APS-3966 Assign SDX Edge Server to Gateway

.github/workflows/dev.yml

@@ -23,7 +23,7 @@ jobs:
       # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 2 
+          fetch-depth: 2
       - uses: actions/setup-python@v5
         with:
           python-version: "3.11"
@@ -100,7 +100,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 2 
+          fetch-depth: 2
       - name: Check if build needed
         id: check
         run: |
@@ -145,7 +145,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 2 
+          fetch-depth: 2
       - name: Check if build needed
         id: check
         run: |
@@ -190,7 +190,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 2 
+          fetch-depth: 2
       - name: Check if build needed
         id: check
         run: |
@@ -235,7 +235,7 @@ jobs:
     steps:
       - uses: actions/checkout@v4
         with:
-          fetch-depth: 2 
+          fetch-depth: 2
       - name: Check if build needed
         id: check
         run: |

microservices/gatewayApi/Dockerfile

@@ -5,7 +5,7 @@
 #  && go mod download \
 #  && CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o deck \
 #       -ldflags "-s -w -X github.com/kong/deck/cmd.VERSION=$TAG -X github.com/kong/deck/cmd.COMMIT=$COMMIT"
-FROM python:3.11-alpine3.20
+FROM python:3.13-alpine3.22
 
 RUN mkdir /.kube
 
@@ -26,17 +26,17 @@ RUN curl -sL https://github.com/kong/deck/releases/download/v1.5.0/deck_1.5.0_li
    cp /tmp/deck /usr/local/bin/deck_kong2_150
 
 # gwa api (kong 3)
-RUN curl -sL https://github.com/Kong/deck/releases/download/v1.45.0/deck_1.45.0_linux_amd64.tar.gz -o deck.tar.gz && \
+RUN curl -sL https://github.com/Kong/deck/releases/download/v1.53.1/deck_1.53.1_linux_amd64.tar.gz -o deck.tar.gz && \
    tar -xf deck.tar.gz -C /tmp && \
    cp /tmp/deck /usr/local/bin/deck && \
-   cp /tmp/deck /usr/local/bin/deck_kong3_1450
+   cp /tmp/deck /usr/local/bin/deck_kong3_1531
 
 RUN python -m pip install --upgrade pip
 # FIX: No module named 'urllib3.packages.six'
 RUN pip uninstall urllib3 && pip install urllib3
 RUN cd /tmp && \
     curl -sSL https://install.python-poetry.org > get-poetry.py && \
-    POETRY_HOME=/opt/poetry python get-poetry.py --version 1.8.2 && \
+    POETRY_HOME=/opt/poetry python get-poetry.py --version 1.8.5 && \
     cd /usr/local/bin && \
     ln -s /opt/poetry/bin/poetry && \
     poetry config virtualenvs.create false

microservices/gatewayApi/config/test.json

@@ -24,7 +24,8 @@
       "kube-api": "http://kube-api",
       "kube-ns": "abcd-1234",
       "validate-upstreams": true
-    }
+    },
+    "sdx-edge": {}
   },
   "kubeApiCreds": {
     "kubeApiPass": "password",

microservices/gatewayApi/pyproject.toml

@@ -7,25 +7,26 @@ authors = []
 
 [tool.poetry.dependencies]
 python = "^3.11"
-werkzeug = "2.2.2"
+werkzeug = ">=2"
 ply = "3.10"
 cryptography = "38.0.4"
 authlib = "0.15.3"
 flask-swagger-ui = "3.36.0"
-Jinja2 = "3.0.3"
+Jinja2 = ">=3"
 PyYAML = "6.0.1"
 munch = "2.5.0"
-flask = "2.1.3"
+boto3 = ">=1.9"
+flask = "2.3.3"
 flask-compress = "1.4.0"
 flask-cors = "3.0.9"
-gevent = "22.10.2"
+gevent = "^25.5.1"
 # greenlet = "2.0.2"
 gunicorn = "20.1.0"
 python-keycloak = "4.7.2"
 httpx = "0.27.2"
-urllib3 = "2.2.3"
 requests = "^2.32"
 flask-jwt-simple = "0.0.3"
+urllib3 = "^2.5.0"
 
 [tool.poetry.group.dev.dependencies]
 autopep8 = "^1.5.7"

microservices/gatewayApi/tests/conftest.py

@@ -69,6 +69,8 @@ def get_group_by_path(path):
                 return {"id": "g003"}
             elif path == "/ns/customcert":
                 return {"id": "g004"}
+            elif path == "/ns/sdx01":
+                return {"id": "grpsdx01"}
             else:
                 return {"id": "g001"}
         def get_group(id):
@@ -100,6 +102,13 @@ def get_group(id):
                         "perm-domains": [ ".api.gov.bc.ca", ".custom.gov.bc.ca" ]
                     }
                 }
+            elif id == "grpsdx01":
+                return {
+                    "attributes": {
+                        "perm-data-plane": ["sdx-edge"],
+                        "perm-domains": [ "sdx01.servers.sdx" ]
+                    }
+                }
 
     mocker.patch("v2.services.namespaces.admin_api", return_value=mock_kc_admin)
 

microservices/gatewayApi/tests/routes/v2/test_gateway_err_validations.py

@@ -145,3 +145,40 @@ def test_valid_strict_dp_upstream(client):
     }
     response = client.put('/v2/namespaces/mytest3/gateway', json=data)
     assert response.status_code == 200
+
+
+def test_key_sets_and_keys_require_tags(client):
+    configFile = '''
+        key_sets:
+        - name: my-key-set
+          tags: ["ns.mytest", "another"]
+        keys:
+        - name: my-key
+          tags: ["ns.mytest", "another"]
+        '''
+
+    data = {
+        "configFile": configFile,
+        "dryRun": True
+    }
+    response = client.put('/v2/namespaces/mytest/gateway', json=data)
+    assert response.status_code == 200
+
+
+def test_key_sets_and_keys_invalid_tags(client):
+    configFile = '''
+        key_sets:
+        - name: my-key-set
+          tags: ["ns.other", "another"]
+        keys:
+        - name: my-key
+          tags: ["ns.mytest", "another"]
+        '''
+
+    data = {
+        "configFile": configFile,
+        "dryRun": True
+    }
+    response = client.put('/v2/namespaces/mytest/gateway', json=data)
+    assert response.status_code == 400
+    assert "invalid ns tag ns.other" in json.dumps(response.json)

microservices/gatewayApi/tests/routes/v2/test_sdx.py

@@ -0,0 +1,39 @@
+import yaml
+import pytest
+import json
+from v1.routes.gateway import validate_upstream
+from tests.testutils import trimleft
+from unittest import mock
+
+
+def test_success_sdx_call_empty(client):
+    data={
+        "configFile": '---',
+        "dryRun": False
+    }
+    response = client.put('/v2/namespaces/sdx01/gateway', json=data)
+    assert response.status_code == 200
+    assert json.dumps(response.json) == '{"message": "Sync successful.", "results": "Deck reported no changes"}'
+
+def test_success_sdx_call(client):
+    configFile = '''
+        services:
+        - name: my-service
+          host: myupstream.local
+          tags: ["ns.sdx01.qualifier"]
+          routes:
+          - name: route-1
+            hosts: [ sdx01.servers.sdx]
+            tags: ["ns.sdx01.qualifier"]
+            plugins:
+            - name: acl-auth
+              tags: ["ns.sdx01.qualifier"]
+        '''
+
+    data={
+        "configFile": configFile,
+        "dryRun": False
+    }
+    response = client.put('/v2/namespaces/sdx01/gateway', json=data)
+    assert response.status_code == 200
+    assert json.dumps(response.json) == '{"message": "Sync successful.", "results": "Deck reported no changes"}'

microservices/gatewayApi/utils/deck.py

@@ -1,12 +1,20 @@
 
-def deck_cmd_sync_diff(deck_cli, cmd, select_tag, state):
+def deck_cmd_sync_diff(deck_cli, cmd, select_tag, state, kong_addr = None):
     if deck_cli == "deck" or deck_cli.startswith("deck_kong3_"):
-        return [ deck_cli, "gateway", cmd, "--config", "/tmp/deck.yaml", "--skip-consumers", "--select-tag", select_tag, state]
+        args = [ deck_cli, "gateway", cmd, "--config", "/tmp/deck.yaml", "--skip-consumers", "--select-tag", select_tag]
+        if kong_addr:
+            args.extend(["--kong-addr", kong_addr])
+        args.append(state)
+        return args
     else:
         return [ deck_cli, cmd, "--config", "/tmp/deck.yaml", "--skip-consumers", "--select-tag", select_tag, "--state", state]
 
-def deck_cmd_validate(deck_cli, state):
+def deck_cmd_validate(deck_cli, state, kong_addr = None):
     if deck_cli == "deck" or deck_cli.startswith("deck_kong3_"):
-        return [ deck_cli, "gateway", "validate", "--config", "/tmp/deck.yaml", state ]
+        args = [ deck_cli, "gateway", "validate", "--config", "/tmp/deck.yaml" ]
+        if kong_addr:
+            args.extend(["--kong-addr", kong_addr])
+        args.append(state)
+        return args
     else:
         return [ deck_cli, "validate", "--config", "/tmp/deck.yaml", "--state", state ]