Skip to content

feat: add conflict detection for gateway proxy#2600

Merged
ronething merged 2 commits intomasterfrom
fix/gatewayproxy_check
Oct 14, 2025
Merged

feat: add conflict detection for gateway proxy#2600
ronething merged 2 commits intomasterfrom
fix/gatewayproxy_check

Conversation

@ronething
Copy link
Contributor

@ronething ronething commented Oct 13, 2025
edited
Loading

Type of change:

  • Bugfix
  • New feature provided
  • Improve performance
  • Backport patches
  • Documentation
  • Refactor
  • Chore
  • CI/CD or Tests

What this PR does / why we need it:

add conflict detection for GatewayProxy resources that share the same admin credentials while targeting the same service or overlapping control-plane endpoints.

Pre-submission checklist:

  • Did you explain what problem does this PR solve? Or what new features have been added?
  • Have you added corresponding test cases?
  • Have you modified the corresponding document?
  • Is this PR backward compatible? If it is not backward compatible, please discuss on the mailing list first

@ronething
feat: add conflict detection for gateway proxy
3210a9d 
Signed-off-by: Ashing Zheng <axingfly@gmail.com>
@ronething ronething marked this pull request as ready for review October 13, 2025 09:05
@ronething ronething requested review from AlinsRan and Copilot October 13, 2025 11:31
Copilot AI reviewed Oct 13, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR implements conflict detection for GatewayProxy resources to prevent multiple proxies from sharing the same admin credentials while targeting the same service or overlapping control-plane endpoints. This helps avoid configuration issues that could arise from credential conflicts between gateway proxy instances.

Key Changes:

  • Added validation logic to detect and reject conflicting GatewayProxy configurations during create and update operations
  • Enhanced the webhook validator with comprehensive conflict detection for both service-based and endpoint-based gateway proxy configurations
  • Added comprehensive test coverage for various conflict scenarios including inline admin keys and secret-based admin keys

Reviewed Changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 4 comments.

File Description
internal/webhook/v1/gatewayproxy_webhook.go Implements core conflict detection logic with validation methods and configuration comparison utilities
internal/webhook/v1/gatewayproxy_webhook_test.go Adds comprehensive unit tests covering service conflicts, endpoint overlaps, and admin key sharing scenarios
test/e2e/webhook/gatewayproxy.go Adds end-to-end tests for webhook conflict detection with real resource creation and validation
internal/controller/indexer/tlsroute.go Minor import reordering for consistency

Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.

@ronething ronething merged commit ace684d into master Oct 14, 2025
23 checks passed
@ronething ronething deleted the fix/gatewayproxy_check branch October 14, 2025 06:31
AlinsRan pushed a commit to AlinsRan/apisix-ingress-controller that referenced this pull request Oct 15, 2025
@ronething @AlinsRan
feat: add conflict detection for gateway proxy (apache#2600)
00df0f7 
Signed-off-by: Ashing Zheng <axingfly@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@Revolyssup Revolyssup Revolyssup approved these changes

@AlinsRan AlinsRan AlinsRan approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@ronething @Revolyssup @AlinsRan