gateway_listener_test.go | 46 ++-- .../controller/state/graph/gateway_test.go | 30 +-- .../controller/state/graph/gatewayclass.go | 14 +- internal/controller/state/graph/graph.go | 5 +- internal/controller/state/graph/graph_test.go | 29 ++- internal/controller/state/graph/httproute.go | 2 +- .../state/graph/multiple_gateways_test.go | 10 +- .../controller/state/graph/policies_test.go | 91 ++++---- .../state/graph/policy_ancestor_test.go | 9 +- .../state/graph/route_common_test.go | 6 +- .../controller/status/prepare_requests.go | 15 +- .../status/prepare_requests_test.go | 88 ++++---- internal/controller/status/status_setters.go | 19 +- .../controller/status/status_setters_test.go | 129 ++++++----- internal/framework/helpers/helpers_test.go | 3 +- tests/Makefile | 4 +- tests/cel/clientsettingspolicy_test.go | 30 +-- tests/cel/observabilitypolicy_test.go | 66 +++--- tests/cel/upstreamsettingspolicy_test.go | 44 ++-- tests/conformance/conformance-rbac.yaml | 1 + tests/go.mod | 25 ++- tests/go.sum | 40 ++-- tests/suite/client_settings_test.go | 20 +- tests/suite/tracing_test.go | 3 +- tests/suite/upstream_settings_test.go | 21 +- 73 files changed, 1022 insertions(+), 772 deletions(-) diff --git a/README.md b/README.md index c82f062d14..bf043fe939 100644 --- a/README.md +++ b/README.md @@ -68,7 +68,7 @@ The following table lists the software versions NGINX Gateway Fabric supports. | NGINX Gateway Fabric | Gateway API | Kubernetes | NGINX OSS | NGINX Plus | NGINX Agent | |----------------------|-------------|------------|-----------|------------|-------------| -| Edge | 1.3.0 | 1.25+ | 1.29.2 | R35 | v3.4.2 | +| Edge | 1.4.0 | 1.25+ | 1.29.2 | R35 | v3.4.2 | | 2.2.0 | 1.3.0 | 1.25+ | 1.29.2 | R35 | v3.3.2 | | 2.1.4 | 1.3.0 | 1.25+ | 1.29.1 | R35 | v3.3.1 | | 2.1.3 | 1.3.0 | 1.25+ | 1.29.1 | R35 | v3.3.1 | diff --git a/apis/v1alpha1/clientsettingspolicy_types.go b/apis/v1alpha1/clientsettingspolicy_types.go index 6948f3339a..f0b8b2c7be 100644 --- a/apis/v1alpha1/clientsettingspolicy_types.go +++ b/apis/v1alpha1/clientsettingspolicy_types.go @@ -2,7 +2,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ) // +genclient @@ -23,7 +23,7 @@ type ClientSettingsPolicy struct { Spec ClientSettingsPolicySpec `json:"spec"` // Status defines the state of the ClientSettingsPolicy. - Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"` + Status gatewayv1.PolicyStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true @@ -54,7 +54,7 @@ type ClientSettingsPolicySpec struct { // +kubebuilder:validation:XValidation:message="TargetRef Kind must be one of: Gateway, HTTPRoute, or GRPCRoute",rule="(self.kind=='Gateway' || self.kind=='HTTPRoute' || self.kind=='GRPCRoute')" // +kubebuilder:validation:XValidation:message="TargetRef Group must be gateway.networking.k8s.io.",rule="(self.group=='gateway.networking.k8s.io')" //nolint:lll - TargetRef gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRef"` + TargetRef gatewayv1.LocalPolicyTargetReference `json:"targetRef"` } // ClientBody contains the settings for the client request body. diff --git a/apis/v1alpha1/observabilitypolicy_types.go b/apis/v1alpha1/observabilitypolicy_types.go index 2366a1fff5..135f3feaa3 100644 --- a/apis/v1alpha1/observabilitypolicy_types.go +++ b/apis/v1alpha1/observabilitypolicy_types.go @@ -2,7 +2,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ) // +genclient @@ -25,7 +25,7 @@ type ObservabilityPolicy struct { Spec ObservabilityPolicySpec `json:"spec"` // Status defines the state of the ObservabilityPolicy. - Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"` + Status gatewayv1.PolicyStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true @@ -53,7 +53,7 @@ type ObservabilityPolicySpec struct { // +kubebuilder:validation:XValidation:message="TargetRef Kind must be: HTTPRoute or GRPCRoute",rule="(self.exists(t, t.kind=='HTTPRoute') || self.exists(t, t.kind=='GRPCRoute'))" // +kubebuilder:validation:XValidation:message="TargetRef Group must be gateway.networking.k8s.io",rule="self.all(t, t.group=='gateway.networking.k8s.io')" //nolint:lll - TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` + TargetRefs []gatewayv1.LocalPolicyTargetReference `json:"targetRefs"` } // Tracing allows for enabling and configuring OpenTelemetry tracing. diff --git a/apis/v1alpha1/policy_methods.go b/apis/v1alpha1/policy_methods.go index 71cc93ede8..a3c366c1da 100644 --- a/apis/v1alpha1/policy_methods.go +++ b/apis/v1alpha1/policy_methods.go @@ -1,45 +1,45 @@ package v1alpha1 import ( - "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ) // FIXME(kate-osborn): https://github.com/nginx/nginx-gateway-fabric/issues/1939. // Figure out a way to generate these methods for all our policies. // These methods implement the policies.Policy interface which extends client.Object to add the following methods. -func (p *ClientSettingsPolicy) GetTargetRefs() []v1alpha2.LocalPolicyTargetReference { - return []v1alpha2.LocalPolicyTargetReference{p.Spec.TargetRef} +func (p *ClientSettingsPolicy) GetTargetRefs() []gatewayv1.LocalPolicyTargetReference { + return []gatewayv1.LocalPolicyTargetReference{p.Spec.TargetRef} } -func (p *ClientSettingsPolicy) GetPolicyStatus() v1alpha2.PolicyStatus { +func (p *ClientSettingsPolicy) GetPolicyStatus() gatewayv1.PolicyStatus { return p.Status } -func (p *ClientSettingsPolicy) SetPolicyStatus(status v1alpha2.PolicyStatus) { +func (p *ClientSettingsPolicy) SetPolicyStatus(status gatewayv1.PolicyStatus) { p.Status = status } -func (p *ObservabilityPolicy) GetTargetRefs() []v1alpha2.LocalPolicyTargetReference { +func (p *ObservabilityPolicy) GetTargetRefs() []gatewayv1.LocalPolicyTargetReference { return p.Spec.TargetRefs } -func (p *ObservabilityPolicy) GetPolicyStatus() v1alpha2.PolicyStatus { +func (p *ObservabilityPolicy) GetPolicyStatus() gatewayv1.PolicyStatus { return p.Status } -func (p *ObservabilityPolicy) SetPolicyStatus(status v1alpha2.PolicyStatus) { +func (p *ObservabilityPolicy) SetPolicyStatus(status gatewayv1.PolicyStatus) { p.Status = status } -func (p *UpstreamSettingsPolicy) GetTargetRefs() []v1alpha2.LocalPolicyTargetReference { +func (p *UpstreamSettingsPolicy) GetTargetRefs() []gatewayv1.LocalPolicyTargetReference { return p.Spec.TargetRefs } -func (p *UpstreamSettingsPolicy) GetPolicyStatus() v1alpha2.PolicyStatus { +func (p *UpstreamSettingsPolicy) GetPolicyStatus() gatewayv1.PolicyStatus { return p.Status } -func (p *UpstreamSettingsPolicy) SetPolicyStatus(status v1alpha2.PolicyStatus) { +func (p *UpstreamSettingsPolicy) SetPolicyStatus(status gatewayv1.PolicyStatus) { p.Status = status } diff --git a/apis/v1alpha1/upstreamsettingspolicy_types.go b/apis/v1alpha1/upstreamsettingspolicy_types.go index 158776491e..8504c9717d 100644 --- a/apis/v1alpha1/upstreamsettingspolicy_types.go +++ b/apis/v1alpha1/upstreamsettingspolicy_types.go @@ -2,7 +2,7 @@ package v1alpha1 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ) // +genclient @@ -23,7 +23,7 @@ type UpstreamSettingsPolicy struct { Spec UpstreamSettingsPolicySpec `json:"spec"` // Status defines the state of the UpstreamSettingsPolicy. - Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"` + Status gatewayv1.PolicyStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true @@ -63,7 +63,7 @@ type UpstreamSettingsPolicySpec struct { // +kubebuilder:validation:XValidation:message="TargetRefs Group must be core",rule="self.exists(t, t.group=='') || self.exists(t, t.group=='core')" // +kubebuilder:validation:XValidation:message="TargetRef Name must be unique",rule="self.all(p1, self.exists_one(p2, p1.name == p2.name))" //nolint:lll - TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` + TargetRefs []gatewayv1.LocalPolicyTargetReference `json:"targetRefs"` } // UpstreamKeepAlive defines the keep-alive settings for upstreams. diff --git a/apis/v1alpha1/zz_generated.deepcopy.go b/apis/v1alpha1/zz_generated.deepcopy.go index 65b3b76c30..a4a6dc476b 100644 --- a/apis/v1alpha1/zz_generated.deepcopy.go +++ b/apis/v1alpha1/zz_generated.deepcopy.go @@ -7,7 +7,7 @@ package v1alpha1 import ( "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/runtime" - "sigs.k8s.io/gateway-api/apis/v1alpha2" + apisv1 "sigs.k8s.io/gateway-api/apis/v1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -162,7 +162,7 @@ func (in *ClientSettingsPolicySpec) DeepCopyInto(out *ClientSettingsPolicySpec) *out = new(ClientKeepAlive) (*in).DeepCopyInto(*out) } - in.TargetRef.DeepCopyInto(&out.TargetRef) + out.TargetRef = in.TargetRef } // DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new ClientSettingsPolicySpec. @@ -387,10 +387,8 @@ func (in *ObservabilityPolicySpec) DeepCopyInto(out *ObservabilityPolicySpec) { } if in.TargetRefs != nil { in, out := &in.TargetRefs, &out.TargetRefs - *out = make([]v1alpha2.LocalPolicyTargetReference, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = make([]apisv1.LocalPolicyTargetReference, len(*in)) + copy(*out, *in) } } @@ -679,10 +677,8 @@ func (in *UpstreamSettingsPolicySpec) DeepCopyInto(out *UpstreamSettingsPolicySp } if in.TargetRefs != nil { in, out := &in.TargetRefs, &out.TargetRefs - *out = make([]v1alpha2.LocalPolicyTargetReference, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = make([]apisv1.LocalPolicyTargetReference, len(*in)) + copy(*out, *in) } } diff --git a/apis/v1alpha2/observabilitypolicy_types.go b/apis/v1alpha2/observabilitypolicy_types.go index 27eb7e81d4..c8472410d2 100644 --- a/apis/v1alpha2/observabilitypolicy_types.go +++ b/apis/v1alpha2/observabilitypolicy_types.go @@ -2,7 +2,7 @@ package v1alpha2 import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" ) @@ -26,7 +26,7 @@ type ObservabilityPolicy struct { Spec ObservabilityPolicySpec `json:"spec"` // Status defines the state of the ObservabilityPolicy. - Status gatewayv1alpha2.PolicyStatus `json:"status,omitempty"` + Status gatewayv1.PolicyStatus `json:"status,omitempty"` } // +kubebuilder:object:root=true @@ -58,7 +58,7 @@ type ObservabilityPolicySpec struct { // +kubebuilder:validation:XValidation:message="TargetRef Group must be gateway.networking.k8s.io",rule="self.all(t, t.group=='gateway.networking.k8s.io')" // +kubebuilder:validation:XValidation:message="TargetRef Kind and Name combination must be unique",rule="self.all(p1, self.exists_one(p2, (p1.name == p2.name) && (p1.kind == p2.kind)))" //nolint:lll - TargetRefs []gatewayv1alpha2.LocalPolicyTargetReference `json:"targetRefs"` + TargetRefs []gatewayv1.LocalPolicyTargetReference `json:"targetRefs"` } // Tracing allows for enabling and configuring OpenTelemetry tracing. diff --git a/apis/v1alpha2/policy_methods.go b/apis/v1alpha2/policy_methods.go index b5e59a0ff5..57ad9e947c 100644 --- a/apis/v1alpha2/policy_methods.go +++ b/apis/v1alpha2/policy_methods.go @@ -1,21 +1,21 @@ package v1alpha2 import ( - "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ) // FIXME(kate-osborn): https://github.com/nginx/nginx-gateway-fabric/issues/1939. // Figure out a way to generate these methods for all our policies. // These methods implement the policies.Policy interface which extends client.Object to add the following methods. -func (p *ObservabilityPolicy) GetTargetRefs() []v1alpha2.LocalPolicyTargetReference { +func (p *ObservabilityPolicy) GetTargetRefs() []gatewayv1.LocalPolicyTargetReference { return p.Spec.TargetRefs } -func (p *ObservabilityPolicy) GetPolicyStatus() v1alpha2.PolicyStatus { +func (p *ObservabilityPolicy) GetPolicyStatus() gatewayv1.PolicyStatus { return p.Status } -func (p *ObservabilityPolicy) SetPolicyStatus(status v1alpha2.PolicyStatus) { +func (p *ObservabilityPolicy) SetPolicyStatus(status gatewayv1.PolicyStatus) { p.Status = status } diff --git a/apis/v1alpha2/zz_generated.deepcopy.go b/apis/v1alpha2/zz_generated.deepcopy.go index 4ae3fecd4c..7033aabb3a 100644 --- a/apis/v1alpha2/zz_generated.deepcopy.go +++ b/apis/v1alpha2/zz_generated.deepcopy.go @@ -10,7 +10,7 @@ import ( corev1 "k8s.io/api/core/v1" "k8s.io/apiextensions-apiserver/pkg/apis/apiextensions/v1" "k8s.io/apimachinery/pkg/runtime" - apisv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + apisv1 "sigs.k8s.io/gateway-api/apis/v1" ) // DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil. @@ -587,10 +587,8 @@ func (in *ObservabilityPolicySpec) DeepCopyInto(out *ObservabilityPolicySpec) { } if in.TargetRefs != nil { in, out := &in.TargetRefs, &out.TargetRefs - *out = make([]apisv1alpha2.LocalPolicyTargetReference, len(*in)) - for i := range *in { - (*in)[i].DeepCopyInto(&(*out)[i]) - } + *out = make([]apisv1.LocalPolicyTargetReference, len(*in)) + copy(*out, *in) } } diff --git a/charts/nginx-gateway-fabric/templates/clusterrole.yaml b/charts/nginx-gateway-fabric/templates/clusterrole.yaml index 890585afc0..5d9ea4a5be 100644 --- a/charts/nginx-gateway-fabric/templates/clusterrole.yaml +++ b/charts/nginx-gateway-fabric/templates/clusterrole.yaml @@ -94,8 +94,8 @@ rules: - httproutes - referencegrants - grpcroutes -{{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }} - backendtlspolicies +{{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }} - tlsroutes {{- end }} verbs: @@ -108,8 +108,8 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status -{{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }} - backendtlspolicies/status +{{- if .Values.nginxGateway.gwAPIExperimentalFeatures.enable }} - tlsroutes/status {{- end }} verbs: diff --git a/cmd/gateway/validation.go b/cmd/gateway/validation.go index 26b16d8bbd..2a32939455 100644 --- a/cmd/gateway/validation.go +++ b/cmd/gateway/validation.go @@ -12,7 +12,7 @@ import ( ) const ( - // Regex from: https://github.com/kubernetes-sigs/gateway-api/blob/v1.3.0/apis/v1/shared_types.go#L660 + // Regex from: https://github.com/kubernetes-sigs/gateway-api/blob/v1.4.0/apis/v1/shared_types.go#L660 controllerNameRegex = `^[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*\/[A-Za-z0-9\/\-._~%!$&'()*+,;=:]+$` //nolint:lll ) diff --git a/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml index c6e223692c..5109756cf0 100644 --- a/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml @@ -353,8 +353,38 @@ spec: - name type: object conditions: - description: Conditions describes the status of the Policy with - respect to the given Ancestor. + description: |- + Conditions describes the status of the Policy with respect to the given Ancestor. + + + + Notes for implementors: + + Conditions are a listType `map`, which means that they function like a + map with a key of the `type` field _in the k8s apiserver_. + + This means that implementations must obey some rules when updating this + section. + + * Implementations MUST perform a read-modify-write cycle on this field + before modifying it. That is, when modifying this field, implementations + must be confident they have fetched the most recent version of this field, + and ensure that changes they make are on that recent version. + * Implementations MUST NOT remove or reorder Conditions that they are not + directly responsible for. For example, if an implementation sees a Condition + with type `special.io/SomeField`, it MUST NOT remove, change or update that + Condition. + * Implementations MUST always _merge_ changes into Conditions of the same Type, + rather than creating more than one Condition of the same Type. + * Implementations MUST always update the `observedGeneration` field of the + Condition to the `metadata.generation` of the Gateway at the time of update creation. + * If the `observedGeneration` of a Condition is _greater than_ the value the + implementation knows about, then it MUST NOT perform the update on that Condition, + but must wait for a future reconciliation and status update. (The assumption is that + the implementation's copy of the object is stale and an update will be re-triggered + if relevant.) + + items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -437,10 +467,12 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 type: array + x-kubernetes-list-type: atomic required: - ancestors type: object diff --git a/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml b/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml index cfdb8a5e2c..16976e9aeb 100644 --- a/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml @@ -379,8 +379,38 @@ spec: - name type: object conditions: - description: Conditions describes the status of the Policy with - respect to the given Ancestor. + description: |- + Conditions describes the status of the Policy with respect to the given Ancestor. + + + + Notes for implementors: + + Conditions are a listType `map`, which means that they function like a + map with a key of the `type` field _in the k8s apiserver_. + + This means that implementations must obey some rules when updating this + section. + + * Implementations MUST perform a read-modify-write cycle on this field + before modifying it. That is, when modifying this field, implementations + must be confident they have fetched the most recent version of this field, + and ensure that changes they make are on that recent version. + * Implementations MUST NOT remove or reorder Conditions that they are not + directly responsible for. For example, if an implementation sees a Condition + with type `special.io/SomeField`, it MUST NOT remove, change or update that + Condition. + * Implementations MUST always _merge_ changes into Conditions of the same Type, + rather than creating more than one Condition of the same Type. + * Implementations MUST always update the `observedGeneration` field of the + Condition to the `metadata.generation` of the Gateway at the time of update creation. + * If the `observedGeneration` of a Condition is _greater than_ the value the + implementation knows about, then it MUST NOT perform the update on that Condition, + but must wait for a future reconciliation and status update. (The assumption is that + the implementation's copy of the object is stale and an update will be re-triggered + if relevant.) + + items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -463,10 +493,12 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 type: array + x-kubernetes-list-type: atomic required: - ancestors type: object @@ -841,8 +873,38 @@ spec: - name type: object conditions: - description: Conditions describes the status of the Policy with - respect to the given Ancestor. + description: |- + Conditions describes the status of the Policy with respect to the given Ancestor. + + + + Notes for implementors: + + Conditions are a listType `map`, which means that they function like a + map with a key of the `type` field _in the k8s apiserver_. + + This means that implementations must obey some rules when updating this + section. + + * Implementations MUST perform a read-modify-write cycle on this field + before modifying it. That is, when modifying this field, implementations + must be confident they have fetched the most recent version of this field, + and ensure that changes they make are on that recent version. + * Implementations MUST NOT remove or reorder Conditions that they are not + directly responsible for. For example, if an implementation sees a Condition + with type `special.io/SomeField`, it MUST NOT remove, change or update that + Condition. + * Implementations MUST always _merge_ changes into Conditions of the same Type, + rather than creating more than one Condition of the same Type. + * Implementations MUST always update the `observedGeneration` field of the + Condition to the `metadata.generation` of the Gateway at the time of update creation. + * If the `observedGeneration` of a Condition is _greater than_ the value the + implementation knows about, then it MUST NOT perform the update on that Condition, + but must wait for a future reconciliation and status update. (The assumption is that + the implementation's copy of the object is stale and an update will be re-triggered + if relevant.) + + items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -925,10 +987,12 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 type: array + x-kubernetes-list-type: atomic required: - ancestors type: object diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index a6fae4c3ad..3cf882966b 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -348,8 +348,38 @@ spec: - name type: object conditions: - description: Conditions describes the status of the Policy with - respect to the given Ancestor. + description: |- + Conditions describes the status of the Policy with respect to the given Ancestor. + + + + Notes for implementors: + + Conditions are a listType `map`, which means that they function like a + map with a key of the `type` field _in the k8s apiserver_. + + This means that implementations must obey some rules when updating this + section. + + * Implementations MUST perform a read-modify-write cycle on this field + before modifying it. That is, when modifying this field, implementations + must be confident they have fetched the most recent version of this field, + and ensure that changes they make are on that recent version. + * Implementations MUST NOT remove or reorder Conditions that they are not + directly responsible for. For example, if an implementation sees a Condition + with type `special.io/SomeField`, it MUST NOT remove, change or update that + Condition. + * Implementations MUST always _merge_ changes into Conditions of the same Type, + rather than creating more than one Condition of the same Type. + * Implementations MUST always update the `observedGeneration` field of the + Condition to the `metadata.generation` of the Gateway at the time of update creation. + * If the `observedGeneration` of a Condition is _greater than_ the value the + implementation knows about, then it MUST NOT perform the update on that Condition, + but must wait for a future reconciliation and status update. (The assumption is that + the implementation's copy of the object is stale and an update will be re-triggered + if relevant.) + + items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -432,10 +462,12 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 type: array + x-kubernetes-list-type: atomic required: - ancestors type: object diff --git a/config/crd/gateway-api/experimental/kustomization.yaml b/config/crd/gateway-api/experimental/kustomization.yaml index 6088ef4263..494e55fed5 100644 --- a/config/crd/gateway-api/experimental/kustomization.yaml +++ b/config/crd/gateway-api/experimental/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: - - https://github.com/kubernetes-sigs/gateway-api/config/crd/experimental?timeout=120&ref=v1.3.0 + - https://github.com/kubernetes-sigs/gateway-api/config/crd/experimental?timeout=120&ref=v1.4.0 diff --git a/config/crd/gateway-api/standard/kustomization.yaml b/config/crd/gateway-api/standard/kustomization.yaml index 2391025233..a119d0d54b 100644 --- a/config/crd/gateway-api/standard/kustomization.yaml +++ b/config/crd/gateway-api/standard/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/kubernetes-sigs/gateway-api/config/crd?timeout=120&ref=v1.3.0 +- https://github.com/kubernetes-sigs/gateway-api/config/crd?timeout=120&ref=v1.4.0 diff --git a/deploy/azure/deploy.yaml b/deploy/azure/deploy.yaml index 90e260460e..ed1699b656 100644 --- a/deploy/azure/deploy.yaml +++ b/deploy/azure/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/deploy/crds.yaml b/deploy/crds.yaml index 46971810a1..7cec058a79 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -352,8 +352,38 @@ spec: - name type: object conditions: - description: Conditions describes the status of the Policy with - respect to the given Ancestor. + description: |- + Conditions describes the status of the Policy with respect to the given Ancestor. + + + + Notes for implementors: + + Conditions are a listType `map`, which means that they function like a + map with a key of the `type` field _in the k8s apiserver_. + + This means that implementations must obey some rules when updating this + section. + + * Implementations MUST perform a read-modify-write cycle on this field + before modifying it. That is, when modifying this field, implementations + must be confident they have fetched the most recent version of this field, + and ensure that changes they make are on that recent version. + * Implementations MUST NOT remove or reorder Conditions that they are not + directly responsible for. For example, if an implementation sees a Condition + with type `special.io/SomeField`, it MUST NOT remove, change or update that + Condition. + * Implementations MUST always _merge_ changes into Conditions of the same Type, + rather than creating more than one Condition of the same Type. + * Implementations MUST always update the `observedGeneration` field of the + Condition to the `metadata.generation` of the Gateway at the time of update creation. + * If the `observedGeneration` of a Condition is _greater than_ the value the + implementation knows about, then it MUST NOT perform the update on that Condition, + but must wait for a future reconciliation and status update. (The assumption is that + the implementation's copy of the object is stale and an update will be re-triggered + if relevant.) + + items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -436,10 +466,12 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 type: array + x-kubernetes-list-type: atomic required: - ancestors type: object @@ -9214,8 +9246,38 @@ spec: - name type: object conditions: - description: Conditions describes the status of the Policy with - respect to the given Ancestor. + description: |- + Conditions describes the status of the Policy with respect to the given Ancestor. + + + + Notes for implementors: + + Conditions are a listType `map`, which means that they function like a + map with a key of the `type` field _in the k8s apiserver_. + + This means that implementations must obey some rules when updating this + section. + + * Implementations MUST perform a read-modify-write cycle on this field + before modifying it. That is, when modifying this field, implementations + must be confident they have fetched the most recent version of this field, + and ensure that changes they make are on that recent version. + * Implementations MUST NOT remove or reorder Conditions that they are not + directly responsible for. For example, if an implementation sees a Condition + with type `special.io/SomeField`, it MUST NOT remove, change or update that + Condition. + * Implementations MUST always _merge_ changes into Conditions of the same Type, + rather than creating more than one Condition of the same Type. + * Implementations MUST always update the `observedGeneration` field of the + Condition to the `metadata.generation` of the Gateway at the time of update creation. + * If the `observedGeneration` of a Condition is _greater than_ the value the + implementation knows about, then it MUST NOT perform the update on that Condition, + but must wait for a future reconciliation and status update. (The assumption is that + the implementation's copy of the object is stale and an update will be re-triggered + if relevant.) + + items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -9298,10 +9360,12 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 type: array + x-kubernetes-list-type: atomic required: - ancestors type: object @@ -9676,8 +9740,38 @@ spec: - name type: object conditions: - description: Conditions describes the status of the Policy with - respect to the given Ancestor. + description: |- + Conditions describes the status of the Policy with respect to the given Ancestor. + + + + Notes for implementors: + + Conditions are a listType `map`, which means that they function like a + map with a key of the `type` field _in the k8s apiserver_. + + This means that implementations must obey some rules when updating this + section. + + * Implementations MUST perform a read-modify-write cycle on this field + before modifying it. That is, when modifying this field, implementations + must be confident they have fetched the most recent version of this field, + and ensure that changes they make are on that recent version. + * Implementations MUST NOT remove or reorder Conditions that they are not + directly responsible for. For example, if an implementation sees a Condition + with type `special.io/SomeField`, it MUST NOT remove, change or update that + Condition. + * Implementations MUST always _merge_ changes into Conditions of the same Type, + rather than creating more than one Condition of the same Type. + * Implementations MUST always update the `observedGeneration` field of the + Condition to the `metadata.generation` of the Gateway at the time of update creation. + * If the `observedGeneration` of a Condition is _greater than_ the value the + implementation knows about, then it MUST NOT perform the update on that Condition, + but must wait for a future reconciliation and status update. (The assumption is that + the implementation's copy of the object is stale and an update will be re-triggered + if relevant.) + + items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -9760,10 +9854,12 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 type: array + x-kubernetes-list-type: atomic required: - ancestors type: object @@ -10313,8 +10409,38 @@ spec: - name type: object conditions: - description: Conditions describes the status of the Policy with - respect to the given Ancestor. + description: |- + Conditions describes the status of the Policy with respect to the given Ancestor. + + + + Notes for implementors: + + Conditions are a listType `map`, which means that they function like a + map with a key of the `type` field _in the k8s apiserver_. + + This means that implementations must obey some rules when updating this + section. + + * Implementations MUST perform a read-modify-write cycle on this field + before modifying it. That is, when modifying this field, implementations + must be confident they have fetched the most recent version of this field, + and ensure that changes they make are on that recent version. + * Implementations MUST NOT remove or reorder Conditions that they are not + directly responsible for. For example, if an implementation sees a Condition + with type `special.io/SomeField`, it MUST NOT remove, change or update that + Condition. + * Implementations MUST always _merge_ changes into Conditions of the same Type, + rather than creating more than one Condition of the same Type. + * Implementations MUST always update the `observedGeneration` field of the + Condition to the `metadata.generation` of the Gateway at the time of update creation. + * If the `observedGeneration` of a Condition is _greater than_ the value the + implementation knows about, then it MUST NOT perform the update on that Condition, + but must wait for a future reconciliation and status update. (The assumption is that + the implementation's copy of the object is stale and an update will be re-triggered + if relevant.) + + items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -10397,10 +10523,12 @@ spec: type: string required: - ancestorRef + - conditions - controllerName type: object maxItems: 16 type: array + x-kubernetes-list-type: atomic required: - ancestors type: object diff --git a/deploy/default/deploy.yaml b/deploy/default/deploy.yaml index 7dc53fe54a..2651f0bc3c 100644 --- a/deploy/default/deploy.yaml +++ b/deploy/default/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/deploy/inference-nginx-plus/deploy.yaml b/deploy/inference-nginx-plus/deploy.yaml index 87893b7893..2abfb18ebc 100644 --- a/deploy/inference-nginx-plus/deploy.yaml +++ b/deploy/inference-nginx-plus/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/deploy/inference/deploy.yaml b/deploy/inference/deploy.yaml index 8ccc489f2f..ff08d97c38 100644 --- a/deploy/inference/deploy.yaml +++ b/deploy/inference/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/deploy/nginx-plus/deploy.yaml b/deploy/nginx-plus/deploy.yaml index c7719908b2..6610a43166 100644 --- a/deploy/nginx-plus/deploy.yaml +++ b/deploy/nginx-plus/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/deploy/nodeport/deploy.yaml b/deploy/nodeport/deploy.yaml index 05bffae4c8..f2538143ed 100644 --- a/deploy/nodeport/deploy.yaml +++ b/deploy/nodeport/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/deploy/openshift/deploy.yaml b/deploy/openshift/deploy.yaml index cc837ac8d5..09b25596fc 100644 --- a/deploy/openshift/deploy.yaml +++ b/deploy/openshift/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/deploy/snippets-filters-nginx-plus/deploy.yaml b/deploy/snippets-filters-nginx-plus/deploy.yaml index 9459a2673c..b62bbb40df 100644 --- a/deploy/snippets-filters-nginx-plus/deploy.yaml +++ b/deploy/snippets-filters-nginx-plus/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/deploy/snippets-filters/deploy.yaml b/deploy/snippets-filters/deploy.yaml index 2500399f2e..0ef73c141b 100644 --- a/deploy/snippets-filters/deploy.yaml +++ b/deploy/snippets-filters/deploy.yaml @@ -140,6 +140,7 @@ rules: - httproutes - referencegrants - grpcroutes + - backendtlspolicies verbs: - list - watch @@ -150,6 +151,7 @@ rules: - gateways/status - gatewayclasses/status - grpcroutes/status + - backendtlspolicies/status verbs: - update - apiGroups: diff --git a/go.mod b/go.mod index 9f37ecba9d..2a4a09f2ac 100644 --- a/go.mod +++ b/go.mod @@ -27,8 +27,8 @@ require ( k8s.io/apimachinery v0.34.1 k8s.io/client-go v0.34.1 k8s.io/klog/v2 v2.130.1 - sigs.k8s.io/controller-runtime v0.22.3 - sigs.k8s.io/gateway-api v1.3.0 + sigs.k8s.io/controller-runtime v0.22.1 + sigs.k8s.io/gateway-api v1.4.0 sigs.k8s.io/gateway-api-inference-extension v1.0.1 ) @@ -40,15 +40,15 @@ require ( github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/cncf/xds/go v0.0.0-20250501225837-2ac532fd4443 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.12.2 // indirect + github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/envoyproxy/protoc-gen-validate v1.2.1 // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-logr/stdr v1.2.2 // indirect github.com/go-logr/zapr v1.3.0 // indirect - github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-openapi/jsonpointer v0.21.2 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/swag v0.23.1 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/google/btree v1.1.3 // indirect @@ -58,7 +58,7 @@ require ( github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/mailru/easyjson v0.7.7 // indirect + github.com/mailru/easyjson v0.9.0 // indirect github.com/maxbrunsfeld/counterfeiter/v6 v6.12.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect @@ -89,12 +89,12 @@ require ( golang.org/x/tools v0.37.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect + k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // indirect + sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect sigs.k8s.io/yaml v1.6.0 // indirect diff --git a/go.sum b/go.sum index bc9cbdc880..0c73dcd734 100644 --- a/go.sum +++ b/go.sum @@ -43,8 +43,8 @@ github.com/docker/go-units v0.5.0 h1:69rxXcBk27SvSaaxTtLh/8llcHD8vYHT7WSdRZ/jvr4 github.com/docker/go-units v0.5.0/go.mod h1:fgPhTUdO+D/Jk86RDLlptpiXQzgHJF7gydDDbaIK4Dk= github.com/ebitengine/purego v0.8.4 h1:CF7LEKg5FFOsASUj0+QwaXf8Ht6TlFxg09+S9wz0omw= github.com/ebitengine/purego v0.8.4/go.mod h1:iIjxzd6CiRiOG0UyXP+V1+jWqUXVjPKLAI0mRfJZTmQ= -github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= -github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= +github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/envoyproxy/go-control-plane/envoy v1.35.0 h1:ixjkELDE+ru6idPxcHLj8LBVc2bFP7iBytj353BoHUo= github.com/envoyproxy/go-control-plane/envoy v1.35.0/go.mod h1:09qwbGVuSWWAyN5t/b3iyVfz5+z8QWGrzkoqm/8SbEs= github.com/envoyproxy/protoc-gen-validate v1.2.1 h1:DEo3O99U8j4hBFwbJfrz9VtgcDfUKS7KJ7spH3d86P8= @@ -74,12 +74,12 @@ github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= github.com/go-ole/go-ole v1.3.0 h1:Dt6ye7+vXGIKZ7Xtk4s6/xVdGDQynvom7xCFEdWr6uE= github.com/go-ole/go-ole v1.3.0/go.mod h1:5LS6F96DhAwUc7C+1HLexzMXY1xGRSryjyPPKW6zv78= -github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= -github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA= +github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= -github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= +github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/go-viper/mapstructure/v2 v2.4.0 h1:EBsztssimR/CONLSZZ04E8qAkxNYq4Qp9LvH92wZUgs= @@ -127,8 +127,8 @@ github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35 h1:PpXWgLPs+Fqr32 github.com/lufia/plan9stats v0.0.0-20250317134145-8bc96cf8fc35/go.mod h1:autxFIvghDt3jPTLoqZ9OZ7s9qTGNAWmYCjVFWPX/zg= github.com/magiconair/properties v1.8.10 h1:s31yESBquKXCV9a/ScB3ESkOjUYYv+X0rg8SYxI99mE= github.com/magiconair/properties v1.8.10/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/maxbrunsfeld/counterfeiter/v6 v6.12.0 h1:aOeI7xAOVdK+R6xbVsZuU9HmCZYmQVmZgPf9xJUd2Sg= @@ -329,8 +329,8 @@ gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 h1:BIRfGDEjiHRrk0QKZe3Xv2ieMhtgRGeLcZQ0mIVn4EY= google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5/go.mod h1:j3QtIyytwqGr1JUDtYXwtMXWPKsEa5LtzIFN1Wn5WvE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 h1:eaY8u2EuxbRv7c3NiGK0/NedzVsCcV6hDuU5qPX5EGE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5/go.mod h1:M4/wBTSeyLxupu3W3tJtOgB14jILAS/XWPSSa3TAlJc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 h1:pmJpJEvT846VzausCQ5d7KreSROcDqmO388w5YbnltA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1/go.mod h1:GmFNa4BdJZ2a8G+wCe9Bg3wwThLrJun751XstdJt5Og= google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= @@ -354,18 +354,18 @@ k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY= k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y= -sigs.k8s.io/controller-runtime v0.22.3/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= -sigs.k8s.io/gateway-api v1.3.0 h1:q6okN+/UKDATola4JY7zXzx40WO4VISk7i9DIfOvr9M= -sigs.k8s.io/gateway-api v1.3.0/go.mod h1:d8NV8nJbaRbEKem+5IuxkL8gJGOZ+FJ+NvOIltV8gDk= +k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaCjDbf07wVh6yaUlTpunnkE= +k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +sigs.k8s.io/controller-runtime v0.22.1 h1:Ah1T7I+0A7ize291nJZdS1CabF/lB4E++WizgV24Eqg= +sigs.k8s.io/controller-runtime v0.22.1/go.mod h1:FwiwRjkRPbiN+zp2QRp7wlTCzbUXxZ/D4OzuQUDwBHY= +sigs.k8s.io/gateway-api v1.4.0 h1:ZwlNM6zOHq0h3WUX2gfByPs2yAEsy/EenYJB78jpQfQ= +sigs.k8s.io/gateway-api v1.4.0/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= sigs.k8s.io/gateway-api-inference-extension v1.0.1 h1:n/zyxk/1RCT1nNoCdKiZsN7XTz9mTk3Cu1fWWbtZMBw= sigs.k8s.io/gateway-api-inference-extension v1.0.1/go.mod h1:qxSY10qt2+YnZJ43VfpMXa6wpiENPderI2BnNZ4Kxfc= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= diff --git a/internal/controller/manager.go b/internal/controller/manager.go index 264f51cf96..6434c40af0 100644 --- a/internal/controller/manager.go +++ b/internal/controller/manager.go @@ -35,7 +35,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayv1alpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3" gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" @@ -85,7 +84,6 @@ var scheme = runtime.NewScheme() func init() { utilruntime.Must(gatewayv1beta1.Install(scheme)) utilruntime.Must(gatewayv1.Install(scheme)) - utilruntime.Must(gatewayv1alpha3.Install(scheme)) utilruntime.Must(gatewayv1alpha2.Install(scheme)) utilruntime.Must(apiv1.AddToScheme(scheme)) utilruntime.Must(discoveryV1.AddToScheme(scheme)) @@ -445,6 +443,17 @@ func registerControllers( controller.WithK8sPredicate(k8spredicate.GenerationChangedPredicate{}), }, }, + { + objectType: &gatewayv1.BackendTLSPolicy{}, + options: []controller.Option{ + controller.WithK8sPredicate(k8spredicate.GenerationChangedPredicate{}), + }, + }, + { + // FIXME(ciarams87): If possible, use only metadata predicate + // https://github.com/nginx/nginx-gateway-fabric/issues/1545 + objectType: &apiv1.ConfigMap{}, + }, { objectType: &apiv1.Service{}, name: "user-service", // unique controller names are needed and we have multiple Service ctlrs @@ -520,17 +529,6 @@ func registerControllers( if cfg.ExperimentalFeatures { gwExpFeatures := []ctlrCfg{ - { - objectType: &gatewayv1alpha3.BackendTLSPolicy{}, - options: []controller.Option{ - controller.WithK8sPredicate(k8spredicate.GenerationChangedPredicate{}), - }, - }, - { - // FIXME(ciarams87): If possible, use only metadata predicate - // https://github.com/nginx/nginx-gateway-fabric/issues/1545 - objectType: &apiv1.ConfigMap{}, - }, { objectType: &gatewayv1alpha2.TLSRoute{}, options: []controller.Option{ @@ -760,6 +758,8 @@ func prepareFirstEventBatchPreparerArgs(cfg config.Config) ([]client.Object, []c &apiv1.NamespaceList{}, &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, + &gatewayv1.BackendTLSPolicyList{}, + &apiv1.ConfigMapList{}, &gatewayv1beta1.ReferenceGrantList{}, &ngfAPIv1alpha2.NginxProxyList{}, &gatewayv1.GRPCRouteList{}, @@ -772,8 +772,6 @@ func prepareFirstEventBatchPreparerArgs(cfg config.Config) ([]client.Object, []c if cfg.ExperimentalFeatures { objectLists = append( objectLists, - &gatewayv1alpha3.BackendTLSPolicyList{}, - &apiv1.ConfigMapList{}, &gatewayv1alpha2.TLSRouteList{}, ) } diff --git a/internal/controller/manager_test.go b/internal/controller/manager_test.go index 76e613a1f6..88aee02ac8 100644 --- a/internal/controller/manager_test.go +++ b/internal/controller/manager_test.go @@ -17,7 +17,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" - gatewayv1alpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3" gatewayv1beta1 "sigs.k8s.io/gateway-api/apis/v1beta1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" @@ -59,6 +58,8 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &apiv1.NamespaceList{}, &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, + &gatewayv1.BackendTLSPolicyList{}, + &apiv1.ConfigMapList{}, &gatewayv1.GatewayList{}, &gatewayv1beta1.ReferenceGrantList{}, &ngfAPIv1alpha2.NginxProxyList{}, @@ -89,7 +90,7 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &gatewayv1beta1.ReferenceGrantList{}, &ngfAPIv1alpha2.NginxProxyList{}, partialObjectMetadataList, - &gatewayv1alpha3.BackendTLSPolicyList{}, + &gatewayv1.BackendTLSPolicyList{}, &gatewayv1alpha2.TLSRouteList{}, &gatewayv1.GRPCRouteList{}, &ngfAPIv1alpha1.ClientSettingsPolicyList{}, @@ -112,15 +113,17 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &apiv1.NamespaceList{}, &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, - &gatewayv1.GatewayList{}, + &gatewayv1.BackendTLSPolicyList{}, + &apiv1.ConfigMapList{}, &gatewayv1beta1.ReferenceGrantList{}, &ngfAPIv1alpha2.NginxProxyList{}, &gatewayv1.GRPCRouteList{}, - partialObjectMetadataList, - &inference.InferencePoolList{}, &ngfAPIv1alpha1.ClientSettingsPolicyList{}, &ngfAPIv1alpha2.ObservabilityPolicyList{}, &ngfAPIv1alpha1.UpstreamSettingsPolicyList{}, + partialObjectMetadataList, + &inference.InferencePoolList{}, + &gatewayv1.GatewayList{}, }, }, { @@ -138,6 +141,8 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &apiv1.NamespaceList{}, &discoveryV1.EndpointSliceList{}, &gatewayv1.HTTPRouteList{}, + &gatewayv1.BackendTLSPolicyList{}, + &apiv1.ConfigMapList{}, &gatewayv1.GatewayList{}, &gatewayv1beta1.ReferenceGrantList{}, &ngfAPIv1alpha2.NginxProxyList{}, @@ -172,7 +177,7 @@ func TestPrepareFirstEventBatchPreparerArgs(t *testing.T) { &ngfAPIv1alpha2.NginxProxyList{}, partialObjectMetadataList, &inference.InferencePoolList{}, - &gatewayv1alpha3.BackendTLSPolicyList{}, + &gatewayv1.BackendTLSPolicyList{}, &gatewayv1alpha2.TLSRouteList{}, &gatewayv1.GRPCRouteList{}, &ngfAPIv1alpha1.ClientSettingsPolicyList{}, diff --git a/internal/controller/nginx/config/policies/clientsettings/validator_test.go b/internal/controller/nginx/config/policies/clientsettings/validator_test.go index 948e79901b..660aeb10ae 100644 --- a/internal/controller/nginx/config/policies/clientsettings/validator_test.go +++ b/internal/controller/nginx/config/policies/clientsettings/validator_test.go @@ -6,7 +6,6 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" v1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/nginx/config/policies/clientsettings" @@ -25,7 +24,7 @@ func createValidPolicy() *ngfAPI.ClientSettingsPolicy { Namespace: "default", }, Spec: ngfAPI.ClientSettingsPolicySpec{ - TargetRef: v1alpha2.LocalPolicyTargetReference{ + TargetRef: v1.LocalPolicyTargetReference{ Group: v1.GroupName, Kind: kinds.Gateway, Name: "gateway", @@ -43,7 +42,7 @@ func createValidPolicy() *ngfAPI.ClientSettingsPolicy { }, }, }, - Status: v1alpha2.PolicyStatus{}, + Status: v1.PolicyStatus{}, } } diff --git a/internal/controller/nginx/config/policies/observability/validator_test.go b/internal/controller/nginx/config/policies/observability/validator_test.go index 7cc283df3c..e84bc4a024 100644 --- a/internal/controller/nginx/config/policies/observability/validator_test.go +++ b/internal/controller/nginx/config/policies/observability/validator_test.go @@ -5,8 +5,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" + v1 "sigs.k8s.io/gateway-api/apis/v1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" @@ -27,9 +26,9 @@ func createValidPolicy() *ngfAPIv1alpha2.ObservabilityPolicy { Namespace: "default", }, Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReference{ + TargetRefs: []v1.LocalPolicyTargetReference{ { - Group: gatewayv1.GroupName, + Group: v1.GroupName, Kind: kinds.HTTPRoute, Name: "route", }, @@ -43,7 +42,7 @@ func createValidPolicy() *ngfAPIv1alpha2.ObservabilityPolicy { }, }, }, - Status: v1alpha2.PolicyStatus{}, + Status: v1.PolicyStatus{}, } } diff --git a/internal/controller/nginx/config/policies/policiesfakes/fake_policy.go b/internal/controller/nginx/config/policies/policiesfakes/fake_policy.go index 5aa0c8dda9..5ab32adbae 100644 --- a/internal/controller/nginx/config/policies/policiesfakes/fake_policy.go +++ b/internal/controller/nginx/config/policies/policiesfakes/fake_policy.go @@ -9,7 +9,7 @@ import ( "k8s.io/apimachinery/pkg/runtime" "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" - "sigs.k8s.io/gateway-api/apis/v1alpha2" + v1a "sigs.k8s.io/gateway-api/apis/v1" ) type FakePolicy struct { @@ -153,15 +153,15 @@ type FakePolicy struct { getOwnerReferencesReturnsOnCall map[int]struct { result1 []v1.OwnerReference } - GetPolicyStatusStub func() v1alpha2.PolicyStatus + GetPolicyStatusStub func() v1a.PolicyStatus getPolicyStatusMutex sync.RWMutex getPolicyStatusArgsForCall []struct { } getPolicyStatusReturns struct { - result1 v1alpha2.PolicyStatus + result1 v1a.PolicyStatus } getPolicyStatusReturnsOnCall map[int]struct { - result1 v1alpha2.PolicyStatus + result1 v1a.PolicyStatus } GetResourceVersionStub func() string getResourceVersionMutex sync.RWMutex @@ -183,15 +183,15 @@ type FakePolicy struct { getSelfLinkReturnsOnCall map[int]struct { result1 string } - GetTargetRefsStub func() []v1alpha2.LocalPolicyTargetReference + GetTargetRefsStub func() []v1a.LocalPolicyTargetReference getTargetRefsMutex sync.RWMutex getTargetRefsArgsForCall []struct { } getTargetRefsReturns struct { - result1 []v1alpha2.LocalPolicyTargetReference + result1 []v1a.LocalPolicyTargetReference } getTargetRefsReturnsOnCall map[int]struct { - result1 []v1alpha2.LocalPolicyTargetReference + result1 []v1a.LocalPolicyTargetReference } GetUIDStub func() types.UID getUIDMutex sync.RWMutex @@ -263,10 +263,10 @@ type FakePolicy struct { setOwnerReferencesArgsForCall []struct { arg1 []v1.OwnerReference } - SetPolicyStatusStub func(v1alpha2.PolicyStatus) + SetPolicyStatusStub func(v1a.PolicyStatus) setPolicyStatusMutex sync.RWMutex setPolicyStatusArgsForCall []struct { - arg1 v1alpha2.PolicyStatus + arg1 v1a.PolicyStatus } SetResourceVersionStub func(string) setResourceVersionMutex sync.RWMutex @@ -1029,7 +1029,7 @@ func (fake *FakePolicy) GetOwnerReferencesReturnsOnCall(i int, result1 []v1.Owne }{result1} } -func (fake *FakePolicy) GetPolicyStatus() v1alpha2.PolicyStatus { +func (fake *FakePolicy) GetPolicyStatus() v1a.PolicyStatus { fake.getPolicyStatusMutex.Lock() ret, specificReturn := fake.getPolicyStatusReturnsOnCall[len(fake.getPolicyStatusArgsForCall)] fake.getPolicyStatusArgsForCall = append(fake.getPolicyStatusArgsForCall, struct { @@ -1053,32 +1053,32 @@ func (fake *FakePolicy) GetPolicyStatusCallCount() int { return len(fake.getPolicyStatusArgsForCall) } -func (fake *FakePolicy) GetPolicyStatusCalls(stub func() v1alpha2.PolicyStatus) { +func (fake *FakePolicy) GetPolicyStatusCalls(stub func() v1a.PolicyStatus) { fake.getPolicyStatusMutex.Lock() defer fake.getPolicyStatusMutex.Unlock() fake.GetPolicyStatusStub = stub } -func (fake *FakePolicy) GetPolicyStatusReturns(result1 v1alpha2.PolicyStatus) { +func (fake *FakePolicy) GetPolicyStatusReturns(result1 v1a.PolicyStatus) { fake.getPolicyStatusMutex.Lock() defer fake.getPolicyStatusMutex.Unlock() fake.GetPolicyStatusStub = nil fake.getPolicyStatusReturns = struct { - result1 v1alpha2.PolicyStatus + result1 v1a.PolicyStatus }{result1} } -func (fake *FakePolicy) GetPolicyStatusReturnsOnCall(i int, result1 v1alpha2.PolicyStatus) { +func (fake *FakePolicy) GetPolicyStatusReturnsOnCall(i int, result1 v1a.PolicyStatus) { fake.getPolicyStatusMutex.Lock() defer fake.getPolicyStatusMutex.Unlock() fake.GetPolicyStatusStub = nil if fake.getPolicyStatusReturnsOnCall == nil { fake.getPolicyStatusReturnsOnCall = make(map[int]struct { - result1 v1alpha2.PolicyStatus + result1 v1a.PolicyStatus }) } fake.getPolicyStatusReturnsOnCall[i] = struct { - result1 v1alpha2.PolicyStatus + result1 v1a.PolicyStatus }{result1} } @@ -1188,7 +1188,7 @@ func (fake *FakePolicy) GetSelfLinkReturnsOnCall(i int, result1 string) { }{result1} } -func (fake *FakePolicy) GetTargetRefs() []v1alpha2.LocalPolicyTargetReference { +func (fake *FakePolicy) GetTargetRefs() []v1a.LocalPolicyTargetReference { fake.getTargetRefsMutex.Lock() ret, specificReturn := fake.getTargetRefsReturnsOnCall[len(fake.getTargetRefsArgsForCall)] fake.getTargetRefsArgsForCall = append(fake.getTargetRefsArgsForCall, struct { @@ -1212,32 +1212,32 @@ func (fake *FakePolicy) GetTargetRefsCallCount() int { return len(fake.getTargetRefsArgsForCall) } -func (fake *FakePolicy) GetTargetRefsCalls(stub func() []v1alpha2.LocalPolicyTargetReference) { +func (fake *FakePolicy) GetTargetRefsCalls(stub func() []v1a.LocalPolicyTargetReference) { fake.getTargetRefsMutex.Lock() defer fake.getTargetRefsMutex.Unlock() fake.GetTargetRefsStub = stub } -func (fake *FakePolicy) GetTargetRefsReturns(result1 []v1alpha2.LocalPolicyTargetReference) { +func (fake *FakePolicy) GetTargetRefsReturns(result1 []v1a.LocalPolicyTargetReference) { fake.getTargetRefsMutex.Lock() defer fake.getTargetRefsMutex.Unlock() fake.GetTargetRefsStub = nil fake.getTargetRefsReturns = struct { - result1 []v1alpha2.LocalPolicyTargetReference + result1 []v1a.LocalPolicyTargetReference }{result1} } -func (fake *FakePolicy) GetTargetRefsReturnsOnCall(i int, result1 []v1alpha2.LocalPolicyTargetReference) { +func (fake *FakePolicy) GetTargetRefsReturnsOnCall(i int, result1 []v1a.LocalPolicyTargetReference) { fake.getTargetRefsMutex.Lock() defer fake.getTargetRefsMutex.Unlock() fake.GetTargetRefsStub = nil if fake.getTargetRefsReturnsOnCall == nil { fake.getTargetRefsReturnsOnCall = make(map[int]struct { - result1 []v1alpha2.LocalPolicyTargetReference + result1 []v1a.LocalPolicyTargetReference }) } fake.getTargetRefsReturnsOnCall[i] = struct { - result1 []v1alpha2.LocalPolicyTargetReference + result1 []v1a.LocalPolicyTargetReference }{result1} } @@ -1693,10 +1693,10 @@ func (fake *FakePolicy) SetOwnerReferencesArgsForCall(i int) []v1.OwnerReference return argsForCall.arg1 } -func (fake *FakePolicy) SetPolicyStatus(arg1 v1alpha2.PolicyStatus) { +func (fake *FakePolicy) SetPolicyStatus(arg1 v1a.PolicyStatus) { fake.setPolicyStatusMutex.Lock() fake.setPolicyStatusArgsForCall = append(fake.setPolicyStatusArgsForCall, struct { - arg1 v1alpha2.PolicyStatus + arg1 v1a.PolicyStatus }{arg1}) stub := fake.SetPolicyStatusStub fake.recordInvocation("SetPolicyStatus", []interface{}{arg1}) @@ -1712,13 +1712,13 @@ func (fake *FakePolicy) SetPolicyStatusCallCount() int { return len(fake.setPolicyStatusArgsForCall) } -func (fake *FakePolicy) SetPolicyStatusCalls(stub func(v1alpha2.PolicyStatus)) { +func (fake *FakePolicy) SetPolicyStatusCalls(stub func(v1a.PolicyStatus)) { fake.setPolicyStatusMutex.Lock() defer fake.setPolicyStatusMutex.Unlock() fake.SetPolicyStatusStub = stub } -func (fake *FakePolicy) SetPolicyStatusArgsForCall(i int) v1alpha2.PolicyStatus { +func (fake *FakePolicy) SetPolicyStatusArgsForCall(i int) v1a.PolicyStatus { fake.setPolicyStatusMutex.RLock() defer fake.setPolicyStatusMutex.RUnlock() argsForCall := fake.setPolicyStatusArgsForCall[i] diff --git a/internal/controller/nginx/config/policies/policy.go b/internal/controller/nginx/config/policies/policy.go index 93d6054155..8cf62ea51d 100644 --- a/internal/controller/nginx/config/policies/policy.go +++ b/internal/controller/nginx/config/policies/policy.go @@ -6,7 +6,6 @@ import ( "k8s.io/apimachinery/pkg/util/validation/field" "sigs.k8s.io/controller-runtime/pkg/client" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" ) //go:generate go tool counterfeiter -generate @@ -15,9 +14,9 @@ import ( // //counterfeiter:generate . Policy type Policy interface { - GetTargetRefs() []v1alpha2.LocalPolicyTargetReference - GetPolicyStatus() v1alpha2.PolicyStatus - SetPolicyStatus(status v1alpha2.PolicyStatus) + GetTargetRefs() []gatewayv1.LocalPolicyTargetReference + GetPolicyStatus() gatewayv1.PolicyStatus + SetPolicyStatus(status gatewayv1.PolicyStatus) client.Object } @@ -30,7 +29,7 @@ type GlobalSettings struct { // ValidateTargetRef validates a policy's targetRef for the proper group and kind. func ValidateTargetRef( - ref v1alpha2.LocalPolicyTargetReference, + ref gatewayv1.LocalPolicyTargetReference, basePath *field.Path, groups []gatewayv1.Group, supportedKinds []gatewayv1.Kind, diff --git a/internal/controller/nginx/config/policies/upstreamsettings/validator_test.go b/internal/controller/nginx/config/policies/upstreamsettings/validator_test.go index 6ad3d72ca7..df4c4e0770 100644 --- a/internal/controller/nginx/config/policies/upstreamsettings/validator_test.go +++ b/internal/controller/nginx/config/policies/upstreamsettings/validator_test.go @@ -5,7 +5,7 @@ import ( . "github.com/onsi/gomega" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" + v1 "sigs.k8s.io/gateway-api/apis/v1" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/nginx/config/policies/policiesfakes" @@ -24,7 +24,7 @@ func createValidPolicy() *ngfAPI.UpstreamSettingsPolicy { Namespace: "default", }, Spec: ngfAPI.UpstreamSettingsPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReference{ + TargetRefs: []v1.LocalPolicyTargetReference{ { Group: "core", Kind: kinds.Service, @@ -39,7 +39,7 @@ func createValidPolicy() *ngfAPI.UpstreamSettingsPolicy { Connections: helpers.GetPointer[int32](100), }, }, - Status: v1alpha2.PolicyStatus{}, + Status: v1.PolicyStatus{}, } } @@ -59,7 +59,7 @@ func TestValidator_Validate(t *testing.T) { policy: createModifiedPolicy(func(p *ngfAPI.UpstreamSettingsPolicy) *ngfAPI.UpstreamSettingsPolicy { p.Spec.TargetRefs = append( p.Spec.TargetRefs, - v1alpha2.LocalPolicyTargetReference{ + v1.LocalPolicyTargetReference{ Group: "Unsupported", Kind: kinds.Service, Name: "svc", @@ -76,7 +76,7 @@ func TestValidator_Validate(t *testing.T) { policy: createModifiedPolicy(func(p *ngfAPI.UpstreamSettingsPolicy) *ngfAPI.UpstreamSettingsPolicy { p.Spec.TargetRefs = append( p.Spec.TargetRefs, - v1alpha2.LocalPolicyTargetReference{ + v1.LocalPolicyTargetReference{ Group: "", Kind: "Unsupported", Name: "svc", diff --git a/internal/controller/provisioner/objects.go b/internal/controller/provisioner/objects.go index 68cde04608..4b41e52fc9 100644 --- a/internal/controller/provisioner/objects.go +++ b/internal/controller/provisioner/objects.go @@ -149,7 +149,7 @@ func (p *NginxProvisioner) buildNginxResourceObjects( ports := make(map[int32]struct{}) for _, listener := range gateway.Spec.Listeners { - ports[int32(listener.Port)] = struct{}{} + ports[listener.Port] = struct{}{} } // Create separate copies of objectMeta for service and deployment to avoid shared map references diff --git a/internal/controller/state/change_processor.go b/internal/controller/state/change_processor.go index 27a62bb0e5..4e672bec0e 100644 --- a/internal/controller/state/change_processor.go +++ b/internal/controller/state/change_processor.go @@ -14,7 +14,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" v1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" "sigs.k8s.io/gateway-api/apis/v1beta1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" @@ -92,7 +91,7 @@ func NewChangeProcessorImpl(cfg ChangeProcessorConfig) *ChangeProcessorImpl { ReferenceGrants: make(map[types.NamespacedName]*v1beta1.ReferenceGrant), Secrets: make(map[types.NamespacedName]*apiv1.Secret), CRDMetadata: make(map[types.NamespacedName]*metav1.PartialObjectMetadata), - BackendTLSPolicies: make(map[types.NamespacedName]*v1alpha3.BackendTLSPolicy), + BackendTLSPolicies: make(map[types.NamespacedName]*v1.BackendTLSPolicy), ConfigMaps: make(map[types.NamespacedName]*apiv1.ConfigMap), NginxProxies: make(map[types.NamespacedName]*ngfAPIv1alpha2.NginxProxy), GRPCRoutes: make(map[types.NamespacedName]*v1.GRPCRoute), @@ -149,7 +148,7 @@ func NewChangeProcessorImpl(cfg ChangeProcessorConfig) *ChangeProcessorImpl { predicate: nil, }, { - gvk: cfg.MustExtractGVK(&v1alpha3.BackendTLSPolicy{}), + gvk: cfg.MustExtractGVK(&v1.BackendTLSPolicy{}), store: newObjectStoreMapAdapter(clusterStore.BackendTLSPolicies), predicate: nil, }, diff --git a/internal/controller/state/change_processor_test.go b/internal/controller/state/change_processor_test.go index 44dbdb0613..90bf948f07 100644 --- a/internal/controller/state/change_processor_test.go +++ b/internal/controller/state/change_processor_test.go @@ -17,7 +17,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" v1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" "sigs.k8s.io/gateway-api/apis/v1beta1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" @@ -180,7 +179,7 @@ func createHTTPSListener(name string, tlsSecret *apiv1.Secret) v1.Listener { Hostname: nil, Port: 443, Protocol: v1.HTTPSProtocolType, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -199,7 +198,7 @@ func createTLSListener(name string) v1.Listener { Hostname: nil, Port: 8443, Protocol: v1.TLSProtocolType, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModePassthrough), }, } @@ -312,7 +311,6 @@ func createScheme() *runtime.Scheme { utilruntime.Must(v1.Install(scheme)) utilruntime.Must(v1beta1.Install(scheme)) utilruntime.Must(v1alpha2.Install(scheme)) - utilruntime.Must(v1alpha3.Install(scheme)) utilruntime.Must(apiv1.AddToScheme(scheme)) utilruntime.Must(discoveryV1.AddToScheme(scheme)) utilruntime.Must(apiext.AddToScheme(scheme)) @@ -2333,7 +2331,7 @@ var _ = Describe("ChangeProcessor", func() { hr1svc, sharedSvc, bazSvc1, bazSvc2, bazSvc3, invalidSvc, notRefSvc *apiv1.Service hr1slice1, hr1slice2, noRefSlice, missingSvcNameSlice *discoveryV1.EndpointSlice gw *v1.Gateway - btls *v1alpha3.BackendTLSPolicy + btls *v1.BackendTLSPolicy ) createSvc := func(name string) *apiv1.Service { @@ -2355,16 +2353,16 @@ var _ = Describe("ChangeProcessor", func() { } } - createBackendTLSPolicy := func(name string, svcName string) *v1alpha3.BackendTLSPolicy { - return &v1alpha3.BackendTLSPolicy{ + createBackendTLSPolicy := func(name string, svcName string) *v1.BackendTLSPolicy { + return &v1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Namespace: "test", Name: name, }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: v1.BackendTLSPolicySpec{ + TargetRefs: []v1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: v1.LocalPolicyTargetReference{ Kind: v1.Kind("Service"), Name: v1.ObjectName(svcName), }, @@ -2988,7 +2986,7 @@ var _ = Describe("ChangeProcessor", func() { Namespace: "test", }, Spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: v1alpha2.LocalPolicyTargetReference{ + TargetRef: v1.LocalPolicyTargetReference{ Group: v1.GroupName, Kind: kinds.Gateway, Name: "gw", @@ -3017,7 +3015,7 @@ var _ = Describe("ChangeProcessor", func() { Namespace: "test", }, Spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReference{ + TargetRefs: []v1.LocalPolicyTargetReference{ { Group: v1.GroupName, Kind: kinds.HTTPRoute, @@ -3049,7 +3047,7 @@ var _ = Describe("ChangeProcessor", func() { }, Spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ ZoneSize: helpers.GetPointer[ngfAPIv1alpha1.Size]("10m"), - TargetRefs: []v1alpha2.LocalPolicyTargetReference{ + TargetRefs: []v1.LocalPolicyTargetReference{ { Group: "core", Kind: kinds.Service, @@ -3227,7 +3225,7 @@ var _ = Describe("ChangeProcessor", func() { ns, unrelatedNS, testNs, barNs *apiv1.Namespace secret, secretUpdated, unrelatedSecret, barSecret, barSecretUpdated *apiv1.Secret cm, cmUpdated, unrelatedCM *apiv1.ConfigMap - btls, btlsUpdated *v1alpha3.BackendTLSPolicy + btls, btlsUpdated *v1.BackendTLSPolicy np, npUpdated *ngfAPIv1alpha2.NginxProxy ) @@ -3327,7 +3325,7 @@ var _ = Describe("ChangeProcessor", func() { Hostname: nil, Port: 443, Protocol: v1.HTTPSProtocolType, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -3343,7 +3341,7 @@ var _ = Describe("ChangeProcessor", func() { Hostname: nil, Port: 500, Protocol: v1.HTTPSProtocolType, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -3500,22 +3498,22 @@ var _ = Describe("ChangeProcessor", func() { } btlsNsName = types.NamespacedName{Namespace: "test", Name: "btls-1"} - btls = &v1alpha3.BackendTLSPolicy{ + btls = &v1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: btlsNsName.Name, Namespace: btlsNsName.Namespace, Generation: 1, }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: v1.BackendTLSPolicySpec{ + TargetRefs: []v1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: v1.LocalPolicyTargetReference{ Kind: "Service", Name: v1.ObjectName(svc.Name), }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: v1.BackendTLSPolicyValidation{ CACertificateRefs: []v1.LocalObjectReference{ { Name: v1.ObjectName(cm.Name), @@ -3602,7 +3600,7 @@ var _ = Describe("ChangeProcessor", func() { processor.CaptureDeleteChange(&v1.HTTPRoute{}, hrNsName) processor.CaptureDeleteChange(&v1.GRPCRoute{}, grNsName) processor.CaptureDeleteChange(&v1beta1.ReferenceGrant{}, rgNsName) - processor.CaptureDeleteChange(&v1alpha3.BackendTLSPolicy{}, btlsNsName) + processor.CaptureDeleteChange(&v1.BackendTLSPolicy{}, btlsNsName) processor.CaptureDeleteChange(&apiv1.ConfigMap{}, cmNsName) processor.CaptureDeleteChange(&ngfAPIv1alpha2.NginxProxy{}, npNsName) diff --git a/internal/controller/state/conditions/conditions.go b/internal/controller/state/conditions/conditions.go index f3af2010f3..209f168ae4 100644 --- a/internal/controller/state/conditions/conditions.go +++ b/internal/controller/state/conditions/conditions.go @@ -6,7 +6,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" v1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" ) @@ -106,7 +105,7 @@ const ( // PolicyReasonNginxProxyConfigNotSet is used with the "PolicyAccepted" condition when the // NginxProxy resource is missing or invalid. - PolicyReasonNginxProxyConfigNotSet v1alpha2.PolicyConditionReason = "NginxProxyConfigNotSet" + PolicyReasonNginxProxyConfigNotSet v1.PolicyConditionReason = "NginxProxyConfigNotSet" // PolicyMessageNginxProxyInvalid is a message used with the PolicyReasonNginxProxyConfigNotSet reason // when the NginxProxy resource is either invalid or not attached. @@ -118,19 +117,19 @@ const ( // PolicyReasonTargetConflict is used with the "PolicyAccepted" condition when a Route that it targets // has an overlapping hostname:port/path combination with another Route. - PolicyReasonTargetConflict v1alpha2.PolicyConditionReason = "TargetConflict" + PolicyReasonTargetConflict v1.PolicyConditionReason = "TargetConflict" // ClientSettingsPolicyAffected is used with the "PolicyAffected" condition when a // ClientSettingsPolicy is applied to a Gateway, HTTPRoute, or GRPCRoute. - ClientSettingsPolicyAffected v1alpha2.PolicyConditionType = "ClientSettingsPolicyAffected" + ClientSettingsPolicyAffected v1.PolicyConditionType = "ClientSettingsPolicyAffected" // ObservabilityPolicyAffected is used with the "PolicyAffected" condition when an // ObservabilityPolicy is applied to a HTTPRoute, or GRPCRoute. - ObservabilityPolicyAffected v1alpha2.PolicyConditionType = "ObservabilityPolicyAffected" + ObservabilityPolicyAffected v1.PolicyConditionType = "ObservabilityPolicyAffected" // PolicyAffectedReason is used with the "PolicyAffected" condition when a // ObservabilityPolicy or ClientSettingsPolicy is applied to Gateways or Routes. - PolicyAffectedReason v1alpha2.PolicyConditionReason = "PolicyAffected" + PolicyAffectedReason v1.PolicyConditionReason = "PolicyAffected" // GatewayResolvedRefs condition indicates whether the controller was able to resolve the // parametersRef on the Gateway. @@ -149,24 +148,12 @@ const ( // PolicyReasonAncestorLimitReached is used with the "PolicyAccepted" condition when a policy // cannot be applied because the ancestor status list has reached the maximum size of 16. - PolicyReasonAncestorLimitReached v1alpha2.PolicyConditionReason = "AncestorLimitReached" + PolicyReasonAncestorLimitReached v1.PolicyConditionReason = "AncestorLimitReached" // PolicyMessageAncestorLimitReached is a message used with PolicyReasonAncestorLimitReached // when a policy cannot be applied due to the ancestor limit being reached. PolicyMessageAncestorLimitReached = "Policies cannot be applied because the ancestor status list " + "has reached the maximum size. The following policies have been ignored:" - - // BackendTLSPolicyReasonInvalidCACertificateRef is used with the "ResolvedRefs" condition when a - // CACertificateRef refers to a resource that cannot be resolved or is misconfigured. - BackendTLSPolicyReasonInvalidCACertificateRef v1alpha2.PolicyConditionReason = "InvalidCACertificateRef" - - // BackendTLSPolicyReasonInvalidKind is used with the "ResolvedRefs" condition when a - // CACertificateRef refers to an unknown or unsupported kind of resource. - BackendTLSPolicyReasonInvalidKind v1alpha2.PolicyConditionReason = "InvalidKind" - - // BackendTLSPolicyReasonNoValidCACertificate is used with the "Accepted" condition when all - // CACertificateRefs are invalid. - BackendTLSPolicyReasonNoValidCACertificate v1alpha2.PolicyConditionReason = "NoValidCACertificate" ) // Condition defines a condition to be reported in the status of resources. @@ -993,9 +980,9 @@ func NewGatewayAcceptedUnsupportedField(msg string) Condition { // NewPolicyAccepted returns a Condition that indicates that the Policy is accepted. func NewPolicyAccepted() Condition { return Condition{ - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionTrue, - Reason: string(v1alpha2.PolicyReasonAccepted), + Reason: string(v1.PolicyReasonAccepted), Message: "Policy is accepted", } } @@ -1004,9 +991,9 @@ func NewPolicyAccepted() Condition { // syntactically invalid. func NewPolicyInvalid(msg string) Condition { return Condition{ - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, - Reason: string(v1alpha2.PolicyReasonInvalid), + Reason: string(v1.PolicyReasonInvalid), Message: msg, } } @@ -1015,9 +1002,9 @@ func NewPolicyInvalid(msg string) Condition { // another Policy and a merge is not possible. func NewPolicyConflicted(msg string) Condition { return Condition{ - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, - Reason: string(v1alpha2.PolicyReasonConflicted), + Reason: string(v1.PolicyReasonConflicted), Message: msg, } } @@ -1026,9 +1013,9 @@ func NewPolicyConflicted(msg string) Condition { // resource does not exist or can not be attached to. func NewPolicyTargetNotFound(msg string) Condition { return Condition{ - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, - Reason: string(v1alpha2.PolicyReasonTargetNotFound), + Reason: string(v1.PolicyReasonTargetNotFound), Message: msg, } } @@ -1037,7 +1024,7 @@ func NewPolicyTargetNotFound(msg string) Condition { // the ancestor status list has reached the maximum size of 16. func NewPolicyAncestorLimitReached(policyType string, policyName string) Condition { return Condition{ - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, Reason: string(PolicyReasonAncestorLimitReached), Message: fmt.Sprintf("%s %s %s", PolicyMessageAncestorLimitReached, policyType, policyName), @@ -1048,7 +1035,7 @@ func NewPolicyAncestorLimitReached(policyType string, policyName string) Conditi // because the target resource has a conflict with another resource when attempting to apply this policy. func NewPolicyNotAcceptedTargetConflict(msg string) Condition { return Condition{ - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, Reason: string(PolicyReasonTargetConflict), Message: msg, @@ -1059,7 +1046,7 @@ func NewPolicyNotAcceptedTargetConflict(msg string) Condition { // because it relies on the NginxProxy configuration which is missing or invalid. func NewPolicyNotAcceptedNginxProxyNotSet(msg string) Condition { return Condition{ - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, Reason: string(PolicyReasonNginxProxyConfigNotSet), Message: msg, @@ -1127,7 +1114,7 @@ func NewBackendTLSPolicyInvalidCACertificateRef(message string) Condition { return Condition{ Type: string(GatewayResolvedRefs), Status: metav1.ConditionFalse, - Reason: string(BackendTLSPolicyReasonInvalidCACertificateRef), + Reason: string(v1.BackendTLSPolicyReasonInvalidCACertificateRef), Message: message, } } @@ -1138,7 +1125,7 @@ func NewBackendTLSPolicyInvalidKind(message string) Condition { return Condition{ Type: string(GatewayResolvedRefs), Status: metav1.ConditionFalse, - Reason: string(BackendTLSPolicyReasonInvalidKind), + Reason: string(v1.BackendTLSPolicyReasonInvalidKind), Message: message, } } @@ -1147,9 +1134,9 @@ func NewBackendTLSPolicyInvalidKind(message string) Condition { // CACertificateRefs in the BackendTLSPolicy are invalid. func NewBackendTLSPolicyNoValidCACertificate(message string) Condition { return Condition{ - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, - Reason: string(BackendTLSPolicyReasonNoValidCACertificate), + Reason: string(v1.BackendTLSPolicyReasonNoValidCACertificate), Message: message, } } diff --git a/internal/controller/state/dataplane/configuration.go b/internal/controller/state/dataplane/configuration.go index 92b119e052..dc7efa4efb 100644 --- a/internal/controller/state/dataplane/configuration.go +++ b/internal/controller/state/dataplane/configuration.go @@ -141,7 +141,7 @@ func buildPassthroughServers(gateway *graph.Gateway) []Layer4VirtualServer { passthroughServersMap[key] = append(passthroughServersMap[key], Layer4VirtualServer{ Hostname: h, UpstreamName: r.Spec.BackendRef.ServicePortReference(), - Port: int32(l.Source.Port), + Port: l.Source.Port, }) } } @@ -150,12 +150,12 @@ func buildPassthroughServers(gateway *graph.Gateway) []Layer4VirtualServer { listenerPassthroughServers = append(listenerPassthroughServers, Layer4VirtualServer{ Hostname: string(*l.Source.Hostname), IsDefault: true, - Port: int32(l.Source.Port), + Port: l.Source.Port, }) } else { listenerPassthroughServers = append(listenerPassthroughServers, Layer4VirtualServer{ Hostname: "", - Port: int32(l.Source.Port), + Port: l.Source.Port, }) } } @@ -517,7 +517,7 @@ func newHostPathRules() *hostPathRules { func (hpr *hostPathRules) upsertListener(l *graph.Listener, gateway *graph.Gateway) { hpr.listenersExist = true - hpr.port = int32(l.Source.Port) + hpr.port = l.Source.Port if l.Source.Protocol == v1.HTTPSProtocolType { hpr.httpsListeners = append(hpr.httpsListeners, l) diff --git a/internal/controller/state/dataplane/configuration_test.go b/internal/controller/state/dataplane/configuration_test.go index 3e1697590d..42f05d07ec 100644 --- a/internal/controller/state/dataplane/configuration_test.go +++ b/internal/controller/state/dataplane/configuration_test.go @@ -17,8 +17,6 @@ import ( "k8s.io/apimachinery/pkg/util/intstr" "sigs.k8s.io/controller-runtime/pkg/client" v1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" @@ -578,22 +576,22 @@ func TestBuildConfiguration(t *testing.T) { ) httpsRouteHR8.Spec.Rules[0].BackendRefs[0].BackendTLSPolicy = &graph.BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &v1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: v1.BackendTLSPolicySpec{ + TargetRefs: []v1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: v1.LocalPolicyTargetReference{ Group: "", Kind: "Service", Name: "foo", }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: v1.BackendTLSPolicyValidation{ Hostname: "foo.example.com", CACertificateRefs: []v1.LocalObjectReference{ { @@ -633,22 +631,22 @@ func TestBuildConfiguration(t *testing.T) { expGRGroups := createExpBackendGroupsForRoute(routeGR) httpsRouteHR9.Spec.Rules[0].BackendRefs[0].BackendTLSPolicy = &graph.BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &v1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp2", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: v1.BackendTLSPolicySpec{ + TargetRefs: []v1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: v1.LocalPolicyTargetReference{ Group: "", Kind: "Service", Name: "foo", }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: v1.BackendTLSPolicyValidation{ Hostname: "foo.example.com", CACertificateRefs: []v1.LocalObjectReference{ { @@ -835,7 +833,7 @@ func TestBuildConfiguration(t *testing.T) { Hostname: nil, Port: 443, Protocol: v1.HTTPSProtocolType, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -872,7 +870,7 @@ func TestBuildConfiguration(t *testing.T) { Hostname: nil, Port: 8443, Protocol: v1.HTTPSProtocolType, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -891,7 +889,7 @@ func TestBuildConfiguration(t *testing.T) { Hostname: &hostname, Port: 443, Protocol: v1.HTTPSProtocolType, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -908,7 +906,7 @@ func TestBuildConfiguration(t *testing.T) { Hostname: nil, Port: 443, Protocol: v1.HTTPSProtocolType, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ // Mode is missing, that's why invalid CertificateRefs: []v1.SecretObjectReference{ { @@ -3761,13 +3759,13 @@ func TestConvertBackendTLS(t *testing.T) { testGateway := types.NamespacedName{Namespace: "test", Name: "gateway"} btpCaCertRefs := &graph.BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &v1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - Validation: v1alpha3.BackendTLSPolicyValidation{ + Spec: v1.BackendTLSPolicySpec{ + Validation: v1.BackendTLSPolicyValidation{ CACertificateRefs: []v1.LocalObjectReference{ { Name: "ca-cert", @@ -3783,9 +3781,9 @@ func TestConvertBackendTLS(t *testing.T) { } btpWellKnownCerts := &graph.BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ - Spec: v1alpha3.BackendTLSPolicySpec{ - Validation: v1alpha3.BackendTLSPolicyValidation{ + Source: &v1.BackendTLSPolicy{ + Spec: v1.BackendTLSPolicySpec{ + Validation: v1.BackendTLSPolicyValidation{ Hostname: "example.com", }, }, diff --git a/internal/controller/state/dataplane/convert.go b/internal/controller/state/dataplane/convert.go index a74a9c3925..e2db5c99d1 100644 --- a/internal/controller/state/dataplane/convert.go +++ b/internal/controller/state/dataplane/convert.go @@ -51,7 +51,7 @@ func convertHTTPRequestRedirectFilter(filter *v1.HTTPRequestRedirectFilter) *HTT return &HTTPRequestRedirectFilter{ Scheme: filter.Scheme, Hostname: (*string)(filter.Hostname), - Port: (*int32)(filter.Port), + Port: filter.Port, StatusCode: filter.StatusCode, Path: convertPathModifier(filter.Path), } diff --git a/internal/controller/state/graph/backend_refs.go b/internal/controller/state/graph/backend_refs.go index 6c0a53f76e..f29bba0082 100644 --- a/internal/controller/state/graph/backend_refs.go +++ b/internal/controller/state/graph/backend_refs.go @@ -10,7 +10,6 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha3" ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/sort" @@ -330,7 +329,7 @@ func validateBackendTLSPolicyMatchingAllBackends(backendRefs []BackendRef) *cond var mismatch bool var referencePolicy *BackendTLSPolicy - checkPoliciesEqual := func(p1, p2 *v1alpha3.BackendTLSPolicy) bool { + checkPoliciesEqual := func(p1, p2 *gatewayv1.BackendTLSPolicy) bool { return !slices.Equal(p1.Spec.Validation.CACertificateRefs, p2.Spec.Validation.CACertificateRefs) || p1.Spec.Validation.WellKnownCACertificates != p2.Spec.Validation.WellKnownCACertificates || p1.Spec.Validation.Hostname != p2.Spec.Validation.Hostname @@ -445,7 +444,7 @@ func getIPFamilyAndPortFromRef( } // safe to dereference port here because we already validated that the port is not nil in validateBackendRef. - svcPort, err := getServicePort(svc, int32(*ref.Port)) + svcPort, err := getServicePort(svc, *ref.Port) if err != nil { return []v1.IPFamily{}, v1.ServicePort{}, err } diff --git a/internal/controller/state/graph/backend_refs_test.go b/internal/controller/state/graph/backend_refs_test.go index 7ef1ae9fd3..8d36c5a4a5 100644 --- a/internal/controller/state/graph/backend_refs_test.go +++ b/internal/controller/state/graph/backend_refs_test.go @@ -13,8 +13,6 @@ import ( "sigs.k8s.io/controller-runtime/pkg/client" inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/state/conditions" @@ -815,22 +813,22 @@ func TestAddBackendRefsToRules(t *testing.T) { getPolicy := func(name, svcName, cmName string) *BackendTLSPolicy { return &BackendTLSPolicy{ Valid: true, - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Group: "", Kind: "Service", Name: gatewayv1.ObjectName(svcName), }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ Hostname: "foo.example.com", CACertificateRefs: []gatewayv1.LocalObjectReference{ { @@ -857,19 +855,19 @@ func TestAddBackendRefsToRules(t *testing.T) { getBtp := func(name string, svcName string, cmName string) *BackendTLSPolicy { return &BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{Name: name, Namespace: "test"}, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Group: "", Kind: "Service", Name: gatewayv1.ObjectName(svcName), }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ Hostname: "foo.example.com", CACertificateRefs: []gatewayv1.LocalObjectReference{ { @@ -1360,24 +1358,24 @@ func TestCreateBackend(t *testing.T) { svc3NamespacedName := types.NamespacedName{Namespace: "test", Name: "service3"} btp := BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Group: "", Kind: "Service", Name: "service2", }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ Hostname: "foo.example.com", - WellKnownCACertificates: (helpers.GetPointer(v1alpha3.WellKnownCACertificatesSystem)), + WellKnownCACertificates: (helpers.GetPointer(gatewayv1.WellKnownCACertificatesSystem)), }, }, }, @@ -1385,24 +1383,24 @@ func TestCreateBackend(t *testing.T) { } btp2 := BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp2", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Group: "", Kind: "Service", Name: "service3", }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ Hostname: "foo.example.com", - WellKnownCACertificates: (helpers.GetPointer(v1alpha3.WellKnownCACertificatesType("unknown"))), + WellKnownCACertificates: (helpers.GetPointer(gatewayv1.WellKnownCACertificatesType("unknown"))), }, }, }, @@ -1865,13 +1863,13 @@ func TestValidateBackendTLSPolicyMatchingAllBackends(t *testing.T) { t.Parallel() getBtp := func(name, caCertName string) *BackendTLSPolicy { return &BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - Validation: v1alpha3.BackendTLSPolicyValidation{ + Spec: gatewayv1.BackendTLSPolicySpec{ + Validation: gatewayv1.BackendTLSPolicyValidation{ Hostname: "foo.example.com", CACertificateRefs: []gatewayv1.LocalObjectReference{ { @@ -1971,16 +1969,16 @@ func TestFindBackendTLSPolicyForService(t *testing.T) { getBtp := func(name string, timestamp metav1.Time) *BackendTLSPolicy { return &BackendTLSPolicy{ Valid: true, - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: name, Namespace: "test", CreationTimestamp: timestamp, }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Group: "", Kind: "Service", Name: "svc1", diff --git a/internal/controller/state/graph/backend_tls_policy.go b/internal/controller/state/graph/backend_tls_policy.go index 591f83d6d3..8e5fd100b6 100644 --- a/internal/controller/state/graph/backend_tls_policy.go +++ b/internal/controller/state/graph/backend_tls_policy.go @@ -9,7 +9,6 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/validation/field" v1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha3" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/state/conditions" "github.com/nginx/nginx-gateway-fabric/v2/internal/framework/kinds" @@ -17,7 +16,7 @@ import ( type BackendTLSPolicy struct { // Source is the source resource. - Source *v1alpha3.BackendTLSPolicy + Source *v1.BackendTLSPolicy // CaCertRef is the name of the ConfigMap that contains the CA certificate. CaCertRef types.NamespacedName // Gateways are the names of the Gateways for which this BackendTLSPolicy is effectively applied. @@ -34,7 +33,7 @@ type BackendTLSPolicy struct { } func processBackendTLSPolicies( - backendTLSPolicies map[types.NamespacedName]*v1alpha3.BackendTLSPolicy, + backendTLSPolicies map[types.NamespacedName]*v1.BackendTLSPolicy, configMapResolver *configMapResolver, secretResolver *secretResolver, gateways map[types.NamespacedName]*Gateway, @@ -67,7 +66,7 @@ func processBackendTLSPolicies( } func validateBackendTLSPolicy( - backendTLSPolicy *v1alpha3.BackendTLSPolicy, + backendTLSPolicy *v1.BackendTLSPolicy, configMapResolver *configMapResolver, secretResolver *secretResolver, ) (valid, ignored bool, conds []conditions.Condition) { @@ -117,7 +116,7 @@ func validateBackendTLSPolicy( return valid, ignored, conds } -func validateBackendTLSHostname(btp *v1alpha3.BackendTLSPolicy) error { +func validateBackendTLSHostname(btp *v1.BackendTLSPolicy) error { h := string(btp.Spec.Validation.Hostname) if err := validateHostname(h); err != nil { @@ -129,7 +128,7 @@ func validateBackendTLSHostname(btp *v1alpha3.BackendTLSPolicy) error { } func validateBackendTLSCACertRef( - btp *v1alpha3.BackendTLSPolicy, + btp *v1.BackendTLSPolicy, configMapResolver *configMapResolver, secretResolver *secretResolver, ) []conditions.Condition { @@ -187,20 +186,20 @@ func validateBackendTLSCACertRef( return nil } -func validateBackendTLSWellKnownCACerts(btp *v1alpha3.BackendTLSPolicy) error { - if *btp.Spec.Validation.WellKnownCACertificates != v1alpha3.WellKnownCACertificatesSystem { +func validateBackendTLSWellKnownCACerts(btp *v1.BackendTLSPolicy) error { + if *btp.Spec.Validation.WellKnownCACertificates != v1.WellKnownCACertificatesSystem { path := field.NewPath("tls.wellknowncacertificates") return field.NotSupported( path, btp.Spec.Validation.WellKnownCACertificates, - []string{string(v1alpha3.WellKnownCACertificatesSystem)}, + []string{string(v1.WellKnownCACertificatesSystem)}, ) } return nil } // countNonNGFAncestors counts the number of non-NGF ancestors in policy status. -func countNonNGFAncestors(policy *v1alpha3.BackendTLSPolicy, ctlrName string) int { +func countNonNGFAncestors(policy *v1.BackendTLSPolicy, ctlrName string) int { nonNGFCount := 0 for _, ancestor := range policy.Status.Ancestors { if string(ancestor.ControllerName) != ctlrName { @@ -231,7 +230,7 @@ func addPolicyAncestorLimitCondition( // collectOrderedGateways collects gateways in spec order (services) then creation time order (gateways within service). func collectOrderedGateways( - policy *v1alpha3.BackendTLSPolicy, + policy *v1.BackendTLSPolicy, services map[types.NamespacedName]*ReferencedService, gateways map[types.NamespacedName]*Gateway, existingNGFGatewayAncestors map[types.NamespacedName]struct{}, @@ -277,7 +276,7 @@ func collectOrderedGateways( } func extractExistingNGFGatewayAncestors( - backendTLSPolicy *v1alpha3.BackendTLSPolicy, + backendTLSPolicy *v1.BackendTLSPolicy, ctlrName string, ) map[types.NamespacedName]struct{} { existingNGFGatewayAncestors := make(map[types.NamespacedName]struct{}) diff --git a/internal/controller/state/graph/backend_tls_policy_test.go b/internal/controller/state/graph/backend_tls_policy_test.go index 53e9011edb..c8911875d8 100644 --- a/internal/controller/state/graph/backend_tls_policy_test.go +++ b/internal/controller/state/graph/backend_tls_policy_test.go @@ -10,8 +10,6 @@ import ( metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" "k8s.io/apimachinery/pkg/types" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/state/conditions" "github.com/nginx/nginx-gateway-fabric/v2/internal/framework/helpers" @@ -20,22 +18,22 @@ import ( func TestProcessBackendTLSPoliciesEmpty(t *testing.T) { t.Parallel() - backendTLSPolicies := map[types.NamespacedName]*v1alpha3.BackendTLSPolicy{ + backendTLSPolicies := map[types.NamespacedName]*gatewayv1.BackendTLSPolicy{ {Namespace: "test", Name: "tls-policy"}: { ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service1", }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: []gatewayv1.LocalObjectReference{ { Kind: "ConfigMap", @@ -58,7 +56,7 @@ func TestProcessBackendTLSPoliciesEmpty(t *testing.T) { tests := []struct { expected map[types.NamespacedName]*BackendTLSPolicy gateways map[types.NamespacedName]*Gateway - backendTLSPolicies map[types.NamespacedName]*v1alpha3.BackendTLSPolicy + backendTLSPolicies map[types.NamespacedName]*gatewayv1.BackendTLSPolicy name string }{ { @@ -89,18 +87,18 @@ func TestProcessBackendTLSPoliciesEmpty(t *testing.T) { func TestValidateBackendTLSPolicy(t *testing.T) { const testSecretName string = "test-secret" - targetRefNormalCase := []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + targetRefNormalCase := []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service1", }, }, } - targetRefInvalidKind := []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + targetRefInvalidKind := []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Invalid", Name: "service1", }, @@ -160,8 +158,8 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, } - getAncestorRef := func(ctlrName, parentName string) v1alpha2.PolicyAncestorStatus { - return v1alpha2.PolicyAncestorStatus{ + getAncestorRef := func(ctlrName, parentName string) gatewayv1.PolicyAncestorStatus { + return gatewayv1.PolicyAncestorStatus{ ControllerName: gatewayv1.GatewayController(ctlrName), AncestorRef: gatewayv1.ParentReference{ Name: gatewayv1.ObjectName(parentName), @@ -172,7 +170,7 @@ func TestValidateBackendTLSPolicy(t *testing.T) { } } - ancestors := []v1alpha2.PolicyAncestorStatus{ + ancestors := []gatewayv1.PolicyAncestorStatus{ getAncestorRef("not-us", "not-us"), getAncestorRef("not-us", "not-us"), getAncestorRef("not-us", "not-us"), @@ -191,12 +189,12 @@ func TestValidateBackendTLSPolicy(t *testing.T) { getAncestorRef("not-us", "not-us"), } - ancestorsWithUs := make([]v1alpha2.PolicyAncestorStatus, len(ancestors)) + ancestorsWithUs := make([]gatewayv1.PolicyAncestorStatus, len(ancestors)) copy(ancestorsWithUs, ancestors) ancestorsWithUs[0] = getAncestorRef("test", "gateway") tests := []struct { - tlsPolicy *v1alpha3.BackendTLSPolicy + tlsPolicy *gatewayv1.BackendTLSPolicy gateway *Gateway name string isValid bool @@ -204,14 +202,14 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }{ { name: "normal case with ca cert refs", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefNormalCase, Hostname: "foo.test.com", }, @@ -221,14 +219,14 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "normal case with ca cert ref secrets", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefSecretNormalCase, Hostname: "foo.test.com", }, @@ -238,19 +236,19 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "normal case with ca cert refs and 16 ancestors including us", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefNormalCase, Hostname: "foo.test.com", }, }, - Status: v1alpha2.PolicyStatus{ + Status: gatewayv1.PolicyStatus{ Ancestors: ancestorsWithUs, }, }, @@ -258,15 +256,15 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "normal case with well known certs", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ - WellKnownCACertificates: (helpers.GetPointer(v1alpha3.WellKnownCACertificatesSystem)), + Validation: gatewayv1.BackendTLSPolicyValidation{ + WellKnownCACertificates: (helpers.GetPointer(gatewayv1.WellKnownCACertificatesSystem)), Hostname: "foo.test.com", }, }, @@ -275,14 +273,14 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "no hostname invalid case", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefNormalCase, Hostname: "", }, @@ -291,14 +289,14 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "invalid ca cert ref name", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefInvalidName, Hostname: "foo.test.com", }, @@ -307,14 +305,14 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "invalid ca cert ref kind", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefInvalidKind, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefInvalidKind, Hostname: "foo.test.com", }, @@ -323,14 +321,14 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "invalid ca cert ref group", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefInvalidGroup, Hostname: "foo.test.com", }, @@ -339,15 +337,15 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "invalid case with well known certs", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ - WellKnownCACertificates: (helpers.GetPointer(v1alpha3.WellKnownCACertificatesType("unknown"))), + Validation: gatewayv1.BackendTLSPolicyValidation{ + WellKnownCACertificates: (helpers.GetPointer(gatewayv1.WellKnownCACertificatesType("unknown"))), Hostname: "foo.test.com", }, }, @@ -355,14 +353,14 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "invalid case neither TLS config option chosen", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ Hostname: "foo.test.com", }, }, @@ -370,14 +368,14 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "invalid case with too many ca cert refs", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefTooManyCerts, Hostname: "foo.test.com", }, @@ -386,36 +384,36 @@ func TestValidateBackendTLSPolicy(t *testing.T) { }, { name: "invalid case with too both ca cert refs and wellknowncerts", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefNormalCase, Hostname: "foo.test.com", - WellKnownCACertificates: (helpers.GetPointer(v1alpha3.WellKnownCACertificatesSystem)), + WellKnownCACertificates: (helpers.GetPointer(gatewayv1.WellKnownCACertificatesSystem)), }, }, }, }, { name: "valid case with many ancestors", - tlsPolicy: &v1alpha3.BackendTLSPolicy{ + tlsPolicy: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "tls-policy", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ + Spec: gatewayv1.BackendTLSPolicySpec{ TargetRefs: targetRefNormalCase, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ CACertificateRefs: localObjectRefNormalCase, Hostname: "foo.test.com", }, }, - Status: v1alpha2.PolicyStatus{ + Status: gatewayv1.PolicyStatus{ Ancestors: ancestors, }, }, @@ -503,32 +501,32 @@ func TestValidateBackendTLSPolicy(t *testing.T) { g.Expect(conds).To(HaveLen(2)) g.Expect(conds[0].Type).To(Equal(string(conditions.GatewayResolvedRefs))) g.Expect(conds[0].Status).To(Equal(metav1.ConditionFalse)) - g.Expect(conds[0].Reason).To(Equal(string(conditions.BackendTLSPolicyReasonInvalidKind))) - g.Expect(conds[1].Type).To(Equal(string(v1alpha2.PolicyConditionAccepted))) + g.Expect(conds[0].Reason).To(Equal(string(gatewayv1.BackendTLSPolicyReasonInvalidKind))) + g.Expect(conds[1].Type).To(Equal(string(gatewayv1.PolicyConditionAccepted))) g.Expect(conds[1].Status).To(Equal(metav1.ConditionFalse)) - g.Expect(conds[1].Reason).To(Equal(string(conditions.BackendTLSPolicyReasonNoValidCACertificate))) + g.Expect(conds[1].Reason).To(Equal(string(gatewayv1.BackendTLSPolicyReasonNoValidCACertificate))) case "invalid ca cert ref name": // Should have InvalidCACertificateRef condition and NoValidCACertificate condition g.Expect(conds).To(HaveLen(2)) g.Expect(conds[0].Type).To(Equal(string(conditions.GatewayResolvedRefs))) g.Expect(conds[0].Status).To(Equal(metav1.ConditionFalse)) - g.Expect(conds[0].Reason).To(Equal(string(conditions.BackendTLSPolicyReasonInvalidCACertificateRef))) - g.Expect(conds[1].Type).To(Equal(string(v1alpha2.PolicyConditionAccepted))) + g.Expect(conds[0].Reason).To(Equal(string(gatewayv1.BackendTLSPolicyReasonInvalidCACertificateRef))) + g.Expect(conds[1].Type).To(Equal(string(gatewayv1.PolicyConditionAccepted))) g.Expect(conds[1].Status).To(Equal(metav1.ConditionFalse)) - g.Expect(conds[1].Reason).To(Equal(string(conditions.BackendTLSPolicyReasonNoValidCACertificate))) + g.Expect(conds[1].Reason).To(Equal(string(gatewayv1.BackendTLSPolicyReasonNoValidCACertificate))) case "invalid ca cert ref group": // Should have InvalidKind condition and NoValidCACertificate condition g.Expect(conds).To(HaveLen(2)) g.Expect(conds[0].Type).To(Equal(string(conditions.GatewayResolvedRefs))) g.Expect(conds[0].Status).To(Equal(metav1.ConditionFalse)) - g.Expect(conds[0].Reason).To(Equal(string(conditions.BackendTLSPolicyReasonInvalidKind))) - g.Expect(conds[1].Type).To(Equal(string(v1alpha2.PolicyConditionAccepted))) + g.Expect(conds[0].Reason).To(Equal(string(gatewayv1.BackendTLSPolicyReasonInvalidKind))) + g.Expect(conds[1].Type).To(Equal(string(gatewayv1.PolicyConditionAccepted))) g.Expect(conds[1].Status).To(Equal(metav1.ConditionFalse)) - g.Expect(conds[1].Reason).To(Equal(string(conditions.BackendTLSPolicyReasonNoValidCACertificate))) + g.Expect(conds[1].Reason).To(Equal(string(gatewayv1.BackendTLSPolicyReasonNoValidCACertificate))) default: // Other invalid cases should have generic PolicyInvalid condition g.Expect(conds).To(HaveLen(1)) - g.Expect(conds[0].Type).To(Equal(string(v1alpha2.PolicyConditionAccepted))) + g.Expect(conds[0].Type).To(Equal(string(gatewayv1.PolicyConditionAccepted))) g.Expect(conds[0].Status).To(Equal(metav1.ConditionFalse)) } } @@ -540,21 +538,21 @@ func TestAddGatewaysForBackendTLSPolicies(t *testing.T) { t.Parallel() btp1 := &BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp1", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service1", }, }, { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service2", }, @@ -572,21 +570,21 @@ func TestAddGatewaysForBackendTLSPolicies(t *testing.T) { } btp2 := &BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp2", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service3", }, }, { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service4", }, @@ -602,15 +600,15 @@ func TestAddGatewaysForBackendTLSPolicies(t *testing.T) { } btp3 := &BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp3", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service-does-not-exist", }, @@ -621,15 +619,15 @@ func TestAddGatewaysForBackendTLSPolicies(t *testing.T) { } btp4 := &BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp4", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Gateway", Name: "gateway", }, @@ -723,8 +721,8 @@ func TestAddGatewaysForBackendTLSPoliciesAncestorLimit(t *testing.T) { testLogger := logr.New(&testNGFLogSink{buffer: &logBuf}) // Helper function to create ancestor references - getAncestorRef := func(ctlrName, parentName string) v1alpha2.PolicyAncestorStatus { - return v1alpha2.PolicyAncestorStatus{ + getAncestorRef := func(ctlrName, parentName string) gatewayv1.PolicyAncestorStatus { + return gatewayv1.PolicyAncestorStatus{ ControllerName: gatewayv1.GatewayController(ctlrName), AncestorRef: gatewayv1.ParentReference{ Name: gatewayv1.ObjectName(parentName), @@ -736,51 +734,51 @@ func TestAddGatewaysForBackendTLSPoliciesAncestorLimit(t *testing.T) { } // Create 16 ancestors from different controllers to simulate full list - fullAncestors := make([]v1alpha2.PolicyAncestorStatus, 16) + fullAncestors := make([]gatewayv1.PolicyAncestorStatus, 16) for i := range 16 { fullAncestors[i] = getAncestorRef("other-controller", "other-gateway") } btpWithFullAncestors := &BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp-full-ancestors", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service1", }, }, }, }, - Status: v1alpha2.PolicyStatus{ + Status: gatewayv1.PolicyStatus{ Ancestors: fullAncestors, }, }, } btpNormal := &BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp-normal", Namespace: "test", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Kind: "Service", Name: "service2", }, }, }, }, - Status: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{}, // Empty ancestors list + Status: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{}, // Empty ancestors list }, }, } @@ -836,7 +834,7 @@ func TestAddGatewaysForBackendTLSPoliciesAncestorLimit(t *testing.T) { g.Expect(gateway1.Conditions).To(HaveLen(1), "Gateway should have received ancestor limit condition") condition := gateway1.Conditions[0] - g.Expect(condition.Type).To(Equal(string(v1alpha2.PolicyConditionAccepted))) + g.Expect(condition.Type).To(Equal(string(gatewayv1.PolicyConditionAccepted))) g.Expect(condition.Status).To(Equal(metav1.ConditionFalse)) g.Expect(condition.Reason).To(Equal(string(conditions.PolicyReasonAncestorLimitReached))) g.Expect(condition.Message).To(ContainSubstring("ancestor status list has reached the maximum size")) diff --git a/internal/controller/state/graph/gateway.go b/internal/controller/state/graph/gateway.go index 4486c58606..084674aa80 100644 --- a/internal/controller/state/graph/gateway.go +++ b/internal/controller/state/graph/gateway.go @@ -278,8 +278,8 @@ func validateUnsupportedGatewayFields(gw *v1.Gateway) []conditions.Condition { conds = append(conds, conditions.NewGatewayAcceptedUnsupportedField("AllowedListeners")) } - if gw.Spec.BackendTLS != nil { - conds = append(conds, conditions.NewGatewayAcceptedUnsupportedField("BackendTLS")) + if gw.Spec.TLS != nil { + conds = append(conds, conditions.NewGatewayAcceptedUnsupportedField("TLS")) } return conds diff --git a/internal/controller/state/graph/gateway_listener.go b/internal/controller/state/graph/gateway_listener.go index 3f6e69587e..cc88548d0a 100644 --- a/internal/controller/state/graph/gateway_listener.go +++ b/internal/controller/state/graph/gateway_listener.go @@ -361,7 +361,7 @@ func validateListenerPort(port v1.PortNumber, protectedPorts ProtectedPorts) err return errors.New("port must be between 1-65535") } - if portName, ok := protectedPorts[int32(port)]; ok { + if portName, ok := protectedPorts[port]; ok { return fmt.Errorf("port is already in use as %v", portName) } diff --git a/internal/controller/state/graph/gateway_listener_test.go b/internal/controller/state/graph/gateway_listener_test.go index 804d4638b3..6a6cb508e6 100644 --- a/internal/controller/state/graph/gateway_listener_test.go +++ b/internal/controller/state/graph/gateway_listener_test.go @@ -39,7 +39,7 @@ func TestValidateHTTPListener(t *testing.T) { { l: v1.Listener{ Port: 80, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), }, Name: "http-listener", @@ -106,7 +106,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 443, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{validSecretRef}, }, @@ -117,7 +117,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 0, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{validSecretRef}, }, @@ -128,7 +128,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 9113, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{validSecretRef}, }, @@ -141,7 +141,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 443, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{validSecretRef}, Options: map[v1.AnnotationKey]v1.AnnotationValue{"key": "val"}, @@ -153,7 +153,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 443, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModePassthrough), CertificateRefs: []v1.SecretObjectReference{validSecretRef}, }, @@ -176,7 +176,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 443, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{invalidSecretRefGroup}, }, @@ -189,7 +189,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 443, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{}, }, @@ -202,7 +202,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 443, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{invalidSecretRefKind}, }, @@ -215,7 +215,7 @@ func TestValidateHTTPSListener(t *testing.T) { { l: v1.Listener{ Port: 443, - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{validSecretRef, validSecretRef}, }, @@ -627,7 +627,7 @@ func TestValidateTLSFieldOnTLSListener(t *testing.T) { msg: "TLS listener with TLS field nil", }, { - listener: v1.Listener{TLS: &v1.GatewayTLSConfig{Mode: helpers.GetPointer(v1.TLSModeTerminate)}}, + listener: v1.Listener{TLS: &v1.ListenerTLSConfig{Mode: helpers.GetPointer(v1.TLSModeTerminate)}}, expectedCond: conditions.NewListenerUnsupportedValue( "TLS.Mode: Required value: Mode must be passthrough for TLS listener", ), @@ -635,7 +635,7 @@ func TestValidateTLSFieldOnTLSListener(t *testing.T) { msg: "TLS listener with TLS mode terminate", }, { - listener: v1.Listener{TLS: &v1.GatewayTLSConfig{Mode: helpers.GetPointer(v1.TLSModePassthrough)}}, + listener: v1.Listener{TLS: &v1.ListenerTLSConfig{Mode: helpers.GetPointer(v1.TLSModePassthrough)}}, expectValid: true, msg: "TLS listener with TLS mode passthrough", }, @@ -677,7 +677,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("*.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret1"}, @@ -689,7 +689,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("app.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret2"}, @@ -716,7 +716,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("*.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret1"}, @@ -728,7 +728,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 8443, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("app.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret2"}, @@ -754,7 +754,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("app.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret1"}, @@ -766,7 +766,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("cafe.example.org"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret2"}, @@ -792,7 +792,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("*.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret1"}, @@ -804,7 +804,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.TLSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("app.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModePassthrough), }, }, @@ -828,7 +828,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.HTTPSProtocolType, Hostname: nil, // nil hostname matches everything - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret1"}, @@ -840,7 +840,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 443, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("app.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret2"}, @@ -899,7 +899,7 @@ func TestOverlappingTLSConfigCondition(t *testing.T) { Port: 80, Protocol: v1.HTTPSProtocolType, Hostname: helpers.GetPointer[v1.Hostname]("app.example.com"), - TLS: &v1.GatewayTLSConfig{ + TLS: &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ {Name: "secret1"}, diff --git a/internal/controller/state/graph/gateway_test.go b/internal/controller/state/graph/gateway_test.go index e3978df1a9..3b45c3cc77 100644 --- a/internal/controller/state/graph/gateway_test.go +++ b/internal/controller/state/graph/gateway_test.go @@ -136,7 +136,7 @@ func TestBuildGateway(t *testing.T) { Type: apiv1.SecretTypeTLS, } - gatewayTLSConfigSameNs := &v1.GatewayTLSConfig{ + gatewayTLSConfigSameNs := &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -147,7 +147,7 @@ func TestBuildGateway(t *testing.T) { }, } - tlsConfigInvalidSecret := &v1.GatewayTLSConfig{ + tlsConfigInvalidSecret := &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -170,7 +170,7 @@ func TestBuildGateway(t *testing.T) { Type: apiv1.SecretTypeTLS, } - gatewayTLSConfigDiffNs := &v1.GatewayTLSConfig{ + gatewayTLSConfigDiffNs := &v1.ListenerTLSConfig{ Mode: helpers.GetPointer(v1.TLSModeTerminate), CertificateRefs: []v1.SecretObjectReference{ { @@ -186,7 +186,7 @@ func TestBuildGateway(t *testing.T) { hostname string, port int, protocol v1.ProtocolType, - tls *v1.GatewayTLSConfig, + tls *v1.ListenerTLSConfig, ) v1.Listener { return v1.Listener{ Name: v1.SectionName(name), @@ -208,10 +208,10 @@ func TestBuildGateway(t *testing.T) { hostname, port, v1.TLSProtocolType, - &v1.GatewayTLSConfig{Mode: helpers.GetPointer(v1.TLSModePassthrough)}, + &v1.ListenerTLSConfig{Mode: helpers.GetPointer(v1.TLSModePassthrough)}, ) } - createHTTPSListener := func(name, hostname string, port int, tls *v1.GatewayTLSConfig) v1.Listener { + createHTTPSListener := func(name, hostname string, port int, tls *v1.ListenerTLSConfig) v1.Listener { return createListener(name, hostname, port, v1.HTTPSProtocolType, tls) } @@ -288,7 +288,7 @@ func TestBuildGateway(t *testing.T) { type gatewayCfg struct { ref *v1.LocalParametersReference allowedListeners *v1.AllowedListeners - backendTLS *v1.GatewayBackendTLS + TLS *v1.GatewayTLSConfig name string listeners []v1.Listener addresses []v1.GatewaySpecAddress @@ -307,7 +307,7 @@ func TestBuildGateway(t *testing.T) { Listeners: cfg.listeners, Addresses: cfg.addresses, AllowedListeners: cfg.allowedListeners, - BackendTLS: cfg.backendTLS, + TLS: cfg.TLS, }, } @@ -1576,7 +1576,9 @@ func TestBuildGateway(t *testing.T) { Kind: "wrong-kind", // Invalid reference Name: "invalid-ref", }, - backendTLS: &v1.GatewayBackendTLS{}, + TLS: &v1.GatewayTLSConfig{ + Backend: &v1.GatewayBackendTLS{}, + }, }), gatewayClass: validGCWithNp, expected: map[types.NamespacedName]*Gateway{ @@ -1603,7 +1605,7 @@ func TestBuildGateway(t *testing.T) { IPFamily: helpers.GetPointer(ngfAPIv1alpha2.Dual), }, Conditions: []conditions.Condition{ - conditions.NewGatewayAcceptedUnsupportedField("BackendTLS"), + conditions.NewGatewayAcceptedUnsupportedField("TLS"), conditions.NewGatewayRefInvalid( "spec.infrastructure.parametersRef.kind: Unsupported value: \"wrong-kind\": supported values: \"NginxProxy\"", ), @@ -1950,16 +1952,18 @@ func TestValidateUnsupportedGatewayFields(t *testing.T) { }, }, { - name: "Multiple unsupported fields: AllowedListeners and BackendTLS", + name: "Multiple unsupported fields: AllowedListeners and TLS", gateway: &v1.Gateway{ Spec: v1.GatewaySpec{ AllowedListeners: &v1.AllowedListeners{}, - BackendTLS: &v1.GatewayBackendTLS{}, + TLS: &v1.GatewayTLSConfig{ + Backend: &v1.GatewayBackendTLS{}, + }, }, }, expectedConds: []conditions.Condition{ conditions.NewGatewayAcceptedUnsupportedField("AllowedListeners"), - conditions.NewGatewayAcceptedUnsupportedField("BackendTLS"), + conditions.NewGatewayAcceptedUnsupportedField("TLS"), }, }, } diff --git a/internal/controller/state/graph/gatewayclass.go b/internal/controller/state/graph/gatewayclass.go index e396395441..607552fac4 100644 --- a/internal/controller/state/graph/gatewayclass.go +++ b/internal/controller/state/graph/gatewayclass.go @@ -17,7 +17,7 @@ const ( // BundleVersionAnnotation is the annotation on Gateway API CRDs that contains the installed version. BundleVersionAnnotation = "gateway.networking.k8s.io/bundle-version" // SupportedVersion is the supported version of the Gateway API CRDs. - SupportedVersion = "v1.3.0" + SupportedVersion = "v1.4.0" ) var gatewayCRDs = map[string]apiVersion{ @@ -225,15 +225,23 @@ func validateCRDVersions( func parseVersionString(version string) apiVersion { versionBits := strings.Split(version, ".") - if len(versionBits) != 3 { + if len(versionBits) < 3 { return apiVersion{} } major, _ := strings.CutPrefix(versionBits[0], "v") + // Handle pre-release versions like "v1.4.0-rc.2" by stripping anything after the minor version + minor := versionBits[1] + // For pre-release versions like "0-rc", we just want "0" + if idx := strings.Index(versionBits[2], "-"); idx != -1 { + // This is a pre-release version, minor is in versionBits[1] + minor = versionBits[1] + } + return apiVersion{ major: major, - minor: versionBits[1], + minor: minor, } } diff --git a/internal/controller/state/graph/graph.go b/internal/controller/state/graph/graph.go index 538a29a09d..a80fe5426a 100644 --- a/internal/controller/state/graph/graph.go +++ b/internal/controller/state/graph/graph.go @@ -12,7 +12,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" "sigs.k8s.io/gateway-api/apis/v1beta1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" @@ -35,7 +34,7 @@ type ClusterState struct { ReferenceGrants map[types.NamespacedName]*v1beta1.ReferenceGrant Secrets map[types.NamespacedName]*v1.Secret CRDMetadata map[types.NamespacedName]*metav1.PartialObjectMetadata - BackendTLSPolicies map[types.NamespacedName]*v1alpha3.BackendTLSPolicy + BackendTLSPolicies map[types.NamespacedName]*gatewayv1.BackendTLSPolicy ConfigMaps map[types.NamespacedName]*v1.ConfigMap NginxProxies map[types.NamespacedName]*ngfAPIv1alpha2.NginxProxy GRPCRoutes map[types.NamespacedName]*gatewayv1.GRPCRoute @@ -182,7 +181,7 @@ func (g *Graph) IsNGFPolicyRelevant( return false } -func (g *Graph) gatewayAPIResourceExist(ref v1alpha2.LocalPolicyTargetReference, policyNs string) bool { +func (g *Graph) gatewayAPIResourceExist(ref gatewayv1.LocalPolicyTargetReference, policyNs string) bool { refNsName := types.NamespacedName{Name: string(ref.Name), Namespace: policyNs} switch kind := ref.Kind; kind { diff --git a/internal/controller/state/graph/graph_test.go b/internal/controller/state/graph/graph_test.go index 96dbddd2dd..a31cf7f1a3 100644 --- a/internal/controller/state/graph/graph_test.go +++ b/internal/controller/state/graph/graph_test.go @@ -16,7 +16,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" "sigs.k8s.io/gateway-api/apis/v1beta1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" @@ -59,22 +58,22 @@ func TestBuildGraph(t *testing.T) { } btp := BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &gatewayv1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Name: "btp", Namespace: "service", }, - Spec: v1alpha3.BackendTLSPolicySpec{ - TargetRefs: []v1alpha2.LocalPolicyTargetReferenceWithSectionName{ + Spec: gatewayv1.BackendTLSPolicySpec{ + TargetRefs: []gatewayv1.LocalPolicyTargetReferenceWithSectionName{ { - LocalPolicyTargetReference: v1alpha2.LocalPolicyTargetReference{ + LocalPolicyTargetReference: gatewayv1.LocalPolicyTargetReference{ Group: "", Kind: "Service", Name: "foo", }, }, }, - Validation: v1alpha3.BackendTLSPolicyValidation{ + Validation: gatewayv1.BackendTLSPolicyValidation{ Hostname: "foo.example.com", CACertificateRefs: []v1alpha2.LocalObjectReference{ { @@ -98,7 +97,7 @@ func TestBuildGraph(t *testing.T) { Kind: (*gatewayv1.Kind)(helpers.GetPointer("Service")), Name: "foo", Namespace: (*gatewayv1.Namespace)(helpers.GetPointer("service")), - Port: (*gatewayv1.PortNumber)(helpers.GetPointer[int32](80)), + Port: helpers.GetPointer[gatewayv1.PortNumber](80), }, } @@ -107,7 +106,7 @@ func TestBuildGraph(t *testing.T) { Kind: (*gatewayv1.Kind)(helpers.GetPointer("Service")), Name: "foo2", Namespace: (*gatewayv1.Namespace)(helpers.GetPointer("test")), - Port: (*gatewayv1.PortNumber)(helpers.GetPointer[int32](80)), + Port: helpers.GetPointer[gatewayv1.PortNumber](80), }, } @@ -488,7 +487,7 @@ func TestBuildGraph(t *testing.T) { Name: "listener-443-1", Hostname: (*gatewayv1.Hostname)(helpers.GetPointer("*.example.com")), Port: 443, - TLS: &gatewayv1.GatewayTLSConfig{ + TLS: &gatewayv1.ListenerTLSConfig{ Mode: helpers.GetPointer(gatewayv1.TLSModeTerminate), CertificateRefs: []gatewayv1.SecretObjectReference{ { @@ -505,7 +504,7 @@ func TestBuildGraph(t *testing.T) { Hostname: (*gatewayv1.Hostname)(helpers.GetPointer("*.example.org")), Port: 443, Protocol: gatewayv1.TLSProtocolType, - TLS: &gatewayv1.GatewayTLSConfig{Mode: helpers.GetPointer(gatewayv1.TLSModePassthrough)}, + TLS: &gatewayv1.ListenerTLSConfig{Mode: helpers.GetPointer(gatewayv1.TLSModePassthrough)}, AllowedRoutes: &gatewayv1.AllowedRoutes{ Kinds: []gatewayv1.RouteGroupKind{ {Kind: kinds.TLSRoute, Group: helpers.GetPointer[gatewayv1.Group](gatewayv1.GroupName)}, @@ -517,7 +516,7 @@ func TestBuildGraph(t *testing.T) { Hostname: (*gatewayv1.Hostname)(helpers.GetPointer("*.example.org")), Port: 8443, Protocol: gatewayv1.TLSProtocolType, - TLS: &gatewayv1.GatewayTLSConfig{Mode: helpers.GetPointer(gatewayv1.TLSModePassthrough)}, + TLS: &gatewayv1.ListenerTLSConfig{Mode: helpers.GetPointer(gatewayv1.TLSModePassthrough)}, }, }, }, @@ -811,7 +810,7 @@ func TestBuildGraph(t *testing.T) { client.ObjectKeyFromObject(secret): secret, client.ObjectKeyFromObject(plusSecret): plusSecret, }, - BackendTLSPolicies: map[types.NamespacedName]*v1alpha3.BackendTLSPolicy{ + BackendTLSPolicies: map[types.NamespacedName]*gatewayv1.BackendTLSPolicy{ client.ObjectKeyFromObject(btp.Source): btp.Source, }, ConfigMaps: map[types.NamespacedName]*v1.ConfigMap{ @@ -1856,13 +1855,13 @@ func TestIsNGFPolicyRelevant(t *testing.T) { return mod(getGraph()) } - getPolicy := func(ref v1alpha2.LocalPolicyTargetReference) policies.Policy { + getPolicy := func(ref gatewayv1.LocalPolicyTargetReference) policies.Policy { return &policiesfakes.FakePolicy{ GetNamespaceStub: func() string { return testNs }, - GetTargetRefsStub: func() []v1alpha2.LocalPolicyTargetReference { - return []v1alpha2.LocalPolicyTargetReference{ref} + GetTargetRefsStub: func() []gatewayv1.LocalPolicyTargetReference { + return []gatewayv1.LocalPolicyTargetReference{ref} }, } } diff --git a/internal/controller/state/graph/httproute.go b/internal/controller/state/graph/httproute.go index 4c01f1ff60..0f124b88cc 100644 --- a/internal/controller/state/graph/httproute.go +++ b/internal/controller/state/graph/httproute.go @@ -530,7 +530,7 @@ func validateFilterRedirect( } if redirect.Port != nil { - if err := validator.ValidateRedirectPort(int32(*redirect.Port)); err != nil { + if err := validator.ValidateRedirectPort(*redirect.Port); err != nil { valErr := field.Invalid(redirectPath.Child("port"), *redirect.Port, err.Error()) allErrs = append(allErrs, valErr) } diff --git a/internal/controller/state/graph/multiple_gateways_test.go b/internal/controller/state/graph/multiple_gateways_test.go index 80f4a10b04..0ae796eb38 100644 --- a/internal/controller/state/graph/multiple_gateways_test.go +++ b/internal/controller/state/graph/multiple_gateways_test.go @@ -170,13 +170,13 @@ func createListener( name, hostname string, port int32, protocol gatewayv1.ProtocolType, - tlsConfig *gatewayv1.GatewayTLSConfig, + tlsConfig *gatewayv1.ListenerTLSConfig, allowedRoutes *gatewayv1.AllowedRoutes, ) gatewayv1.Listener { listener := gatewayv1.Listener{ Name: gatewayv1.SectionName(name), Hostname: (*gatewayv1.Hostname)(helpers.GetPointer(hostname)), - Port: gatewayv1.PortNumber(port), + Port: port, Protocol: protocol, AllowedRoutes: allowedRoutes, } @@ -452,7 +452,7 @@ func Test_MultipleGateways_WithListeners(t *testing.T) { }, } - tlsConfigDiffNsSecret := &gatewayv1.GatewayTLSConfig{ + tlsConfigDiffNsSecret := &gatewayv1.ListenerTLSConfig{ Mode: helpers.GetPointer(gatewayv1.TLSModeTerminate), CertificateRefs: []gatewayv1.SecretObjectReference{ { @@ -484,7 +484,7 @@ func Test_MultipleGateways_WithListeners(t *testing.T) { ), }) - tlsConfigPassthrough := &gatewayv1.GatewayTLSConfig{ + tlsConfigPassthrough := &gatewayv1.ListenerTLSConfig{ Mode: helpers.GetPointer(gatewayv1.TLSModePassthrough), } @@ -500,7 +500,7 @@ func Test_MultipleGateways_WithListeners(t *testing.T) { Type: v1.SecretTypeTLS, } - gatewayTLSConfigSameNs := &gatewayv1.GatewayTLSConfig{ + gatewayTLSConfigSameNs := &gatewayv1.ListenerTLSConfig{ Mode: helpers.GetPointer(gatewayv1.TLSModeTerminate), CertificateRefs: []gatewayv1.SecretObjectReference{ { diff --git a/internal/controller/state/graph/policies_test.go b/internal/controller/state/graph/policies_test.go index e84bbd6b56..ff9251cc72 100644 --- a/internal/controller/state/graph/policies_test.go +++ b/internal/controller/state/graph/policies_test.go @@ -11,7 +11,6 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" v1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/nginx/config/policies" @@ -1524,20 +1523,20 @@ func TestRefGroupKind(t *testing.T) { func createTestPolicyWithAncestors(numAncestors int) policies.Policy { policy := &policiesfakes.FakePolicy{} - ancestors := make([]v1alpha2.PolicyAncestorStatus, numAncestors) + ancestors := make([]v1.PolicyAncestorStatus, numAncestors) for i := range numAncestors { - ancestors[i] = v1alpha2.PolicyAncestorStatus{ControllerName: "some-other-controller"} + ancestors[i] = v1.PolicyAncestorStatus{ControllerName: "some-other-controller"} } - policy.GetPolicyStatusReturns(v1alpha2.PolicyStatus{Ancestors: ancestors}) + policy.GetPolicyStatusReturns(v1.PolicyStatus{Ancestors: ancestors}) return policy } func createTestPolicyAndKey( gvk schema.GroupVersionKind, name string, - refs ...v1alpha2.LocalPolicyTargetReference, + refs ...v1.LocalPolicyTargetReference, ) (policies.Policy, PolicyKey) { pol := createTestPolicy(gvk, name, refs...) key := createTestPolicyKey(gvk, name) @@ -1548,7 +1547,7 @@ func createTestPolicyAndKey( func createTestPolicy( gvk schema.GroupVersionKind, name string, - refs ...v1alpha2.LocalPolicyTargetReference, + refs ...v1.LocalPolicyTargetReference, ) policies.Policy { return &policiesfakes.FakePolicy{ GetNameStub: func() string { @@ -1557,7 +1556,7 @@ func createTestPolicy( GetNamespaceStub: func() string { return testNs }, - GetTargetRefsStub: func() []v1alpha2.LocalPolicyTargetReference { + GetTargetRefsStub: func() []v1.LocalPolicyTargetReference { return refs }, GetObjectKindStub: func() schema.ObjectKind { @@ -1577,8 +1576,8 @@ func createTestPolicyKey(gvk schema.GroupVersionKind, name string) PolicyKey { } } -func createTestRef(kind v1.Kind, group v1.Group, name string) v1alpha2.LocalPolicyTargetReference { - return v1alpha2.LocalPolicyTargetReference{ +func createTestRef(kind v1.Kind, group v1.Group, name string) v1.LocalPolicyTargetReference { + return v1.LocalPolicyTargetReference{ Group: group, Kind: kind, Name: v1.ObjectName(name), @@ -2009,10 +2008,10 @@ func TestAddStatusToTargetRefs(t *testing.T) { func TestNGFPolicyAncestorsFullFunc(t *testing.T) { t.Parallel() - createPolicyWithAncestors := func(ancestors []v1alpha2.PolicyAncestorStatus) *Policy { + createPolicyWithAncestors := func(ancestors []v1.PolicyAncestorStatus) *Policy { fakePolicy := &policiesfakes.FakePolicy{ - GetPolicyStatusStub: func() v1alpha2.PolicyStatus { - return v1alpha2.PolicyStatus{ + GetPolicyStatusStub: func() v1.PolicyStatus { + return v1.PolicyStatus{ Ancestors: ancestors, } }, @@ -2023,8 +2022,8 @@ func TestNGFPolicyAncestorsFullFunc(t *testing.T) { } } - getAncestorRef := func(ctlrName, parentName string) v1alpha2.PolicyAncestorStatus { - return v1alpha2.PolicyAncestorStatus{ + getAncestorRef := func(ctlrName, parentName string) v1.PolicyAncestorStatus { + return v1.PolicyAncestorStatus{ ControllerName: v1.GatewayController(ctlrName), AncestorRef: v1.ParentReference{ Name: v1.ObjectName(parentName), @@ -2037,19 +2036,19 @@ func TestNGFPolicyAncestorsFullFunc(t *testing.T) { tests := []struct { name string - currentAncestors []v1alpha2.PolicyAncestorStatus + currentAncestors []v1.PolicyAncestorStatus updatedAncestorsLen int expectFull bool }{ { name: "empty current ancestors, no updated ancestors", - currentAncestors: []v1alpha2.PolicyAncestorStatus{}, + currentAncestors: []v1.PolicyAncestorStatus{}, updatedAncestorsLen: 0, expectFull: false, }, { name: "less than 16 total (current + updated)", - currentAncestors: []v1alpha2.PolicyAncestorStatus{ + currentAncestors: []v1.PolicyAncestorStatus{ getAncestorRef("other-controller", "gateway1"), getAncestorRef("other-controller", "gateway2"), }, @@ -2058,8 +2057,8 @@ func TestNGFPolicyAncestorsFullFunc(t *testing.T) { }, { name: "exactly 16 non-NGF ancestors, no updated ancestors", - currentAncestors: func() []v1alpha2.PolicyAncestorStatus { - ancestors := make([]v1alpha2.PolicyAncestorStatus, 16) + currentAncestors: func() []v1.PolicyAncestorStatus { + ancestors := make([]v1.PolicyAncestorStatus, 16) for i := range 16 { ancestors[i] = getAncestorRef("other-controller", "gateway") } @@ -2070,8 +2069,8 @@ func TestNGFPolicyAncestorsFullFunc(t *testing.T) { }, { name: "15 non-NGF + 1 NGF ancestor, adding 1 more NGF ancestor", - currentAncestors: func() []v1alpha2.PolicyAncestorStatus { - ancestors := make([]v1alpha2.PolicyAncestorStatus, 16) + currentAncestors: func() []v1.PolicyAncestorStatus { + ancestors := make([]v1.PolicyAncestorStatus, 16) for i := range 15 { ancestors[i] = getAncestorRef("other-controller", "gateway") } @@ -2083,8 +2082,8 @@ func TestNGFPolicyAncestorsFullFunc(t *testing.T) { }, { name: "10 non-NGF ancestors, trying to add 7 NGF ancestors (would exceed 16)", - currentAncestors: func() []v1alpha2.PolicyAncestorStatus { - ancestors := make([]v1alpha2.PolicyAncestorStatus, 10) + currentAncestors: func() []v1.PolicyAncestorStatus { + ancestors := make([]v1.PolicyAncestorStatus, 10) for i := range 10 { ancestors[i] = getAncestorRef("other-controller", "gateway") } @@ -2095,8 +2094,8 @@ func TestNGFPolicyAncestorsFullFunc(t *testing.T) { }, { name: "5 non-NGF + 5 NGF ancestors, trying to add 6 more NGF ancestors", - currentAncestors: func() []v1alpha2.PolicyAncestorStatus { - ancestors := make([]v1alpha2.PolicyAncestorStatus, 10) + currentAncestors: func() []v1.PolicyAncestorStatus { + ancestors := make([]v1.PolicyAncestorStatus, 10) for i := range 5 { ancestors[i] = getAncestorRef("other-controller", "gateway") } @@ -2140,8 +2139,8 @@ func TestNGFPolicyAncestorLimitHandling(t *testing.T) { policyGVK := schema.GroupVersionKind{Group: "Group", Version: "Version", Kind: "TestPolicy"} // Helper function to create ancestor references - getAncestorRef := func(ctlrName, parentName string) v1alpha2.PolicyAncestorStatus { - return v1alpha2.PolicyAncestorStatus{ + getAncestorRef := func(ctlrName, parentName string) v1.PolicyAncestorStatus { + return v1.PolicyAncestorStatus{ ControllerName: v1.GatewayController(ctlrName), AncestorRef: v1.ParentReference{ Name: v1.ObjectName(parentName), @@ -2153,7 +2152,7 @@ func TestNGFPolicyAncestorLimitHandling(t *testing.T) { } // Create 16 ancestors from different controllers to simulate full list - fullAncestors := make([]v1alpha2.PolicyAncestorStatus, 16) + fullAncestors := make([]v1.PolicyAncestorStatus, 16) for i := range 16 { fullAncestors[i] = getAncestorRef("other-controller", "other-gateway") } @@ -2165,8 +2164,8 @@ func TestNGFPolicyAncestorLimitHandling(t *testing.T) { GetNamespaceStub: func() string { return "test" }, - GetPolicyStatusStub: func() v1alpha2.PolicyStatus { - return v1alpha2.PolicyStatus{ + GetPolicyStatusStub: func() v1.PolicyStatus { + return v1.PolicyStatus{ Ancestors: fullAncestors, } }, @@ -2177,8 +2176,8 @@ func TestNGFPolicyAncestorLimitHandling(t *testing.T) { }, } }, - GetTargetRefsStub: func() []v1alpha2.LocalPolicyTargetReference { - return []v1alpha2.LocalPolicyTargetReference{ + GetTargetRefsStub: func() []v1.LocalPolicyTargetReference { + return []v1.LocalPolicyTargetReference{ { Group: v1.GroupName, Kind: kinds.Gateway, @@ -2196,9 +2195,9 @@ func TestNGFPolicyAncestorLimitHandling(t *testing.T) { GetNamespaceStub: func() string { return "test" }, - GetPolicyStatusStub: func() v1alpha2.PolicyStatus { - return v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{}, // Empty ancestors list + GetPolicyStatusStub: func() v1.PolicyStatus { + return v1.PolicyStatus{ + Ancestors: []v1.PolicyAncestorStatus{}, // Empty ancestors list } }, GetObjectKindStub: func() schema.ObjectKind { @@ -2208,8 +2207,8 @@ func TestNGFPolicyAncestorLimitHandling(t *testing.T) { }, } }, - GetTargetRefsStub: func() []v1alpha2.LocalPolicyTargetReference { - return []v1alpha2.LocalPolicyTargetReference{ + GetTargetRefsStub: func() []v1.LocalPolicyTargetReference { + return []v1.LocalPolicyTargetReference{ { Group: v1.GroupName, Kind: kinds.Gateway, @@ -2293,7 +2292,7 @@ func TestNGFPolicyAncestorLimitHandling(t *testing.T) { g.Expect(gateway1.Conditions).To(HaveLen(1), "Gateway should have received ancestor limit condition") condition := gateway1.Conditions[0] - g.Expect(condition.Type).To(Equal(string(v1alpha2.PolicyConditionAccepted))) + g.Expect(condition.Type).To(Equal(string(v1.PolicyConditionAccepted))) g.Expect(condition.Status).To(Equal(metav1.ConditionFalse)) g.Expect(condition.Reason).To(Equal(string(conditions.PolicyReasonAncestorLimitReached))) g.Expect(condition.Message).To(ContainSubstring("ancestor status list has reached the maximum size")) @@ -2356,7 +2355,7 @@ func (s *testNGFLogSink) WithName(_ string) logr.LogSink { // createPolicyWithExistingGatewayStatus creates a fake policy with a gateway in its status ancestors. func createPolicyWithExistingGatewayStatus(gatewayNsName types.NamespacedName, controllerName string) policies.Policy { - ancestors := []v1alpha2.PolicyAncestorStatus{ + ancestors := []v1.PolicyAncestorStatus{ { ControllerName: v1.GatewayController(controllerName), AncestorRef: v1.ParentReference{ @@ -2375,11 +2374,11 @@ func createFakePolicy(name, namespace string) *policiesfakes.FakePolicy { return &policiesfakes.FakePolicy{ GetNameStub: func() string { return name }, GetNamespaceStub: func() string { return namespace }, - GetPolicyStatusStub: func() v1alpha2.PolicyStatus { - return v1alpha2.PolicyStatus{} + GetPolicyStatusStub: func() v1.PolicyStatus { + return v1.PolicyStatus{} }, - GetTargetRefsStub: func() []v1alpha2.LocalPolicyTargetReference { - return []v1alpha2.LocalPolicyTargetReference{} + GetTargetRefsStub: func() []v1.LocalPolicyTargetReference { + return []v1.LocalPolicyTargetReference{} }, } } @@ -2387,11 +2386,11 @@ func createFakePolicy(name, namespace string) *policiesfakes.FakePolicy { // createFakePolicyWithAncestors creates a fake policy with specific ancestors. func createFakePolicyWithAncestors( name, namespace string, - ancestors []v1alpha2.PolicyAncestorStatus, + ancestors []v1.PolicyAncestorStatus, ) *policiesfakes.FakePolicy { policy := createFakePolicy(name, namespace) - policy.GetPolicyStatusStub = func() v1alpha2.PolicyStatus { - return v1alpha2.PolicyStatus{Ancestors: ancestors} + policy.GetPolicyStatusStub = func() v1.PolicyStatus { + return v1.PolicyStatus{Ancestors: ancestors} } return policy } diff --git a/internal/controller/state/graph/policy_ancestor_test.go b/internal/controller/state/graph/policy_ancestor_test.go index 42a34fcd4f..16a5f20d00 100644 --- a/internal/controller/state/graph/policy_ancestor_test.go +++ b/internal/controller/state/graph/policy_ancestor_test.go @@ -10,7 +10,6 @@ import ( "k8s.io/apimachinery/pkg/runtime/schema" "k8s.io/apimachinery/pkg/types" v1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/nginx/config/policies" @@ -27,17 +26,17 @@ func TestNGFPolicyAncestorsFull(t *testing.T) { } createPolicy := func(cfg ancestorConfig) *Policy { - currAncestors := make([]v1alpha2.PolicyAncestorStatus, 0, cfg.numCurrNGFAncestors+cfg.numCurrNonNGFAncestors) + currAncestors := make([]v1.PolicyAncestorStatus, 0, cfg.numCurrNGFAncestors+cfg.numCurrNonNGFAncestors) ngfAncestors := make([]PolicyAncestor, 0, cfg.numNewNGFAncestors) for range cfg.numCurrNonNGFAncestors { - currAncestors = append(currAncestors, v1alpha2.PolicyAncestorStatus{ + currAncestors = append(currAncestors, v1.PolicyAncestorStatus{ ControllerName: "non-ngf", }) } for range cfg.numCurrNGFAncestors { - currAncestors = append(currAncestors, v1alpha2.PolicyAncestorStatus{ + currAncestors = append(currAncestors, v1.PolicyAncestorStatus{ ControllerName: "nginx-gateway", }) } @@ -50,7 +49,7 @@ func TestNGFPolicyAncestorsFull(t *testing.T) { return &Policy{ Source: &ngfAPIv1alpha2.ObservabilityPolicy{ - Status: v1alpha2.PolicyStatus{ + Status: v1.PolicyStatus{ Ancestors: currAncestors, }, }, diff --git a/internal/controller/state/graph/route_common_test.go b/internal/controller/state/graph/route_common_test.go index 6ded299d73..52ff2ca2af 100644 --- a/internal/controller/state/graph/route_common_test.go +++ b/internal/controller/state/graph/route_common_test.go @@ -1670,7 +1670,7 @@ func TestBindL4RouteToListeners(t *testing.T) { Name: gatewayv1.SectionName(name), Hostname: (*gatewayv1.Hostname)(helpers.GetPointer("foo.example.com")), Protocol: gatewayv1.TLSProtocolType, - TLS: helpers.GetPointer(gatewayv1.GatewayTLSConfig{ + TLS: helpers.GetPointer(gatewayv1.ListenerTLSConfig{ Mode: helpers.GetPointer(gatewayv1.TLSModeTerminate), }), }, @@ -2541,7 +2541,7 @@ func TestIsolateL4Listeners(t *testing.T) { Attachment: &ParentRefAttachmentStatus{ AcceptedHostnames: acceptedHostnames, Attached: true, - ListenerPort: gatewayv1.PortNumber(listenerPort), + ListenerPort: listenerPort, }, }, }, @@ -3084,7 +3084,7 @@ func TestIsolateL7Listeners(t *testing.T) { Attachment: &ParentRefAttachmentStatus{ AcceptedHostnames: acceptedHostnames, Attached: true, - ListenerPort: gatewayv1.PortNumber(listenerPort), + ListenerPort: listenerPort, }, }, }, diff --git a/internal/controller/status/prepare_requests.go b/internal/controller/status/prepare_requests.go index 0ad407e60e..7c3f161a70 100644 --- a/internal/controller/status/prepare_requests.go +++ b/internal/controller/status/prepare_requests.go @@ -11,7 +11,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" v1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/state/conditions" @@ -364,7 +363,7 @@ func PrepareNGFPolicyRequests( reqs := make([]UpdateRequest, 0, len(policies)) for key, pol := range policies { - ancestorStatuses := make([]v1alpha2.PolicyAncestorStatus, 0, len(pol.TargetRefs)) + ancestorStatuses := make([]v1.PolicyAncestorStatus, 0, len(pol.TargetRefs)) if len(pol.Ancestors) == 0 { continue @@ -383,14 +382,14 @@ func PrepareNGFPolicyRequests( conds := conditions.DeduplicateConditions(allConds) apiConds := conditions.ConvertConditions(conds, pol.Source.GetGeneration(), transitionTime) - ancestorStatuses = append(ancestorStatuses, v1alpha2.PolicyAncestorStatus{ + ancestorStatuses = append(ancestorStatuses, v1.PolicyAncestorStatus{ AncestorRef: ancestor.Ancestor, ControllerName: v1alpha2.GatewayController(gatewayCtlrName), Conditions: apiConds, }) } - status := v1alpha2.PolicyStatus{Ancestors: ancestorStatuses} + status := v1.PolicyStatus{Ancestors: ancestorStatuses} reqs = append(reqs, UpdateRequest{ NsName: key.NsName, @@ -418,9 +417,9 @@ func PrepareBackendTLSPolicyRequests( conds := conditions.DeduplicateConditions(pol.Conditions) apiConds := conditions.ConvertConditions(conds, pol.Source.Generation, transitionTime) - policyAncestors := make([]v1alpha2.PolicyAncestorStatus, 0, len(pol.Gateways)) + policyAncestors := make([]v1.PolicyAncestorStatus, 0, len(pol.Gateways)) for _, gwNsName := range pol.Gateways { - policyAncestorStatus := v1alpha2.PolicyAncestorStatus{ + policyAncestorStatus := v1.PolicyAncestorStatus{ AncestorRef: v1.ParentReference{ Namespace: helpers.GetPointer(v1.Namespace(gwNsName.Namespace)), Name: v1.ObjectName(gwNsName.Name), @@ -434,13 +433,13 @@ func PrepareBackendTLSPolicyRequests( policyAncestors = append(policyAncestors, policyAncestorStatus) } - status := v1alpha2.PolicyStatus{ + status := v1.PolicyStatus{ Ancestors: policyAncestors, } reqs = append(reqs, UpdateRequest{ NsName: nsname, - ResourceType: &v1alpha3.BackendTLSPolicy{}, + ResourceType: &v1.BackendTLSPolicy{}, Setter: newBackendTLSPolicyStatusSetter(status, gatewayCtlrName), }) } diff --git a/internal/controller/status/prepare_requests_test.go b/internal/controller/status/prepare_requests_test.go index 58ff2f957f..7b9d16a697 100644 --- a/internal/controller/status/prepare_requests_test.go +++ b/internal/controller/status/prepare_requests_test.go @@ -18,7 +18,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" v1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/state/conditions" @@ -34,7 +33,6 @@ func createK8sClientFor(resourceType ngftypes.ObjectType) client.Client { // for simplicity, we add all used schemes here utilruntime.Must(v1.Install(scheme)) utilruntime.Must(v1alpha2.Install(scheme)) - utilruntime.Must(v1alpha3.Install(scheme)) utilruntime.Must(ngfAPI.AddToScheme(scheme)) utilruntime.Must(inference.Install(scheme)) @@ -1401,7 +1399,7 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { getBackendTLSPolicy := func(policyCfg policyCfg) *graph.BackendTLSPolicy { return &graph.BackendTLSPolicy{ - Source: &v1alpha3.BackendTLSPolicy{ + Source: &v1.BackendTLSPolicy{ ObjectMeta: metav1.ObjectMeta{ Namespace: "test", Name: policyCfg.Name, @@ -1452,14 +1450,14 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { tests := []struct { backendTLSPolicies map[types.NamespacedName]*graph.BackendTLSPolicy - expected map[types.NamespacedName]v1alpha2.PolicyStatus + expected map[types.NamespacedName]v1.PolicyStatus name string expectedReqs int }{ { name: "nil backendTLSPolicies", expectedReqs: 0, - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{}, + expected: map[types.NamespacedName]v1.PolicyStatus{}, }, { name: "valid backendTLSPolicy", @@ -1467,9 +1465,9 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { {Namespace: "test", Name: "valid-bt"}: getBackendTLSPolicy(validPolicyCfg), }, expectedReqs: 1, - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{ + expected: map[types.NamespacedName]v1.PolicyStatus{ {Name: "valid-bt", Namespace: "test"}: { - Ancestors: []v1alpha2.PolicyAncestorStatus{ + Ancestors: []v1.PolicyAncestorStatus{ { AncestorRef: v1.ParentReference{ Namespace: helpers.GetPointer[v1.Namespace]("test"), @@ -1480,11 +1478,11 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: 1, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonAccepted), + Reason: string(v1.PolicyReasonAccepted), Message: "Policy is accepted", }, }, @@ -1499,11 +1497,11 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: 1, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonAccepted), + Reason: string(v1.PolicyReasonAccepted), Message: "Policy is accepted", }, }, @@ -1518,9 +1516,9 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { {Namespace: "test", Name: "invalid-bt"}: getBackendTLSPolicy(invalidPolicyCfg), }, expectedReqs: 1, - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{ + expected: map[types.NamespacedName]v1.PolicyStatus{ {Name: "invalid-bt", Namespace: "test"}: { - Ancestors: []v1alpha2.PolicyAncestorStatus{ + Ancestors: []v1.PolicyAncestorStatus{ { AncestorRef: v1.ParentReference{ Namespace: helpers.GetPointer[v1.Namespace]("test"), @@ -1531,11 +1529,11 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, ObservedGeneration: 1, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonInvalid), + Reason: string(v1.PolicyReasonInvalid), Message: "invalid backendTLSPolicy", }, }, @@ -1551,7 +1549,7 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { {Namespace: "test", Name: "not-referenced"}: getBackendTLSPolicy(notReferencedPolicyCfg), }, expectedReqs: 0, - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{ + expected: map[types.NamespacedName]v1.PolicyStatus{ {Name: "ignored-bt", Namespace: "test"}: {}, {Name: "not-referenced", Namespace: "test"}: {}, }, @@ -1563,10 +1561,10 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { {Namespace: "test", Name: "valid-bt"}: getBackendTLSPolicy(validPolicyCfg), }, expectedReqs: 1, - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{ + expected: map[types.NamespacedName]v1.PolicyStatus{ {Name: "ignored-bt", Namespace: "test"}: {}, {Name: "valid-bt", Namespace: "test"}: { - Ancestors: []v1alpha2.PolicyAncestorStatus{ + Ancestors: []v1.PolicyAncestorStatus{ { AncestorRef: v1.ParentReference{ Namespace: helpers.GetPointer[v1.Namespace]("test"), @@ -1577,11 +1575,11 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: 1, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonAccepted), + Reason: string(v1.PolicyReasonAccepted), Message: "Policy is accepted", }, }, @@ -1596,11 +1594,11 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: 1, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonAccepted), + Reason: string(v1.PolicyReasonAccepted), Message: "Policy is accepted", }, }, @@ -1616,7 +1614,7 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { t.Parallel() g := NewWithT(t) - k8sClient := createK8sClientFor(&v1alpha3.BackendTLSPolicy{}) + k8sClient := createK8sClientFor(&v1.BackendTLSPolicy{}) for _, pol := range test.backendTLSPolicies { err := k8sClient.Create(context.Background(), pol.Source) @@ -1632,7 +1630,7 @@ func TestBuildBackendTLSPolicyStatuses(t *testing.T) { updater.Update(context.Background(), reqs...) for nsname, expected := range test.expected { - var pol v1alpha3.BackendTLSPolicy + var pol v1.BackendTLSPolicy err := k8sClient.Get(context.Background(), nsname, &pol) g.Expect(err).ToNot(HaveOccurred()) @@ -1853,12 +1851,12 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { tests := []struct { policies map[graph.PolicyKey]*graph.Policy - expected map[types.NamespacedName]v1alpha2.PolicyStatus + expected map[types.NamespacedName]v1.PolicyStatus name string }{ { name: "nil policies", - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{}, + expected: map[types.NamespacedName]v1.PolicyStatus{}, }, { name: "mix valid and invalid policies", @@ -1867,9 +1865,9 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { targetRefNotFoundPolicyKey: getPolicy(targetRefNotFoundPolicyCfg), validPolicyKey: getPolicy(validPolicyCfg), }, - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{ + expected: map[types.NamespacedName]v1.PolicyStatus{ invalidPolicyKey.NsName: { - Ancestors: []v1alpha2.PolicyAncestorStatus{ + Ancestors: []v1.PolicyAncestorStatus{ { AncestorRef: v1.ParentReference{ Name: "ancestor1", @@ -1877,11 +1875,11 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, ObservedGeneration: 2, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonInvalid), + Reason: string(v1.PolicyReasonInvalid), Message: "invalid", }, }, @@ -1893,11 +1891,11 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, ObservedGeneration: 2, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonInvalid), + Reason: string(v1.PolicyReasonInvalid), Message: "invalid", }, }, @@ -1905,7 +1903,7 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { }, }, targetRefNotFoundPolicyKey.NsName: { - Ancestors: []v1alpha2.PolicyAncestorStatus{ + Ancestors: []v1.PolicyAncestorStatus{ { AncestorRef: v1.ParentReference{ Name: "ancestor1", @@ -1913,11 +1911,11 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, ObservedGeneration: 2, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonTargetNotFound), + Reason: string(v1.PolicyReasonTargetNotFound), Message: "target not found", }, }, @@ -1925,7 +1923,7 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { }, }, validPolicyKey.NsName: { - Ancestors: []v1alpha2.PolicyAncestorStatus{ + Ancestors: []v1.PolicyAncestorStatus{ { AncestorRef: v1.ParentReference{ Name: "ancestor1", @@ -1933,11 +1931,11 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: 2, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonAccepted), + Reason: string(v1.PolicyReasonAccepted), Message: "Policy is accepted", }, }, @@ -1949,11 +1947,11 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionTrue, ObservedGeneration: 2, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonAccepted), + Reason: string(v1.PolicyReasonAccepted), Message: "Policy is accepted", }, }, @@ -1967,9 +1965,9 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { policies: map[graph.PolicyKey]*graph.Policy{ multiInvalidCondsPolicyKey: getPolicy(multiInvalidCondsPolicyCfg), }, - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{ + expected: map[types.NamespacedName]v1.PolicyStatus{ multiInvalidCondsPolicyKey.NsName: { - Ancestors: []v1alpha2.PolicyAncestorStatus{ + Ancestors: []v1.PolicyAncestorStatus{ { AncestorRef: v1.ParentReference{ Name: "ancestor1", @@ -1977,11 +1975,11 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { ControllerName: gatewayCtlrName, Conditions: []metav1.Condition{ { - Type: string(v1alpha2.PolicyConditionAccepted), + Type: string(v1.PolicyConditionAccepted), Status: metav1.ConditionFalse, ObservedGeneration: 2, LastTransitionTime: transitionTime, - Reason: string(v1alpha2.PolicyReasonInvalid), + Reason: string(v1.PolicyReasonInvalid), Message: "invalid", }, }, @@ -1995,7 +1993,7 @@ func TestBuildNGFPolicyStatuses(t *testing.T) { policies: map[graph.PolicyKey]*graph.Policy{ nilAncestorPolicyKey: getPolicy(nilAncestorPolicyCfg), }, - expected: map[types.NamespacedName]v1alpha2.PolicyStatus{}, + expected: map[types.NamespacedName]v1.PolicyStatus{}, }, } diff --git a/internal/controller/status/status_setters.go b/internal/controller/status/status_setters.go index efb9f68413..fc1e1a688b 100644 --- a/internal/controller/status/status_setters.go +++ b/internal/controller/status/status_setters.go @@ -7,7 +7,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/nginx/config/policies" @@ -213,16 +212,16 @@ func newGatewayClassStatusSetter(status gatewayv1.GatewayClassStatus) Setter { } func newBackendTLSPolicyStatusSetter( - status v1alpha2.PolicyStatus, + status gatewayv1.PolicyStatus, gatewayCtlrName string, ) Setter { return func(object client.Object) (wasSet bool) { - btp := helpers.MustCastObject[*v1alpha3.BackendTLSPolicy](object) + btp := helpers.MustCastObject[*gatewayv1.BackendTLSPolicy](object) // maxAncestors is the max number of ancestor statuses which is the sum of all new ancestor statuses and all old // ancestor statuses. maxAncestors := 1 + len(btp.Status.Ancestors) - ancestors := make([]v1alpha2.PolicyAncestorStatus, 0, maxAncestors) + ancestors := make([]gatewayv1.PolicyAncestorStatus, 0, maxAncestors) // keep all the ancestor statuses that belong to other controllers for _, os := range btp.Status.Ancestors { @@ -244,7 +243,7 @@ func newBackendTLSPolicyStatusSetter( } func newNGFPolicyStatusSetter( - status v1alpha2.PolicyStatus, + status gatewayv1.PolicyStatus, gatewayCtlrName string, ) Setter { return func(object client.Object) (wasSet bool) { @@ -254,7 +253,7 @@ func newNGFPolicyStatusSetter( // maxAncestors is the max number of ancestor statuses which is the sum of all new ancestor statuses and all old // ancestor statuses. maxAncestors := len(status.Ancestors) + len(prevStatus.Ancestors) - ancestors := make([]v1alpha2.PolicyAncestorStatus, 0, maxAncestors) + ancestors := make([]gatewayv1.PolicyAncestorStatus, 0, maxAncestors) // keep all the ancestor statuses that belong to other controllers for _, as := range prevStatus.Ancestors { @@ -275,7 +274,7 @@ func newNGFPolicyStatusSetter( } } -func policyStatusEqual(gatewayCtlrName string, prev, cur v1alpha2.PolicyStatus) bool { +func policyStatusEqual(gatewayCtlrName string, prev, cur gatewayv1.PolicyStatus) bool { // Since other controllers may update Policy status we can't assume anything about the order of the // statuses, and we have to ignore statuses written by other controllers when checking for equality. // Therefore, we can't use slices.EqualFunc here because it cares about the order. @@ -286,7 +285,7 @@ func policyStatusEqual(gatewayCtlrName string, prev, cur v1alpha2.PolicyStatus) continue } - exists := slices.ContainsFunc(cur.Ancestors, func(curAncestor v1alpha2.PolicyAncestorStatus) bool { + exists := slices.ContainsFunc(cur.Ancestors, func(curAncestor gatewayv1.PolicyAncestorStatus) bool { return ancestorStatusEqual(prevAncestor, curAncestor) }) @@ -297,7 +296,7 @@ func policyStatusEqual(gatewayCtlrName string, prev, cur v1alpha2.PolicyStatus) // Then, we check if the cur status has any PolicyAncestorStatuses that are no longer present in the prev status. for _, curParent := range cur.Ancestors { - exists := slices.ContainsFunc(prev.Ancestors, func(prevAncestor v1alpha2.PolicyAncestorStatus) bool { + exists := slices.ContainsFunc(prev.Ancestors, func(prevAncestor gatewayv1.PolicyAncestorStatus) bool { return ancestorStatusEqual(curParent, prevAncestor) }) @@ -309,7 +308,7 @@ func policyStatusEqual(gatewayCtlrName string, prev, cur v1alpha2.PolicyStatus) return true } -func ancestorStatusEqual(p1, p2 v1alpha2.PolicyAncestorStatus) bool { +func ancestorStatusEqual(p1, p2 gatewayv1.PolicyAncestorStatus) bool { if p1.ControllerName != p2.ControllerName { return false } diff --git a/internal/controller/status/status_setters_test.go b/internal/controller/status/status_setters_test.go index 9f3c6f1521..da54f7f724 100644 --- a/internal/controller/status/status_setters_test.go +++ b/internal/controller/status/status_setters_test.go @@ -8,7 +8,6 @@ import ( inference "sigs.k8s.io/gateway-api-inference-extension/api/v1" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" "sigs.k8s.io/gateway-api/apis/v1alpha2" - "sigs.k8s.io/gateway-api/apis/v1alpha3" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/internal/controller/nginx/config/policies/policiesfakes" @@ -724,21 +723,21 @@ func TestNewBackendTLSPolicyStatusSetter(t *testing.T) { tests := []struct { name string - status, newStatus, expStatus v1alpha2.PolicyStatus + status, newStatus, expStatus gatewayv1.PolicyStatus expStatusSet bool }{ { name: "BackendTLSPolicy has no status", - newStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + newStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, }, }, }, - expStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + expStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, @@ -749,24 +748,24 @@ func TestNewBackendTLSPolicyStatusSetter(t *testing.T) { }, { name: "BackendTLSPolicy has old status", - newStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + newStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, }, }, }, - status: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + status: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "old condition"}}, }, }, }, - expStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + expStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, @@ -777,16 +776,16 @@ func TestNewBackendTLSPolicyStatusSetter(t *testing.T) { }, { name: "BackendTLSPolicy has old status and other controller status", - newStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + newStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, }, }, }, - status: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + status: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "old condition"}}, @@ -797,8 +796,8 @@ func TestNewBackendTLSPolicyStatusSetter(t *testing.T) { }, }, }, - expStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + expStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: otherControllerName, Conditions: []metav1.Condition{{Message: "some condition"}}, @@ -813,24 +812,24 @@ func TestNewBackendTLSPolicyStatusSetter(t *testing.T) { }, { name: "BackendTLSPolicy has same status", - newStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + newStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "same condition"}}, }, }, }, - status: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + status: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "same condition"}}, }, }, }, - expStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + expStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "same condition"}}, @@ -847,7 +846,7 @@ func TestNewBackendTLSPolicyStatusSetter(t *testing.T) { g := NewWithT(t) setter := newBackendTLSPolicyStatusSetter(test.newStatus, controllerName) - obj := &v1alpha3.BackendTLSPolicy{Status: test.status} + obj := &gatewayv1.BackendTLSPolicy{Status: test.status} statusSet := setter(obj) @@ -866,21 +865,21 @@ func TestNewNGFPolicyStatusSetter(t *testing.T) { tests := []struct { name string - status, newStatus, expStatus v1alpha2.PolicyStatus + status, newStatus, expStatus gatewayv1.PolicyStatus expStatusSet bool }{ { name: "Policy has no status", - newStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + newStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, }, }, }, - expStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + expStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, @@ -891,24 +890,24 @@ func TestNewNGFPolicyStatusSetter(t *testing.T) { }, { name: "Policy has old status", - newStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + newStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, }, }, }, - status: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + status: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "old condition"}}, }, }, }, - expStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + expStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, @@ -919,16 +918,16 @@ func TestNewNGFPolicyStatusSetter(t *testing.T) { }, { name: "Policy has old status and other controller status", - newStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + newStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "new condition"}}, }, }, }, - status: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + status: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "old condition"}}, @@ -939,8 +938,8 @@ func TestNewNGFPolicyStatusSetter(t *testing.T) { }, }, }, - expStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + expStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: otherControllerName, Conditions: []metav1.Condition{{Message: "some condition"}}, @@ -955,24 +954,24 @@ func TestNewNGFPolicyStatusSetter(t *testing.T) { }, { name: "Policy has same status", - newStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + newStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "same condition"}}, }, }, }, - status: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + status: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "same condition"}}, }, }, }, - expStatus: v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + expStatus: gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { ControllerName: controllerName, Conditions: []metav1.Condition{{Message: "same condition"}}, @@ -990,7 +989,7 @@ func TestNewNGFPolicyStatusSetter(t *testing.T) { setter := newNGFPolicyStatusSetter(test.newStatus, controllerName) obj := &policiesfakes.FakePolicy{ - GetPolicyStatusStub: func() v1alpha2.PolicyStatus { + GetPolicyStatusStub: func() gatewayv1.PolicyStatus { return test.status }, } @@ -1440,9 +1439,9 @@ func TestRouteParentStatusEqual(t *testing.T) { func TestPolicyStatusEqual(t *testing.T) { t.Parallel() - getPolicyStatus := func() v1alpha2.PolicyStatus { - return v1alpha2.PolicyStatus{ - Ancestors: []v1alpha2.PolicyAncestorStatus{ + getPolicyStatus := func() gatewayv1.PolicyStatus { + return gatewayv1.PolicyStatus{ + Ancestors: []gatewayv1.PolicyAncestorStatus{ { AncestorRef: gatewayv1.ParentReference{ Namespace: helpers.GetPointer[gatewayv1.Namespace]("ns1"), @@ -1457,16 +1456,16 @@ func TestPolicyStatusEqual(t *testing.T) { } } - type modFunc func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus + type modFunc func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus - getModifiedPolicyStatus := func(mod modFunc) v1alpha2.PolicyStatus { + getModifiedPolicyStatus := func(mod modFunc) gatewayv1.PolicyStatus { return mod(getPolicyStatus()) } prevMultiple := getPolicyStatus() prevMultiple.Ancestors = append( prevMultiple.Ancestors, - getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { ns := "ns2" s.Ancestors[0].AncestorRef.Name = "ancestor2" s.Ancestors[0].AncestorRef.Namespace = (*gatewayv1.Namespace)(&ns) @@ -1477,7 +1476,7 @@ func TestPolicyStatusEqual(t *testing.T) { currMultiple := getPolicyStatus() currMultiple.Ancestors = append( currMultiple.Ancestors, - getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { ns := "ns3" s.Ancestors[0].AncestorRef.Name = "ancestor3" s.Ancestors[0].AncestorRef.Namespace = (*gatewayv1.Namespace)(&ns) @@ -1488,8 +1487,8 @@ func TestPolicyStatusEqual(t *testing.T) { tests := []struct { name string controllerName string - previous v1alpha2.PolicyStatus - current v1alpha2.PolicyStatus + previous gatewayv1.PolicyStatus + current gatewayv1.PolicyStatus expEqual bool }{ { @@ -1502,7 +1501,7 @@ func TestPolicyStatusEqual(t *testing.T) { { name: "status not equal, different ancestor name", previous: getPolicyStatus(), - current: getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + current: getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { s.Ancestors[0].AncestorRef.Name = "diff" return s }), @@ -1512,7 +1511,7 @@ func TestPolicyStatusEqual(t *testing.T) { { name: "status not equal, different ancestor namespace", previous: getPolicyStatus(), - current: getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + current: getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { ns := "diff" s.Ancestors[0].AncestorRef.Namespace = (*gatewayv1.Namespace)(&ns) return s @@ -1523,7 +1522,7 @@ func TestPolicyStatusEqual(t *testing.T) { { name: "status not equal, different ancestor kind", previous: getPolicyStatus(), - current: getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + current: getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { s.Ancestors[0].AncestorRef.Kind = helpers.GetPointer[gatewayv1.Kind]("diff") return s }), @@ -1533,7 +1532,7 @@ func TestPolicyStatusEqual(t *testing.T) { { name: "status not equal, different ancestor group", previous: getPolicyStatus(), - current: getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + current: getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { s.Ancestors[0].AncestorRef.Group = helpers.GetPointer[gatewayv1.Group]("diff") return s }), @@ -1543,7 +1542,7 @@ func TestPolicyStatusEqual(t *testing.T) { { name: "status not equal, different controller name on current", previous: getPolicyStatus(), - current: getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + current: getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { s.Ancestors[0].ControllerName = "diff" return s }), @@ -1553,7 +1552,7 @@ func TestPolicyStatusEqual(t *testing.T) { { name: "status not equal, different conds", previous: getPolicyStatus(), - current: getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + current: getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { s.Ancestors[0].Conditions = nil return s }), @@ -1562,7 +1561,7 @@ func TestPolicyStatusEqual(t *testing.T) { }, { name: "status not equal, different controller name on previous", - previous: getModifiedPolicyStatus(func(s v1alpha2.PolicyStatus) v1alpha2.PolicyStatus { + previous: getModifiedPolicyStatus(func(s gatewayv1.PolicyStatus) gatewayv1.PolicyStatus { s.Ancestors[0].ControllerName = "diff" return s }), diff --git a/internal/framework/helpers/helpers_test.go b/internal/framework/helpers/helpers_test.go index f7365f3865..9d8a3eb188 100644 --- a/internal/framework/helpers/helpers_test.go +++ b/internal/framework/helpers/helpers_test.go @@ -7,7 +7,6 @@ import ( . "github.com/onsi/gomega" "sigs.k8s.io/controller-runtime/pkg/client" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayv1alpha3 "sigs.k8s.io/gateway-api/apis/v1alpha3" "github.com/nginx/nginx-gateway-fabric/v2/internal/framework/helpers" ) @@ -23,7 +22,7 @@ func TestMustCastObject(t *testing.T) { }).ToNot(Panic()) g.Expect(func() { - _ = helpers.MustCastObject[*gatewayv1alpha3.BackendTLSPolicy](obj) + _ = helpers.MustCastObject[*gatewayv1.BackendTLSPolicy](obj) }).To(Panic()) } diff --git a/tests/Makefile b/tests/Makefile index 320049777f..b12d833b75 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -12,7 +12,7 @@ GW_SERVICE_TYPE = NodePort## Service type to use for the gateway NGF_VERSION ?= edge## NGF version to be tested PULL_POLICY ?= Never## Pull policy for the images NGINX_CONF_DIR = internal/controller/nginx/conf -SUPPORTED_EXTENDED_FEATURES = HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRoutePortRedirect,HTTPRouteSchemeRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,GatewayPort8080,GatewayAddressEmpty,HTTPRouteResponseHeaderModification,HTTPRoutePathRedirect,GatewayHTTPListenerIsolation,GatewayInfrastructurePropagation,HTTPRouteRequestMirror,HTTPRouteRequestMultipleMirrors,HTTPRouteRequestPercentageMirror,HTTPRouteBackendProtocolWebSocket,HTTPRouteParentRefPort,HTTPRouteDestinationPortMatching,GatewayStaticAddresses +SUPPORTED_EXTENDED_FEATURES = HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRoutePortRedirect,HTTPRouteSchemeRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,GatewayPort8080,GatewayAddressEmpty,HTTPRouteResponseHeaderModification,HTTPRoutePathRedirect,GatewayHTTPListenerIsolation,GatewayInfrastructurePropagation,HTTPRouteRequestMirror,HTTPRouteRequestMultipleMirrors,HTTPRouteRequestPercentageMirror,HTTPRouteBackendProtocolWebSocket,HTTPRouteParentRefPort,HTTPRouteDestinationPortMatching,GatewayStaticAddresses,BackendTLSPolicy SUPPORTED_EXTENDED_FEATURES_OPENSHIFT = HTTPRouteQueryParamMatching,HTTPRouteMethodMatching,HTTPRoutePortRedirect,HTTPRouteSchemeRedirect,HTTPRouteHostRewrite,HTTPRoutePathRewrite,GatewayPort8080,GatewayAddressEmpty,HTTPRouteResponseHeaderModification,HTTPRoutePathRedirect,GatewayHTTPListenerIsolation,GatewayInfrastructurePropagation,HTTPRouteRequestMirror,HTTPRouteRequestMultipleMirrors,HTTPRouteRequestPercentageMirror,HTTPRouteBackendProtocolWebSocket,HTTPRouteParentRefPort,HTTPRouteDestinationPortMatching STANDARD_CONFORMANCE_PROFILES = GATEWAY-HTTP,GATEWAY-GRPC EXPERIMENTAL_CONFORMANCE_PROFILES = GATEWAY-TLS @@ -57,7 +57,7 @@ run-conformance-tests: ## Run conformance tests kubectl run -i conformance \ --image=$(CONFORMANCE_PREFIX):$(CONFORMANCE_TAG) --image-pull-policy=Never \ --overrides='{ "spec": { "serviceAccountName": "conformance" } }' \ - --restart=Never -- sh -c "go test -v . -tags conformance,experimental -args --gateway-class=$(GATEWAY_CLASS) \ + --restart=Never -- sh -c "go test -v . -run 'TestConformance/BackendTLSPolicy' -tags conformance,experimental -args --gateway-class=$(GATEWAY_CLASS) \ --supported-features=$(SUPPORTED_EXTENDED_FEATURES) --version=$(NGF_VERSION) --skip-tests=$(SKIP_TESTS) --conformance-profiles=$(CONFORMANCE_PROFILES) \ --report-output=output.txt; cat output.txt" | tee output.txt ./scripts/check-pod-exit-code.sh conformance diff --git a/tests/cel/clientsettingspolicy_test.go b/tests/cel/clientsettingspolicy_test.go index d7de613416..35e66b1a99 100644 --- a/tests/cel/clientsettingspolicy_test.go +++ b/tests/cel/clientsettingspolicy_test.go @@ -4,7 +4,7 @@ import ( "testing" controllerruntime "sigs.k8s.io/controller-runtime" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/internal/framework/helpers" @@ -22,7 +22,7 @@ func TestClientSettingsPoliciesTargetRefKind(t *testing.T) { { name: "Validate TargetRef of kind Gateway is allowed", spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: gatewayKind, Group: gatewayGroup, }, @@ -31,7 +31,7 @@ func TestClientSettingsPoliciesTargetRefKind(t *testing.T) { { name: "Validate TargetRef of kind HTTPRoute is allowed", spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: httpRouteKind, Group: gatewayGroup, }, @@ -40,7 +40,7 @@ func TestClientSettingsPoliciesTargetRefKind(t *testing.T) { { name: "Validate TargetRef of kind GRPCRoute is allowed", spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: grpcRouteKind, Group: gatewayGroup, }, @@ -50,7 +50,7 @@ func TestClientSettingsPoliciesTargetRefKind(t *testing.T) { name: "Validate Invalid TargetRef Kind is not allowed", wantErrors: []string{expectedTargetRefKindError}, spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: invalidKind, Group: gatewayGroup, }, @@ -60,7 +60,7 @@ func TestClientSettingsPoliciesTargetRefKind(t *testing.T) { name: "Validate TCPRoute TargetRef Kind is not allowed", wantErrors: []string{expectedTargetRefKindError}, spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: tcpRouteKind, Group: gatewayGroup, }, @@ -72,7 +72,7 @@ func TestClientSettingsPoliciesTargetRefKind(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() spec := tt.spec - spec.TargetRef.Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + spec.TargetRef.Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) clientSettingsPolicy := &ngfAPIv1alpha1.ClientSettingsPolicy{ ObjectMeta: controllerruntime.ObjectMeta{ Name: uniqueResourceName(testResourceName), @@ -97,7 +97,7 @@ func TestClientSettingsPoliciesTargetRefGroup(t *testing.T) { { name: "Validate gateway.networking.k8s.io TargetRef Group is allowed", spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: gatewayKind, Group: gatewayGroup, }, @@ -107,7 +107,7 @@ func TestClientSettingsPoliciesTargetRefGroup(t *testing.T) { name: "Validate invalid.networking.k8s.io TargetRef Group is not allowed", wantErrors: []string{expectedTargetRefGroupError}, spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: gatewayKind, Group: invalidGroup, }, @@ -117,7 +117,7 @@ func TestClientSettingsPoliciesTargetRefGroup(t *testing.T) { name: "Validate discovery.k8s.io/v1 TargetRef Group is not allowed", wantErrors: []string{expectedTargetRefGroupError}, spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: gatewayKind, Group: discoveryGroup, }, @@ -129,7 +129,7 @@ func TestClientSettingsPoliciesTargetRefGroup(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() spec := tt.spec - spec.TargetRef.Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + spec.TargetRef.Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) clientSettingsPolicy := &ngfAPIv1alpha1.ClientSettingsPolicy{ ObjectMeta: controllerruntime.ObjectMeta{ Name: uniqueResourceName(testResourceName), @@ -154,7 +154,7 @@ func TestClientSettingsPoliciesKeepAliveTimeout(t *testing.T) { { name: "Validate KeepAliveTimeout is not set", spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: gatewayKind, Group: gatewayGroup, }, @@ -164,7 +164,7 @@ func TestClientSettingsPoliciesKeepAliveTimeout(t *testing.T) { { name: "Validate KeepAlive is set", spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: gatewayKind, Group: gatewayGroup, }, @@ -180,7 +180,7 @@ func TestClientSettingsPoliciesKeepAliveTimeout(t *testing.T) { name: "Validate Header cannot be set without Server", wantErrors: []string{expectedHeaderWithoutServerError}, spec: ngfAPIv1alpha1.ClientSettingsPolicySpec{ - TargetRef: gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRef: gatewayv1.LocalPolicyTargetReference{ Kind: gatewayKind, Group: gatewayGroup, }, @@ -197,7 +197,7 @@ func TestClientSettingsPoliciesKeepAliveTimeout(t *testing.T) { t.Run(tt.name, func(t *testing.T) { t.Parallel() spec := tt.spec - spec.TargetRef.Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + spec.TargetRef.Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) clientSettingsPolicy := &ngfAPIv1alpha1.ClientSettingsPolicy{ ObjectMeta: controllerruntime.ObjectMeta{ Name: uniqueResourceName(testResourceName), diff --git a/tests/cel/observabilitypolicy_test.go b/tests/cel/observabilitypolicy_test.go index c609243943..e98489d22d 100644 --- a/tests/cel/observabilitypolicy_test.go +++ b/tests/cel/observabilitypolicy_test.go @@ -5,7 +5,7 @@ import ( "testing" controllerruntime "sigs.k8s.io/controller-runtime" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" "github.com/nginx/nginx-gateway-fabric/v2/internal/framework/helpers" @@ -23,7 +23,7 @@ func TestObservabilityPoliciesTargetRefKind(t *testing.T) { { name: "Validate TargetRef of kind HTTPRoute is allowed", spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, Group: gatewayGroup, @@ -34,7 +34,7 @@ func TestObservabilityPoliciesTargetRefKind(t *testing.T) { { name: "Validate TargetRef of kind GRPCRoute is allowed", spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: grpcRouteKind, Group: gatewayGroup, @@ -46,7 +46,7 @@ func TestObservabilityPoliciesTargetRefKind(t *testing.T) { name: "Validate Invalid TargetRef Kind is not allowed", wantErrors: []string{expectedTargetRefMustBeHTTPRouteOrGrpcRouteError}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: invalidKind, Group: gatewayGroup, @@ -58,7 +58,7 @@ func TestObservabilityPoliciesTargetRefKind(t *testing.T) { name: "Validate TCPRoute TargetRef Kind is not allowed", wantErrors: []string{expectedTargetRefMustBeHTTPRouteOrGrpcRouteError}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: tcpRouteKind, Group: gatewayGroup, @@ -70,7 +70,7 @@ func TestObservabilityPoliciesTargetRefKind(t *testing.T) { name: "Validate TargetRef of kind Gateway is not allowed", wantErrors: []string{expectedTargetRefMustBeHTTPRouteOrGrpcRouteError}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: gatewayKind, Group: gatewayGroup, @@ -81,7 +81,7 @@ func TestObservabilityPoliciesTargetRefKind(t *testing.T) { { name: "Validate ObservabilityPolicy is applied when one TargetRef is valid and another is invalid", spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: gatewayKind, Group: gatewayGroup, @@ -101,7 +101,7 @@ func TestObservabilityPoliciesTargetRefKind(t *testing.T) { spec := tt.spec for i := range spec.TargetRefs { - spec.TargetRefs[i].Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + spec.TargetRefs[i].Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) } observabilityPolicy := &ngfAPIv1alpha2.ObservabilityPolicy{ @@ -128,7 +128,7 @@ func TestObservabilityPoliciesTargetRefGroup(t *testing.T) { { name: "Validate gateway.networking.k8s.io TargetRef Group is allowed", spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, Group: gatewayGroup, @@ -140,7 +140,7 @@ func TestObservabilityPoliciesTargetRefGroup(t *testing.T) { name: "Validate invalid.networking.k8s.io TargetRef Group is not allowed", wantErrors: []string{expectedTargetRefGroupError}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, Group: invalidGroup, @@ -152,7 +152,7 @@ func TestObservabilityPoliciesTargetRefGroup(t *testing.T) { name: "Validate discovery.k8s.io/v1 TargetRef Group is not allowed", wantErrors: []string{expectedTargetRefGroupError}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, Group: discoveryGroup, @@ -168,7 +168,7 @@ func TestObservabilityPoliciesTargetRefGroup(t *testing.T) { spec := tt.spec for i := range spec.TargetRefs { - spec.TargetRefs[i].Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + spec.TargetRefs[i].Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) } observabilityPolicy := &ngfAPIv1alpha2.ObservabilityPolicy{ @@ -196,15 +196,15 @@ func TestObservabilityPoliciesTargetRefKindAndNameCombo(t *testing.T) { name: "Validate resource is invalid when TargetRef Kind and Name combination is not unique", wantErrors: []string{expectedTargetRefKindAndNameComboMustBeUnique}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, - Name: gatewayv1alpha2.ObjectName(testTargetRefName), + Name: gatewayv1.ObjectName(testTargetRefName), Group: gatewayGroup, }, { Kind: httpRouteKind, - Name: gatewayv1alpha2.ObjectName(testTargetRefName), + Name: gatewayv1.ObjectName(testTargetRefName), Group: gatewayGroup, }, }, @@ -213,15 +213,15 @@ func TestObservabilityPoliciesTargetRefKindAndNameCombo(t *testing.T) { { name: "Validate resource is valid when TargetRef Kind and Name combination is unique using different kinds", spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, - Name: gatewayv1alpha2.ObjectName(testTargetRefName), + Name: gatewayv1.ObjectName(testTargetRefName), Group: gatewayGroup, }, { Kind: grpcRouteKind, - Name: gatewayv1alpha2.ObjectName(testTargetRefName), + Name: gatewayv1.ObjectName(testTargetRefName), Group: gatewayGroup, }, }, @@ -230,15 +230,15 @@ func TestObservabilityPoliciesTargetRefKindAndNameCombo(t *testing.T) { { name: "Validate resource is valid when TargetRef Kind and Name combination is unique using different names", spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, - Name: gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)), + Name: gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)), Group: gatewayGroup, }, { Kind: grpcRouteKind, - Name: gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)), + Name: gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)), Group: gatewayGroup, }, }, @@ -248,20 +248,20 @@ func TestObservabilityPoliciesTargetRefKindAndNameCombo(t *testing.T) { name: "Validate three TargetRefs with one duplicate name are not allowed", wantErrors: []string{expectedTargetRefKindAndNameComboMustBeUnique}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, - Name: gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)), + Name: gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)), Group: gatewayGroup, }, { Kind: grpcRouteKind, - Name: gatewayv1alpha2.ObjectName(testTargetRefName), + Name: gatewayv1.ObjectName(testTargetRefName), Group: gatewayGroup, }, { Kind: grpcRouteKind, - Name: gatewayv1alpha2.ObjectName(testTargetRefName), + Name: gatewayv1.ObjectName(testTargetRefName), Group: gatewayGroup, }, }, @@ -271,25 +271,25 @@ func TestObservabilityPoliciesTargetRefKindAndNameCombo(t *testing.T) { name: "Validate multiple duplicate TargetRefs are not allowed", wantErrors: []string{expectedTargetRefKindAndNameComboMustBeUnique}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: grpcRouteKind, - Name: gatewayv1alpha2.ObjectName(fmt.Sprintf("duplicate-group-1-%s", testTargetRefName)), + Name: gatewayv1.ObjectName(fmt.Sprintf("duplicate-group-1-%s", testTargetRefName)), Group: gatewayGroup, }, { Kind: grpcRouteKind, - Name: gatewayv1alpha2.ObjectName(fmt.Sprintf("duplicate-group-1-%s", testTargetRefName)), + Name: gatewayv1.ObjectName(fmt.Sprintf("duplicate-group-1-%s", testTargetRefName)), Group: gatewayGroup, }, { Kind: grpcRouteKind, - Name: gatewayv1alpha2.ObjectName(fmt.Sprintf("duplicate-group-2-%s", testTargetRefName)), + Name: gatewayv1.ObjectName(fmt.Sprintf("duplicate-group-2-%s", testTargetRefName)), Group: gatewayGroup, }, { Kind: grpcRouteKind, - Name: gatewayv1alpha2.ObjectName(fmt.Sprintf("duplicate-group-2-%s", testTargetRefName)), + Name: gatewayv1.ObjectName(fmt.Sprintf("duplicate-group-2-%s", testTargetRefName)), Group: gatewayGroup, }, }, @@ -326,7 +326,7 @@ func TestObservabilityPoliciesTracing(t *testing.T) { { name: "Validate ObservabilityPolicy is applied when ratio is set and strategy is TraceStrategyRatio", spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, Group: gatewayGroup, @@ -342,7 +342,7 @@ func TestObservabilityPoliciesTracing(t *testing.T) { name: "Validate ObservabilityPolicy is invalid when ratio is set and strategy is not TraceStrategyRatio", wantErrors: []string{expectedStrategyMustBeOfTypeRatio}, spec: ngfAPIv1alpha2.ObservabilityPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, Group: gatewayGroup, @@ -362,7 +362,7 @@ func TestObservabilityPoliciesTracing(t *testing.T) { spec := tt.spec for i := range spec.TargetRefs { - spec.TargetRefs[i].Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + spec.TargetRefs[i].Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) } observabilityPolicy := &ngfAPIv1alpha2.ObservabilityPolicy{ diff --git a/tests/cel/upstreamsettingspolicy_test.go b/tests/cel/upstreamsettingspolicy_test.go index 148e725c22..35a4fbd364 100644 --- a/tests/cel/upstreamsettingspolicy_test.go +++ b/tests/cel/upstreamsettingspolicy_test.go @@ -4,7 +4,7 @@ import ( "testing" controllerruntime "sigs.k8s.io/controller-runtime" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" + gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" ) @@ -21,7 +21,7 @@ func TestUpstreamSettingsPolicyTargetRefKind(t *testing.T) { { name: "Validate TargetRef of kind Service is allowed", spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -32,7 +32,7 @@ func TestUpstreamSettingsPolicyTargetRefKind(t *testing.T) { { name: "Validate multiple TargetRefs of kind Service are allowed", spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -48,7 +48,7 @@ func TestUpstreamSettingsPolicyTargetRefKind(t *testing.T) { name: "Validate TargetRef of kind Gateway is not allowed", wantErrors: []string{expectedTargetRefKindServiceError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: gatewayKind, Group: coreGroup, @@ -60,7 +60,7 @@ func TestUpstreamSettingsPolicyTargetRefKind(t *testing.T) { name: "Validate TargetRef of kind HTTPRoute is not allowed", wantErrors: []string{expectedTargetRefKindServiceError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: httpRouteKind, Group: coreGroup, @@ -72,7 +72,7 @@ func TestUpstreamSettingsPolicyTargetRefKind(t *testing.T) { name: "Validate invalid TargetRef Kind is not allowed", wantErrors: []string{expectedTargetRefKindServiceError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: invalidKind, Group: coreGroup, @@ -84,7 +84,7 @@ func TestUpstreamSettingsPolicyTargetRefKind(t *testing.T) { name: "Validate mixed TargetRef kinds - one valid, one invalid", wantErrors: []string{expectedTargetRefKindServiceError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -103,7 +103,7 @@ func TestUpstreamSettingsPolicyTargetRefKind(t *testing.T) { t.Parallel() for i := range tt.spec.TargetRefs { - tt.spec.TargetRefs[i].Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + tt.spec.TargetRefs[i].Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) } upstreamSettingsPolicy := &ngfAPIv1alpha1.UpstreamSettingsPolicy{ @@ -130,7 +130,7 @@ func TestUpstreamSettingsPolicyTargetRefGroup(t *testing.T) { { name: "Validate TargetRef with core group is allowed", spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -141,7 +141,7 @@ func TestUpstreamSettingsPolicyTargetRefGroup(t *testing.T) { { name: "Validate TargetRef with empty group is allowed", spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: emptyGroup, @@ -152,7 +152,7 @@ func TestUpstreamSettingsPolicyTargetRefGroup(t *testing.T) { { name: "Validate multiple TargetRefs with valid groups are allowed", spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -168,7 +168,7 @@ func TestUpstreamSettingsPolicyTargetRefGroup(t *testing.T) { name: "Validate TargetRef with gateway group is not allowed", wantErrors: []string{expectedTargetRefGroupCoreError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: gatewayGroup, @@ -180,7 +180,7 @@ func TestUpstreamSettingsPolicyTargetRefGroup(t *testing.T) { name: "Validate TargetRef with invalid group is not allowed", wantErrors: []string{expectedTargetRefGroupCoreError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: invalidGroup, @@ -191,7 +191,7 @@ func TestUpstreamSettingsPolicyTargetRefGroup(t *testing.T) { { name: "Validate mixed TargetRef groups with valid core group passes due to current CEL rule", spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -207,7 +207,7 @@ func TestUpstreamSettingsPolicyTargetRefGroup(t *testing.T) { name: "Validate all TargetRef groups are invalid", wantErrors: []string{expectedTargetRefGroupCoreError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: gatewayGroup, @@ -226,7 +226,7 @@ func TestUpstreamSettingsPolicyTargetRefGroup(t *testing.T) { t.Parallel() for i := range tt.spec.TargetRefs { - tt.spec.TargetRefs[i].Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + tt.spec.TargetRefs[i].Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) } upstreamSettingsPolicy := &ngfAPIv1alpha1.UpstreamSettingsPolicy{ @@ -253,7 +253,7 @@ func TestUpstreamSettingsPolicyTargetRefNameUniqueness(t *testing.T) { { name: "Validate single TargetRef with unique name is allowed", spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -264,7 +264,7 @@ func TestUpstreamSettingsPolicyTargetRefNameUniqueness(t *testing.T) { { name: "Validate multiple TargetRefs with unique names are allowed", spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -284,7 +284,7 @@ func TestUpstreamSettingsPolicyTargetRefNameUniqueness(t *testing.T) { name: "Validate duplicate TargetRef names are not allowed", wantErrors: []string{expectedTargetRefNameUniqueError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -302,7 +302,7 @@ func TestUpstreamSettingsPolicyTargetRefNameUniqueness(t *testing.T) { name: "Validate three TargetRefs with one duplicate name are not allowed", wantErrors: []string{expectedTargetRefNameUniqueError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -325,7 +325,7 @@ func TestUpstreamSettingsPolicyTargetRefNameUniqueness(t *testing.T) { name: "Validate multiple duplicates are not allowed", wantErrors: []string{expectedTargetRefNameUniqueError}, spec: ngfAPIv1alpha1.UpstreamSettingsPolicySpec{ - TargetRefs: []gatewayv1alpha2.LocalPolicyTargetReference{ + TargetRefs: []gatewayv1.LocalPolicyTargetReference{ { Kind: serviceKind, Group: coreGroup, @@ -357,7 +357,7 @@ func TestUpstreamSettingsPolicyTargetRefNameUniqueness(t *testing.T) { for i := range tt.spec.TargetRefs { if tt.spec.TargetRefs[i].Name == "" { - tt.spec.TargetRefs[i].Name = gatewayv1alpha2.ObjectName(uniqueResourceName(testTargetRefName)) + tt.spec.TargetRefs[i].Name = gatewayv1.ObjectName(uniqueResourceName(testTargetRefName)) } } diff --git a/tests/conformance/conformance-rbac.yaml b/tests/conformance/conformance-rbac.yaml index f063191f98..55c058d7e0 100644 --- a/tests/conformance/conformance-rbac.yaml +++ b/tests/conformance/conformance-rbac.yaml @@ -44,6 +44,7 @@ rules: - referencegrants - gatewayclasses - tlsroutes + - backendtlspolicies verbs: - create - delete diff --git a/tests/go.mod b/tests/go.mod index ccc2d8a5a5..da454431cd 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -16,7 +16,7 @@ require ( k8s.io/apimachinery v0.34.1 k8s.io/client-go v0.34.1 sigs.k8s.io/controller-runtime v0.22.3 - sigs.k8s.io/gateway-api v1.3.0 + sigs.k8s.io/gateway-api v1.4.0 sigs.k8s.io/gateway-api-inference-extension v1.0.1 sigs.k8s.io/yaml v1.6.0 ) @@ -26,14 +26,15 @@ require ( github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect - github.com/emicklei/go-restful/v3 v3.12.2 // indirect + github.com/emicklei/go-restful/v3 v3.13.0 // indirect github.com/evanphx/json-patch/v5 v5.9.11 // indirect github.com/fsnotify/fsnotify v1.9.0 // indirect github.com/fxamacker/cbor/v2 v2.9.0 // indirect github.com/go-logr/logr v1.4.3 // indirect - github.com/go-openapi/jsonpointer v0.21.0 // indirect + github.com/go-logr/zapr v1.3.0 // indirect + github.com/go-openapi/jsonpointer v0.21.2 // indirect github.com/go-openapi/jsonreference v0.21.0 // indirect - github.com/go-openapi/swag v0.23.0 // indirect + github.com/go-openapi/swag v0.23.1 // indirect github.com/go-task/slim-sprig/v3 v3.0.0 // indirect github.com/gogo/protobuf v1.3.2 // indirect github.com/google/btree v1.1.3 // indirect @@ -45,8 +46,8 @@ require ( github.com/influxdata/tdigest v0.0.1 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/mailru/easyjson v0.7.7 // indirect - github.com/miekg/dns v1.1.65 // indirect + github.com/mailru/easyjson v0.9.0 // indirect + github.com/miekg/dns v1.1.68 // indirect github.com/moby/spdystream v0.5.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.3-0.20250322232337-35a7c28c31ee // indirect @@ -60,6 +61,8 @@ require ( github.com/stretchr/testify v1.11.1 // indirect github.com/x448/float16 v0.8.4 // indirect go.uber.org/automaxprocs v1.6.0 // indirect + go.uber.org/multierr v1.11.0 // indirect + go.uber.org/zap v1.27.0 // indirect go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/mod v0.29.0 // indirect @@ -72,16 +75,18 @@ require ( golang.org/x/time v0.12.0 // indirect golang.org/x/tools v0.37.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 // indirect google.golang.org/grpc v1.76.0 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/klog/v2 v2.130.1 // indirect - k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b // indirect - k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 // indirect - sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 // indirect + k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect + k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d // indirect + sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 // indirect sigs.k8s.io/randfill v1.0.0 // indirect sigs.k8s.io/structured-merge-diff/v6 v6.3.0 // indirect ) + +replace sigs.k8s.io/gateway-api => sigs.k8s.io/gateway-api v1.4.0 diff --git a/tests/go.sum b/tests/go.sum index cdeefc5d7f..4a04912150 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -14,8 +14,8 @@ github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc h1:U9qPSI2PIWSS1 github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654 h1:XOPLOMn/zT4jIgxfxSsoXPxkrzz0FaCHwp33x5POJ+Q= github.com/dgryski/go-gk v0.0.0-20200319235926-a69029f61654/go.mod h1:qm+vckxRlDt0aOla0RYJJVeqHZlWfOm2UIxHaqPB46E= -github.com/emicklei/go-restful/v3 v3.12.2 h1:DhwDP0vY3k8ZzE0RunuJy8GhNpPL6zqLkDf9B/a0/xU= -github.com/emicklei/go-restful/v3 v3.12.2/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= +github.com/emicklei/go-restful/v3 v3.13.0 h1:C4Bl2xDndpU6nJ4bc1jXd+uTmYPVUwkD6bFY/oTyCes= +github.com/emicklei/go-restful/v3 v3.13.0/go.mod h1:6n3XBCmQQb25CM2LCACGz8ukIrRry+4bhvbpWn3mrbc= github.com/evanphx/json-patch v0.5.2 h1:xVCHIVMUu1wtM/VkR9jVZ45N3FhZfYMMYGorLCR8P3k= github.com/evanphx/json-patch v0.5.2/go.mod h1:ZWS5hhDbVDyob71nXKNL0+PWn6ToqBHMikGIFbs31qQ= github.com/evanphx/json-patch/v5 v5.9.11 h1:/8HVnzMq13/3x9TPvjG08wUGqBTmZBsCWzjTM0wiaDU= @@ -36,12 +36,12 @@ github.com/go-logr/stdr v1.2.2 h1:hSWxHoqTgW2S2qGc0LTAI563KZ5YKYRhT3MFKZMbjag= github.com/go-logr/stdr v1.2.2/go.mod h1:mMo/vtBO5dYbehREoey6XUKy/eSumjCCveDpRre4VKE= github.com/go-logr/zapr v1.3.0 h1:XGdV8XW8zdwFiwOA2Dryh1gj2KRQyOOoNmBy4EplIcQ= github.com/go-logr/zapr v1.3.0/go.mod h1:YKepepNBd1u/oyhd/yQmtjVXmm9uML4IXUgMOwR8/Gg= -github.com/go-openapi/jsonpointer v0.21.0 h1:YgdVicSA9vH5RiHs9TZW5oyafXZFc6+2Vc1rr/O9oNQ= -github.com/go-openapi/jsonpointer v0.21.0/go.mod h1:IUyH9l/+uyhIYQ/PXVA41Rexl+kOkAPDdXEYns6fzUY= +github.com/go-openapi/jsonpointer v0.21.2 h1:AqQaNADVwq/VnkCmQg6ogE+M3FOsKTytwges0JdwVuA= +github.com/go-openapi/jsonpointer v0.21.2/go.mod h1:50I1STOfbY1ycR8jGz8DaMeLCdXiI6aDteEdRNNzpdk= github.com/go-openapi/jsonreference v0.21.0 h1:Rs+Y7hSXT83Jacb7kFyjn4ijOuVGSvOdF2+tg1TRrwQ= github.com/go-openapi/jsonreference v0.21.0/go.mod h1:LmZmgsrTkVg9LG4EaHeY8cBDslNPMo06cago5JNLkm4= -github.com/go-openapi/swag v0.23.0 h1:vsEVJDUo2hPJ2tu0/Xc+4noaxyEffXNIs3cOULZ+GrE= -github.com/go-openapi/swag v0.23.0/go.mod h1:esZ8ITTYEsH1V2trKHjAN8Ai7xHb8RV+YSZ577vPjgQ= +github.com/go-openapi/swag v0.23.1 h1:lpsStH0n2ittzTnbaSloVZLuB5+fvSY/+hnagBjSNZU= +github.com/go-openapi/swag v0.23.1/go.mod h1:STZs8TbRvEQQKUA+JZNAm3EWlgaOBGpyFDqQnDHMef0= github.com/go-task/slim-sprig/v3 v3.0.0 h1:sUs3vkvUymDpBKi3qH1YSqBQk9+9D/8M2mN1vB6EwHI= github.com/go-task/slim-sprig/v3 v3.0.0/go.mod h1:W848ghGpv3Qj3dhTPRyJypKRiqCdHZiAzKg9hl15HA8= github.com/goccy/go-yaml v1.18.0 h1:8W7wMFS12Pcas7KU+VVkaiCng+kG8QiFeFwzFb+rwuw= @@ -86,14 +86,14 @@ github.com/kr/text v0.2.0 h1:5Nx0Ya0ZqY2ygV366QzturHI13Jq95ApcVaJBhpS+AY= github.com/kr/text v0.2.0/go.mod h1:eLer722TekiGuMkidMxC/pM04lWEeraHUUmBw8l2grE= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= -github.com/mailru/easyjson v0.7.7 h1:UGYAvKxe3sBsEDzO8ZeWOSlIQfWFlxbzLZe7hwFURr0= -github.com/mailru/easyjson v0.7.7/go.mod h1:xzfreul335JAWq5oZzymOObrkdz5UnU4kGfJJLY9Nlc= +github.com/mailru/easyjson v0.9.0 h1:PrnmzHw7262yW8sTBwxi1PdJA3Iw/EKBa8psRf7d9a4= +github.com/mailru/easyjson v0.9.0/go.mod h1:1+xMtQp2MRNVL/V1bOzuP3aP8VNwRW55fQUto+XFtTU= github.com/maruel/natural v1.1.1 h1:Hja7XhhmvEFhcByqDoHz9QZbkWey+COd9xWfCfn1ioo= github.com/maruel/natural v1.1.1/go.mod h1:v+Rfd79xlw1AgVBjbO0BEQmptqb5HvL/k9GRHB7ZKEg= github.com/mfridman/tparse v0.18.0 h1:wh6dzOKaIwkUGyKgOntDW4liXSo37qg5AXbIhkMV3vE= github.com/mfridman/tparse v0.18.0/go.mod h1:gEvqZTuCgEhPbYk/2lS3Kcxg1GmTxxU7kTC8DvP0i/A= -github.com/miekg/dns v1.1.65 h1:0+tIPHzUW0GCge7IiK3guGP57VAw7hoPDfApjkMD1Fc= -github.com/miekg/dns v1.1.65/go.mod h1:Dzw9769uoKVaLuODMDZz9M6ynFU6Em65csPuoi8G0ck= +github.com/miekg/dns v1.1.68 h1:jsSRkNozw7G/mnmXULynzMNIsgY2dHC8LO6U6Ij2JEA= +github.com/miekg/dns v1.1.68/go.mod h1:fujopn7TB3Pu3JM69XaawiU0wqjpL9/8xGop5UrTPps= github.com/moby/spdystream v0.5.0 h1:7r0J1Si3QO/kjRitvSLVVFUjxMEb/YLj6S9FF62JBCU= github.com/moby/spdystream v0.5.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -232,8 +232,8 @@ gonum.org/v1/gonum v0.0.0-20181121035319-3f7ecaa7e8ca/go.mod h1:Y+Yx5eoAFn32cQvJ gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= gonum.org/v1/netlib v0.0.0-20181029234149-ec6d1f5cefe6/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5 h1:eaY8u2EuxbRv7c3NiGK0/NedzVsCcV6hDuU5qPX5EGE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250825161204-c5933d9347a5/go.mod h1:M4/wBTSeyLxupu3W3tJtOgB14jILAS/XWPSSa3TAlJc= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 h1:pmJpJEvT846VzausCQ5d7KreSROcDqmO388w5YbnltA= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1/go.mod h1:GmFNa4BdJZ2a8G+wCe9Bg3wwThLrJun751XstdJt5Og= google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= @@ -257,20 +257,20 @@ k8s.io/client-go v0.34.1 h1:ZUPJKgXsnKwVwmKKdPfw4tB58+7/Ik3CrjOEhsiZ7mY= k8s.io/client-go v0.34.1/go.mod h1:kA8v0FP+tk6sZA0yKLRG67LWjqufAoSHA2xVGKw9Of8= k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b h1:MloQ9/bdJyIu9lb1PzujOPolHyvO06MXG5TUIj2mNAA= -k8s.io/kube-openapi v0.0.0-20250710124328-f3f2b991d03b/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397 h1:hwvWFiBzdWw1FhfY1FooPn3kzWuJ8tmbZBHi4zVsl1Y= -k8s.io/utils v0.0.0-20250604170112-4c0f3b243397/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= +k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaCjDbf07wVh6yaUlTpunnkE= +k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= +k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= pgregory.net/rapid v1.1.0 h1:CMa0sjHSru3puNx+J0MIAuiiEV4N0qj8/cMWGBBCsjw= pgregory.net/rapid v1.1.0/go.mod h1:PY5XlDGj0+V1FCq0o192FdRhpKHGTRIWBgqjDBTrq04= sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y= sigs.k8s.io/controller-runtime v0.22.3/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= -sigs.k8s.io/gateway-api v1.3.0 h1:q6okN+/UKDATola4JY7zXzx40WO4VISk7i9DIfOvr9M= -sigs.k8s.io/gateway-api v1.3.0/go.mod h1:d8NV8nJbaRbEKem+5IuxkL8gJGOZ+FJ+NvOIltV8gDk= +sigs.k8s.io/gateway-api v1.4.0 h1:ZwlNM6zOHq0h3WUX2gfByPs2yAEsy/EenYJB78jpQfQ= +sigs.k8s.io/gateway-api v1.4.0/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= sigs.k8s.io/gateway-api-inference-extension v1.0.1 h1:n/zyxk/1RCT1nNoCdKiZsN7XTz9mTk3Cu1fWWbtZMBw= sigs.k8s.io/gateway-api-inference-extension v1.0.1/go.mod h1:qxSY10qt2+YnZJ43VfpMXa6wpiENPderI2BnNZ4Kxfc= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8 h1:gBQPwqORJ8d8/YNZWEjoZs7npUVDpVXUUOFfW6CgAqE= -sigs.k8s.io/json v0.0.0-20241014173422-cfa47c3a1cc8/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= +sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= sigs.k8s.io/randfill v1.0.0/go.mod h1:XeLlZ/jmk4i1HRopwe7/aU3H5n1zNUcX6TM94b3QxOY= sigs.k8s.io/structured-merge-diff/v6 v6.3.0 h1:jTijUJbW353oVOd9oTlifJqOGEkUw2jB/fXCbTiQEco= diff --git a/tests/suite/client_settings_test.go b/tests/suite/client_settings_test.go index e02283ea99..2422364cf6 100644 --- a/tests/suite/client_settings_test.go +++ b/tests/suite/client_settings_test.go @@ -15,7 +15,7 @@ import ( "k8s.io/apimachinery/pkg/types" "k8s.io/apimachinery/pkg/util/wait" "sigs.k8s.io/controller-runtime/pkg/client" - "sigs.k8s.io/gateway-api/apis/v1alpha2" + v1 "sigs.k8s.io/gateway-api/apis/v1" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/tests/framework" @@ -346,7 +346,7 @@ func waitForCSPolicyToBeAccepted(policyNsname types.NamespacedName) error { policyNsname, ) - return waitForClientSettingsAncestorStatus(ctx, policyNsname, metav1.ConditionTrue, v1alpha2.PolicyReasonAccepted) + return waitForClientSettingsAncestorStatus(ctx, policyNsname, metav1.ConditionTrue, v1.PolicyReasonAccepted) } func waitForCSPolicyToBeConflicted(policyNsname types.NamespacedName) error { @@ -362,7 +362,7 @@ func waitForCSPolicyToBeConflicted(policyNsname types.NamespacedName) error { ctx, policyNsname, metav1.ConditionFalse, - v1alpha2.PolicyReasonConflicted, + v1.PolicyReasonConflicted, ) } @@ -379,7 +379,7 @@ func waitForCSPolicyToHaveTargetNotFoundAcceptedCond(policyNsname types.Namespac ctx, policyNsname, metav1.ConditionFalse, - v1alpha2.PolicyReasonTargetNotFound, + v1.PolicyReasonTargetNotFound, ) } @@ -387,7 +387,7 @@ func waitForClientSettingsAncestorStatus( ctx context.Context, policyNsname types.NamespacedName, condStatus metav1.ConditionStatus, - condReason v1alpha2.PolicyConditionReason, + condReason v1.PolicyConditionReason, ) error { return wait.PollUntilContextCancel( ctx, @@ -427,9 +427,9 @@ func waitForClientSettingsAncestorStatus( } func ancestorStatusMustHaveAcceptedCondition( - status v1alpha2.PolicyAncestorStatus, + status v1.PolicyAncestorStatus, condStatus metav1.ConditionStatus, - condReason v1alpha2.PolicyConditionReason, + condReason v1.PolicyConditionReason, ) error { GinkgoWriter.Printf("Checking if ancestor status has accepted condition\n") if len(status.Conditions) != 1 { @@ -439,7 +439,7 @@ func ancestorStatusMustHaveAcceptedCondition( return tooManyConditionsErr } - if status.Conditions[0].Type != string(v1alpha2.RouteConditionAccepted) { + if status.Conditions[0].Type != string(v1.RouteConditionAccepted) { wrongTypeErr := fmt.Errorf("expected condition type to be Accepted, got %s", status.Conditions[0].Type) GinkgoWriter.Printf("ERROR: %v\n", wrongTypeErr) @@ -464,8 +464,8 @@ func ancestorStatusMustHaveAcceptedCondition( } func ancestorMustEqualTargetRef( - ancestor v1alpha2.PolicyAncestorStatus, - targetRef v1alpha2.LocalPolicyTargetReference, + ancestor v1.PolicyAncestorStatus, + targetRef v1.LocalPolicyTargetReference, namespace string, ) error { if ancestor.ControllerName != ngfControllerName { diff --git a/tests/suite/tracing_test.go b/tests/suite/tracing_test.go index 9b31d47be0..1df06598df 100644 --- a/tests/suite/tracing_test.go +++ b/tests/suite/tracing_test.go @@ -15,7 +15,6 @@ import ( "k8s.io/apimachinery/pkg/types" "sigs.k8s.io/controller-runtime/pkg/client" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - gatewayv1alpha2 "sigs.k8s.io/gateway-api/apis/v1alpha2" ngfAPIv1alpha1 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" ngfAPIv1alpha2 "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha2" @@ -280,7 +279,7 @@ func verifyPolicyStatus() error { var count int for _, ancestor := range pol.Status.Ancestors { for _, cond := range ancestor.Conditions { - if cond.Type == string(gatewayv1alpha2.PolicyConditionAccepted) && cond.Status == metav1.ConditionTrue { + if cond.Type == string(gatewayv1.PolicyConditionAccepted) && cond.Status == metav1.ConditionTrue { count++ } } diff --git a/tests/suite/upstream_settings_test.go b/tests/suite/upstream_settings_test.go index 2d53aac520..8de3d04994 100644 --- a/tests/suite/upstream_settings_test.go +++ b/tests/suite/upstream_settings_test.go @@ -14,7 +14,6 @@ import ( "k8s.io/apimachinery/pkg/util/wait" "sigs.k8s.io/controller-runtime/pkg/client" gatewayv1 "sigs.k8s.io/gateway-api/apis/v1" - "sigs.k8s.io/gateway-api/apis/v1alpha2" ngfAPI "github.com/nginx/nginx-gateway-fabric/v2/apis/v1alpha1" "github.com/nginx/nginx-gateway-fabric/v2/tests/framework" @@ -96,7 +95,7 @@ var _ = Describe("UpstreamSettingsPolicy", Ordered, Label("functional", "uspolic uspolicyNsName, gatewayName, metav1.ConditionTrue, - v1alpha2.PolicyReasonAccepted, + gatewayv1.PolicyReasonAccepted, ) Expect(err).ToNot(HaveOccurred(), fmt.Sprintf("%s was not accepted", name)) } @@ -271,15 +270,15 @@ var _ = Describe("UpstreamSettingsPolicy", Ordered, Label("functional", "uspolic }) DescribeTable("upstreamSettingsPolicy status is set as expected", - func(name string, status metav1.ConditionStatus, condReason v1alpha2.PolicyConditionReason) { + func(name string, status metav1.ConditionStatus, condReason gatewayv1.PolicyConditionReason) { uspolicyNsName := types.NamespacedName{Name: name, Namespace: namespace} Expect(waitForUSPolicyStatus(uspolicyNsName, gatewayName, status, condReason)).To(Succeed()) }, - Entry("uspolicy merge-usp-1", "merge-usp-1", metav1.ConditionTrue, v1alpha2.PolicyReasonAccepted), - Entry("uspolicy merge-usp-2", "merge-usp-2", metav1.ConditionTrue, v1alpha2.PolicyReasonAccepted), - Entry("uspolicy merge-usp-3", "z-merge-usp-3", metav1.ConditionFalse, v1alpha2.PolicyReasonConflicted), - Entry("uspolicy a-usp-wins", "a-usp-wins", metav1.ConditionTrue, v1alpha2.PolicyReasonAccepted), - Entry("uspolicy z-usp", "z-usp", metav1.ConditionFalse, v1alpha2.PolicyReasonConflicted), + Entry("uspolicy merge-usp-1", "merge-usp-1", metav1.ConditionTrue, gatewayv1.PolicyReasonAccepted), + Entry("uspolicy merge-usp-2", "merge-usp-2", metav1.ConditionTrue, gatewayv1.PolicyReasonAccepted), + Entry("uspolicy merge-usp-3", "z-merge-usp-3", metav1.ConditionFalse, gatewayv1.PolicyReasonConflicted), + Entry("uspolicy a-usp-wins", "a-usp-wins", metav1.ConditionTrue, gatewayv1.PolicyReasonAccepted), + Entry("uspolicy z-usp", "z-usp", metav1.ConditionFalse, gatewayv1.PolicyReasonConflicted), ) Context("verify working traffic", func() { @@ -412,7 +411,7 @@ var _ = Describe("UpstreamSettingsPolicy", Ordered, Label("functional", "uspolic uspolicyNsName, gatewayName, metav1.ConditionFalse, - v1alpha2.PolicyReasonTargetNotFound, + gatewayv1.PolicyReasonTargetNotFound, )).To(Succeed()) Expect(resourceManager.DeleteFromFiles(files, namespace)).To(Succeed()) @@ -447,7 +446,7 @@ func waitForUSPolicyStatus( usPolicyNsName types.NamespacedName, gatewayName string, condStatus metav1.ConditionStatus, - condReason v1alpha2.PolicyConditionReason, + condReason gatewayv1.PolicyConditionReason, ) error { ctx, cancel := context.WithTimeout(context.Background(), timeoutConfig.GetStatusTimeout*2) defer cancel() @@ -501,7 +500,7 @@ func waitForUSPolicyStatus( } func ancestorMustEqualGatewayRef( - ancestor v1alpha2.PolicyAncestorStatus, + ancestor gatewayv1.PolicyAncestorStatus, gatewayName string, namespace string, ) error { From 5a965d4c4f6e8b9c674fb679986e27c83ffa564f Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Sat, 25 Oct 2025 08:48:07 +0100 Subject: [PATCH 2/4] Upgrade inference extension to v1.1.0 to fix conformance tests --- .../inference-extension/kustomization.yaml | 2 +- go.mod | 18 +++++----- go.sum | 36 +++++++++---------- tests/go.mod | 8 ++--- tests/go.sum | 20 +++++------ 5 files changed, 42 insertions(+), 42 deletions(-) diff --git a/config/crd/inference-extension/kustomization.yaml b/config/crd/inference-extension/kustomization.yaml index ef8ff2f3eb..90266d0c27 100644 --- a/config/crd/inference-extension/kustomization.yaml +++ b/config/crd/inference-extension/kustomization.yaml @@ -1,4 +1,4 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization resources: -- https://github.com/kubernetes-sigs/gateway-api-inference-extension/config/crd?timeout=120&ref=v1.0.2 +- https://github.com/kubernetes-sigs/gateway-api-inference-extension/config/crd?timeout=120&ref=v1.1.0 diff --git a/go.mod b/go.mod index 2a4a09f2ac..051f207c3f 100644 --- a/go.mod +++ b/go.mod @@ -27,9 +27,9 @@ require ( k8s.io/apimachinery v0.34.1 k8s.io/client-go v0.34.1 k8s.io/klog/v2 v2.130.1 - sigs.k8s.io/controller-runtime v0.22.1 + sigs.k8s.io/controller-runtime v0.22.3 sigs.k8s.io/gateway-api v1.4.0 - sigs.k8s.io/gateway-api-inference-extension v1.0.1 + sigs.k8s.io/gateway-api-inference-extension v1.1.0 ) require ( @@ -53,7 +53,7 @@ require ( github.com/gogo/protobuf v1.3.2 // indirect github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.7.0 // indirect - github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 // indirect + github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 // indirect github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 // indirect github.com/inconshreveable/mousetrap v1.1.0 // indirect github.com/josharian/intern v1.0.0 // indirect @@ -66,7 +66,7 @@ require ( github.com/planetscale/vtprotobuf v0.6.1-0.20240319094008-0393e58bdf10 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect github.com/prometheus/client_model v0.6.2 // indirect - github.com/prometheus/common v0.66.1 // indirect + github.com/prometheus/common v0.67.1 // indirect github.com/prometheus/procfs v0.17.0 // indirect github.com/x448/float16 v0.8.4 // indirect go.opentelemetry.io/auto/sdk v1.1.0 // indirect @@ -77,19 +77,19 @@ require ( go.opentelemetry.io/proto/otlp v1.7.1 // indirect go.uber.org/automaxprocs v1.6.0 // indirect go.uber.org/multierr v1.11.0 // indirect - go.yaml.in/yaml/v2 v2.4.2 // indirect + go.yaml.in/yaml/v2 v2.4.3 // indirect go.yaml.in/yaml/v3 v3.0.4 // indirect golang.org/x/mod v0.29.0 // indirect golang.org/x/net v0.44.0 // indirect - golang.org/x/oauth2 v0.30.0 // indirect + golang.org/x/oauth2 v0.31.0 // indirect golang.org/x/sync v0.17.0 // indirect golang.org/x/sys v0.36.0 // indirect golang.org/x/term v0.35.0 // indirect - golang.org/x/time v0.12.0 // indirect + golang.org/x/time v0.13.0 // indirect golang.org/x/tools v0.37.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 // indirect diff --git a/go.sum b/go.sum index 0c73dcd734..1d6a733fc2 100644 --- a/go.sum +++ b/go.sum @@ -99,8 +99,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= -github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 h1:ZI8gCoCjGzPsum4L21jHdQs8shFBIQih1TM9Rd/c+EQ= +github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.2 h1:8Tjv8EJ+pM1xP8mK6egEbD1OgnVTyacbefKhmbLhIhU= @@ -190,8 +190,8 @@ github.com/prometheus/client_golang v1.23.2 h1:Je96obch5RDVy3FDMndoUsjAhG5Edi49h github.com/prometheus/client_golang v1.23.2/go.mod h1:Tb1a6LWHB3/SPIzCoaDXI4I8UHKeFTEQ1YCr+0Gyqmg= github.com/prometheus/client_model v0.6.2 h1:oBsgwpGs7iVziMvrGhE53c/GrLUsZdHnqNwqPLxwZyk= github.com/prometheus/client_model v0.6.2/go.mod h1:y3m2F6Gdpfy6Ut/GBsUqTWZqCUvMVzSfMLjcu6wAwpE= -github.com/prometheus/common v0.66.1 h1:h5E0h5/Y8niHc5DlaLlWLArTQI7tMrsfQjHV+d9ZoGs= -github.com/prometheus/common v0.66.1/go.mod h1:gcaUsgf3KfRSwHY4dIMXLPV0K/Wg1oZ8+SbZk/HH/dA= +github.com/prometheus/common v0.67.1 h1:OTSON1P4DNxzTg4hmKCc37o4ZAZDv0cfXLkOt0oEowI= +github.com/prometheus/common v0.67.1/go.mod h1:RpmT9v35q2Y+lsieQsdOh5sXZ6ajUGC8NjZAmr8vb0Q= github.com/prometheus/procfs v0.17.0 h1:FuLQ+05u4ZI+SS/w9+BWEM2TXiHKsUQ9TADiRH7DuK0= github.com/prometheus/procfs v0.17.0/go.mod h1:oPQLaDAMRbA+u8H5Pbfq+dl3VDAvHxMUOVhe0wYB2zw= github.com/rogpeppe/go-internal v1.13.1 h1:KvO1DLK/DRN07sQ1LQKScxyZJuNnedQ5/wKSR38lUII= @@ -274,8 +274,8 @@ go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= go.uber.org/zap v1.27.0 h1:aJMhYGrd5QSmlpLMr2MftRKl7t8J8PTZPA732ud/XR8= go.uber.org/zap v1.27.0/go.mod h1:GB2qFLM7cTU87MWRP2mPIjqfIDnGu+VIO4V/SdhGo2E= -go.yaml.in/yaml/v2 v2.4.2 h1:DzmwEr2rDGHl7lsFgAHxmNz/1NlQ7xLIrlN2h5d1eGI= -go.yaml.in/yaml/v2 v2.4.2/go.mod h1:081UH+NErpNdqlCXm3TtEran0rJZGxAYx9hb/ELlsPU= +go.yaml.in/yaml/v2 v2.4.3 h1:6gvOSjQoTB3vt1l+CU+tSyi/HOjfOjRLJ4YwYZGwRO0= +go.yaml.in/yaml/v2 v2.4.3/go.mod h1:zSxWcmIDjOzPXpjlTTbAsKokqkDNAVtZO0WOMiT90s8= go.yaml.in/yaml/v3 v3.0.4 h1:tfq32ie2Jv2UxXFdLJdh3jXuOzWiL1fo0bu/FbuKpbc= go.yaml.in/yaml/v3 v3.0.4/go.mod h1:DhzuOOF2ATzADvBadXxruRBLzYTpT36CKvDb3+aBEFg= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= @@ -293,8 +293,8 @@ golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLL golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU= golang.org/x/net v0.44.0 h1:evd8IRDyfNBMBTTY5XRF1vaZlD+EmWx6x8PkhR04H/I= golang.org/x/net v0.44.0/go.mod h1:ECOoLqd5U3Lhyeyo/QDCEVQ4sNgYsqvCZ722XogGieY= -golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI= -golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU= +golang.org/x/oauth2 v0.31.0 h1:8Fq0yVZLh4j4YA47vHKFTa9Ew5XIrCP8LC6UeNZnLxo= +golang.org/x/oauth2 v0.31.0/go.mod h1:lzm5WQJQwKZ3nwavOZ3IS5Aulzxi68dUSgRHujetwEA= golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM= @@ -311,8 +311,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI= +golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE= @@ -327,10 +327,10 @@ gomodules.xyz/jsonpatch/v2 v2.4.0 h1:Ci3iUJyx9UeRx7CeFN8ARgGbkESwJK+KB9lLcWxY/Zw gomodules.xyz/jsonpatch/v2 v2.4.0/go.mod h1:AH3dM2RI6uoBZxn3LVrfvJ3E0/9dG4cSrbuBJT4moAY= gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= -google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5 h1:BIRfGDEjiHRrk0QKZe3Xv2ieMhtgRGeLcZQ0mIVn4EY= -google.golang.org/genproto/googleapis/api v0.0.0-20250825161204-c5933d9347a5/go.mod h1:j3QtIyytwqGr1JUDtYXwtMXWPKsEa5LtzIFN1Wn5WvE= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 h1:pmJpJEvT846VzausCQ5d7KreSROcDqmO388w5YbnltA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1/go.mod h1:GmFNa4BdJZ2a8G+wCe9Bg3wwThLrJun751XstdJt5Og= +google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4 h1:8XJ4pajGwOlasW+L13MnEGA8W4115jJySQtVfS2/IBU= +google.golang.org/genproto/googleapis/api v0.0.0-20250929231259-57b25ae835d4/go.mod h1:NnuHhy+bxcg30o7FnVAZbXsPHUDQ9qKWAQKCD7VxFtk= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9 h1:V1jCN2HBa8sySkR5vLcCSqJSTMv093Rw9EJefhQGP7M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ= google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= @@ -358,12 +358,12 @@ k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3 h1:liMHz39T5dJO1aOKHLvwaC k8s.io/kube-openapi v0.0.0-20250814151709-d7b6acb124c3/go.mod h1:UZ2yyWbFTpuhSbFhv24aGNOdoRdJZgsIObGBUaYVsts= k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d h1:wAhiDyZ4Tdtt7e46e9M5ZSAJ/MnPGPs+Ki1gHw4w1R0= k8s.io/utils v0.0.0-20250820121507-0af2bda4dd1d/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= -sigs.k8s.io/controller-runtime v0.22.1 h1:Ah1T7I+0A7ize291nJZdS1CabF/lB4E++WizgV24Eqg= -sigs.k8s.io/controller-runtime v0.22.1/go.mod h1:FwiwRjkRPbiN+zp2QRp7wlTCzbUXxZ/D4OzuQUDwBHY= +sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTijTq8Y= +sigs.k8s.io/controller-runtime v0.22.3/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= sigs.k8s.io/gateway-api v1.4.0 h1:ZwlNM6zOHq0h3WUX2gfByPs2yAEsy/EenYJB78jpQfQ= sigs.k8s.io/gateway-api v1.4.0/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= -sigs.k8s.io/gateway-api-inference-extension v1.0.1 h1:n/zyxk/1RCT1nNoCdKiZsN7XTz9mTk3Cu1fWWbtZMBw= -sigs.k8s.io/gateway-api-inference-extension v1.0.1/go.mod h1:qxSY10qt2+YnZJ43VfpMXa6wpiENPderI2BnNZ4Kxfc= +sigs.k8s.io/gateway-api-inference-extension v1.1.0 h1:MqRYk+3LNUWB0MbTgTZVhmJGNDTvm8l3ze4MOlzR7MU= +sigs.k8s.io/gateway-api-inference-extension v1.1.0/go.mod h1:BmJy8Hvc2EHl3Oa/Ka8/4RqwVHCCbX7BLndLdMNtugI= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= diff --git a/tests/go.mod b/tests/go.mod index da454431cd..59d6396c3c 100644 --- a/tests/go.mod +++ b/tests/go.mod @@ -17,7 +17,7 @@ require ( k8s.io/client-go v0.34.1 sigs.k8s.io/controller-runtime v0.22.3 sigs.k8s.io/gateway-api v1.4.0 - sigs.k8s.io/gateway-api-inference-extension v1.0.1 + sigs.k8s.io/gateway-api-inference-extension v1.1.0 sigs.k8s.io/yaml v1.6.0 ) @@ -40,7 +40,7 @@ require ( github.com/google/btree v1.1.3 // indirect github.com/google/gnostic-models v0.7.0 // indirect github.com/google/go-cmp v0.7.0 // indirect - github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 // indirect + github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 // indirect github.com/google/uuid v1.6.0 // indirect github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 // indirect github.com/influxdata/tdigest v0.0.1 // indirect @@ -72,10 +72,10 @@ require ( golang.org/x/sys v0.36.0 // indirect golang.org/x/term v0.35.0 // indirect golang.org/x/text v0.30.0 // indirect - golang.org/x/time v0.12.0 // indirect + golang.org/x/time v0.13.0 // indirect golang.org/x/tools v0.37.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9 // indirect google.golang.org/grpc v1.76.0 // indirect google.golang.org/protobuf v1.36.10 // indirect gopkg.in/evanphx/json-patch.v4 v4.13.0 // indirect diff --git a/tests/go.sum b/tests/go.sum index 4a04912150..0c105e6a02 100644 --- a/tests/go.sum +++ b/tests/go.sum @@ -60,8 +60,8 @@ github.com/google/go-cmp v0.7.0/go.mod h1:pXiqmnSA92OHEEa9HXL2W4E7lf9JzCmGVUdgjX github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= github.com/google/gofuzz v1.2.0 h1:xRy4A+RhZaiKjJ1bPfwQ8sedCA+YS2YcCHW6ec7JMi0= github.com/google/gofuzz v1.2.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/M65Eg= -github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6 h1:EEHtgt9IwisQ2AZ4pIsMjahcegHh6rmhqxzIRQIyepY= -github.com/google/pprof v0.0.0-20250820193118-f64d9cf942d6/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= +github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8 h1:ZI8gCoCjGzPsum4L21jHdQs8shFBIQih1TM9Rd/c+EQ= +github.com/google/pprof v0.0.0-20250923004556-9e5a51aed1e8/go.mod h1:I6V7YzU0XDpsHqbsyrghnFZLO1gwK6NPTNvmetQIk9U= github.com/google/uuid v1.6.0 h1:NIvaJDMOsjHA8n1jAhLSgzrAzy1Hgr+hNrb57e+94F0= github.com/google/uuid v1.6.0/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/gorilla/websocket v1.5.4-0.20250319132907-e064f32e3674 h1:JeSE6pjso5THxAzdVpqr6/geYxZytqFMBCOtn/ujyeo= @@ -183,8 +183,8 @@ golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACk golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto= golang.org/x/exp v0.0.0-20180321215751-8460e604b9de/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= -golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8 h1:yqrTHse8TCMW1M1ZCP+VAR/l0kKxwaAIqN/il7x4voA= -golang.org/x/exp v0.0.0-20250106191152-7588d65b2ba8/go.mod h1:tujkw807nyEEAamNbDrEGzRav+ilXA7PCRAd6xsmwiU= +golang.org/x/exp v0.0.0-20250808145144-a408d31f581a h1:Y+7uR/b1Mw2iSXZ3G//1haIiSElDQZ8KWh0h+sZPG90= +golang.org/x/exp v0.0.0-20250808145144-a408d31f581a/go.mod h1:rT6SFzZ7oxADUDx58pcaKFTcZ+inxAa9fTrYx/uVYwg= golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA= @@ -213,8 +213,8 @@ golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.30.0 h1:yznKA/E9zq54KzlzBEAWn1NXSQ8DIp/NYMy88xJjl4k= golang.org/x/text v0.30.0/go.mod h1:yDdHFIX9t+tORqspjENWgzaCVXgk0yYnYuSZ8UzzBVM= -golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE= -golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg= +golang.org/x/time v0.13.0 h1:eUlYslOIt32DgYD6utsuUeHs4d7AsEYLuIAdg7FlYgI= +golang.org/x/time v0.13.0/go.mod h1:eL/Oa2bBBK0TkX57Fyni+NgnyQQN4LitPmob2Hjnqw4= golang.org/x/tools v0.0.0-20180525024113-a5b4c53f6e8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo= @@ -232,8 +232,8 @@ gonum.org/v1/gonum v0.0.0-20181121035319-3f7ecaa7e8ca/go.mod h1:Y+Yx5eoAFn32cQvJ gonum.org/v1/gonum v0.16.0 h1:5+ul4Swaf3ESvrOnidPp4GZbzf0mxVQpDCYUQE7OJfk= gonum.org/v1/gonum v0.16.0/go.mod h1:fef3am4MQ93R2HHpKnLk4/Tbh/s0+wqD5nfa6Pnwy4E= gonum.org/v1/netlib v0.0.0-20181029234149-ec6d1f5cefe6/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1 h1:pmJpJEvT846VzausCQ5d7KreSROcDqmO388w5YbnltA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20250826171959-ef028d996bc1/go.mod h1:GmFNa4BdJZ2a8G+wCe9Bg3wwThLrJun751XstdJt5Og= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9 h1:V1jCN2HBa8sySkR5vLcCSqJSTMv093Rw9EJefhQGP7M= +google.golang.org/genproto/googleapis/rpc v0.0.0-20250922171735-9219d122eba9/go.mod h1:HSkG/KdJWusxU1F6CNrwNDjBMgisKxGnc5dAZfT0mjQ= google.golang.org/grpc v1.76.0 h1:UnVkv1+uMLYXoIz6o7chp59WfQUYA2ex/BXQ9rHZu7A= google.golang.org/grpc v1.76.0/go.mod h1:Ju12QI8M6iQJtbcsV+awF5a4hfJMLi4X0JLo94ULZ6c= google.golang.org/protobuf v1.36.10 h1:AYd7cD/uASjIL6Q9LiTjz8JLcrh/88q5UObnmY3aOOE= @@ -267,8 +267,8 @@ sigs.k8s.io/controller-runtime v0.22.3 h1:I7mfqz/a/WdmDCEnXmSPm8/b/yRTy6JsKKENTi sigs.k8s.io/controller-runtime v0.22.3/go.mod h1:+QX1XUpTXN4mLoblf4tqr5CQcyHPAki2HLXqQMY6vh8= sigs.k8s.io/gateway-api v1.4.0 h1:ZwlNM6zOHq0h3WUX2gfByPs2yAEsy/EenYJB78jpQfQ= sigs.k8s.io/gateway-api v1.4.0/go.mod h1:AR5RSqciWP98OPckEjOjh2XJhAe2Na4LHyXD2FUY7Qk= -sigs.k8s.io/gateway-api-inference-extension v1.0.1 h1:n/zyxk/1RCT1nNoCdKiZsN7XTz9mTk3Cu1fWWbtZMBw= -sigs.k8s.io/gateway-api-inference-extension v1.0.1/go.mod h1:qxSY10qt2+YnZJ43VfpMXa6wpiENPderI2BnNZ4Kxfc= +sigs.k8s.io/gateway-api-inference-extension v1.1.0 h1:MqRYk+3LNUWB0MbTgTZVhmJGNDTvm8l3ze4MOlzR7MU= +sigs.k8s.io/gateway-api-inference-extension v1.1.0/go.mod h1:BmJy8Hvc2EHl3Oa/Ka8/4RqwVHCCbX7BLndLdMNtugI= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730 h1:IpInykpT6ceI+QxKBbEflcR5EXP7sU1kvOlxwZh5txg= sigs.k8s.io/json v0.0.0-20250730193827-2d320260d730/go.mod h1:mdzfpAEoE6DHQEN0uh9ZbOCuHbLK5wOm7dK4ctXE9Tg= sigs.k8s.io/randfill v1.0.0 h1:JfjMILfT8A6RbawdsK2JXGBR5AQVfd+9TbzrlneTyrU= From 90522d2f4616a0b39a7e4c11309e058d3c188377 Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Sun, 26 Oct 2025 10:33:14 +0000 Subject: [PATCH 3/4] Remove single test selection --- tests/Makefile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/Makefile b/tests/Makefile index b12d833b75..60325d866d 100644 --- a/tests/Makefile +++ b/tests/Makefile @@ -57,7 +57,7 @@ run-conformance-tests: ## Run conformance tests kubectl run -i conformance \ --image=$(CONFORMANCE_PREFIX):$(CONFORMANCE_TAG) --image-pull-policy=Never \ --overrides='{ "spec": { "serviceAccountName": "conformance" } }' \ - --restart=Never -- sh -c "go test -v . -run 'TestConformance/BackendTLSPolicy' -tags conformance,experimental -args --gateway-class=$(GATEWAY_CLASS) \ + --restart=Never -- sh -c "go test -v . -tags conformance,experimental -args --gateway-class=$(GATEWAY_CLASS) \ --supported-features=$(SUPPORTED_EXTENDED_FEATURES) --version=$(NGF_VERSION) --skip-tests=$(SKIP_TESTS) --conformance-profiles=$(CONFORMANCE_PROFILES) \ --report-output=output.txt; cat output.txt" | tee output.txt ./scripts/check-pod-exit-code.sh conformance From 14054ba3e29e7ae2f5d792137026572b163a3661 Mon Sep 17 00:00:00 2001 From: Ciara Stacke Date: Sun, 26 Oct 2025 11:04:53 +0000 Subject: [PATCH 4/4] Strip out dev notes from CRD schemas --- Makefile | 1 + ...eway.nginx.org_clientsettingspolicies.yaml | 29 ---- ...teway.nginx.org_observabilitypolicies.yaml | 58 -------- ...ay.nginx.org_upstreamsettingspolicies.yaml | 29 ---- deploy/crds.yaml | 136 ++---------------- scripts/strip-crd-excludes.sh | 26 ++++ 6 files changed, 35 insertions(+), 244 deletions(-) create mode 100755 scripts/strip-crd-excludes.sh diff --git a/Makefile b/Makefile index 4ff24853b2..c7ac0ec1f2 100644 --- a/Makefile +++ b/Makefile @@ -126,6 +126,7 @@ generate: ## Run go generate .PHONY: generate-crds generate-crds: ## Generate CRDs and Go types using kubebuilder go run sigs.k8s.io/controller-tools/cmd/controller-gen@$(CONTROLLER_TOOLS_VERSION) crd object paths=./apis/... output:crd:artifacts:config=config/crd/bases + ./scripts/strip-crd-excludes.sh config/crd/bases kubectl kustomize config/crd >deploy/crds.yaml .PHONY: install-crds diff --git a/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml index 5109756cf0..ed6cb6d3d5 100644 --- a/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_clientsettingspolicies.yaml @@ -356,35 +356,6 @@ spec: description: |- Conditions describes the status of the Policy with respect to the given Ancestor. - - - Notes for implementors: - - Conditions are a listType `map`, which means that they function like a - map with a key of the `type` field _in the k8s apiserver_. - - This means that implementations must obey some rules when updating this - section. - - * Implementations MUST perform a read-modify-write cycle on this field - before modifying it. That is, when modifying this field, implementations - must be confident they have fetched the most recent version of this field, - and ensure that changes they make are on that recent version. - * Implementations MUST NOT remove or reorder Conditions that they are not - directly responsible for. For example, if an implementation sees a Condition - with type `special.io/SomeField`, it MUST NOT remove, change or update that - Condition. - * Implementations MUST always _merge_ changes into Conditions of the same Type, - rather than creating more than one Condition of the same Type. - * Implementations MUST always update the `observedGeneration` field of the - Condition to the `metadata.generation` of the Gateway at the time of update creation. - * If the `observedGeneration` of a Condition is _greater than_ the value the - implementation knows about, then it MUST NOT perform the update on that Condition, - but must wait for a future reconciliation and status update. (The assumption is that - the implementation's copy of the object is stale and an update will be re-triggered - if relevant.) - - items: description: Condition contains details for one aspect of the current state of this API Resource. diff --git a/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml b/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml index 16976e9aeb..b263e36002 100644 --- a/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_observabilitypolicies.yaml @@ -382,35 +382,6 @@ spec: description: |- Conditions describes the status of the Policy with respect to the given Ancestor. - - - Notes for implementors: - - Conditions are a listType `map`, which means that they function like a - map with a key of the `type` field _in the k8s apiserver_. - - This means that implementations must obey some rules when updating this - section. - - * Implementations MUST perform a read-modify-write cycle on this field - before modifying it. That is, when modifying this field, implementations - must be confident they have fetched the most recent version of this field, - and ensure that changes they make are on that recent version. - * Implementations MUST NOT remove or reorder Conditions that they are not - directly responsible for. For example, if an implementation sees a Condition - with type `special.io/SomeField`, it MUST NOT remove, change or update that - Condition. - * Implementations MUST always _merge_ changes into Conditions of the same Type, - rather than creating more than one Condition of the same Type. - * Implementations MUST always update the `observedGeneration` field of the - Condition to the `metadata.generation` of the Gateway at the time of update creation. - * If the `observedGeneration` of a Condition is _greater than_ the value the - implementation knows about, then it MUST NOT perform the update on that Condition, - but must wait for a future reconciliation and status update. (The assumption is that - the implementation's copy of the object is stale and an update will be re-triggered - if relevant.) - - items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -876,35 +847,6 @@ spec: description: |- Conditions describes the status of the Policy with respect to the given Ancestor. - - - Notes for implementors: - - Conditions are a listType `map`, which means that they function like a - map with a key of the `type` field _in the k8s apiserver_. - - This means that implementations must obey some rules when updating this - section. - - * Implementations MUST perform a read-modify-write cycle on this field - before modifying it. That is, when modifying this field, implementations - must be confident they have fetched the most recent version of this field, - and ensure that changes they make are on that recent version. - * Implementations MUST NOT remove or reorder Conditions that they are not - directly responsible for. For example, if an implementation sees a Condition - with type `special.io/SomeField`, it MUST NOT remove, change or update that - Condition. - * Implementations MUST always _merge_ changes into Conditions of the same Type, - rather than creating more than one Condition of the same Type. - * Implementations MUST always update the `observedGeneration` field of the - Condition to the `metadata.generation` of the Gateway at the time of update creation. - * If the `observedGeneration` of a Condition is _greater than_ the value the - implementation knows about, then it MUST NOT perform the update on that Condition, - but must wait for a future reconciliation and status update. (The assumption is that - the implementation's copy of the object is stale and an update will be re-triggered - if relevant.) - - items: description: Condition contains details for one aspect of the current state of this API Resource. diff --git a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml index 3cf882966b..ce6b9603ed 100644 --- a/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml +++ b/config/crd/bases/gateway.nginx.org_upstreamsettingspolicies.yaml @@ -351,35 +351,6 @@ spec: description: |- Conditions describes the status of the Policy with respect to the given Ancestor. - - - Notes for implementors: - - Conditions are a listType `map`, which means that they function like a - map with a key of the `type` field _in the k8s apiserver_. - - This means that implementations must obey some rules when updating this - section. - - * Implementations MUST perform a read-modify-write cycle on this field - before modifying it. That is, when modifying this field, implementations - must be confident they have fetched the most recent version of this field, - and ensure that changes they make are on that recent version. - * Implementations MUST NOT remove or reorder Conditions that they are not - directly responsible for. For example, if an implementation sees a Condition - with type `special.io/SomeField`, it MUST NOT remove, change or update that - Condition. - * Implementations MUST always _merge_ changes into Conditions of the same Type, - rather than creating more than one Condition of the same Type. - * Implementations MUST always update the `observedGeneration` field of the - Condition to the `metadata.generation` of the Gateway at the time of update creation. - * If the `observedGeneration` of a Condition is _greater than_ the value the - implementation knows about, then it MUST NOT perform the update on that Condition, - but must wait for a future reconciliation and status update. (The assumption is that - the implementation's copy of the object is stale and an update will be re-triggered - if relevant.) - - items: description: Condition contains details for one aspect of the current state of this API Resource. diff --git a/deploy/crds.yaml b/deploy/crds.yaml index 7cec058a79..a96a495103 100644 --- a/deploy/crds.yaml +++ b/deploy/crds.yaml @@ -352,38 +352,8 @@ spec: - name type: object conditions: - description: |- - Conditions describes the status of the Policy with respect to the given Ancestor. - - - - Notes for implementors: - - Conditions are a listType `map`, which means that they function like a - map with a key of the `type` field _in the k8s apiserver_. - - This means that implementations must obey some rules when updating this - section. - - * Implementations MUST perform a read-modify-write cycle on this field - before modifying it. That is, when modifying this field, implementations - must be confident they have fetched the most recent version of this field, - and ensure that changes they make are on that recent version. - * Implementations MUST NOT remove or reorder Conditions that they are not - directly responsible for. For example, if an implementation sees a Condition - with type `special.io/SomeField`, it MUST NOT remove, change or update that - Condition. - * Implementations MUST always _merge_ changes into Conditions of the same Type, - rather than creating more than one Condition of the same Type. - * Implementations MUST always update the `observedGeneration` field of the - Condition to the `metadata.generation` of the Gateway at the time of update creation. - * If the `observedGeneration` of a Condition is _greater than_ the value the - implementation knows about, then it MUST NOT perform the update on that Condition, - but must wait for a future reconciliation and status update. (The assumption is that - the implementation's copy of the object is stale and an update will be re-triggered - if relevant.) - - + description: Conditions describes the status of the Policy with + respect to the given Ancestor. items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -9246,38 +9216,8 @@ spec: - name type: object conditions: - description: |- - Conditions describes the status of the Policy with respect to the given Ancestor. - - - - Notes for implementors: - - Conditions are a listType `map`, which means that they function like a - map with a key of the `type` field _in the k8s apiserver_. - - This means that implementations must obey some rules when updating this - section. - - * Implementations MUST perform a read-modify-write cycle on this field - before modifying it. That is, when modifying this field, implementations - must be confident they have fetched the most recent version of this field, - and ensure that changes they make are on that recent version. - * Implementations MUST NOT remove or reorder Conditions that they are not - directly responsible for. For example, if an implementation sees a Condition - with type `special.io/SomeField`, it MUST NOT remove, change or update that - Condition. - * Implementations MUST always _merge_ changes into Conditions of the same Type, - rather than creating more than one Condition of the same Type. - * Implementations MUST always update the `observedGeneration` field of the - Condition to the `metadata.generation` of the Gateway at the time of update creation. - * If the `observedGeneration` of a Condition is _greater than_ the value the - implementation knows about, then it MUST NOT perform the update on that Condition, - but must wait for a future reconciliation and status update. (The assumption is that - the implementation's copy of the object is stale and an update will be re-triggered - if relevant.) - - + description: Conditions describes the status of the Policy with + respect to the given Ancestor. items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -9740,38 +9680,8 @@ spec: - name type: object conditions: - description: |- - Conditions describes the status of the Policy with respect to the given Ancestor. - - - - Notes for implementors: - - Conditions are a listType `map`, which means that they function like a - map with a key of the `type` field _in the k8s apiserver_. - - This means that implementations must obey some rules when updating this - section. - - * Implementations MUST perform a read-modify-write cycle on this field - before modifying it. That is, when modifying this field, implementations - must be confident they have fetched the most recent version of this field, - and ensure that changes they make are on that recent version. - * Implementations MUST NOT remove or reorder Conditions that they are not - directly responsible for. For example, if an implementation sees a Condition - with type `special.io/SomeField`, it MUST NOT remove, change or update that - Condition. - * Implementations MUST always _merge_ changes into Conditions of the same Type, - rather than creating more than one Condition of the same Type. - * Implementations MUST always update the `observedGeneration` field of the - Condition to the `metadata.generation` of the Gateway at the time of update creation. - * If the `observedGeneration` of a Condition is _greater than_ the value the - implementation knows about, then it MUST NOT perform the update on that Condition, - but must wait for a future reconciliation and status update. (The assumption is that - the implementation's copy of the object is stale and an update will be re-triggered - if relevant.) - - + description: Conditions describes the status of the Policy with + respect to the given Ancestor. items: description: Condition contains details for one aspect of the current state of this API Resource. @@ -10409,38 +10319,8 @@ spec: - name type: object conditions: - description: |- - Conditions describes the status of the Policy with respect to the given Ancestor. - - - - Notes for implementors: - - Conditions are a listType `map`, which means that they function like a - map with a key of the `type` field _in the k8s apiserver_. - - This means that implementations must obey some rules when updating this - section. - - * Implementations MUST perform a read-modify-write cycle on this field - before modifying it. That is, when modifying this field, implementations - must be confident they have fetched the most recent version of this field, - and ensure that changes they make are on that recent version. - * Implementations MUST NOT remove or reorder Conditions that they are not - directly responsible for. For example, if an implementation sees a Condition - with type `special.io/SomeField`, it MUST NOT remove, change or update that - Condition. - * Implementations MUST always _merge_ changes into Conditions of the same Type, - rather than creating more than one Condition of the same Type. - * Implementations MUST always update the `observedGeneration` field of the - Condition to the `metadata.generation` of the Gateway at the time of update creation. - * If the `observedGeneration` of a Condition is _greater than_ the value the - implementation knows about, then it MUST NOT perform the update on that Condition, - but must wait for a future reconciliation and status update. (The assumption is that - the implementation's copy of the object is stale and an update will be re-triggered - if relevant.) - - + description: Conditions describes the status of the Policy with + respect to the given Ancestor. items: description: Condition contains details for one aspect of the current state of this API Resource. diff --git a/scripts/strip-crd-excludes.sh b/scripts/strip-crd-excludes.sh new file mode 100755 index 0000000000..efe6c222cf --- /dev/null +++ b/scripts/strip-crd-excludes.sh @@ -0,0 +1,26 @@ +#!/bin/bash + +# This script removes the sections from generated CRD files +# These sections are implementation notes from Gateway API v1.4.0+ that should not appear +# in the final CRD definitions + +set -e + +CRD_DIR="${1:-config/crd/bases}" + +echo "Stripping sections from CRD files in ${CRD_DIR}" + +for file in "${CRD_DIR}"/*.yaml; do + if [ -f "$file" ]; then + # Use awk to remove lines between the exclude tags + awk ' + // { skip=1; next } + /<\/gateway:util:excludeFromCRD>/ { skip=0; next } + !skip { print } + ' "$file" >"$file.tmp" && mv "$file.tmp" "$file" + + echo " Processed: $file" + fi +done + +echo "Done!"