From b09aa3eba7291220621f342bd91fbdcbfbe267db Mon Sep 17 00:00:00 2001 From: Prashansa Kulshrestha Date: Mon, 21 Oct 2024 18:25:34 +0530 Subject: [PATCH 1/6] feat: added validation for vault entities. (#1421) Online validation via deck gateway validate now supports validating vaults as well. --- validate/validate.go | 3 +++ 1 file changed, 3 insertions(+) diff --git a/validate/validate.go b/validate/validate.go index fe15ad100..256b33718 100644 --- a/validate/validate.go +++ b/validate/validate.go @@ -181,6 +181,9 @@ func (v *Validator) Validate(formatVersion semver.Version) []error { if err := v.entities(v.state.FilterChains, "filter_chains"); err != nil { allErr = append(allErr, err...) } + if err := v.entities(v.state.Vaults, "vaults"); err != nil { + allErr = append(allErr, err...) + } // validate routes format with Kong 3.x parsed30, err := semver.ParseTolerant(utils.FormatVersion30) From e09888dae84abc47fceaa87e778dccfda63e387e Mon Sep 17 00:00:00 2001 From: Gabriele Date: Mon, 21 Oct 2024 10:13:31 -0400 Subject: [PATCH 2/6] feat: support online validation with Konnect (#1335) * feat: support online validation with Konnect * tests: Added e2e tests for gateway validation with konnect. Also, this change adds a conditional that ensures that rbac flag used with konnect mode, gives an legible error to the user. * chore: lint fix * chore: removed workspace flag test as it is not supported with konnect * tests: added rbac-resources file * refactor: refactored tests and code to add all konnect validate usecases * chore: fixed workspace setting for Konnect check * chore: added mutually exclusive flags for konnect compatibility * chore: fixed logical error * chore: fixed descripancy in info due to preRun order in cobra * chore: added corrections based on PR review * removing unrelated code for vault validation --------- Co-authored-by: Prashansa Kulshrestha --- cmd/gateway_validate.go | 43 ++++++--- tests/integration/test_utils.go | 18 ++++ .../testdata/validate/konnect.yaml | 18 ++++ .../testdata/validate/konnect_1_1.yaml | 18 ++++ .../testdata/validate/konnect_invalid.yaml | 16 ++++ .../testdata/validate/konnect_no_version.yaml | 17 ++++ .../testdata/validate/rbac-resources.yaml | 93 ++++++++++++++++++ tests/integration/validate_test.go | 95 +++++++++++++++++++ 8 files changed, 307 insertions(+), 11 deletions(-) create mode 100644 tests/integration/testdata/validate/konnect.yaml create mode 100644 tests/integration/testdata/validate/konnect_1_1.yaml create mode 100644 tests/integration/testdata/validate/konnect_invalid.yaml create mode 100644 tests/integration/testdata/validate/konnect_no_version.yaml create mode 100644 tests/integration/testdata/validate/rbac-resources.yaml create mode 100644 tests/integration/validate_test.go diff --git a/cmd/gateway_validate.go b/cmd/gateway_validate.go index 271f2463d..455cec32a 100644 --- a/cmd/gateway_validate.go +++ b/cmd/gateway_validate.go @@ -27,9 +27,6 @@ var ( func executeValidate(cmd *cobra.Command, _ []string) error { mode := getMode(nil) - if validateOnline && mode == modeKonnect { - return fmt.Errorf("online validation not yet supported in konnect mode") - } _ = sendAnalytics("validate", "", mode) // read target file // this does json schema validation as well @@ -45,7 +42,7 @@ func executeValidate(cmd *cobra.Command, _ []string) error { ctx := cmd.Context() var kongClient *kong.Client if validateOnline { - kongClient, err = getKongClient(ctx, targetContent) + kongClient, err = getKongClient(ctx, targetContent, mode) if err != nil { return err } @@ -143,10 +140,14 @@ func executeValidate(cmd *cobra.Command, _ []string) error { return err } - if validateKonnectCompatibility { + if validateKonnectCompatibility || (mode == modeKonnect && validateOnline) { if errs := validate.KonnectCompatibility(targetContent); len(errs) != 0 { return validate.ErrorsWrapper{Errors: errs} } + + if validateCmdRBACResourcesOnly { + return fmt.Errorf("[rbac] not yet supported by konnect") + } } if validateOnline { @@ -212,7 +213,7 @@ this command unless --online flag is used. return preRunSilenceEventsFlag() } - if validateOnline { + if online { short = short + " (online)" long = long + "Validates against the Kong API, via communication with Kong. This increases the\n" + "time for validation but catches significant errors. No resource is created in Kong.\n" + @@ -255,6 +256,9 @@ this command unless --online flag is used. validateCmd.Flags().BoolVar(&validateKonnectCompatibility, "konnect-compatibility", false, "validate that the state file(s) are ready to be deployed to Konnect") + validateCmd.MarkFlagsMutuallyExclusive("konnect-compatibility", "workspace") + validateCmd.MarkFlagsMutuallyExclusive("konnect-compatibility", "rbac-resources-only") + if err := ensureGetAllMethods(); err != nil { panic(err.Error()) } @@ -285,9 +289,14 @@ func validateWithKong( return validator.Validate(parsedFormatVersion) } -func getKongClient(ctx context.Context, targetContent *file.Content) (*kong.Client, error) { +func getKongClient( + ctx context.Context, targetContent *file.Content, mode mode, +) (*kong.Client, error) { workspaceName := validateWorkspace if validateWorkspace != "" { + if mode == modeKonnect { + return nil, fmt.Errorf("[workspaces] not supported by Konnect - use control planes instead") + } // check if workspace exists workspaceName := getWorkspaceName(validateWorkspace, targetContent, false) workspaceExists, err := workspaceExists(ctx, rootConfig, workspaceName) @@ -299,10 +308,22 @@ func getKongClient(ctx context.Context, targetContent *file.Content) (*kong.Clie } } - wsConfig := rootConfig.ForWorkspace(workspaceName) - kongClient, err := reconcilerUtils.GetKongClient(wsConfig) - if err != nil { - return nil, err + var ( + kongClient *kong.Client + err error + ) + if mode == modeKonnect { + kongClient, err = GetKongClientForKonnectMode(ctx, &konnectConfig) + if err != nil { + return nil, err + } + dumpConfig.KonnectControlPlane = konnectControlPlane + } else { + wsConfig := rootConfig.ForWorkspace(workspaceName) + kongClient, err = reconcilerUtils.GetKongClient(wsConfig) + if err != nil { + return nil, err + } } return kongClient, nil } diff --git a/tests/integration/test_utils.go b/tests/integration/test_utils.go index d1d37f676..41a23b40e 100644 --- a/tests/integration/test_utils.go +++ b/tests/integration/test_utils.go @@ -374,3 +374,21 @@ func render(opts ...string) (string, error) { return stripansi.Strip(string(out)), cmdErr } + +func validate(online bool, opts ...string) error { + deckCmd := cmd.NewRootCmd() + + var args []string + if online { + args = []string{"gateway", "validate"} + } else { + args = []string{"file", "validate"} + } + + if len(opts) > 0 { + args = append(args, opts...) + } + deckCmd.SetArgs(args) + + return deckCmd.ExecuteContext(context.Background()) +} diff --git a/tests/integration/testdata/validate/konnect.yaml b/tests/integration/testdata/validate/konnect.yaml new file mode 100644 index 000000000..a9fa78b4d --- /dev/null +++ b/tests/integration/testdata/validate/konnect.yaml @@ -0,0 +1,18 @@ +_format_version: "3.0" +_konnect: + control_plane_name: default +services: +- connect_timeout: 60000 + id: 58076db2-28b6-423b-ba39-a797193017f7 + host: mockbin.org + name: svc1 + port: 80 + protocol: http + read_timeout: 60000 + retries: 5 + routes: + - name: r1 + id: 87b6a97e-f3f7-4c47-857a-7464cb9e202b + https_redirect_status_code: 301 + paths: + - /r1 \ No newline at end of file diff --git a/tests/integration/testdata/validate/konnect_1_1.yaml b/tests/integration/testdata/validate/konnect_1_1.yaml new file mode 100644 index 000000000..839c993db --- /dev/null +++ b/tests/integration/testdata/validate/konnect_1_1.yaml @@ -0,0 +1,18 @@ +_format_version: "1.1" +_konnect: + control_plane_name: default +services: +- connect_timeout: 60000 + id: 58076db2-28b6-423b-ba39-a797193017f7 + host: mockbin.org + name: svc1 + port: 80 + protocol: http + read_timeout: 60000 + retries: 5 + routes: + - name: r1 + id: 87b6a97e-f3f7-4c47-857a-7464cb9e202b + https_redirect_status_code: 301 + paths: + - /r1 \ No newline at end of file diff --git a/tests/integration/testdata/validate/konnect_invalid.yaml b/tests/integration/testdata/validate/konnect_invalid.yaml new file mode 100644 index 000000000..ec07c8c57 --- /dev/null +++ b/tests/integration/testdata/validate/konnect_invalid.yaml @@ -0,0 +1,16 @@ +_format_version: "3.0" +services: +- connect_timeout: 60000 + id: 58076db2-28b6-423b-ba39-a797193017f7 + host: mockbin.org + name: svc1 + port: 80 + protocol: http + read_timeout: 60000 + retries: 5 + routes: + - name: r1 + id: 87b6a97e-f3f7-4c47-857a-7464cb9e202b + https_redirect_status_code: 301 + paths: + - /r1 \ No newline at end of file diff --git a/tests/integration/testdata/validate/konnect_no_version.yaml b/tests/integration/testdata/validate/konnect_no_version.yaml new file mode 100644 index 000000000..89a2b6bc9 --- /dev/null +++ b/tests/integration/testdata/validate/konnect_no_version.yaml @@ -0,0 +1,17 @@ +_konnect: + control_plane_name: default +services: +- connect_timeout: 60000 + id: 58076db2-28b6-423b-ba39-a797193017f7 + host: mockbin.org + name: svc1 + port: 80 + protocol: http + read_timeout: 60000 + retries: 5 + routes: + - name: r1 + id: 87b6a97e-f3f7-4c47-857a-7464cb9e202b + https_redirect_status_code: 301 + paths: + - /r1 \ No newline at end of file diff --git a/tests/integration/testdata/validate/rbac-resources.yaml b/tests/integration/testdata/validate/rbac-resources.yaml new file mode 100644 index 000000000..06ab6e792 --- /dev/null +++ b/tests/integration/testdata/validate/rbac-resources.yaml @@ -0,0 +1,93 @@ +_format_version: "3.0" +_konnect: + control_plane_name: default +rbac_roles: +- comment: Full access to Dev Portal related endpoints in the workspace + endpoint_permissions: + - actions: + - read + - delete + - create + - update + endpoint: /developers + negative: false + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /developers/* + negative: false + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /files + negative: false + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /files/* + negative: false + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /kong + negative: false + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /rbac/* + negative: true + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /rbac/*/* + negative: true + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /rbac/*/*/* + negative: true + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /rbac/*/*/*/* + negative: true + workspace: default + - actions: + - read + - delete + - create + - update + endpoint: /rbac/*/*/*/*/* + negative: true + workspace: default + - actions: + - read + - update + endpoint: /workspaces/default + negative: false + workspace: default + name: workspace-portal-admin diff --git a/tests/integration/validate_test.go b/tests/integration/validate_test.go new file mode 100644 index 000000000..958519e8f --- /dev/null +++ b/tests/integration/validate_test.go @@ -0,0 +1,95 @@ +//go:build integration + +package integration + +import ( + "testing" + + "github.com/stretchr/testify/assert" +) + +const ( + ONLINE = true + OFFLINE = false +) + +func Test_Validate_Konnect(t *testing.T) { + setup(t) + runWhen(t, "konnect", "") + + tests := []struct { + name string + stateFile string + additionalArgs []string + errorExpected bool + errorString string + }{ + { + name: "validate with konnect", + stateFile: "testdata/validate/konnect.yaml", + additionalArgs: []string{}, + errorExpected: false, + }, + { + name: "validate with --konnect-compatibility", + stateFile: "testdata/validate/konnect.yaml", + additionalArgs: []string{"--konnect-compatibility"}, + errorExpected: false, + }, + { + name: "validate with 1.1 version file", + stateFile: "testdata/validate/konnect_1_1.yaml", + additionalArgs: []string{}, + errorExpected: true, + errorString: "[version] decK file version must be '3.0' or greater", + }, + { + name: "validate with no version in deck file", + stateFile: "testdata/validate/konnect_no_version.yaml", + additionalArgs: []string{}, + errorExpected: true, + errorString: "[version] unable to determine decK file version", + }, + { + name: "validate with --rbac-resources-only", + stateFile: "testdata/validate/rbac-resources.yaml", + additionalArgs: []string{"--rbac-resources-only"}, + errorExpected: true, + errorString: "[rbac] not yet supported by konnect", + }, + { + name: "validate with workspace set", + stateFile: "testdata/validate/konnect.yaml", + additionalArgs: []string{"--workspace=default"}, + errorExpected: true, + errorString: "[workspaces] not supported by Konnect - use control planes instead", + }, + { + name: "validate with no konnect config in file", + stateFile: "testdata/validate/konnect_invalid.yaml", + additionalArgs: []string{}, + errorExpected: true, + errorString: "[konnect] section not specified - ensure details are set via cli flags", + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + validateOpts := append([]string{ + tc.stateFile, + }, tc.additionalArgs...) + + err := validate(ONLINE, validateOpts...) + + if tc.errorExpected { + assert.Error(t, err) + if tc.errorString != "" { + assert.Contains(t, err.Error(), tc.errorString) + } + return + } + + assert.NoError(t, err) + }) + } +} From ffde1fa932dfbd5da2f70ba6a6150033974894f0 Mon Sep 17 00:00:00 2001 From: Prashansa Kulshrestha Date: Mon, 21 Oct 2024 20:12:07 +0530 Subject: [PATCH 3/6] tests: added tests for deck file and gateway validate (#1415) * feat: support online validation with Konnect * tests: Added e2e tests for gateway validation with konnect. Also, this change adds a conditional that ensures that rbac flag used with konnect mode, gives an legible error to the user. * chore: lint fix * chore: removed workspace flag test as it is not supported with konnect * tests: added rbac-resources file * refactor: refactored tests and code to add all konnect validate usecases * chore: fixed workspace setting for Konnect check * chore: added mutually exclusive flags for konnect compatibility * chore: fixed logical error * chore: fixed descripancy in info due to preRun order in cobra * chore: added corrections based on PR review * removing unrelated code for vault validation * tests: added tests for deck file and gateway validate * tests: added tests with consumers and creds --------- Co-authored-by: Gabriele Gerbino --- .../testdata/validate/kong-ee.yaml | 32 +++++ tests/integration/testdata/validate/kong.yaml | 16 +++ .../integration/testdata/validate/kong3x.yaml | 16 +++ tests/integration/validate_test.go | 135 ++++++++++++++++++ 4 files changed, 199 insertions(+) create mode 100644 tests/integration/testdata/validate/kong-ee.yaml create mode 100644 tests/integration/testdata/validate/kong.yaml create mode 100644 tests/integration/testdata/validate/kong3x.yaml diff --git a/tests/integration/testdata/validate/kong-ee.yaml b/tests/integration/testdata/validate/kong-ee.yaml new file mode 100644 index 000000000..460a25741 --- /dev/null +++ b/tests/integration/testdata/validate/kong-ee.yaml @@ -0,0 +1,32 @@ +_format_version: "3.0" +services: + - name: example-service + url: http://mockbin.org + routes: + - name: example-route + paths: + - /mock + methods: + - GET + - POST + strip_path: false + preserve_host: true + plugins: + - name: rate-limiting + config: + minute: 5 + policy: local +consumers: + - keyauth_credentials: + - key: alice-secret-key + username: alice + - keyauth_credentials: + - key: bob-secret-key + username: bob +plugins: + - name: key-auth + config: + key_names: + - apikey + hide_credentials: true + run_on_preflight: true diff --git a/tests/integration/testdata/validate/kong.yaml b/tests/integration/testdata/validate/kong.yaml new file mode 100644 index 000000000..da79fdfed --- /dev/null +++ b/tests/integration/testdata/validate/kong.yaml @@ -0,0 +1,16 @@ +_format_version: "1.1" +services: +- connect_timeout: 60000 + id: 58076db2-28b6-423b-ba39-a797193017f7 + host: mockbin.org + name: svc1 + port: 80 + protocol: http + read_timeout: 60000 + retries: 5 + routes: + - name: r1 + id: 87b6a97e-f3f7-4c47-857a-7464cb9e202b + https_redirect_status_code: 301 + paths: + - /r1 \ No newline at end of file diff --git a/tests/integration/testdata/validate/kong3x.yaml b/tests/integration/testdata/validate/kong3x.yaml new file mode 100644 index 000000000..a6ff52d42 --- /dev/null +++ b/tests/integration/testdata/validate/kong3x.yaml @@ -0,0 +1,16 @@ +_format_version: "3.0" +services: +- connect_timeout: 60000 + id: 58076db2-28b6-423b-ba39-a797193017f7 + host: mockbin.org + name: svc1 + port: 80 + protocol: http + read_timeout: 60000 + retries: 5 + routes: + - name: r1 + id: 87b6a97e-f3f7-4c47-857a-7464cb9e202b + https_redirect_status_code: 301 + paths: + - /r1 diff --git a/tests/integration/validate_test.go b/tests/integration/validate_test.go index 958519e8f..a766b6d21 100644 --- a/tests/integration/validate_test.go +++ b/tests/integration/validate_test.go @@ -93,3 +93,138 @@ func Test_Validate_Konnect(t *testing.T) { }) } } + +func Test_Validate_File(t *testing.T) { + setup(t) + + tests := []struct { + name string + stateFile string + additionalArgs []string + errorExpected bool + }{ + { + name: "file validate format version 1.1", + stateFile: "testdata/validate/kong.yaml", + additionalArgs: []string{}, + }, + { + name: "file validate format version 3.0", + stateFile: "testdata/validate/kong3x.yaml", + additionalArgs: []string{}, + }, + { + name: "file validate with --konnect-compatibility", + stateFile: "testdata/validate/konnect.yaml", + additionalArgs: []string{"--konnect-compatibility"}, + }, + { + name: "file validate with --workspace", + stateFile: "testdata/validate/kong3x.yaml", + additionalArgs: []string{"--workspace=default"}, + }, + { + name: "file validate with --rbac-resources-only", + stateFile: "testdata/validate/rbac-resources.yaml", + additionalArgs: []string{"--rbac-resources-only"}, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + validateOpts := []string{ + tc.stateFile, + } + validateOpts = append(validateOpts, tc.additionalArgs...) + + err := validate(OFFLINE, validateOpts...) + assert.NoError(t, err) + }) + } +} + +func Test_Validate_Gateway(t *testing.T) { + setup(t) + runWhen(t, "kong", ">=2.8.0") + + tests := []struct { + name string + stateFile string + additionalArgs []string + errorExpected bool + }{ + { + name: "validate format version 1.1", + stateFile: "testdata/validate/kong.yaml", + additionalArgs: []string{}, + }, + { + name: "validate format version 3.0", + stateFile: "testdata/validate/kong3x.yaml", + additionalArgs: []string{}, + }, + { + name: "validate with --konnect-compatibility", + stateFile: "testdata/validate/konnect.yaml", + additionalArgs: []string{"--konnect-compatibility"}, + }, + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + validateOpts := []string{ + tc.stateFile, + } + validateOpts = append(validateOpts, tc.additionalArgs...) + + err := validate(ONLINE, validateOpts...) + assert.NoError(t, err) + }) + } +} + +func Test_Validate_Gateway_EE(t *testing.T) { + setup(t) + runWhen(t, "enterprise", ">=2.8.0") + + tests := []struct { + name string + stateFile string + additionalArgs []string + errorExpected bool + }{ + { + name: "validate format version 1.1", + stateFile: "testdata/validate/kong.yaml", + additionalArgs: []string{}, + }, + { + name: "validate format version 3.0", + stateFile: "testdata/validate/kong-ee.yaml", + additionalArgs: []string{}, + }, + { + name: "validate with --konnect-compatibility", + stateFile: "testdata/validate/konnect.yaml", + additionalArgs: []string{"--konnect-compatibility"}, + }, + { + name: "validate with --workspace", + stateFile: "testdata/validate/kong-ee.yaml", + additionalArgs: []string{"--workspace=default"}, + }, + // TODO: Add a rbac flag test, once the behaviour is fixed + } + + for _, tc := range tests { + t.Run(tc.name, func(t *testing.T) { + validateOpts := []string{ + tc.stateFile, + } + validateOpts = append(validateOpts, tc.additionalArgs...) + + err := validate(ONLINE, validateOpts...) + assert.NoError(t, err) + }) + } +} From da3d70e657b108b9bddd0f7f3e41011a39ad2dd3 Mon Sep 17 00:00:00 2001 From: Prashansa Kulshrestha Date: Mon, 21 Oct 2024 20:29:34 +0530 Subject: [PATCH 4/6] chore: release prep for v1.41.0 (#1423) * chore: release prep for v1.41.0 * removed extra newlines --- CHANGELOG.md | 14 ++++++++++++++ README.md | 4 ++-- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 0727db81e..eeab8414b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ # Table of Contents +- [v1.41.0](#v1410) - [v1.40.3](#v1403) - [v1.40.2](#v1402) - [v1.40.1](#v1401) @@ -96,6 +97,18 @@ - [v0.2.0](#v020) - [v0.1.0](#v010) +## [v1.41.0] +> Release date: 2024/10/21 + +### Added +- `deck gateway validate` command now supports Konnect. Konnect entities can be validated online with this change. +[#1335](https://github.com/Kong/deck/pull/1335) + +### Fixes +- Quoted type constraints are removed for Terraform. Type constraints in quotes were required in Terraform <= 0.11, +It is now deprecated and will be removed in a future Terraform versions. Thus, removed them from kong2tf generation, so as +to avoid potential errors in `terraform apply`. [#1412](https://github.com/Kong/deck/pull/1412) + ## [v1.40.3] > Release date: 2024/09/26 @@ -1822,6 +1835,7 @@ No breaking changes have been introduced in this release. Debut release of decK +[v1.41.0]: https://github.com/Kong/deck/compare/v1.40.3...v1.41.0 [v1.40.3]: https://github.com/Kong/deck/compare/v1.40.2...v1.40.3 [v1.40.2]: https://github.com/Kong/deck/compare/v1.40.1...v1.40.2 [v1.40.1]: https://github.com/Kong/deck/compare/v1.40.0...v1.40.1 diff --git a/README.md b/README.md index d3ea79ec0..e79f2e1b4 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ the GitHub [release page](https://github.com/kong/deck/releases) or install by downloading the binary: ```shell -$ curl -sL https://github.com/kong/deck/releases/download/v1.40.3/deck_1.40.3_linux_amd64.tar.gz -o deck.tar.gz +$ curl -sL https://github.com/kong/deck/releases/download/v1.41.0/deck_1.41.0_linux_amd64.tar.gz -o deck.tar.gz $ tar -xf deck.tar.gz -C /tmp $ sudo cp /tmp/deck /usr/local/bin/ ``` @@ -84,7 +84,7 @@ If you are on Windows, you can download the binary from the GitHub [release page](https://github.com/kong/deck/releases) or via PowerShell: ```shell -$ curl -sL https://github.com/kong/deck/releases/download/v1.40.3/deck_1.40.3_windows_amd64.tar.gz -o deck.tar.gz +$ curl -sL https://github.com/kong/deck/releases/download/v1.41.0/deck_1.41.0_windows_amd64.tar.gz -o deck.tar.gz $ tar -xzvf deck.tar.gz ``` From 947e3497346ae72ade68a509257c787b5e89e6de Mon Sep 17 00:00:00 2001 From: Prashansa Kulshrestha Date: Tue, 22 Oct 2024 12:49:33 +0530 Subject: [PATCH 5/6] fix: konnect cli flags getting considered for online validation. (#1424) * fix: konnect cli flags getting considered for online validation. Earlier, if konnect control plane information was passed via cli flags, online validation for Konnect was failing. This change fixes the issue. * chore: added changelog for v1.41.1 --- CHANGELOG.md | 9 +++++++++ README.md | 4 ++-- cmd/gateway_validate.go | 2 +- tests/integration/validate_test.go | 13 +++++++++---- validate/konnect_compatibility.go | 5 +++-- validate/konnect_compatibility_test.go | 25 +++++++++++++++++++++---- 6 files changed, 45 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index eeab8414b..b626c09d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,6 @@ # Table of Contents +- [v1.41.1](#v1411) - [v1.41.0](#v1410) - [v1.40.3](#v1403) - [v1.40.2](#v1402) @@ -97,6 +98,13 @@ - [v0.2.0](#v020) - [v0.1.0](#v010) +## [v1.41.1] +> Release date: 2024/10/22 + +### Fixes +- `deck gateway validate` for Konnect supports Konnect configs passed by CLI flags now. +Earlier, the validation was failing if control plane information was passed via CLI flags. + ## [v1.41.0] > Release date: 2024/10/21 @@ -1835,6 +1843,7 @@ No breaking changes have been introduced in this release. Debut release of decK +[v1.41.1]: https://github.com/Kong/deck/compare/v1.40.0...v1.41.1 [v1.41.0]: https://github.com/Kong/deck/compare/v1.40.3...v1.41.0 [v1.40.3]: https://github.com/Kong/deck/compare/v1.40.2...v1.40.3 [v1.40.2]: https://github.com/Kong/deck/compare/v1.40.1...v1.40.2 diff --git a/README.md b/README.md index e79f2e1b4..cd9bcc971 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ the GitHub [release page](https://github.com/kong/deck/releases) or install by downloading the binary: ```shell -$ curl -sL https://github.com/kong/deck/releases/download/v1.41.0/deck_1.41.0_linux_amd64.tar.gz -o deck.tar.gz +$ curl -sL https://github.com/kong/deck/releases/download/v1.41.1/deck_1.41.1_linux_amd64.tar.gz -o deck.tar.gz $ tar -xf deck.tar.gz -C /tmp $ sudo cp /tmp/deck /usr/local/bin/ ``` @@ -84,7 +84,7 @@ If you are on Windows, you can download the binary from the GitHub [release page](https://github.com/kong/deck/releases) or via PowerShell: ```shell -$ curl -sL https://github.com/kong/deck/releases/download/v1.41.0/deck_1.41.0_windows_amd64.tar.gz -o deck.tar.gz +$ curl -sL https://github.com/kong/deck/releases/download/v1.41.1/deck_1.41.1_windows_amd64.tar.gz -o deck.tar.gz $ tar -xzvf deck.tar.gz ``` diff --git a/cmd/gateway_validate.go b/cmd/gateway_validate.go index 455cec32a..0d2ee3690 100644 --- a/cmd/gateway_validate.go +++ b/cmd/gateway_validate.go @@ -141,7 +141,7 @@ func executeValidate(cmd *cobra.Command, _ []string) error { } if validateKonnectCompatibility || (mode == modeKonnect && validateOnline) { - if errs := validate.KonnectCompatibility(targetContent); len(errs) != 0 { + if errs := validate.KonnectCompatibility(targetContent, dumpConfig); len(errs) != 0 { return validate.ErrorsWrapper{Errors: errs} } diff --git a/tests/integration/validate_test.go b/tests/integration/validate_test.go index a766b6d21..410bce2ef 100644 --- a/tests/integration/validate_test.go +++ b/tests/integration/validate_test.go @@ -65,11 +65,16 @@ func Test_Validate_Konnect(t *testing.T) { errorString: "[workspaces] not supported by Konnect - use control planes instead", }, { - name: "validate with no konnect config in file", + name: "validate with no konnect config in file, passed via cli flag konnect control plane", stateFile: "testdata/validate/konnect_invalid.yaml", - additionalArgs: []string{}, - errorExpected: true, - errorString: "[konnect] section not specified - ensure details are set via cli flags", + additionalArgs: []string{"--konnect-control-plane-name=default"}, + errorExpected: false, + }, + { + name: "validate with no konnect config in file, passed via cli flag konnect runtime group", + stateFile: "testdata/validate/konnect_invalid.yaml", + additionalArgs: []string{"--konnect-runtime-group-name=default"}, + errorExpected: false, }, } diff --git a/validate/konnect_compatibility.go b/validate/konnect_compatibility.go index 74eb617b7..663ed71d0 100644 --- a/validate/konnect_compatibility.go +++ b/validate/konnect_compatibility.go @@ -5,6 +5,7 @@ import ( "fmt" "strconv" + "github.com/kong/go-database-reconciler/pkg/dump" "github.com/kong/go-database-reconciler/pkg/file" "github.com/kong/go-kong/kong" ) @@ -39,14 +40,14 @@ func checkPlugin(name *string, config kong.Configuration) error { return nil } -func KonnectCompatibility(targetContent *file.Content) []error { +func KonnectCompatibility(targetContent *file.Content, dumpConfig dump.Config) []error { var errs []error if targetContent.Workspace != "" { errs = append(errs, errors.New(errWorkspace)) } - if targetContent.Konnect == nil { + if targetContent.Konnect == nil && dumpConfig.KonnectControlPlane == "" { errs = append(errs, errors.New(errKonnect)) } diff --git a/validate/konnect_compatibility_test.go b/validate/konnect_compatibility_test.go index d4a120580..41a9d9da7 100644 --- a/validate/konnect_compatibility_test.go +++ b/validate/konnect_compatibility_test.go @@ -5,6 +5,7 @@ import ( "fmt" "testing" + "github.com/kong/go-database-reconciler/pkg/dump" "github.com/kong/go-database-reconciler/pkg/file" "github.com/kong/go-kong/kong" "github.com/stretchr/testify/assert" @@ -12,9 +13,10 @@ import ( func Test_KonnectCompatibility(t *testing.T) { tests := []struct { - name string - content *file.Content - expected []error + name string + content *file.Content + dumpConfig dump.Config + expected []error }{ { name: "version invalid", @@ -26,6 +28,7 @@ func Test_KonnectCompatibility(t *testing.T) { ControlPlaneName: "s", }, }, + dumpConfig: dump.Config{}, expected: []error{ errors.New(errWorkspace), errors.New(errBadVersion), @@ -36,6 +39,7 @@ func Test_KonnectCompatibility(t *testing.T) { content: &file.Content{ FormatVersion: "3.1", }, + dumpConfig: dump.Config{}, expected: []error{ errors.New(errKonnect), }, @@ -60,6 +64,7 @@ func Test_KonnectCompatibility(t *testing.T) { }}, }, }, + dumpConfig: dump.Config{}, expected: []error{ fmt.Errorf(errPluginIncompatible, "oauth2"), }, @@ -95,6 +100,7 @@ func Test_KonnectCompatibility(t *testing.T) { }}, }, }, + dumpConfig: dump.Config{}, expected: []error{ fmt.Errorf(errPluginIncompatible, "oauth2"), fmt.Errorf("[%s] keys are automatically encrypted in Konnect, use the key auth plugin instead", "key-auth-enc"), @@ -128,15 +134,26 @@ func Test_KonnectCompatibility(t *testing.T) { }, }, }, + dumpConfig: dump.Config{}, expected: []error{ fmt.Errorf(errPluginNoCluster, "response-ratelimiting"), fmt.Errorf("[%s] keys are automatically encrypted in Konnect, use the key auth plugin instead", "key-auth-enc"), }, }, + { + name: "no konnect info in file, but passed via cli flag", + content: &file.Content{ + FormatVersion: "3.1", + }, + dumpConfig: dump.Config{ + KonnectControlPlane: "default", + }, + expected: nil, + }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { - errs := KonnectCompatibility(tt.content) + errs := KonnectCompatibility(tt.content, tt.dumpConfig) assert.Equal(t, tt.expected, errs) }) } From 1fee2c413c100d866a0f75cd37ec4b2f2f6e2d77 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 29 Oct 2024 12:44:06 +0530 Subject: [PATCH 6/6] chore(deps): bump golang from 1.23.0 to 1.23.2 (#1410) Bumps golang from 1.23.0 to 1.23.2. --- updated-dependencies: - dependency-name: golang dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Prashansa Kulshrestha --- Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Dockerfile b/Dockerfile index ee9c51cb8..e3562724a 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM golang:1.23.0 AS build +FROM golang:1.23.2 AS build WORKDIR /deck COPY go.mod ./ COPY go.sum ./