fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#…

…7231)

Signed-off-by: Mike Beaumont <mjboamail@gmail.com>

pkg/plugins/policies/meshaccesslog/plugin/v1alpha1/plugin_test.go

@@ -1,6 +1,14 @@
 package v1alpha1_test
 
 import (
+<<<<<<< HEAD
+=======
+	"context"
+	"fmt"
+	"path/filepath"
+	"strings"
+
+>>>>>>> df9c5f925 (fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#7231))
 	envoy_resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
@@ -970,6 +978,7 @@ var _ = Describe("MeshAccessLog", func() {
 			resources := xds_context.NewResources()
 			resources.MeshLocalResources[core_mesh.MeshGatewayType] = &gateways
 
+<<<<<<< HEAD
 			context := xds_context.Context{
 				Mesh: xds_context.MeshContext{
 					Resource: &core_mesh.MeshResource{
@@ -980,6 +989,9 @@ var _ = Describe("MeshAccessLog", func() {
 					Resources: resources,
 				},
 			}
+=======
+			xdsCtx := test_xds.CreateSampleMeshContextWith(resources)
+>>>>>>> df9c5f925 (fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#7231))
 			proxy := xds.Proxy{
 				Dataplane: &core_mesh.DataplaneResource{
 					Meta: &test_model.ResourceMeta{
@@ -1007,7 +1019,17 @@ var _ = Describe("MeshAccessLog", func() {
 					},
 				},
 			}
+<<<<<<< HEAD
+			plugin := plugin.NewPlugin().(core_plugins.PolicyPlugin)
+=======
+
+			gatewayGenerator := gateway_plugin.NewGenerator("test-zone")
+			generatedResources, err := gatewayGenerator.Generate(context.Background(), xdsCtx, &proxy)
+			Expect(err).NotTo(HaveOccurred())
+
 			plugin := plugin.NewPlugin().(core_plugins.PolicyPlugin)
+			Expect(plugin.Apply(generatedResources, xdsCtx, &proxy)).To(Succeed())
+>>>>>>> df9c5f925 (fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#7231))
 
 			Expect(plugin.Apply(resourceSet, context, &proxy)).To(Succeed())
 

pkg/plugins/policies/meshcircuitbreaker/plugin/v1alpha1/plugin_test.go

@@ -1,6 +1,7 @@
 package v1alpha1_test
 
 import (
+	"context"
 	"fmt"
 	"path/filepath"
 
@@ -397,4 +398,71 @@ var _ = Describe("MeshCircuitBreaker", func() {
 			},
 		}),
 	)
+<<<<<<< HEAD
+=======
+
+	type gatewayTestCase struct {
+		name    string
+		toRules core_rules.ToRules
+	}
+	DescribeTable("should generate proper Envoy config for MeshGateways",
+		func(given gatewayTestCase) {
+			Expect(given.name).ToNot(BeEmpty())
+			resources := xds_context.NewResources()
+			resources.MeshLocalResources[core_mesh.MeshGatewayType] = &core_mesh.MeshGatewayResourceList{
+				Items: []*core_mesh.MeshGatewayResource{samples.GatewayResource()},
+			}
+			resources.MeshLocalResources[core_mesh.MeshGatewayRouteType] = &core_mesh.MeshGatewayRouteResourceList{
+				Items: []*core_mesh.MeshGatewayRouteResource{samples.BackendGatewayRoute()},
+			}
+
+			xdsCtx := test_xds.CreateSampleMeshContextWith(resources)
+			proxy := xds.Proxy{
+				APIVersion: "v3",
+				Dataplane:  samples.GatewayDataplane(),
+				Policies: xds.MatchedPolicies{
+					Dynamic: map[core_model.ResourceType]xds.TypedMatchingPolicies{
+						api.MeshCircuitBreakerType: {
+							Type:    api.MeshCircuitBreakerType,
+							ToRules: given.toRules,
+						},
+					},
+				},
+			}
+			gatewayGenerator := gateway_plugin.NewGenerator("test-zone")
+			generatedResources, err := gatewayGenerator.Generate(context.Background(), xdsCtx, &proxy)
+			Expect(err).NotTo(HaveOccurred())
+
+			// when
+			plugin := plugin.NewPlugin().(core_plugins.PolicyPlugin)
+			Expect(plugin.Apply(generatedResources, xdsCtx, &proxy)).To(Succeed())
+
+			getResourceYaml := func(list core_xds.ResourceList) []byte {
+				actualResource, err := util_proto.ToYAML(list[0].Resource)
+				Expect(err).ToNot(HaveOccurred())
+				return actualResource
+			}
+
+			// then
+			Expect(getResourceYaml(generatedResources.ListOf(envoy_resource.ClusterType))).
+				To(matchers.MatchGoldenYAML(filepath.Join("testdata", fmt.Sprintf("%s.gateway_cluster.golden.yaml", given.name))))
+		},
+		Entry("basic outbound cluster with connection limits", gatewayTestCase{
+			name: "basic",
+			toRules: core_rules.ToRules{
+				Rules: []*core_rules.Rule{
+					{
+						Subset: core_rules.Subset{core_rules.Tag{
+							Key:   mesh_proto.ServiceTag,
+							Value: "backend",
+						}},
+						Conf: api.Conf{
+							ConnectionLimits: genConnectionLimits(),
+						},
+					},
+				},
+			},
+		}),
+	)
+>>>>>>> df9c5f925 (fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#7231))
 })

pkg/plugins/policies/meshfaultinjection/plugin/v1alpha1/plugin_test.go

@@ -1,6 +1,7 @@
 package v1alpha1_test
 
 import (
+	"context"
 	"path/filepath"
 
 	envoy_resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3"
@@ -205,7 +206,7 @@ var _ = Describe("MeshFaultInjection", func() {
 			Items: []*core_mesh.MeshGatewayRouteResource{samples.BackendGatewayRoute()},
 		}
 
-		context := test_xds.CreateSampleMeshContextWith(resources)
+		xdsCtx := test_xds.CreateSampleMeshContextWith(resources)
 		proxy := core_xds.Proxy{
 			APIVersion: "v3",
 			Dataplane:  samples.GatewayDataplane(),
@@ -219,14 +220,14 @@ var _ = Describe("MeshFaultInjection", func() {
 			},
 		}
 		gatewayGenerator := gatewayGenerator()
-		generatedResources, err := gatewayGenerator.Generate(context, &proxy)
+		generatedResources, err := gatewayGenerator.Generate(context.Background(), xdsCtx, &proxy)
 		Expect(err).NotTo(HaveOccurred())
 
 		// when
 		plugin := plugin.NewPlugin().(core_plugins.PolicyPlugin)
 
 		// then
-		Expect(plugin.Apply(generatedResources, context, &proxy)).To(Succeed())
+		Expect(plugin.Apply(generatedResources, xdsCtx, &proxy)).To(Succeed())
 		Expect(util_proto.ToYAML(generatedResources.ListOf(envoy_resource.ListenerType)[0].Resource)).To(test_matchers.MatchGoldenYAML(filepath.Join("testdata", "gateway_basic_listener.golden.yaml")))
 	})
 })

pkg/plugins/policies/meshhealthcheck/plugin/v1alpha1/plugin_test.go

@@ -1,6 +1,11 @@
 package v1alpha1_test
 
 import (
+<<<<<<< HEAD
+=======
+	"context"
+	"fmt"
+>>>>>>> df9c5f925 (fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#7231))
 	"path/filepath"
 
 	envoy_resource "github.com/envoyproxy/go-control-plane/pkg/resource/v3"
@@ -251,4 +256,99 @@ var _ = Describe("MeshHealthCheck", func() {
 			expectedClusters: []string{"basic_grpc_health_check_cluster.golden.yaml"},
 		}),
 	)
+<<<<<<< HEAD
+=======
+
+	type gatewayTestCase struct {
+		name    string
+		toRules core_rules.ToRules
+	}
+	DescribeTable("should generate proper Envoy config for MeshGateways",
+		func(given gatewayTestCase) {
+			Expect(given.name).ToNot(BeEmpty())
+			resources := xds_context.NewResources()
+			resources.MeshLocalResources[core_mesh.MeshGatewayType] = &core_mesh.MeshGatewayResourceList{
+				Items: []*core_mesh.MeshGatewayResource{samples.GatewayResource()},
+			}
+			resources.MeshLocalResources[core_mesh.MeshGatewayRouteType] = &core_mesh.MeshGatewayRouteResourceList{
+				Items: []*core_mesh.MeshGatewayRouteResource{samples.BackendGatewayRoute()},
+			}
+
+			xdsCtx := test_xds.CreateSampleMeshContextWith(resources)
+			proxy := xds.Proxy{
+				APIVersion: "v3",
+				Dataplane:  samples.GatewayDataplane(),
+				Policies: xds.MatchedPolicies{
+					Dynamic: map[core_model.ResourceType]xds.TypedMatchingPolicies{
+						api.MeshHealthCheckType: {
+							Type:    api.MeshHealthCheckType,
+							ToRules: given.toRules,
+						},
+					},
+				},
+			}
+			gatewayGenerator := gateway_plugin.NewGenerator("test-zone")
+			generatedResources, err := gatewayGenerator.Generate(context.Background(), xdsCtx, &proxy)
+			Expect(err).NotTo(HaveOccurred())
+
+			// when
+			plugin := plugin.NewPlugin().(core_plugins.PolicyPlugin)
+			Expect(plugin.Apply(generatedResources, xdsCtx, &proxy)).To(Succeed())
+
+			getResourceYaml := func(list core_xds.ResourceList) []byte {
+				actualResource, err := util_proto.ToYAML(list[0].Resource)
+				Expect(err).ToNot(HaveOccurred())
+				return actualResource
+			}
+
+			// then
+			Expect(getResourceYaml(generatedResources.ListOf(envoy_resource.ClusterType))).
+				To(matchers.MatchGoldenYAML(filepath.Join("testdata", fmt.Sprintf("%s.gateway_cluster.golden.yaml", given.name))))
+		},
+		Entry("basic outbound cluster with HTTP health check", gatewayTestCase{
+			name: "basic",
+			toRules: core_rules.ToRules{
+				Rules: []*core_rules.Rule{
+					{
+						Subset: core_rules.Subset{},
+						Conf: api.Conf{
+							Interval:                     test.ParseDuration("10s"),
+							Timeout:                      test.ParseDuration("2s"),
+							UnhealthyThreshold:           pointer.To[int32](3),
+							HealthyThreshold:             pointer.To[int32](1),
+							InitialJitter:                test.ParseDuration("13s"),
+							IntervalJitter:               test.ParseDuration("15s"),
+							IntervalJitterPercent:        pointer.To[int32](10),
+							HealthyPanicThreshold:        pointer.To(intstr.FromString("62.9")),
+							FailTrafficOnPanic:           pointer.To(true),
+							EventLogPath:                 pointer.To("/tmp/log.txt"),
+							AlwaysLogHealthCheckFailures: pointer.To(false),
+							NoTrafficInterval:            test.ParseDuration("16s"),
+							Http: &api.HttpHealthCheck{
+								Disabled: pointer.To(false),
+								Path:     pointer.To("/health"),
+								RequestHeadersToAdd: &api.HeaderModifier{
+									Add: []api.HeaderKeyValue{
+										{
+											Name:  "x-some-header",
+											Value: "value",
+										},
+									},
+									Set: []api.HeaderKeyValue{
+										{
+											Name:  "x-some-other-header",
+											Value: "value",
+										},
+									},
+								},
+								ExpectedStatuses: &[]int32{200, 201},
+							},
+							ReuseConnection: pointer.To(true),
+						},
+					},
+				},
+			},
+		}),
+	)
+>>>>>>> df9c5f925 (fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#7231))
 })

pkg/plugins/policies/meshloadbalancingstrategy/plugin/v1alpha1/plugin_test.go

@@ -1,6 +1,11 @@
 package v1alpha1_test
 
 import (
+<<<<<<< HEAD
+=======
+	"context"
+	"fmt"
+>>>>>>> df9c5f925 (fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#7231))
 	"path/filepath"
 	"strings"
 
@@ -362,4 +367,94 @@ var _ = Describe("MeshLoadBalancingStrategy", func() {
 			},
 		}),
 	)
+<<<<<<< HEAD
+=======
+	type gatewayTestCase struct {
+		name    string
+		toRules core_rules.ToRules
+	}
+	DescribeTable("should generate proper Envoy config for MeshGateways",
+		func(given gatewayTestCase) {
+			Expect(given.name).ToNot(BeEmpty())
+			resources := xds_context.NewResources()
+			resources.MeshLocalResources[core_mesh.MeshGatewayType] = &core_mesh.MeshGatewayResourceList{
+				Items: []*core_mesh.MeshGatewayResource{samples.GatewayResource()},
+			}
+			resources.MeshLocalResources[core_mesh.MeshGatewayRouteType] = &core_mesh.MeshGatewayRouteResourceList{
+				Items: []*core_mesh.MeshGatewayRouteResource{samples.BackendGatewayRoute()},
+			}
+
+			xdsCtx := test_xds.CreateSampleMeshContextWith(resources)
+			proxy := core_xds.Proxy{
+				APIVersion: "v3",
+				Dataplane:  samples.GatewayDataplane(),
+				Policies: core_xds.MatchedPolicies{
+					Dynamic: map[core_model.ResourceType]core_xds.TypedMatchingPolicies{
+						v1alpha1.MeshLoadBalancingStrategyType: {
+							Type:    v1alpha1.MeshLoadBalancingStrategyType,
+							ToRules: given.toRules,
+						},
+					},
+				},
+			}
+			gatewayGenerator := gateway_plugin.NewGenerator("test-zone")
+			generatedResources, err := gatewayGenerator.Generate(context.Background(), xdsCtx, &proxy)
+			Expect(err).NotTo(HaveOccurred())
+
+			// when
+			plugin := plugin.NewPlugin().(core_plugins.PolicyPlugin)
+			Expect(plugin.Apply(generatedResources, xdsCtx, &proxy)).To(Succeed())
+
+			getResourceYaml := func(list core_xds.ResourceList) []byte {
+				actualResource, err := util_proto.ToYAML(list[0].Resource)
+				Expect(err).ToNot(HaveOccurred())
+				return actualResource
+			}
+
+			// then
+			Expect(getResourceYaml(generatedResources.ListOf(envoy_resource.ClusterType))).
+				To(matchers.MatchGoldenYAML(filepath.Join("testdata", fmt.Sprintf("%s.gateway_cluster.golden.yaml", given.name))))
+			Expect(getResourceYaml(generatedResources.ListOf(envoy_resource.ListenerType))).
+				To(matchers.MatchGoldenYAML(filepath.Join("testdata", fmt.Sprintf("%s.gateway_listener.golden.yaml", given.name))))
+			Expect(getResourceYaml(generatedResources.ListOf(envoy_resource.RouteType))).
+				To(matchers.MatchGoldenYAML(filepath.Join("testdata", fmt.Sprintf("%s.gateway_route.golden.yaml", given.name))))
+		},
+		Entry("basic outbound cluster", gatewayTestCase{
+			name: "basic",
+			toRules: core_rules.ToRules{
+				Rules: []*core_rules.Rule{
+					{
+						Subset: core_rules.Subset{},
+						Conf: v1alpha1.Conf{
+							LoadBalancer: &v1alpha1.LoadBalancer{
+								Type: v1alpha1.RingHashType,
+								RingHash: &v1alpha1.RingHash{
+									MinRingSize:  pointer.To[uint32](100),
+									MaxRingSize:  pointer.To[uint32](1000),
+									HashFunction: pointer.To(v1alpha1.MurmurHash2Type),
+									HashPolicies: &[]v1alpha1.HashPolicy{
+										{
+											Type: v1alpha1.QueryParameterType,
+											QueryParameter: &v1alpha1.QueryParameter{
+												Name: "queryparam",
+											},
+											Terminal: pointer.To(true),
+										},
+										{
+											Type: v1alpha1.ConnectionType,
+											Connection: &v1alpha1.Connection{
+												SourceIP: pointer.To(true),
+											},
+											Terminal: pointer.To(false),
+										},
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		}),
+	)
+>>>>>>> df9c5f925 (fix(kuma-cp): pass context via snapshot reconciler to generateCerts (#7231))
 })