Skip to content

conformance: Coverage for request routing to TLSRoute with no valid BackendRefs #2153

New issue
New issue
Closed as not planned
Closed as not planned
conformance: Coverage for request routing to TLSRoute with no valid BackendRefs#2153
Labels
area/conformance-testIssues or PRs related to Conformance tests.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.priority/backlogHigher priority than priority/awaiting-more-evidence.
@sunjayBhatia

Description

@sunjayBhatia
sunjayBhatia
opened on Jun 28, 2023

What would you like to be added:

As a follow up to #2076, we should add test coverage to the TLSRoute test in that PR that makes an assertion on what a client sees when making a connection/request that match a Gateway/TLSRoute with no valid backends (due to invalid ReferenceGrant etc.)

Before we add a test, the language here likely needs a little more specificity (and we should make sure to write tests that match the new language), particularly what "reject" means:

gateway-api/apis/v1alpha2/tlsroute_types.go

Lines 104 to 108 in a5ede12

// sent. If unspecified or invalid (refers to a non-existent resource or
// a Service with no endpoints), the rule performs no forwarding; if no
// filters are specified that would result in a response being sent, the
// underlying implementation must actively reject request attempts to this
// backend, by rejecting the connection or returning a 500 status code.

"Reject" could mean:

  • Connection refused, so nothing listening on the relevant Gateway Listener port (probably not the right answer, since you could have multiple hostnames for the same port)
  • Server sends TCP RST (what Envoy/Contour will do if there the Listener port is open but no proxying set up)
  • Specific TLS error (seems less likely to be uniform across all implementors)
  • other ideas welcome

Why this is needed:

Full coverage of TLSRoute API surface.

Related to #1579

We can probably do something similar for TCPRoute

Metadata

Metadata

Assignees

No one assigned

    Labels

    area/conformance-testIssues or PRs related to Conformance tests.lifecycle/rottenDenotes an issue or PR that has aged beyond stale and will be auto-closed.needs-triageIndicates an issue or PR lacks a `triage/foo` label and requires one.priority/backlogHigher priority than priority/awaiting-more-evidence.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions