Skip to content

Commit e5f2588

Browse files
jukieHackzzilazhaohuabingshreealtwoodgear
authored
[release-1.5] cherry-pick for v1.5.6 (#7665)
* fix(xds-server): clear snapshot on stream close (#6618) * fix(xds-server): clear snapshot on stream close Signed-off-by: Zachary Vacura <[email protected]> * check if there are other active connections before clearning the snapshot Signed-off-by: Zachary Vacura <[email protected]> Signed-off-by: jukie <[email protected]> * fix: oidc authentication endpoint was overwritten by discovered value (#7460) fix: oid authentication endpoint was overriden by discovered value Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: jukie <[email protected]> * ci: add script to free disk space (#7534) * feat: free disk space Signed-off-by: Shreemaan Abhishek <[email protected]> * lint Signed-off-by: Shreemaan Abhishek <[email protected]> * cleanup Signed-off-by: Shreemaan Abhishek <[email protected]> * make target and tools/hack Signed-off-by: Shreemaan Abhishek <[email protected]> * lint Signed-off-by: Shreemaan Abhishek <[email protected]> * modular action Signed-off-by: Shreemaan Abhishek <[email protected]> --------- Signed-off-by: Shreemaan Abhishek <[email protected]> Signed-off-by: jukie <[email protected]> * treat too many addresses as programmed (#7542) Signed-off-by: cong <[email protected]> Signed-off-by: jukie <[email protected]> * feat: reclaim space in release pipeline (#7587) Signed-off-by: Shreemaan Abhishek <[email protected]> Signed-off-by: jukie <[email protected]> * chore: bump golang.org/x/crypto (#7588) * chore: bump golang.org/x/crypto Signed-off-by: zirain <[email protected]> * fix gen Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: jukie <[email protected]> * findOwningGateway should return controller based on linked GatewayClass (#7611) * fix: filter Gateway by controller in findOwningGateway Prevent cross-controller Gateway mutations by validating GatewayClass Signed-off-by: Sudipto Baral <[email protected]> Signed-off-by: jukie <[email protected]> * fix: use default when namespace is unset (#7612) * fix: use default when namespace is unset Signed-off-by: zirain <[email protected]> * fix Signed-off-by: zirain <[email protected]> * fix test Signed-off-by: zirain <[email protected]> --------- Signed-off-by: zirain <[email protected]> Signed-off-by: jukie <[email protected]> * fix: prevent skeleton route status entries for unmanaged GatewayClasses (#7536) * fix: prevent skeleton route status entries for unmanaged GatewayClasses When processing policies (EnvoyExtensionPolicy, SecurityPolicy), the translator was calling GetRouteParentContext for ALL parentRefs in a route, even those referencing gateways with different GatewayClasses not managed by this translator. GetRouteParentContext creates a skeleton RouteParentStatus entry with just the controllerName when called on a parentRef that hasn't been processed yet. Since all GatewayClass instances share the same controller name, these skeleton entries persisted in status without conditions. The fix checks if a parentRef context already exists before attempting to apply policy configuration to it. If the context doesn't exist, it means this parentRef wasn't processed by this translator and should be skipped. Signed-off-by: Raj Singh <[email protected]> * fix: also prevent skeleton entries in BackendTrafficPolicy processing The same issue exists in BackendTrafficPolicy route processing - calling GetRouteParentContext for all parentRefs creates skeleton status entries. Apply the same fix: check if parentRef context exists before adding to list. Signed-off-by: Raj Singh <[email protected]> --------- Signed-off-by: Raj Singh <[email protected]> Signed-off-by: jukie <[email protected]> * lint Signed-off-by: jukie <[email protected]> --------- Signed-off-by: Zachary Vacura <[email protected]> Signed-off-by: jukie <[email protected]> Signed-off-by: Huabing Zhao <[email protected]> Signed-off-by: Huabing (Robin) Zhao <[email protected]> Signed-off-by: Shreemaan Abhishek <[email protected]> Signed-off-by: cong <[email protected]> Signed-off-by: zirain <[email protected]> Signed-off-by: Sudipto Baral <[email protected]> Signed-off-by: Raj Singh <[email protected]> Co-authored-by: Zach Vacura <[email protected]> Co-authored-by: Huabing (Robin) Zhao <[email protected]> Co-authored-by: shreealt <[email protected]> Co-authored-by: 聪 <[email protected]> Co-authored-by: zirain <[email protected]> Co-authored-by: Sudipto Baral <[email protected]> Co-authored-by: Raj Singh <[email protected]>
1 parent 9b48b8f commit e5f2588

File tree

21 files changed

+394
-65
lines changed

21 files changed

+394
-65
lines changed

.github/workflows/release.yaml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,6 +51,7 @@ jobs:
5151
contents: write
5252
steps:
5353
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
54+
- uses: ./tools/github-actions/reclaim-storage
5455

5556
- name: Extract Release Tag and Commit SHA
5657
id: vars

examples/extension-server/go.mod

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -38,12 +38,12 @@ require (
3838
github.com/x448/float16 v0.8.4 // indirect
3939
github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
4040
go.yaml.in/yaml/v2 v2.4.2 // indirect
41-
golang.org/x/mod v0.26.0 // indirect
42-
golang.org/x/net v0.42.0 // indirect
43-
golang.org/x/sync v0.16.0 // indirect
44-
golang.org/x/sys v0.34.0 // indirect
45-
golang.org/x/text v0.27.0 // indirect
46-
golang.org/x/tools v0.35.0 // indirect
41+
golang.org/x/mod v0.29.0 // indirect
42+
golang.org/x/net v0.47.0 // indirect
43+
golang.org/x/sync v0.18.0 // indirect
44+
golang.org/x/sys v0.38.0 // indirect
45+
golang.org/x/text v0.31.0 // indirect
46+
golang.org/x/tools v0.38.0 // indirect
4747
golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated // indirect
4848
google.golang.org/genproto/googleapis/api v0.0.0-20250728155136-f173205681a0 // indirect
4949
google.golang.org/genproto/googleapis/rpc v0.0.0-20250728155136-f173205681a0 // indirect

examples/extension-server/go.sum

Lines changed: 12 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -123,35 +123,35 @@ golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8U
123123
golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
124124
golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
125125
golang.org/x/mod v0.3.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
126-
golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
127-
golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
126+
golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
127+
golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
128128
golang.org/x/net v0.0.0-20190404232315-eb5bcb51f2a3/go.mod h1:t9HGtf8HONx5eT2rtn7q6eTqICYqUVnKs3thJo3Qplg=
129129
golang.org/x/net v0.0.0-20190620200207-3b0461eec859/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
130130
golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
131131
golang.org/x/net v0.0.0-20201021035429-f5854403a974/go.mod h1:sp8m0HH+o8qH0wwXwYZr8TS3Oi6o0r6Gce1SSxlDquU=
132-
golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
133-
golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
132+
golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
133+
golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
134134
golang.org/x/sync v0.0.0-20190423024810-112230192c58/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
135135
golang.org/x/sync v0.0.0-20190911185100-cd5d95a43a6e/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
136136
golang.org/x/sync v0.0.0-20201020160332-67f06af15bc9/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
137-
golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
138-
golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
137+
golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
138+
golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
139139
golang.org/x/sys v0.0.0-20190215142949-d0b11bdaac8a/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
140140
golang.org/x/sys v0.0.0-20190412213103-97732733099d/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
141141
golang.org/x/sys v0.0.0-20200930185726-fdedc70b468f/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
142142
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
143-
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
144-
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
143+
golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
144+
golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
145145
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
146146
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
147-
golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
148-
golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
147+
golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
148+
golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
149149
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
150150
golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
151151
golang.org/x/tools v0.0.0-20200619180055-7c47624df98f/go.mod h1:EkVYQZoAsY45+roYkvgYkIh4xh/qjgUK9TdY2XT94GE=
152152
golang.org/x/tools v0.0.0-20210106214847-113979e3529a/go.mod h1:emZCQorbCU4vsT4fOWvOPXz4eW1wZW4PmDk9uLelYpA=
153-
golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
154-
golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
153+
golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
154+
golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
155155
golang.org/x/tools/go/expect v0.1.0-deprecated h1:jY2C5HGYR5lqex3gEniOQL0r7Dq5+VGVgY1nudX5lXY=
156156
golang.org/x/tools/go/expect v0.1.0-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
157157
golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=

go.mod

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -64,7 +64,7 @@ require (
6464
go.opentelemetry.io/proto/otlp v1.7.1
6565
go.uber.org/zap v1.27.0
6666
golang.org/x/exp v0.0.0-20250718183923-645b1fa84792
67-
golang.org/x/net v0.42.0
67+
golang.org/x/net v0.47.0
6868
gomodules.xyz/jsonpatch/v2 v2.5.0
6969
google.golang.org/genproto/googleapis/api v0.0.0-20250728155136-f173205681a0
7070
google.golang.org/grpc v1.75.1
@@ -479,17 +479,17 @@ require (
479479
go.uber.org/multierr v1.11.0 // indirect
480480
go.yaml.in/yaml/v2 v2.4.2 // indirect
481481
go.yaml.in/yaml/v3 v3.0.4 // indirect
482-
golang.org/x/crypto v0.40.0 // indirect
482+
golang.org/x/crypto v0.45.0 // indirect
483483
golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb // indirect
484484
golang.org/x/exp/typeparams v0.0.0-20250620022241-b7579e27df2b // indirect
485-
golang.org/x/mod v0.26.0 // indirect
485+
golang.org/x/mod v0.29.0 // indirect
486486
golang.org/x/oauth2 v0.30.0 // indirect
487-
golang.org/x/sync v0.16.0 // indirect
488-
golang.org/x/sys v0.34.0 // indirect
489-
golang.org/x/term v0.33.0 // indirect
490-
golang.org/x/text v0.27.0 // indirect
487+
golang.org/x/sync v0.18.0 // indirect
488+
golang.org/x/sys v0.38.0 // indirect
489+
golang.org/x/term v0.37.0 // indirect
490+
golang.org/x/text v0.31.0 // indirect
491491
golang.org/x/time v0.12.0 // indirect
492-
golang.org/x/tools v0.35.0 // indirect
492+
golang.org/x/tools v0.38.0 // indirect
493493
golang.org/x/xerrors v0.0.0-20231012003039-104605ab7028 // indirect
494494
google.golang.org/genproto/googleapis/rpc v0.0.0-20250728155136-f173205681a0 // indirect
495495
google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.5.1 // indirect

go.sum

Lines changed: 16 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1170,8 +1170,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh
11701170
golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc=
11711171
golang.org/x/crypto v0.13.0/go.mod h1:y6Z2r+Rw4iayiXXAIxJIDAJ1zMW4yaTpebo8fPOliYc=
11721172
golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
1173-
golang.org/x/crypto v0.40.0 h1:r4x+VvoG5Fm+eJcxMaY8CQM7Lb0l1lsmjGBQ6s8BfKM=
1174-
golang.org/x/crypto v0.40.0/go.mod h1:Qr1vMER5WyS2dfPHAlsOj01wgLbsyWtFn/aY+5+ZdxY=
1173+
golang.org/x/crypto v0.45.0 h1:jMBrvKuj23MTlT0bQEOBcAE0mjg8mK9RXFhRH6nyF3Q=
1174+
golang.org/x/crypto v0.45.0/go.mod h1:XTGrrkGJve7CYK7J8PEww4aY7gM3qMCElcJQ8n8JdX4=
11751175
golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb h1:Iu0p/klM0SM7atONioa/bPhLS7cjhnip99x1OIGibwg=
11761176
golang.org/x/crypto/x509roots/fallback v0.0.0-20250406160420-959f8f3db0fb/go.mod h1:lxN5T34bK4Z/i6cMaU7frUU57VkDXFD4Kamfl/cp9oU=
11771177
golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -1193,8 +1193,8 @@ golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91
11931193
golang.org/x/mod v0.8.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
11941194
golang.org/x/mod v0.12.0/go.mod h1:iBbtSCu2XBx23ZKBPSOrRkjjQPZFPuis4dIYUhu/chs=
11951195
golang.org/x/mod v0.13.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c=
1196-
golang.org/x/mod v0.26.0 h1:EGMPT//Ezu+ylkCijjPc+f4Aih7sZvaAr+O3EHBxvZg=
1197-
golang.org/x/mod v0.26.0/go.mod h1:/j6NAhSk8iQ723BGAUyoAcn7SlD7s15Dp9Nd/SfeaFQ=
1196+
golang.org/x/mod v0.29.0 h1:HV8lRxZC4l2cr3Zq1LvtOsi/ThTgWnUk/y64QSs8GwA=
1197+
golang.org/x/mod v0.29.0/go.mod h1:NyhrlYXJ2H4eJiRy/WDBO6HMqZQ6q9nk4JzS3NuCK+w=
11981198
golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
11991199
golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
12001200
golang.org/x/net v0.0.0-20180906233101-161cd47e91fd/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -1215,8 +1215,8 @@ golang.org/x/net v0.6.0/go.mod h1:2Tu9+aMcznHK/AK1HMvgo6xiTLG5rD5rZLDS+rp2Bjs=
12151215
golang.org/x/net v0.10.0/go.mod h1:0qNGK6F8kojg2nk9dLZ2mShWaEBan6FAoqfSigmmuDg=
12161216
golang.org/x/net v0.15.0/go.mod h1:idbUs1IY1+zTqbi8yxTbhexhEEk5ur9LInksu6HrEpk=
12171217
golang.org/x/net v0.16.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE=
1218-
golang.org/x/net v0.42.0 h1:jzkYrhi3YQWD6MLBJcsklgQsoAcw89EcZbJw8Z614hs=
1219-
golang.org/x/net v0.42.0/go.mod h1:FF1RA5d3u7nAYA4z2TkclSCKh68eSXtiFwcWQpPXdt8=
1218+
golang.org/x/net v0.47.0 h1:Mx+4dIFzqraBXUugkia1OOvlD6LemFo1ALMHjrXDOhY=
1219+
golang.org/x/net v0.47.0/go.mod h1:/jNxtkgq5yWUGYkaZGqo27cfGZ1c5Nen03aYrrKpVRU=
12201220
golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
12211221
golang.org/x/oauth2 v0.30.0 h1:dnDm7JmhM45NNpd8FDDeLhK6FwqbOf4MLCM9zb1BOHI=
12221222
golang.org/x/oauth2 v0.30.0/go.mod h1:B++QgG3ZKulg6sRPGD/mqlHQs5rB3Ml9erfeDY7xKlU=
@@ -1231,8 +1231,8 @@ golang.org/x/sync v0.0.0-20220722155255-886fb9371eb4/go.mod h1:RxMgew5VJxzue5/jJ
12311231
golang.org/x/sync v0.1.0/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
12321232
golang.org/x/sync v0.3.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
12331233
golang.org/x/sync v0.4.0/go.mod h1:FU7BRWz2tNW+3quACPkgCx/L+uEAv1htQ0V83Z9Rj+Y=
1234-
golang.org/x/sync v0.16.0 h1:ycBJEhp9p4vXvUZNszeOq0kGTPghopOL8q0fq3vstxw=
1235-
golang.org/x/sync v0.16.0/go.mod h1:1dzgHSNfp02xaA81J2MS99Qcpr2w7fw1gpm99rleRqA=
1234+
golang.org/x/sync v0.18.0 h1:kr88TuHDroi+UVf+0hZnirlk8o8T+4MrK6mr60WkH/I=
1235+
golang.org/x/sync v0.18.0/go.mod h1:9KTHXmSnoGruLpwFjVSX0lNNA75CykiMECbovNTZqGI=
12361236
golang.org/x/sys v0.0.0-20180830151530-49385e6e1522/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
12371237
golang.org/x/sys v0.0.0-20180905080454-ebe1bf3edb33/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
12381238
golang.org/x/sys v0.0.0-20180909124046-d0be0721c37e/go.mod h1:STP8DvDyc/dI5b8T5hshtkjS+E42TnysNCUPdjciGhY=
@@ -1265,16 +1265,16 @@ golang.org/x/sys v0.10.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
12651265
golang.org/x/sys v0.11.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
12661266
golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
12671267
golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
1268-
golang.org/x/sys v0.34.0 h1:H5Y5sJ2L2JRdyv7ROF1he/lPdvFsd0mJHFw2ThKHxLA=
1269-
golang.org/x/sys v0.34.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
1268+
golang.org/x/sys v0.38.0 h1:3yZWxaJjBmCWXqhN1qh02AkOnCQ1poK6oF+a7xWL6Gc=
1269+
golang.org/x/sys v0.38.0/go.mod h1:OgkHotnGiDImocRcuBABYBEXf8A9a87e/uXjp9XT3ks=
12701270
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
12711271
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
12721272
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
12731273
golang.org/x/term v0.8.0/go.mod h1:xPskH00ivmX89bAKVGSKKtLOWNx2+17Eiy94tnKShWo=
12741274
golang.org/x/term v0.12.0/go.mod h1:owVbMEjm3cBLCHdkQu9b1opXd4ETQWc3BhuQGKgXgvU=
12751275
golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U=
1276-
golang.org/x/term v0.33.0 h1:NuFncQrRcaRvVmgRkvM3j/F00gWIAlcmlB8ACEKmGIg=
1277-
golang.org/x/term v0.33.0/go.mod h1:s18+ql9tYWp1IfpV9DmCtQDDSRBUjKaw9M1eAv5UeF0=
1276+
golang.org/x/term v0.37.0 h1:8EGAD0qCmHYZg6J17DvsMy9/wJ7/D/4pV/wfnld5lTU=
1277+
golang.org/x/term v0.37.0/go.mod h1:5pB4lxRNYYVZuTLmy8oR2BH8dflOR+IbTYFD8fi3254=
12781278
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
12791279
golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
12801280
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
@@ -1283,8 +1283,8 @@ golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=
12831283
golang.org/x/text v0.7.0/go.mod h1:mrYo+phRRbMaCq/xk9113O4dZlRixOauAjOtrjsXDZ8=
12841284
golang.org/x/text v0.9.0/go.mod h1:e1OnstbJyHTd6l/uOt8jFFHp6TRDWZR/bV3emEE/zU8=
12851285
golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
1286-
golang.org/x/text v0.27.0 h1:4fGWRpyh641NLlecmyl4LOe6yDdfaYNrGb2zdfo4JV4=
1287-
golang.org/x/text v0.27.0/go.mod h1:1D28KMCvyooCX9hBiosv5Tz/+YLxj0j7XhWjpSUF7CU=
1286+
golang.org/x/text v0.31.0 h1:aC8ghyu4JhP8VojJ2lEHBnochRno1sgL6nEi9WGFGMM=
1287+
golang.org/x/text v0.31.0/go.mod h1:tKRAlv61yKIjGGHX/4tP1LTbc13YSec1pxVEWXzfoeM=
12881288
golang.org/x/time v0.12.0 h1:ScB/8o8olJvc+CQPWrK3fPZNfh7qgwCrY0zJmoEQLSE=
12891289
golang.org/x/time v0.12.0/go.mod h1:CDIdPxbZBQxdj6cxyCIdrNogrJKMJ7pr37NYpMcMDSg=
12901290
golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
@@ -1309,8 +1309,8 @@ golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc
13091309
golang.org/x/tools v0.6.0/go.mod h1:Xwgl3UAJ/d3gWutnCtw505GrjyAbvKui8lOU390QaIU=
13101310
golang.org/x/tools v0.13.0/go.mod h1:HvlwmtVNQAhOuCjW7xxvovg8wbNq7LwfXh/k7wXUl58=
13111311
golang.org/x/tools v0.14.0/go.mod h1:uYBEerGOWcJyEORxN+Ek8+TT266gXkNlHdJBwexUsBg=
1312-
golang.org/x/tools v0.35.0 h1:mBffYraMEf7aa0sB+NuKnuCy8qI/9Bughn8dC2Gu5r0=
1313-
golang.org/x/tools v0.35.0/go.mod h1:NKdj5HkL/73byiZSJjqJgKn3ep7KjFkBOkR/Hps3VPw=
1312+
golang.org/x/tools v0.38.0 h1:Hx2Xv8hISq8Lm16jvBZ2VQf+RLmbd7wVUsALibYI/IQ=
1313+
golang.org/x/tools v0.38.0/go.mod h1:yEsQ/d/YK8cjh0L6rZlY8tgtlKiBNTL14pGDJPJpYQs=
13141314
golang.org/x/tools/go/expect v0.1.1-deprecated h1:jpBZDwmgPhXsKZC6WhL20P4b/wmnpsEAGHaNy0n/rJM=
13151315
golang.org/x/tools/go/expect v0.1.1-deprecated/go.mod h1:eihoPOH+FgIqa3FpoTwguz/bVUSGBlGQU67vpBeOrBY=
13161316
golang.org/x/tools/go/packages/packagestest v0.1.1-deprecated h1:1h2MnaIAIXISqTFKdENegdpAgUXz6NrPEsbIeWaBRvM=

internal/gatewayapi/envoyextensionpolicy.go

Lines changed: 6 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -314,7 +314,12 @@ func (t *Translator) translateEnvoyExtensionPolicyForRoute(
314314
prefix := irRoutePrefix(route)
315315
parentRefs := GetParentReferences(route)
316316
for _, p := range parentRefs {
317-
parentRefCtx := GetRouteParentContext(route, p, t.GatewayControllerName)
317+
// Skip if this parentRef was not processed by this translator
318+
// (e.g., references a Gateway with a different GatewayClass)
319+
parentRefCtx := route.GetRouteParentContext(p)
320+
if parentRefCtx == nil {
321+
continue
322+
}
318323
gtwCtx := parentRefCtx.GetGateway()
319324
if gtwCtx == nil {
320325
continue

internal/gatewayapi/securitypolicy.go

Lines changed: 38 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -659,7 +659,12 @@ func (t *Translator) translateSecurityPolicyForRoute(
659659
prefix := irRoutePrefix(route)
660660
parentRefs := GetParentReferences(route)
661661
for _, p := range parentRefs {
662-
parentRefCtx := GetRouteParentContext(route, p, t.GatewayControllerName)
662+
// Skip if this parentRef was not processed by this translator
663+
// (e.g., references a Gateway with a different GatewayClass)
664+
parentRefCtx := route.GetRouteParentContext(p)
665+
if parentRefCtx == nil {
666+
continue
667+
}
663668
gtwCtx := parentRefCtx.GetGateway()
664669
if gtwCtx == nil {
665670
continue
@@ -1334,15 +1339,42 @@ func (t *Translator) buildOIDCProvider(policy *egv1a1.SecurityPolicy, resources
13341339
// Discover the token and authorization endpoints from the issuer's well-known url if not explicitly specified.
13351340
// EG assumes that the issuer url uses the same protocol and CA as the token endpoint.
13361341
// If we need to support different protocols or CAs, we need to add more fields to the OIDCProvider CRD.
1337-
if provider.TokenEndpoint == nil || provider.AuthorizationEndpoint == nil {
1342+
var (
1343+
userProvidedAuthorizationEndpoint = ptr.Deref(provider.AuthorizationEndpoint, "")
1344+
userProvidedTokenEndpoint = ptr.Deref(provider.TokenEndpoint, "")
1345+
userProvidedEndSessionEndpoint = ptr.Deref(provider.EndSessionEndpoint, "")
1346+
)
1347+
1348+
// Authorization endpoint and token endpoint are required fields.
1349+
// If either of them is not provided, we need to fetch them from the issuer's well-known url.
1350+
if userProvidedAuthorizationEndpoint == "" || userProvidedTokenEndpoint == "" {
1351+
// Fetch the endpoints from the issuer's well-known url.
13381352
discoveredConfig, err := fetchEndpointsFromIssuer(provider.Issuer, providerTLS)
13391353
if err != nil {
13401354
return nil, fmt.Errorf("error fetching endpoints from issuer: %w", err)
13411355
}
1342-
tokenEndpoint = discoveredConfig.TokenEndpoint
1343-
authorizationEndpoint = discoveredConfig.AuthorizationEndpoint
1344-
// endSessionEndpoint is optional, and we prioritize using the one provided in the well-known configuration.
1345-
if discoveredConfig.EndSessionEndpoint != nil && *discoveredConfig.EndSessionEndpoint != "" {
1356+
1357+
// Prioritize using the explicitly provided authorization endpoints if available.
1358+
// This allows users to add extra parameters to the authorization endpoint if needed.
1359+
if userProvidedAuthorizationEndpoint != "" {
1360+
authorizationEndpoint = userProvidedAuthorizationEndpoint
1361+
} else {
1362+
authorizationEndpoint = discoveredConfig.AuthorizationEndpoint
1363+
}
1364+
1365+
// Prioritize using the explicitly provided token endpoints if available.
1366+
// This may not be necessary, but we do it for consistency with authorization endpoint.
1367+
if userProvidedTokenEndpoint != "" {
1368+
tokenEndpoint = userProvidedTokenEndpoint
1369+
} else {
1370+
tokenEndpoint = discoveredConfig.TokenEndpoint
1371+
}
1372+
1373+
// Prioritize using the explicitly provided end session endpoints if available.
1374+
// This may not be necessary, but we do it for consistency with other endpoints.
1375+
if userProvidedEndSessionEndpoint != "" {
1376+
endSessionEndpoint = &userProvidedEndSessionEndpoint
1377+
} else {
13461378
endSessionEndpoint = discoveredConfig.EndSessionEndpoint
13471379
}
13481380
} else {

internal/gatewayapi/status/gateway.go

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -151,7 +151,7 @@ func SetGatewayListenerStatusCondition(gateway *gwapiv1.Gateway, listenerStatusI
151151

152152
const (
153153
messageAddressNotAssigned = "No addresses have been assigned to the Gateway"
154-
messageFmtTooManyAddresses = "Too many addresses (%d) have been assigned to the Gateway, the maximum number of addresses is 16"
154+
messageFmtTooManyAddresses = "Too many addresses (%d) have been assigned to the Gateway; only the first 16 are included in the status."
155155
messageNoResources = "Envoy replicas unavailable"
156156
messageFmtProgrammed = "Address assigned to the Gateway, %d/%d envoy replicas available"
157157
)
@@ -168,7 +168,7 @@ func updateGatewayProgrammedCondition(gw *gwapiv1.Gateway, envoyObj client.Objec
168168

169169
if len(gw.Status.Addresses) > 16 {
170170
gw.Status.Conditions = MergeConditions(gw.Status.Conditions,
171-
newCondition(string(gwapiv1.GatewayConditionProgrammed), metav1.ConditionFalse, string(gwapiv1.GatewayReasonInvalid),
171+
newCondition(string(gwapiv1.GatewayConditionProgrammed), metav1.ConditionTrue, string(gwapiv1.GatewayReasonProgrammed),
172172
fmt.Sprintf(messageFmtTooManyAddresses, len(gw.Status.Addresses)), time.Now(), gw.Generation))
173173

174174
// Truncate the addresses to 16

internal/gatewayapi/status/gateway_test.go

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -377,14 +377,14 @@ func TestUpdateGatewayProgrammedCondition(t *testing.T) {
377377
},
378378
},
379379
{
380-
name: "not ready gateway with too many addresses",
380+
name: "ready gateway with too many addresses",
381381
serviceAddressNum: 17,
382382
deploymentStatus: appsv1.DeploymentStatus{AvailableReplicas: 1},
383383
expectCondition: []metav1.Condition{
384384
{
385385
Type: string(gwapiv1.GatewayConditionProgrammed),
386-
Status: metav1.ConditionFalse,
387-
Reason: string(gwapiv1.GatewayReasonInvalid),
386+
Status: metav1.ConditionTrue,
387+
Reason: string(gwapiv1.GatewayReasonProgrammed),
388388
Message: fmt.Sprintf(messageFmtTooManyAddresses, 17),
389389
},
390390
},

0 commit comments

Comments
 (0)