-
Notifications
You must be signed in to change notification settings - Fork 331
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(kuma-cp): properly match policies to gateway when calling _rules endpoint #11504
base: master
Are you sure you want to change the base?
Conversation
…endpoint Fixes: kumahq#11455 Signed-off-by: Marcin Skalski <[email protected]>
Edit: I've fixed this by adding gateway meta to fake dpp that we create and filtering gateways by this dpp zone |
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
pkg/api-server/testdata/resources/inspect/dataplanes/_rules/meshgateway_from_global.input.yaml
Outdated
Show resolved
Hide resolved
pkg/api-server/testdata/resources/inspect/dataplanes/_rules/meshgateway_endpoint.input.yaml
Outdated
Show resolved
Hide resolved
pkg/plugins/policies/core/matchers/testdata/matchedpolicies/meshgateways/03.policies.yaml
Outdated
Show resolved
Hide resolved
Signed-off-by: Marcin Skalski <[email protected]>
Signed-off-by: Marcin Skalski <[email protected]>
When we call inspect API
_rules
endpoint for MeshGateway resource, we create fake dpp without meta that is only used to pick proper gateway for matching. With this change, we are adding gateway meta to it, and we are filtering gateways by zone to pick only gateways from the same zone. Moreover, we are now matching policies by zone not only for dpp but also for MeshGatewayFixes: #11455
Checklist prior to review
syscall.Mkfifo
have equivalent implementation on the other OS --ci/
labels to run additional/fewer testsUPGRADE.md
? --