Skip to content

feat: support section name for EnvoyExtensionPolicy#6611

Merged
guydc merged 10 commits intoenvoyproxy:mainfrom
kkk777-7:feat-section-for-eep
Aug 12, 2025
Merged

feat: support section name for EnvoyExtensionPolicy#6611
guydc merged 10 commits intoenvoyproxy:mainfrom
kkk777-7:feat-section-for-eep

Conversation

@kkk777-7
Copy link
Copy Markdown
Member

@kkk777-7 kkk777-7 commented Jul 27, 2025

What this PR does / why we need it:
Support section name policy attachment (Gateway Listener/xRoute Rule) for EnvoyExtensionPolicy.
And small refactor for SecurityPolicy related to section name.

Related Issue : #4085
Related PR : #6335

Which issue(s) this PR fixes:

Fixes #6608

Release Notes: No

kkk777-7 added 3 commits July 27, 2025 17:21
@kkk777-7
feat: support section name in envoy extension policy
5ee04bc 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7
chore: add tests
0bc3b03 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7
chore: refactor process securitypolicy and helper func
456c047 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7 kkk777-7 requested a review from a team as a code owner July 27, 2025 16:25
@codecov
Copy link
Copy Markdown

codecov bot commented Jul 27, 2025
edited
Loading

Codecov Report

❌ Patch coverage is 93.73041% with 20 lines in your changes missing coverage. Please review.
✅ Project coverage is 71.06%. Comparing base (34f641a) to head (a333c4c).
⚠️ Report is 1 commits behind head on main.

Files with missing lines Patch % Lines
internal/gatewayapi/envoyextensionpolicy.go 92.91% 15 Missing and 2 partials ⚠️
internal/gatewayapi/helpers.go 92.50% 2 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6611      +/-   ##
==========================================
+ Coverage   71.02%   71.06%   +0.04%     
==========================================
  Files         225      225              
  Lines       39620    39760     +140     
==========================================
+ Hits        28139    28256     +117     
- Misses       9821     9839      +18     
- Partials     1660     1665       +5

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@guydc
Copy link
Copy Markdown
Contributor

guydc commented Jul 28, 2025

Hi @kkk777-7 . Also started working on this (at least route rules): #6598, sorry for not coordinating with you.
We can go ahead with your PR which also covers listener, my main comment would be to add an e2e test for this, like here: https://github.com/envoyproxy/gateway/pull/6598/files#diff-e5dea270113416747fed308ff7f53ba01576fb538eec35c4ca61ce15d5c0bf46

@kkk777-7
chore: update gatewayapi test
c877e7a 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7
Copy link
Copy Markdown
Member Author

kkk777-7 commented Jul 28, 2025

@guydc
I'm also sorry for overlooking what you were working on.
thank you for sharing the e2e example! I’ll address it.

@guydc guydc mentioned this pull request Jul 28, 2025
Closed
@kkk777-7 kkk777-7 force-pushed the feat-section-for-eep branch 3 times, most recently from 8e01245 to e9b25ee Compare July 29, 2025 23:24
@kkk777-7
chore: add e2e
7d7466a 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7 kkk777-7 force-pushed the feat-section-for-eep branch from e9b25ee to 7d7466a Compare July 31, 2025 14:43
kkk777-7 added 2 commits July 31, 2025 23:51
@kkk777-7
Merge branch 'main' into feat-section-for-eep
e2b6746 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7
chore: fix testdata lint
354940b 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7
Copy link
Copy Markdown
Member Author

kkk777-7 commented Jul 31, 2025

/retest

@kkk777-7
Copy link
Copy Markdown
Member Author

kkk777-7 commented Jul 31, 2025

@guydc
Added e2e tests, please check when you have a moment.

@guydc
Copy link
Copy Markdown
Contributor

guydc commented Aug 6, 2025

/retest

guydc
guydc reviewed Aug 8, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@guydc guydc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall LGTM. @kkk777-7 - can you update the PR?

@kkk777-7
Merge branch 'main' into feat-section-for-eep
c3b787f 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7
fix: remove unused pkg
c331302 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@kkk777-7
Merge branch 'main' into feat-section-for-eep
a333c4c 
Signed-off-by: kkk777-7 <kota.kimura0725@gmail.com>
@guydc
Copy link
Copy Markdown
Contributor

guydc commented Aug 12, 2025

/retest

arkodg
arkodg reviewed Aug 12, 2025
View reviewed changes
internal/gatewayapi/contexts.go
rv := reflect.ValueOf(route).Elem()

rs := rv.FieldByName("Spec").FieldByName("Rules")
ruleNames := make([]gwapiv1.SectionName, 0, rs.Len())
Copy link
Copy Markdown
Contributor

@arkodg arkodg Aug 12, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

should we do a nil check here, or do all xRoutes have a rules field, and this is safe ?

arkodg
arkodg approved these changes Aug 12, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@arkodg arkodg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM thanks !

@arkodg arkodg added this to the v1.6.0-rc.1 Release milestone Aug 12, 2025
@arkodg arkodg requested review from a team August 12, 2025 21:47
guydc
guydc approved these changes Aug 12, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@guydc guydc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@guydc guydc merged commit c750777 into envoyproxy:main Aug 12, 2025
51 of 53 checks passed
@arkodg arkodg mentioned this pull request Oct 1, 2025
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@arkodg arkodg arkodg approved these changes

@guydc guydc guydc approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

v1.6.0-rc.1 Release

Development

Successfully merging this pull request may close these issues.

Support for targeting sections (Gateway listener/Route Rule) in EnvoyExtensionPolicy

3 participants

@kkk777-7 @guydc @arkodg